what-saltstack

1>是一个服务器基础架构集中化管理平台,具备配置管理,远程执行,监控等功能。

2>使用Python开发,部署简单,主从集中化管理,支持API和自定义模块.

3>由Master和Minion构成(基于证书验证),通过轻量级消息队列ZeroMQ进行通信。



how-saltstack

    Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口;

  salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制,如果连接断开,master对客户端就无能为力了。当然,客户端若检查到断开后会定期的一直连接master端的。


安装saltstack

saltstack源可以通过epel现在,本机是自己做的yum源


在真机添加一个yum源
[root@foundation88 rhel6]# pwd
/var/www/html/saltstack/rhel6
[root@foundation88 rhel6]# createrepo .   #创建第三方yum源
Spawning worker 0 with 7 pkgs
Spawning worker 1 with 7 pkgs
Spawning worker 2 with 7 pkgs
Spawning worker 3 with 7 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete

server3,server4:

yum 源配置: 

vim /etc/yum.repos.d/rhel-source.repo

[salt]
name=saltstack
baseurl=http://172.25.88.250/saltstack/rhel6
gpgcheck=0

server3

yum install salt-master -y


[root@server3 ~]# ss -ntla
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port
LISTEN     0      128                       *:4505   (发送)                  *:*    
LISTEN     0      128                       *:4506   (订阅)                  *:*


server4

yum install salt-minion -y

[root@server3 ~]#vim /etc/salt/minion master: server3.lalala.com


还需要认证

[root@server3 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server4.lalala.com
Proceed? [n/Y] Y
Key for minion server4.lalala.com accepted..
[root@server3 ~]# salt-key -L
Accepted Keys:
server4.lalala.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:

检验


[root@server3 yum.repos.d]# salt server4.lalala.com test.ping
server4.lalala.com:
   True
[root@server3 yum.repos.d]# salt '*' test.ping  #可以正则匹配
server4.lalala.com:
   True
[root@server3 yum.repos.d]# salt -S 172.25.4.4 test.ping
server4.lalala.com:
   True


可以指定其他主机的任何操作。。


[root@server3 ~]# salt server4.lalala.com cmd.run 'df -h'
server4.lalala.com:
   Filesystem                    Size  Used Avail Use% Mounted on
   /dev/mapper/VolGroup-lv_root   19G  1.3G   17G   8% /
   tmpfs                         499M   16K  499M   1% /dev/shm
   /dev/vda1                     485M   33M  427M   8% /boot

[root@server3 yum.repos.d]# salt -S 172.25.88.4 cmd.run 'cp /etc/passwd /mnt'
[root@server3 yum.repos.d]# salt -S 172.25.88.4 cmd.run 'ls -l /mnt'
server4.lalala.com:
   total 4
   -rw-r--r-- 1 root root 1066 Apr 15 10:15 passwd



关于key

当初始化安装 minion 启动服务启动后

minion端生成一个秘钥对,并产生一个ID值,minion服务会安装ID值命名的公钥发送给 master ,直到接受为止; 

master认证完毕后,会将minion 端发送来的,以ID值命名的公钥存放在 /etc/salt/pki/master/minions 目录中(无扩展名); master认证完毕后,会将自身的公钥发送给 minion,并存储为 /etc/salt/pki/minion/minion_master.pub.




用tree,查看master的目录树

[root@server3 salt]# pwd
/etc/salt
[root@server3 salt]# tree
|-- cloud
|-- cloud.conf.d
|-- cloud.deploy.d
|-- cloud.maps.d
|-- cloud.profiles.d
|-- cloud.providers.d
|-- master
|-- master.d
|-- minion
|-- minion.d
|-- pki            #与密码相关
|   |-- master
|   |   |-- master.pem
|   |   |-- master.pub
|   |   |-- minions
|   |   |   `-- server4.lalala.com    #已添加进来的主机.
|   |   |-- minions_autosign
|   |   |-- minions_denied
|   |   |-- minions_pre
|   |   `-- minions_rejected
|   `-- minion
|-- proxy
|-- proxy.d
`-- roster


被同步主机的目录

[root@server4 salt]# tree .
.
|-- cloud
|-- cloud.conf.d
|-- cloud.deploy.d
|-- cloud.maps.d
|-- cloud.profiles.d
|-- cloud.providers.d
|-- master
|-- master.d
|-- minion
|-- minion.d
|   `-- _schedule.conf
|-- minion_id
|-- pki
|   |-- master
|   `-- minion
|       |-- minion_master.pub



安装apache状态模块


vim /etc/salt/master


534 file_roots: 
535 base:
536 - /srv/salt

vim /srv/salt/httpd/apache.sls

apache-install: 
 pkg.installed:
  - name: httpd


检测与执行

[root@server3 httpd]# salt '' state.sls httpd.apache test=True 

[root@server3 httpd]# salt '' state.sls httpd.apache


server4.lalala.com:
----------
         ID: apache-install
   Function: pkg.installed
       Name: httpd
     Result: True
    Comment: Package httpd is already installed
    Started: 14:13:13.995696
   Duration: 832.407 ms
    Changes:  

Summary for server4.lalala.com
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time: 832.407 ms


推送配置信息,在minion中缓存的位置

[root@server4 httpd]# pwd
/var/cache/salt/minion/files/base/httpd
[root@server4 httpd]# cat apache.sls
apache-install:
 pkg.installed:
   - name: httpd


配置与应用


实现:

1.服务启动服务器更改apache文件

2.实现服务器更改配置文件,客户端触发更改,并且reload生效


mkdir  /srv/salt/httpd/files

vim apache.sls
apache-install:
 pkg.installed:
   - pkgs:
     - httpd
     - httpd-tools

apache-config:
 file.managed:
   - name: /etc/httpd/conf/httpd.conf
   - source: salt://httpd/files/httpd.conf
   - mode: 644
   - user: root
   - group: root
   - require:
     - pkg: apache-install
     -
apache-service:
 service.running:
  - name: httpd
  - enable: True
  - reload: True
    - watch:   #监控apache配置文件,一修改就reload
    - file: apache-config


配置文件的端口进行更改,同步到client

vim /srv/salt/httpd/files/httpd.conf    改变默认端口
Listen 8080
[root@server3 httpd]# salt '*' state.sls httpd.apache
server4.lalala.com:
----------
         ID: apache-install
   Function: pkg.installed
     Result: True
    Comment: All specified packages are already installed
    Started: 11:42:54.769981
   Duration: 445.517 ms
    Changes:  
----------
         ID: apache-config
   Function: file.managed
       Name: /etc/httpd/conf/httpd.conf
     Result: True
    Comment: File /etc/httpd/conf/httpd.conf updated
    Started: 11:42:55.217486
   Duration: 45.472 ms
    Changes:  
             ----------
             diff:
                 ---  
                 +++  
                 @@ -133,7 +133,7 @@
                  # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
                  #
                  #Listen 12.34.56.78:80
                 -Listen 80
                 +Listen 8080

                  #
                  # Dynamic Shared Object (DSO) Support
----------
         ID: apache-service
   Function: service.running
       Name: httpd
     Result: True
    Comment: Service reloaded
    Started: 11:42:55.395103
   Duration: 75.042 ms
    Changes:  
             ----------
             httpd:
                 True

Summary for server4.lalala.com
------------
Succeeded: 3 (changed=2)
Failed:    0
------------
Total states run:     3
Total run time: 566.031 ms


查看文件两个配置文件的hash,相同

[root@server4 files]# md5sum httpd.conf 
b7ca7a0e786418ba7b5ad84efac70265  httpd.conf

[root@server3 files]# md5sum httpd.conf  
b7ca7a0e786418ba7b5ad84efac70265  httpd.conf