satlstack号称自动化运维的利器,那么saltstack能不能实现自身的批量部署呢?如果你也有这样的疑问,那么就更要看这篇文章了。答案当然是肯定的啦!saltstack可以利用salt-ssh来实现自身的批量部署。首先看待salt-ssh,很容易想到它是一个依赖 ssh 来进行远程命令执行的工具,这样做的好处是你不必在客户端安装minion程序,就可以实现远程命令的执行,而且salt-ssh支持salt的绝大部分功能。
既然不安装minion端,那么master怎样识别到客户端并与客户端进行通信呢?这里主要使用的是一个roster 配置文件来实现的,首先我们来看下环境:
hadoop0.updb.com 192.168.0.100 OS:CentOS 6.5 Role:master
uadoop4.updb.com 192.168.0.204 OS:CentOS 6.5 Role:minion
uadoop5.updb.com 192.168.0.205 OS:CentOS 6.5 Role:minion
在开始实验之前,uadoop4、uadoop5两个节点上是不存在minion服务的,最终的目的是通过salt-ssh在uadoop4、uadoop5上自动化部署好minion端。
首先,我们来配置roster状态文件,让master能够与uadoop4、uadoop5来通信
## 在/etc/salt/目录下创建roster文件,内容如下 [root@hadoop0 ~]# cat /etc/salt/roster uadoop4: host: 192.168.0.204 ## 主机 user: root ## ssh连接的用户名 passwd: upbjsxt ## ssh连接的密码 port: 22 ## 端口 timeout: 3 uadoop5: host: 192.168.0.205 ## 主机 user: root ## ssh连接的用户名 passwd: upbjsxt ## ssh连接的密码 port: 22 ## 端口 timeout: 3 ## 不需要重启master服务就可以使用salt-ssh来测试 [root@hadoop0 ~]# salt-ssh 'uadoop[4,5]' test.ping uadoop5: True uadoop4: True ## 需要注意的是,由于salt-ssh并没有继承salt的zeroMQ,所以执行起来要慢的多,-r选项可以执行系统命令 [root@hadoop0 ~]# salt-ssh 'uadoop[4,5]' -r 'free -m' uadoop4: ---------- retcode: 0 stderr: stdout: total used free shared buffers cached Mem: 988 174 814 0 35 55 -/+ buffers/cache: 83 905 Swap: 2047 0 2047 uadoop5: ---------- retcode: 0 stderr: stdout: total used free shared buffers cached Mem: 988 172 815 0 34 55 -/+ buffers/cache: 82 906 Swap: 2047 0 2047
ok,你会发现使用salt-ssh也是件非常简单的事情,接下来进入minion的批量部署,如下
## 将所有的与minion部署相关的文件全部放在/srv/salt/epel目录下 [root@hadoop0 epel]# pwd /srv/salt/epel [root@hadoop0 epel]# tree -f . ├── ./epel-release-6-8.noarch.rpm └── ./salt_install.sls 0 directories, 2 files ## salt_install文件内容 [root@hadoop0 epel]# cat salt_install.sls ## 首先要安装epel扩展源,然后才能使用yum的方式安装salt-minion epel_install: file.managed: - name: /tmp/epel-release-6-8.noarch.rpm ## 指定4、5节点的epel安装包的存放路径 - source: salt://epel/epel-release-6-8.noarch.rpm ## 指定从master的哪个位置拷贝epel的rpm包 - user: root ## 文件的拥有者 - group: root ## 文件的所属组 cmd.run: - name: rpm -ivh /tmp/epel-release-6-8.noarch.rpm ## 执行rpm包的安装 - unless: test -f /etc/yum.repos.d/epel.repo ## 如果存在这个文件就不再执行安装程序 - require: - file: epel_install ## 安装epel包要在epel文件拷贝之后 cache_yum: cmd.run: - name: yum makecache ## 生成yum的缓存 - require: - file: epel_install ## 生成缓存要在epel安装之后 salt_install: pkg.installed: ## 安装salt-minion - name: salt-minion - require: ## 安装minion要在epel安装之后 - file: epel_install ## 远程执行 [root@hadoop0 salt]# salt-ssh 'uadoop[4,5]' state.sls epel.salt_install uadoop4: ---------- cmd_|-cache_yum_|-yum makecache_|-run: ---------- __run_num__: 2 changes: ---------- pid: 1993 retcode: 0 stderr: stdout: Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: ftp.stust.edu.tw * epel: ftp.cuhk.edu.hk * extras: mirrors.btte.net * updates: mirrors.btte.net Metadata Cache Created comment: Command "yum makecache" run name: yum makecache result: True cmd_|-epel_install_|-rpm -ivh /tmp/epel-release-6-8.noarch.rpm_|-run: ---------- __run_num__: 1 changes: ---------- pid: 1991 retcode: 0 stderr: warning: /tmp/epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY stdout: Preparing... ################################################## epel-release ################################################## comment: Command "rpm -ivh /tmp/epel-release-6-8.noarch.rpm" run name: rpm -ivh /tmp/epel-release-6-8.noarch.rpm result: True file_|-epel_install_|-/tmp/epel-release-6-8.noarch.rpm_|-managed: ---------- __run_num__: 0 changes: ---------- diff: New file mode: 0644 comment: File /tmp/epel-release-6-8.noarch.rpm updated name: /tmp/epel-release-6-8.noarch.rpm result: True pkg_|-salt_install_|-salt-minion_|-installed: ---------- __run_num__: 3 changes: ---------- PyYAML: ---------- new: 3.10-3.1.el6 old: libyaml: ---------- new: 0.1.6-1.el6 old: m2crypto: ---------- new: 0.20.2-9.el6 old: openpgm: ---------- new: 5.1.118-3.el6 old: python-babel: ---------- new: 0.9.4-5.1.el6 old: python-backports: ---------- new: 1.0-3.el6.centos old: python-backports-ssl_match_hostname: ---------- new: 3.4.0.2-4.el6.centos old: python-chardet: ---------- new: 2.0.1-1.el6.centos old: python-crypto: ---------- new: 2.0.1-22.el6 old: python-jinja2: ---------- new: 2.2.1-2.el6_5 old: python-msgpack: ---------- new: 0.1.13-3.el6 old: python-ordereddict: ---------- new: 1.1-2.el6.centos old: python-requests: ---------- new: 1.1.0-4.el6.centos old: python-six: ---------- new: 1.7.3-1.el6.centos old: python-urllib3: ---------- new: 1.5-7.el6.centos old: python-zmq: ---------- new: 14.3.1-1.el6 old: salt: ---------- new: 2014.7.0-3.el6 old: salt-minion: ---------- new: 2014.7.0-3.el6 old: sshpass: ---------- new: 1.05-1.el6 old: zeromq3: ---------- new: 3.2.4-1.el6 old: comment: The following packages were installed/updated: salt-minion. name: salt-minion result: True uadoop5: ---------- cmd_|-cache_yum_|-yum makecache_|-run: ---------- __run_num__: 2 changes: ---------- pid: 1937 retcode: 0 stderr: stdout: Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirror.neu.edu.cn * epel: ftp.cuhk.edu.hk * extras: mirror.neu.edu.cn * updates: mirror01.idc.hinet.net Metadata Cache Created comment: Command "yum makecache" run name: yum makecache result: True cmd_|-epel_install_|-rpm -ivh /tmp/epel-release-6-8.noarch.rpm_|-run: ---------- __run_num__: 1 changes: ---------- pid: 1935 retcode: 0 stderr: warning: /tmp/epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY stdout: Preparing... ################################################## epel-release ################################################## comment: Command "rpm -ivh /tmp/epel-release-6-8.noarch.rpm" run name: rpm -ivh /tmp/epel-release-6-8.noarch.rpm result: True file_|-epel_install_|-/tmp/epel-release-6-8.noarch.rpm_|-managed: ---------- __run_num__: 0 changes: ---------- diff: New file mode: 0644 comment: File /tmp/epel-release-6-8.noarch.rpm updated name: /tmp/epel-release-6-8.noarch.rpm result: True pkg_|-salt_install_|-salt-minion_|-installed: ---------- __run_num__: 3 changes: ---------- PyYAML: ---------- new: 3.10-3.1.el6 old: libyaml: ---------- new: 0.1.6-1.el6 old: m2crypto: ---------- new: 0.20.2-9.el6 old: openpgm: ---------- new: 5.1.118-3.el6 old: python-babel: ---------- new: 0.9.4-5.1.el6 old: python-backports: ---------- new: 1.0-3.el6.centos old: python-backports-ssl_match_hostname: ---------- new: 3.4.0.2-4.el6.centos old: python-chardet: ---------- new: 2.0.1-1.el6.centos old: python-crypto: ---------- new: 2.0.1-22.el6 old: python-jinja2: ---------- new: 2.2.1-2.el6_5 old: python-msgpack: ---------- new: 0.1.13-3.el6 old: python-ordereddict: ---------- new: 1.1-2.el6.centos old: python-requests: ---------- new: 1.1.0-4.el6.centos old: python-six: ---------- new: 1.7.3-1.el6.centos old: python-urllib3: ---------- new: 1.5-7.el6.centos old: python-zmq: ---------- new: 14.3.1-1.el6 old: salt: ---------- new: 2014.7.0-3.el6 old: salt-minion: ---------- new: 2014.7.0-3.el6 old: sshpass: ---------- new: 1.05-1.el6 old: zeromq3: ---------- new: 3.2.4-1.el6 old: comment: The following packages were installed/updated: salt-minion. name: salt-minion result: True ## 根据反馈的结果看到已经安装成功
需要手动修改uadoop4、uadoop5上的minion配置文件,只用修改两行
[root@uadoop4 tmp]# vi /etc/salt/minion master: 192.168.0.100 id: uadoop4 [root@uadoop5 ~]# vi /etc/salt/minion master: 192.168.0.100 id: uadoop5
master上远程启动uadoop4、uadoop5的minion服务
[root@hadoop0 epel]# salt-ssh 'uadoop[4,5]' -r '/etc/init.d/salt-minion restart' uadoop5: ---------- retcode: 0 stderr: stdout: Stopping salt-minion daemon: [FAILED] Starting salt-minion daemon: [ OK ] uadoop4: ---------- retcode: 0 stderr: stdout: Stopping salt-minion daemon: [FAILED] Starting salt-minion daemon: [ OK ]
启动成功,master上接受minions的认证请求
[root@hadoop0 epel]# salt-key -L Accepted Keys: hadoop1 hadoop2 hadoop3 hadoop4 hadoop5 uadoop0 uadoop1 uadoop2 uadoop3 Unaccepted Keys: uadoop4 uadoop5 Rejected Keys: [root@hadoop0 epel]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: uadoop4 uadoop5 Proceed? [n/Y] Y Key for minion uadoop4 accepted. Key for minion uadoop5 accepted. ## 测试master与新部署的两个minions通信是否正常 [root@hadoop0 epel]# salt 'uadoop[4,5]' test.ping uadoop5: True uadoop4: True
ok,通信正常,说明我们使用salt-ssh已经成功的部署好了两个节点上的minion,如果有很多个节点,那么使用salt-ssh是很容易完成minions的批量部署的,而且salt-ssh也常用在master对不能安装minion服务的主机远程命令的执行。除了自身的执行速度较慢之外,salt-ssh还是足够强大,能够满足我们的需求。本文中需要手动修改每个节点minion的配置文件,因为每个minion id是不一样的,所以这个问题还是没有办法避免,好在minion配置文件需要我们修改的地方只有两行,所以这个问题就不是什么问题了。