最近換了家公司,公司使用saltstack管理服務器,故在本地搭建安裝學習python
1、常見自動化工具linux
1. Puppet (www.puppetlabs.com)基於rubby開發,c/s架構,支持多平臺,可管理配置文件、用戶、cron任務、軟件包、系統服務等。 分爲社區版(免費)和企業版(收費),企業版支持圖形化配置。nginx
2. Saltstack(官網 https://saltstack.com,文檔docs.saltstack.com )基於python開發,c/s架構,支持多平臺,比puppet輕量,在遠程執行命令時很是快捷,由於Saltstack有一個消息隊列。Saltstack配置和使用比puppet容易,能實現puppet幾乎全部的功能。shell
3. Ansible (www.ansible.com )更加簡潔的自動化運維工具,不須要在客戶端上安裝agent,基於python開發。能夠實現批量操做系統配置、批量程序的部署、批量運行命令。django
2、saltstack安裝
centos
2.一、準備工做
bash
在客戶端和服務端關閉防火牆和selinux
服務器
[root@saltserver ~]# systemctl stop firewalld [root@saltserver ~]# setenforce 0 [root@saltserver ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2.二、配置hosts解析
架構
服務端
composer
[root@saltserver ~]# echo -e "192.168.3.119 saltserver\n192.168.3.125 saltclient" >>/etc/hosts
客戶端
[root@saltclient ~]# echo -e "192.168.3.119 saltserver\n192.168.3.125 saltclient" >>/etc/hosts
2.三、安裝saltstack
服務端
[root@saltserver ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@saltserver ~]# yum install salt-master salt-minion
客戶端
[root@saltclient ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@saltclient ~]# yum install salt-minion
2.四、更改客戶端minion配置文件
服務端
[root@saltserver salt]# sed -i 's/master: server/master: saltserver/g' /etc/salt/minion
客戶端
[root@saltclient salt]# sed -i 's/master: server/master: saltserver/g' /etc/salt/minion
2.五、啓動saltstack
服務端
master在第一次啓動時會在/etc/salt/pki/master下生成祕鑰對,當master經過salt-key工具接收到minion傳過來的公鑰後,就會在/etc/salt/pki/master/minions/目錄裏存放剛剛接受的公鑰,同時客戶端也會接收master傳過去的 公鑰,把它放在/etc/salt/pki/minion目錄下,並命名爲minion_master.pub。
[root@saltserver ~]# systemctl start salt-master [root@saltserver ~]# systemctl start salt-minion [root@saltserver salt]# ps -ef |grep salt avahi 1071 1 0 11:57 ? 00:00:05 avahi-daemon: running [saltserver.local] root 3237 1 0 12:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 3240 3237 0 12:00 ? 00:00:10 /usr/bin/python /usr/bin/salt-minion root 3248 3240 0 12:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 17557 1 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17562 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17567 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17568 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17571 17557 0 14:35 ? 00:00:25 /usr/bin/python /usr/bin/salt-master root 17572 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17573 17572 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17578 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17581 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17582 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17583 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17584 17557 0 14:35 ? 00:00:07 /usr/bin/python /usr/bin/salt-master root 17585 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master [root@saltserver salt]# netstat -tlunp |grep python tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17567/python tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17573/python
4505是用來發布消息的,4506是與客戶端通訊,傳輸數據的。
客戶端
minion在第一次啓動時會在/etc/salt/pki/minion/下生成minion.perm和minion.pub,其中.pub是公鑰,咱們須要把公鑰傳輸給master
[root@saltclient ~]# systemctl start salt-minion
2.六、爲salt配置認證
[root@saltserver ~]# salt-key -a saltserver The following keys are going to be accepted: Unaccepted Keys: saltserver Proceed? [n/Y] y Key for minion saltserver accepted. [root@saltserver ~]# salt-key -a saltclient The following keys are going to be accepted: Unaccepted Keys: saltclient Proceed? [n/Y] y Key for minion saltclient accepted. [root@saltserver salt]# salt-key -L Accepted Keys: saltclient saltserver Denied Keys: Unaccepted Keys: Rejected Keys: [root@saltserver salt]#
2.七、執行命令測試
[root@saltserver salt]# salt '*' test.ping saltclient: True saltserver: True
說明:以上安裝內容參考自"https://blog.51cto.com/zero01/2064247"
3、saltstack經常使用模塊
3.一、sys模塊
3.1.一、sys.list_modules;列出當前版本支持的模塊
[root@saltserver salt]# salt "saltclient" sys.list_modules saltclient: - acl - aliases - alternatives - archive - artifactory - at - augeas - beacons - bigip - bridge - btrfs - buildout - cloud - cmd - composer - config - consul - container_resource - cp - cron - cryptdev - data - defaults - devmap - dig - disk - django - dnsmasq - dnsutil - drbd - environ ...........
3.1.二、sys.list_functions func;列出給出的模塊支持的函數
[root@saltserver salt]# salt "saltclient" sys.list_functions cmd saltclient: - cmd.exec_code - cmd.exec_code_all - cmd.has_exec - cmd.powershell - cmd.powershell_all - cmd.retcode - cmd.run - cmd.run_all - cmd.run_bg - cmd.run_chroot - cmd.run_stderr - cmd.run_stdout - cmd.script - cmd.script_retcode - cmd.shell - cmd.shell_info - cmd.shells - cmd.tty - cmd.which - cmd.which_bin
3.1.三、sys.doc;相似於linux中的man命令
[root@saltserver salt]# salt "saltclient" sys.doc cmd.run cmd.run: Execute the passed command and return the output as a string :param str cmd: The command to run. ex: ``ls -lart /home`` :param str cwd: The directory from which to execute the command. Defaults to the home directory of the user specified by ``runas`` (or the user under which Salt is running if ``runas`` is not specified). :param str stdin: A string of standard input can be specified for the command to be run using the ``stdin`` parameter. This can be useful in cases where sensitive information must be read from standard input. :param str runas: Specify an alternate user to run the command. The default behavior is to run as the user under which Salt is running. If running on a Windows minion you must also use the ``password`` argument, and the target user account must be in the Administrators group. :param str password: Windows only. Required when specifying ``runas``. This parameter will be ignored on non-Windows platforms. New in version 2016.3.0 :param str shell: Specify an alternate shell. Defaults to the system's default shell. :param bool python_shell: If ``False``, let python handle the positional arguments. Set to ``True`` to use shell features, such as pipes or redirection.
3.二、cmd模塊
3.2.一、cmd.run;運行linux命令
[root@saltserver salt]# salt 'saltclient' cmd.run 'free -m' saltclient: total used free shared buff/cache available Mem: 985 194 483 6 308 577 Swap: 2047 0 2047
3.2.二、cmd.shell;和run差很少,具體區別待測試
[root@saltserver salt]# salt 'saltclient' cmd.shell 'free -m' saltclient: total used free shared buff/cache available Mem: 985 195 481 6 308 576 Swap: 2047 0 2047
3.三、service模塊(管理系統服務,中止、狀態、啓動、查看服務可用狀態等)
[root@saltserver salt]# salt 'saltclient' service.start 'httpd' saltclient: True [root@saltserver salt]# [root@saltserver salt]# [root@saltserver salt]# salt 'saltclient' service.stop 'httpd' saltclient: True [root@saltserver salt]# salt 'saltclient' service.restart 'httpd' saltclient: True [root@saltserver salt]# salt 'saltclient' service.available 'httpd' saltclient: True
3.四、cp模塊(上傳下載文件、文件夾等)
cp.get_file;用來將master上的文件發佈到客戶端
[root@saltserver ~]# salt saltclient cp.get_file salt://nginx_conf/test.conf /etc/nginx.conf saltclient: /etc/nginx.conf
cp.get_dir;用來將master上的整個文件夾發佈到客戶端
[root@saltserver nginx_conf]# salt saltclient cp.get_dir salt://nginx_conf /tmp gzip=9 saltclient: - /tmp/nginx_conf/test.conf - /tmp/nginx_conf/test2.conf
3.五、pkg模塊(軟件包管理)
[root@saltserver nginx_conf]# salt saltclient pkg.remove httpd saltclient: ---------- httpd: ---------- new: old: 2.4.6-80.el7.centos.1 [root@saltserver nginx_conf]# salt saltclient pkg.install httpd saltclient: ---------- httpd: ---------- new: 2.4.6-80.el7.centos.1 old: [root@saltserver nginx_conf]# salt saltclient pkg.upgrade httpd saltclient: ----------
3.六、cron模塊(管理計劃任務的模塊)
[root@saltserver nginx_conf]# salt saltclient cron.set_job root '*' 1 1 1 '*' 'echo "helloworld"' saltclient: new [root@saltserver nginx_conf]# salt saltclient cron.ls root saltclient: ---------- crons: |_ ---------- cmd: echo "helloworld" comment: None commented: False daymonth: 1 dayweek: * hour: 1 identifier: None minute: * month: 1 env: pre: special: [root@saltserver nginx_conf]# salt saltclient cron.rm_job root 'echo "helloworld"' saltclient: removed
3.七、status模塊(查看系統狀態的模塊、平均負載,cpu信息,磁盤,內存等信息)
[root@saltserver nginx_conf]# salt saltclient sys.list_functions status saltclient: - status.all_status - status.cpuinfo - status.cpustats - status.custom - status.diskstats - status.diskusage - status.loadavg - status.master - status.meminfo - status.netdev - status.netstats - status.nproc - status.pid - status.ping_master - status.procs - status.proxy_reconnect - status.time - status.uptime - status.version - status.vmstats - status.w
salt的模塊有不少,這裏就寫幾個經常使用的,還有一些模塊詳細用法參見:「https://blog.csdn.net/chengxuyuanyonghu/article/details/64519496」