目 录
什么是saltstack?
Saltstack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,一般可以理解成简化版的基于puppet和加强版的func。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、pyjinja2、python-msgpack和PyYAML等)构建。
Saltstack具有以下特点:
- 部署简单、方便
- 支持大部分UNIX/Linux及Windows环境
- 主从集中化管理
- 配置简单、功能强大、扩展性强
- 主控端(Master)和被控制端(minion)基于证书认证,安全可靠
- 支持API及自定义模块,可通过Python轻松扩展
参考文档:
项目地址: https://github.com/saltstack/salt
官网地址: http://www.saltstack.com
官方文档: http://docs.saltstack.com OR http://docs.saltstack.cn
开发语言: Python
运行模式: C/S
一、环境介绍
HostName | IP | Service |
---|---|---|
Master | 192.168.179.100 | salt-master |
Minion | 192.168.179.101 | salt-minion |
基本术语
说明 | |
---|---|
maste | 控制中心,salt命令运行和资源状态管理端 |
minion | 需要管理的客户端机器,会主动连接master端,并从master端得到资源状态信息,同步资源管理信息 |
states | 配置管理的指令集 |
grains | minion端的静态变量 |
pillar | minion端的动态变量 |
highstate | 给minion永久添加状态,从sls配置文件读取 |
salt schedule | 自动保持客户端配置 |
二、安装前准备(所有机器都需要执行)
2.1 添加Host
# echo -e "192.168.179.100 master\n192.168.179.101 minion-1" >> /etc/hosts
2.2 关闭防火墙
# service iptables stop
# chkconfig iptables off
2.3 关闭Selinux
# sed -i 's/SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
# setenforce 0
2.4 安装SaltStack的yum源
# yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm
# yum clean expire-cache
三、安装SaltStack
Master安装
3.1 设置hostname
# sed -i 's/HOSTNAME=.*$/HOSTNAME=master/g' /etc/sysconfig/network
3.2 安装Salt-master
# yum -y install salt-master
3.3 配置salt-master
# cp /etc/salt/master /etc/salt/master-example
# sed -i 's/#interface/interface/g' /etc/salt/master
# egrep -v "^#|^$" /etc/salt/master
3.4 配置安全认证
查看当前
# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:
接收所有key
# salt-key -A
3.5 启动salt-master
# service salt-master start
# chkconfig salt-master on
查看是否启动成功
# cat /var/run/salt-master.pid
Minion安装
3.6 设置hostname
# sed -i 's/HOSTNAME=.*$/HOSTNAME=minion-1/g' /etc/sysconfig/network
3.7 安装Salt-minion
# yum -y install salt-minion
3.8 配置Salt-minion
# cp /etc/salt/minion /etc/salt/minion-example
# sed -i 's/#master: salt/master: master/g' /etc/salt/minion
3.9 启动Salt-minion
# service salt-minion start
# chkconfig salt-minion on
四、测试
在master机器上执行
测试ping
# salt '*' test.ping
minion-1:
True
测试运行一个df -h
# salt '*' cmd.run 'df -h'
minion-1:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_centos6-lv_root
18G 1.7G 15G 11% /
tmpfs 490M 12K 490M 1% /dev/shm
/dev/sda1 477M 63M 389M 14% /boot
五、自动脚本,可以参考下:
# cat /export/zlyang/autoSaltStackInstall.sh
#!/bin/bash
################################################
# #
# author: Zlyang by 2019-08-28 #
# description: Auto Install SaltStack #
# #
################################################
INSTALL_TIME=`date +%F\ %T`
CURRENTDIR=`pwd`;
LOGFILE="${CURRENTDIR}/salt_install.log";
ISCLOSEFIREWALLFIREWALL="yes";
ISCLOSESELINUX="yes";
ready(){
printf "" > ${LOGFILE}
printf "安装日期:${INSTALL_TIME}\n" >> ${LOGFILE}
printf "\n"
printf "\033[31m 请手动配置Host项,手动添加所有节点的主机名与IP对应,格式如下:\033[0m \n"
printf "\033[31m %-12s %-10s \033[0m \n" 192.168.1.1 master
printf "\033[31m *\n *\n \033[0m"
printf "\n"
printf "开始准备工作: \n" |tee -a ${LOGFILE}
stop_iptables;
close_selinux;
printf "\n开始安装SaltStack Repo源:\n" |tee -a ${LOGFILE}
install_salt_repo;
printf "\n开始安装SaltStack:\n"|tee -a ${LOGFILE}
install_salt;
}
stop_iptables(){
printf "\033[31m \n(建议关闭防火墙,以免在安装时遇到不必要的麻烦!如果不关闭请手动开放\033[31m 4505 \033[0m和\033[31m 4506 \033[0m端口)\n \033[0m"
printf "请选择是否关闭防火墙:\n"
read -p "[yes/no] :" ISCLOSEFIREWALL
case "${ISCLOSEFIREWALL}" in
Y|y|yes|YES)
/etc/init.d/iptables stop 2>&1 >>/dev/null
if [[ $? == 0 ]];then
printf "\t防火墙停止......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
fi
;;
n|N|no|NO)
printf "\033[31m \t您未关闭防火墙,请手动开放 4505 和 4506 端口\033[0m\n"|tee -a ${LOGFILE}
exit 1
;;
*)
printf "\033[31m \t您未关闭防火墙,请手动开放 4505 和 4506 端口\033[0m\n"|tee -a ${LOGFILE}
exit 1
;;
esac
}
close_selinux(){
printf "\033[31m \n(建议关闭SELinux,如果不关闭请手动开放SaltStack所需要的权限)\n \033[0m"
printf "请选择是否关闭SELinux:\n"
read -p "[yes/no] :" ISCLOSESELINUX
case "${ISCLOSESELINUX}" in
Y|y|yes|YES)
sed -i 's/SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
ISDISABLED=`getenforce`;
case "${ISDISABLED}" in
Disabled)
printf "\tSELinux 已经停止\n"|tee -a ${LOGFILE}
;;
Enforcing)
setenforce 0
if [[ $? == 0 ]];then
printf "\tSELinux 停止......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
fi
;;
*)
printf "\t\033[31m 您没有停止SELinux,请手动停止并重启机器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
printf "\033[31m \t您未关闭SELinux,请手动开放SaltStack所需要的权限!\033[0m\n"|tee -a ${LOGFILE}
;;
esac
;;
n|N|no|NO)
printf "\t\033[31m 您没有停止SELinux,请手动停止并重启机器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
printf "\033[31m \t您未关闭SELinux,请手动开放SaltStack所需要的权限!\033[0m\n"|tee -a ${LOGFILE}
;;
*)
printf "\t\033[31m 您没有停止SELinux,请手动停止并重启机器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
printf "\033[31m \t您未关闭SELinux,请手动开放SaltStack所需要的权限!\033[0m\n"|tee -a ${LOGFILE}
;;
esac
}
install_salt_repo(){
ISINSTALL=`rpm -qa|grep salt-repo-latest-2.el6.noarch`;
if [[ -z ${ISINSTALL} ]];then
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm 2>&1 >> ${LOGFILE}
if [[ $? == 0 ]];then
printf "\tsalt-repo安装......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
else
printf "\tsalt-repo安装......[\033[31m 失败 \033[0m ]\n"|tee -a ${LOGFILE}
exit 1
fi
else
printf "\t您已经安装salt-repo,无需重新安装!\n"|tee -a ${LOGFILE}
fi
}
install_salt(){
printf "\n请选择需要安装的系统:\n\t1:Salt-Master(Server端) \n\t2:Salt-Minion(Client端) \n\n\tq:退出\n 请选择:"
read CHOICE_SYSTEM
case ${CHOICE_SYSTEM} in
1)
printf "\t开始安装 Salt-Master:\n" |tee -a ${LOGFILE}
yum -y install salt-master |tee -a ${LOGFILE}
if [ $? == "0" ]; then
LOCAL_IP=`ifconfig|grep broadcast|awk '{print $2}'`;
CONFIG_FILE="/etc/salt/master";
if [ -f ${CONFIG_FILE} ]; then
printf "\t 服务端:Salt-Master安装......[\033[32m 成功 \-33[0m ]\n" |tee -a ${LOGFILE}
printf "\t \n开始配置:\n" |tee -a ${LOGFILE}
cp /etc/salt/master /etc/salt/master-example
sed -i 's/#interface/interface/g' ${CONFIG_FILE}
printf "#################################\n" |tee -a ${LOGFILE}
egrep -v "^#|^$" /etc/salt/master |tee -a ${LOGFILE}
printf "#################################\n" |tee -a ${LOGFILE}
printf "\n 配置安全认证:\n" |tee -a ${LOGFILE}
printf "\n \033[31m (默认允许所有Pending的公钥;)\033[0m\n" |tee -a ${LOGFILE}
salt-key -A && salt-key -L
printf "\n 安全认证配置.......[ \033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
printf "\n 开始启动 Salt-Master\n" |tee -a ${LOGFILE}
service salt-master start
PID=`cat /var/run/salt-master.pid`
if [ ! -z ${PID} ]; then
printf "\n \t Salt-Master启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
printf "\t是否设置开机启动:\n"
printf "\t(默认设置:Yes)\n"
read -t 5 -p "[yes/no]:" DEFAULT_START
case "${DEFAULT_START}" in
y|Y|YES|yes)
chkconfig salt-master on
printf "\n \t Salt-Master开机默认启动设置.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
n|N|no|NO)
printf "\t您未设置服务开机默认启动,请手动设置:\"chkconfig salt-master on\" \n"
;;
*)
chkconfig salt-master on
printf "\n \t Salt-Master开机默认启动设置.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
esac
for((i=0;i<6;i++)); do
printf "* \n"
sleep 0.8
done
printf "\n \033[32m 恭喜您!SaltStack 服务器端已经安装成功!\033[0m \n"
exit 0
else
printf "\n \t Salt-Master启动.......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
fi
else
printf "\t \033[31m 服务端未正确安装,请重新安装!\033[0m \n"
exit 1
fi
else
printf "\t 服务端:salt-master安装......[\033[31m 失败 \-33[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
;;
2)
printf "\t开始安装 Salt-Minion:\n" |tee -a ${LOGFILE}
yum -y install salt-minion
if [ $? == "0" ]; then
CONFIG_FILE="/etc/salt/minion";
if [ -f ${CONFIG_FILE} ]; then
printf "\t 客户端:Salt-Minion安装......[\033[32m 成功 \-33[0m ]\n" |tee -a ${LOGFILE}
printf "\t \n开始配置:\n" |tee -a ${LOGFILE}
cp /etc/salt/minion /etc/salt/minion-example
read -p "请输入Salt-Master服务器IP地址:" SERVER_IP
sed -i "s/#master: salt/master: ${SERVER_IP}/g" ${CONFIG_FILE}
printf "#################################\n" |tee -a ${LOGFILE}
egrep -v "^#|^$" /etc/salt/minion |tee -a ${LOGFILE}
printf "#################################\n" |tee -a ${LOGFILE}
service salt-minion start
PID=`cat /var/run/salt-minion.pid`
if [ ! -z ${PID} ]; then
printf "\n \t Salt-Minion启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
printf "\t是否设置开机启动:\n"
printf "\t(默认设置:Yes)\n"
read -t 5 -p "[yes/no]:" DEFAULT_START
case "${DEFAULT_START}" in
y|Y|YES|yes)
chkconfig salt-minion on
printf "\n \t Salt-Minion启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
n|N|no|NO)
printf "\t您未设置服务开机默认启动,请手动设置:\"chkconfig salt-minion on\" \n"
;;
*)
chkconfig salt-minion on
printf "\n \t Salt-Minion启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
esac
for((i=0;i<6;i++)); do
printf "* \n"
sleep 0.8
done
printf "\n \033[32m 恭喜您!SaltStack 客户端已经安装成功!\033[0m \n"
exit 0
else
printf "\n \t Salt-Minion启动.......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
else
printf "\t 客户端:Salt-Minion安装......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
else
printf "\t 客户端:Salt-Minion安装......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
;;
q|Q|quit|exit)
exit 0
;;
*)
install_salt;
;;
esac
}
ready;
注: 到此所有的部署均已经完成,在此搭建过程中遇到任何问题可以发送邮件至:[email protected]