saltstack--史上最細緻安裝攻略!親測無坑
準備一臺虛擬機node1:html
[root@linux-node1 pillar]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.88.137 netmask 255.255.255.0 broadcast 192.168.88.255 inet6 fe80::20c:29ff:fe77:92aa prefixlen 64 scopeid 0x20<link> ether 00:0c:29:77:92:aa txqueuelen 1000 (Ethernet) RX packets 28126 bytes 23077587 (22.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13213 bytes 10010104 (9.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 4692 bytes 6061530 (5.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4692 bytes 6061530 (5.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
配置網卡node
cd /etc/sysconfig/network-scripts
vim ifcfg-eno16777736
TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" PEERDNS="yes" PEERROUTES="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes" IPV6_FAILURE_FATAL="no" NAME="ens33" # UUID="d283cefc-7d4c-427e-8c5d-245cf481e494" DEVICE="ens33" ONBOOT="yes" IPADDR=192.168.88.137 NETMASK=255.255.255.0 GATEWAY=192.168.88.2
systemctl restart network systemctl disable firewalld systemctl disable NetworkManager
設置主機名
vim /etc/hostname
linux-node1.example.com
設置主機域名解析python
vim /etc/hostslinux
192.168.88.137 linux-node1 linux-node1.example.com 192.168.88.138 linux-node2 linux-node2.example.com
設置DNSnginx
vim /etc/resolv.confweb
# Generated by NetworkManager search localdomain example.com nameserver 192.168.88.2
安裝最新 epel yum 源apache
rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpmjson
yum安裝 一些基礎包vim
yum -y install net-tools vim lrzsz tree screen lsof tcpdump nc mtr nmapapi
關閉selinux:vim /etc/selinux/config
SELINUXTYPE=targeted SELINUX=disabled setenforce 0 systemctl stop firewalld
重啓系統
yum update -y && reboot # 升級全部包同時也升級軟件和系統內核, 並重啓
確認是否一些服務是否已按計劃關閉
getenforce # selinux是否關閉
對node1進行克隆:node2
對node2的操做:
設置主機名:vim /etc/hostname
linux-node1.example.com
修改網卡配置:vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
IPADDR=192.168.88.138
重啓:
reboot
在linux-node1 中安裝saltstack master 和 minion
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum -y install salt-master salt-minion
在linux-node2 中安裝saltstack minion
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum -y install salt-minion
在linux-node1中配置 salt-minion
vim /etc/salt/minion
master: 192.168.88.137 id: linux-node1.example.com
在linux-node2中配置 salt-minion
vim /etc/salt/minion
master: 192.168.88.137 id: linux-node2.example.com
啓動linux-node1中salt-maser 和 salt-minion
systemctl start salt-master # 啓動salt-master
systemctl enable salt-master # 設置salt-master開機自啓動
systemctl start salt-minion # 啓動
systemctl enable salt-minion # 開機自啓動
啓動linux-node2中salt-minion
systemctl start salt-minion # 啓動
systemctl enable salt-minion # 開機自啓動
認證(node1):(在這裏遇到了關於ascii編碼的錯誤,解決辦法已經記錄到博客:https://www.cnblogs.com/lutt/p/11253487.html)
salt-key # 在master中查看全部key的狀態
salt-key -a linux-node1.example.com # 認證 linux-node1.example.com的key
salt-key -A # 一次性認證全部key
遠程執行測試(node1)
salt \* test.ping # 測試saltstack minion與master的連通性
salt \* cmd.run 'df -h' # 在全部minion中批量執行 df -h 命令
salt '*' cmd.run 'free -m' 實現遠程命令執行
cp模塊(node1)
功能: 實現遠程文件、目錄複製,下載Url文件等操做
# 一、master配置同步根目錄(YAML語法,1. 每一級使用兩個空格 2. 短橫線表示列表) vim /etc/salt/master file_roots: base: - /srv/salt dev: - /srv/salt/dev systemctl restart salt-master # 須要重啓master # 二、建立同步目錄文件夾,和測試文件 /srv/salt/test.sh mkdir -p /srv/salt/dev vim /srv/salt/test.sh #建立測試文件 # 三、將 /srv/salt/ 下的test.sh文件同步到全部minion salt '*' cp.get_file salt://test.sh /tmp/test.sh # 四、建立目錄 makedirs(當分發的位置在目標主機上不存在時,自動建立該目錄) salt '*' cp.get_file salt://test.sh /aaa/test.sh makedirs=True # 五、將 /srv/salt 中的testdir 目錄複製到全部minion mkdir /srv/salt/testdir/ salt '*' cp.get_dir salt://testdir /aaa/ # 六、下載百度首頁內容保存到全部minion中 salt '*' cp.get_url http://www.baidu.com /tmp/index.html
狀態管理(node1)(神筆馬良)
1)修改 /etc/salt/master 文件
# 一、master配置同步根目錄(YAML語法,1. 每一級使用兩個空格 2. 短橫線表示列表) vim /etc/salt/master file_roots: base: - /srv/salt dev: - /srv/salt/dev systemctl restart salt-master # 須要重啓master
2)在 /srv/salt/ 下配置狀態管理
[root@linux-node1 /]# vim /srv/salt/web/apache.sls
# 1.描述了要裝一個httpd服務 apache-install: # 這個是一個名稱,能夠隨便寫 pkg.installed: # pkg是狀態模塊,installed是狀態模塊中的方法 - name: httpd # 描述了我在裏要裝一個httpd包 # 2.描述了httpd服務是啓動狀態,而且是開機自啓動狀態 apache-service: # 這個是一個名稱,能夠隨便寫 service.running: # 描述了httpd服務是運行的狀態 - name: httpd - enable: True # 描述httpd服務開機自動啓動
3)在 salt-master中執行命令讓 linux-node2按照描述完成按照
[root@linux-node1 web]# salt linux-node2.example.com state.sls web.apache
Service模塊(node1)
salt '*' service.reload nginx
安裝(master和minion中都須要安裝)
yum -y install salt-ssh
配置花名冊,配置要管理的機器
vim /etc/salt/roster
# Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2 linux-node1.example.com: host: 192.168.88.137 user: root passwd: chnsys@2016 port: 22 linux-node2.example.com: host: 192.168.88.138 user: root passwd: chnsys@2016 port: 22
自定義grains:須要重啓 minion(這一步報錯Minion did not return. [No response] ERROR: Minions returned with non-zero exit code,解決方案:node1和node2都須要執行配置文件)
# 一、編輯 minion 文件,配置角色名 vim /etc/salt/minion grains: roles: apache # 二、重啓minion systemctl restart salt-minion # 三、查看全部機器都有哪些roles [root@linux-node1 ~]# salt '*' grains.item roles linux-node1.example.com: ---------- roles: apache linux-node2.example.com: ---------- roles: # 四、讓全部角色爲apache的機器執行命令'w',-G表示以grains進行目標選擇 salt -G 'roles:apache' cmd.run 'w'
自定義grains:無需重啓minion
# 一、在minion中新建文件/etc/salt/grains,添加一個 key value vim /etc/salt/grains test-grains: test-grains-value # 二、讓minion到全部grains中讀取配置 salt '*' saltutil.sync_grains # 三、查看全部 key爲test-grains的minion [root@linux-node1 ~]# salt '*' grains.item test-grains linux-node1.example.com: ---------- test-grains: test-grains-value linux-node2.example.com: ---------- test-grains: # 四、讓全部key=test-grains value=test-grains-value 的機器執行命令'w',-G表示以grains進行目標選擇 salt -G 'test-grains:test-grains-value' cmd.run 'w'
在master配置文件中指定pillar位置(node1):
vim /etc/salt/master
pillar_roots: base: - /srv/pillar
systemctl restart salt-master
mkdir /srv/pillar
cd /srv/pillar
vim /srv/pillar/apache.sls # 編輯一個pillar文件
{% if grains['os'] == 'CentOS' %} apache: httpd {% elif grains['os'] == 'Debian' %} apache: apache2 {% endif %}
vim top.sls # 指定這個pillar文件給那個minion使用
base: 'linux-node2.example.com': - apache
確認 pillar中配置的items是否生效(node1)
[root@linux-node1 pillar]# salt '*' pillar.items linux-node1.example.com: ---------- linux-node2.example.com: ---------- apache: httpd
安裝salt-api,並設置開機啓動(node1)
yum -y install salt-api pyOpenSSL
systemctl enable salt-api
配置自簽名證書(node1)
cd /etc/pki/tls/certs/
make testcert
Enter pass phrase: ===> 輸入加密短語,這裏我使用salt2017 Verifying - Enter pass phrase: ===> 確認加密短語 umask 77 ; \ /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0 Enter pass phrase for /etc/pki/tls/private/localhost.key: ===> 再次輸入相同的加密短語 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BeiJing Locality Name (eg, city) [Default City]:BeiJing Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:
解密key文件,生成無密碼的key文件
注:過程當中須要輸入key密碼,該密碼爲以前生成證書時設置的密碼
cd /etc/pki/tls/private/
openssl rsa -in localhost.key -out localhost_nopass.key
修改文件權限
chmod 755 /etc/pki/tls/certs/localhost.crt
chmod 755 /etc/pki/tls/private/localhost.key
chmod 755 /etc/pki/tls/private/localhost_nopass.key
添加用戶
注:生產環境請使用密碼複雜度高的密碼,這裏我使用 chnsys@2016
useradd -M -s /sbin/nologin saltapi # 建立用戶 saltapi
passwd saltapi # 爲用戶saltapi設置密碼
# 這裏我設置的密碼也是saltapi
配置salt-api
sed -i '/#default_include/s/#default/default/g' /etc/salt/master
建立/etc/salt/master.d/目錄
mkdir -p /etc/salt/master.d/
cd /etc/salt/master.d/
touch eauth.conf
touch api.conf
vim eauth.conf
external_auth: pam: saltapi: # 用戶 - .* # 該配置文件給予saltapi用戶全部模塊使用權限,出於安全考慮通常只給予特定模塊使用權限
vim api.conf
rest_cherrypy: port: 8001 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/localhost_nopass.key
啓動salt-api
systemctl restart salt-master
systemctl start salt-api
ps -ef|grep salt-api
netstat -lnput|grep 8001
測試獲取token
curl -k https://192.168.88.137:8001/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='saltapi' -d eauth='pam'
調用test.ping
curl -k https://192.168.88.137:8001/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 87cbb68e0babf3d0ad6b3741795667dbe62b3c11" -d client='local' -d tgt='*' -d fun='test.ping'
在window環境下使用python簡單測試接口執行命令
# _*_ coding:utf-8 _*_ # 使用python簡單測試接口執行命令 __author__ = 'junxi' import requests import json try: import cookielib except: import http.cookiejar as cookielib # 使用urllib2請求https出錯,作的設置 import ssl context = ssl._create_unverified_context() # 使用requests請求https出現警告,作的設置 from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) salt_api = "https://192.168.88.137:8001/" class SaltApi: """ 定義salt api接口的類 初始化得到token """ def __init__(self, url): self.url = url self.username = "saltapi" self.password = "saltapi" self.headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36", "Content-type": "application/json" } self.params = {'client': 'local', 'fun': '', 'tgt': ''} self.login_url = salt_api + "login" self.login_params = {'username': self.username, 'password': self.password, 'eauth': 'pam'} self.token = self.get_data(self.login_url, self.login_params)['token'] self.headers['X-Auth-Token'] = self.token def get_data(self, url, params): send_data = json.dumps(params) request = requests.post(url, data=send_data, headers=self.headers, verify=False) response = request.json() result = dict(response) return result['return'][0] def salt_command(self, tgt, method, arg=None): """遠程執行命令,至關於salt 'client1' cmd.run 'free -m'""" if arg: params = {'client': 'local', 'fun': method, 'tgt': tgt, 'arg': arg} else: params = {'client': 'local', 'fun': method, 'tgt': tgt} print('命令參數: ', params) result = self.get_data(self.url, params) return result def main(): salt = SaltApi(salt_api) salt_client = '*' salt_test = 'test.ping' result1 = salt.salt_command(salt_client, salt_test) print(result1) # 返回結果:{u'linux-node1.example.com': True, u'linux-node2.example.com': True} if __name__ == '__main__': main()
「」「 命令參數: {'client': 'local', 'fun': 'test.ping', 'tgt': '*'} {'linux-node1.example.com': True, 'linux-node2.example.com': True} 」「」
使用requests模塊獲取基本信息
# -*- coding: utf-8 -*- import requests import json import logging logging.captureWarnings(True) # 屏蔽因爲訪問https時沒有證書警告問題 SALT_BASE_URL = 'https://192.168.88.137:8001/' SALT_USER = 'saltapi' SALT_PWD = 'saltapi' class SaltAPI(object): __token_id = '' def __init__(self): self.__url = SALT_BASE_URL self.__user = SALT_USER self.__password = SALT_PWD def token_id(self): """ 用戶登錄和獲取token :return: """ params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password} content = self.postRequest(self.__url + '/login', data=params) try: self.__token_id = content[0]['token'] except Exception as e: print('**** Failed to get token, {} ****'.format(str(e))) def postRequest(self, url, data=None): headers = {"X-Auth-Token": self.__token_id} ret = requests.post(url=url, data=data, json='json', headers=headers, verify=False) if ret.status_code == 200: return ret.json()['return'] return ret.text def remote_execution_module(self, tgt, fun, arg): """ 遠程執行模塊,有參數 :param tgt: minion list :param fun: 模塊 :param arg: 參數 :return: dict, {'minion1': 'ret', 'minion2': 'ret'} """ params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg} self.token_id() return self.postRequest(self.__url, params) def salt_alive(self, tgt): ''' salt主機存活檢測 ''' params = {'client': 'local', 'tgt': tgt, 'fun': 'test.ping'} self.token_id() return self.postRequest(self.__url, params) if __name__ == '__main__': salt = SaltAPI() minions_list = [ 'cloud:type', 'cluster:domain', 'cluster:name', 'cpu_model', 'fqdn_ip4', 'hospital:type', 'kernelrelease', 'nodename', 'os', 'osmajorrelease', 'osrelease', 'saltversion', 'serialnumber', 'virtual', 'num_cpus', 'mem_total', 'cloud:region', 'ipv4', ] ret = salt.remote_execution_module('*', 'grains.item', minions_list) print(json.dumps(ret, ensure_ascii=False))
「」「 [{"linux-node1.example.com": {"osrelease": "7.2.1511", "fqdn_ip4": ["192.168.88.137"], "saltversion": "2019.2.0", "nodename": "linux-node1.example.com", "kernelrelease": "3.10.0-327.el7.x86_64", "cloud:type": "", "num_cpus": 1, "serialnumber": "VMware-56 4d 55 21 2f 96 95 44-0b 50 ca d3 bc 77 92 aa", "cpu_model": "Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz", "virtual": "VMware", "cluster:name": "", "cluster:domain": "", "mem_total": 977, "osmajorrelease": 7, "hospital:type": "", "os": "CentOS", "ipv4": ["127.0.0.1", "192.168.88.137"], "cloud:region": ""}, "linux-node2.example.com": {"osrelease": "7.2.1511", "fqdn_ip4": ["192.168.88.137"], "saltversion": "2019.2.0", "nodename": "linux-node1.example.com", "kernelrelease": "3.10.0-327.el7.x86_64", "cloud:type": "", "num_cpus": 1, "serialnumber": "VMware-56 4d 79 5a 39 fd 5a 16-6c 12 59 28 02 73 fe 04", "cpu_model": "Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz", "virtual": "VMware", "cluster:name": "", "cluster:domain": "", "mem_total": 977, "osmajorrelease": 7, "hospital:type": "", "os": "CentOS", "ipv4": ["127.0.0.1", "192.168.88.138"], "cloud:region": ""}}] 」「」
原文連接:
https://www.cnblogs.com/xiaonq/p/10233439.html#i3
https://www.cnblogs.com/xiaonq/p/10316525.html
- 1. 史上最詳細的SQLSERVER2019安裝攻略教程
- 2. 最詳細的CDH安裝攻略
- 3. 安裝oracle最詳細的攻略
- 4. App上線流程全攻略(史上最詳細步驟)
- 5. uni-app圖標字的坑-史上最詳細的介紹-親測
- 6. 史上最喜詳細CentOS6的安裝
- 7. Ubuntu18.04安裝教程(史上最詳細)
- 8. centos8安裝圖解,史上最詳細最詳細
- 9. JavaScript最詳細攻略
- 10. Mac下 Gradle4.0 詳細安裝攻略
- 更多相關文章...
- • BASE原理與最終一致性 - NoSQL教程
- • Docker 安裝 Nginx - Docker教程
- • Tomcat學習筆記(史上最全tomcat學習筆記)
- • Composer 安裝與使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 「插件」Runner更新Pro版,幫助設計師遠離996
- 2. 錯誤 707 Could not load file or assembly ‘Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKe
- 3. Jenkins 2018 報告速覽,Kubernetes使用率躍升235%!
- 4. TVI-Android技術篇之註解Annotation
- 5. android studio啓動項目
- 6. Android的ADIL
- 7. Android卡頓的檢測及優化方法彙總(線下+線上)
- 8. 登錄註冊的業務邏輯流程梳理
- 9. NDK(1)創建自己的C/C++文件
- 10. 小菜的系統框架界面設計-你的評估是我的決策