最近换了家公司,公司使用saltstack管理服务器,故在本地搭建安装学习
一、常见自动化工具
1. Puppet (www.puppetlabs.com)基于rubby开发,c/s架构,支持多平台,可管理配置文件、用户、cron任务、软件包、系统服务等。 分为社区版(免费)和企业版(收费),企业版支持图形化配置。
2. Saltstack(官网 https://saltstack.com,文档docs.saltstack.com )基于python开发,c/s架构,支持多平台,比puppet轻量,在远程执行命令时非常快捷,因为Saltstack有一个消息队列。Saltstack配置和使用比puppet容易,能实现puppet几乎所有的功能。
3. Ansible (www.ansible.com )更加简洁的自动化运维工具,不需要在客户端上安装agent,基于python开发。可以实现批量操作系统配置、批量程序的部署、批量运行命令。
二、saltstack安装
2.1、准备工作
在客户端和服务端关闭防火墙和selinux
[root@saltserver ~]# systemctl stop firewalld [root@saltserver ~]# setenforce 0 [root@saltserver ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2.2、配置hosts解析
服务端
[root@saltserver ~]# echo -e "192.168.3.119 saltserver\n192.168.3.125 saltclient" >>/etc/hosts
客户端
[root@saltclient ~]# echo -e "192.168.3.119 saltserver\n192.168.3.125 saltclient" >>/etc/hosts
2.3、安装saltstack
服务端
[root@saltserver ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@saltserver ~]# yum install salt-master salt-minion
客户端
[root@saltclient ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@saltclient ~]# yum install salt-minion
2.4、更改客户端minion配置文件
服务端
[root@saltserver salt]# sed -i 's/master: server/master: saltserver/g' /etc/salt/minion
客户端
[root@saltclient salt]# sed -i 's/master: server/master: saltserver/g' /etc/salt/minion
2.5、启动saltstack
服务端
master在第一次启动时会在/etc/salt/pki/master下生成秘钥对,当master通过salt-key工具接收到minion传过来的公钥后,就会在/etc/salt/pki/master/minions/目录里存放刚刚接受的公钥,同时客户端也会接收master传过去的 公钥,把它放在/etc/salt/pki/minion目录下,并命名为minion_master.pub。
[root@saltserver ~]# systemctl start salt-master [root@saltserver ~]# systemctl start salt-minion [root@saltserver salt]# ps -ef |grep salt avahi 1071 1 0 11:57 ? 00:00:05 avahi-daemon: running [saltserver.local] root 3237 1 0 12:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 3240 3237 0 12:00 ? 00:00:10 /usr/bin/python /usr/bin/salt-minion root 3248 3240 0 12:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 17557 1 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17562 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17567 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17568 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17571 17557 0 14:35 ? 00:00:25 /usr/bin/python /usr/bin/salt-master root 17572 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17573 17572 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17578 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17581 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17582 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17583 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17584 17557 0 14:35 ? 00:00:07 /usr/bin/python /usr/bin/salt-master root 17585 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master [root@saltserver salt]# netstat -tlunp |grep python tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17567/python tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17573/python
4505是用来发布消息的,4506是与客户端通信,传输数据的。
客户端
minion在第一次启动时会在/etc/salt/pki/minion/下生成minion.perm和minion.pub,其中.pub是公钥,我们需要把公钥传输给master
[root@saltclient ~]# systemctl start salt-minion
2.6、为salt配置认证
[root@saltserver ~]# salt-key -a saltserver The following keys are going to be accepted: Unaccepted Keys: saltserver Proceed? [n/Y] y Key for minion saltserver accepted. [root@saltserver ~]# salt-key -a saltclient The following keys are going to be accepted: Unaccepted Keys: saltclient Proceed? [n/Y] y Key for minion saltclient accepted. [root@saltserver salt]# salt-key -L Accepted Keys: saltclient saltserver Denied Keys: Unaccepted Keys: Rejected Keys: [root@saltserver salt]#
2.7、执行命令测试
[root@saltserver salt]# salt '*' test.ping saltclient: True saltserver: True
说明:以上安装内容参考自"https://blog.51cto.com/zero01/2064247"
三、saltstack常用模块
3.1、sys模块
3.1.1、sys.list_modules;列出当前版本支持的模块
[root@saltserver salt]# salt "saltclient" sys.list_modules saltclient: - acl - aliases - alternatives - archive - artifactory - at - augeas - beacons - bigip - bridge - btrfs - buildout - cloud - cmd - composer - config - consul - container_resource - cp - cron - cryptdev - data - defaults - devmap - dig - disk - django - dnsmasq - dnsutil - drbd - environ ...........
3.1.2、sys.list_functions func;列出给出的模块支持的函数
[root@saltserver salt]# salt "saltclient" sys.list_functions cmd saltclient: - cmd.exec_code - cmd.exec_code_all - cmd.has_exec - cmd.powershell - cmd.powershell_all - cmd.retcode - cmd.run - cmd.run_all - cmd.run_bg - cmd.run_chroot - cmd.run_stderr - cmd.run_stdout - cmd.script - cmd.script_retcode - cmd.shell - cmd.shell_info - cmd.shells - cmd.tty - cmd.which - cmd.which_bin
3.1.3、sys.doc;类似于linux中的man命令
[root@saltserver salt]# salt "saltclient" sys.doc cmd.run cmd.run: Execute the passed command and return the output as a string :param str cmd: The command to run. ex: ``ls -lart /home`` :param str cwd: The directory from which to execute the command. Defaults to the home directory of the user specified by ``runas`` (or the user under which Salt is running if ``runas`` is not specified). :param str stdin: A string of standard input can be specified for the command to be run using the ``stdin`` parameter. This can be useful in cases where sensitive information must be read from standard input. :param str runas: Specify an alternate user to run the command. The default behavior is to run as the user under which Salt is running. If running on a Windows minion you must also use the ``password`` argument, and the target user account must be in the Administrators group. :param str password: Windows only. Required when specifying ``runas``. This parameter will be ignored on non-Windows platforms. New in version 2016.3.0 :param str shell: Specify an alternate shell. Defaults to the system's default shell. :param bool python_shell: If ``False``, let python handle the positional arguments. Set to ``True`` to use shell features, such as pipes or redirection.
3.2、cmd模块
3.2.1、cmd.run;运行linux命令
[root@saltserver salt]# salt 'saltclient' cmd.run 'free -m' saltclient: total used free shared buff/cache available Mem: 985 194 483 6 308 577 Swap: 2047 0 2047
3.2.2、cmd.shell;和run差不多,具体区别待测试
[root@saltserver salt]# salt 'saltclient' cmd.shell 'free -m' saltclient: total used free shared buff/cache available Mem: 985 195 481 6 308 576 Swap: 2047 0 2047
3.3、service模块(管理系统服务,停止、状态、启动、查看服务可用状态等)
[root@saltserver salt]# salt 'saltclient' service.start 'httpd' saltclient: True [root@saltserver salt]# [root@saltserver salt]# [root@saltserver salt]# salt 'saltclient' service.stop 'httpd' saltclient: True [root@saltserver salt]# salt 'saltclient' service.restart 'httpd' saltclient: True [root@saltserver salt]# salt 'saltclient' service.available 'httpd' saltclient: True
3.4、cp模块(上传下载文件、文件夹等)
cp.get_file;用来将master上的文件发布到客户端
[root@saltserver ~]# salt saltclient cp.get_file salt://nginx_conf/test.conf /etc/nginx.conf saltclient: /etc/nginx.conf
cp.get_dir;用来将master上的整个文件夹发布到客户端
[root@saltserver nginx_conf]# salt saltclient cp.get_dir salt://nginx_conf /tmp gzip=9 saltclient: - /tmp/nginx_conf/test.conf - /tmp/nginx_conf/test2.conf
3.5、pkg模块(软件包管理)
[root@saltserver nginx_conf]# salt saltclient pkg.remove httpd saltclient: ---------- httpd: ---------- new: old: 2.4.6-80.el7.centos.1 [root@saltserver nginx_conf]# salt saltclient pkg.install httpd saltclient: ---------- httpd: ---------- new: 2.4.6-80.el7.centos.1 old: [root@saltserver nginx_conf]# salt saltclient pkg.upgrade httpd saltclient: ----------
3.6、cron模块(管理计划任务的模块)
[root@saltserver nginx_conf]# salt saltclient cron.set_job root '*' 1 1 1 '*' 'echo "helloworld"' saltclient: new [root@saltserver nginx_conf]# salt saltclient cron.ls root saltclient: ---------- crons: |_ ---------- cmd: echo "helloworld" comment: None commented: False daymonth: 1 dayweek: * hour: 1 identifier: None minute: * month: 1 env: pre: special: [root@saltserver nginx_conf]# salt saltclient cron.rm_job root 'echo "helloworld"' saltclient: removed
3.7、status模块(查看系统状态的模块、平均负载,cpu信息,磁盘,内存等信息)
[root@saltserver nginx_conf]# salt saltclient sys.list_functions status saltclient: - status.all_status - status.cpuinfo - status.cpustats - status.custom - status.diskstats - status.diskusage - status.loadavg - status.master - status.meminfo - status.netdev - status.netstats - status.nproc - status.pid - status.ping_master - status.procs - status.proxy_reconnect - status.time - status.uptime - status.version - status.vmstats - status.w
salt的模块有很多,这里就写几个常用的,还有一些模块详细用法参见:“https://blog.csdn.net/chengxuyuanyonghu/article/details/64519496”