SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
通过部署SaltStack,我们可以在成千万台服务器上做到批量执行命令,根据不同业务进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。
SaltStack三种运行模式
localhost
ssh模式
server/agent模式
实验环境
CentOS 6.8_x64
server 192.168.1.102
agent 192.168.1.104
实验软件
salt-master-2015.5.10-2.el6.noarch
salt-api-2015.5.10-2.el6.noarch
salt-ssh-2015.5.10-2.el6.noarch
软件安装
yum install -y salt-master salt-api pam pam-devel git epel-release server端安装
yum install -y salt-minion agent端安装
cp -p /etc/salt/master /etc/salt/master.bak
sed -i "s/#interface: 0.0.0.0/interface: 192.168.1.102/g" /etc/salt/master 192.168.1.102为server端ip
sed -i "s/#auto_accept: False/auto_accept: False/g" /etc/salt/master
sed -i 's/#pidfile/pidfile/g' /etc/salt/master
sed -i 's/#pki_dir/pki_dir/g' /etc/salt/master
service salt-master restart && chkconfig --level 35 salt-master on
cp -p /etc/salt/minion /etc/salt/minion.bak
sed -i 's/#master: salt/master: 192.168.1.102/g' /etc/salt/minion agent配置server_ip
sed -i 's/#pidfile/pidfile/g' /etc/salt/minion
sed -i 's/#pki_dir/pki_dir/g' /etc/salt/minion
service salt-minion restart && chkconfig --level 35 salt-minion on
salt-key -L 查看本机所有证书
Unaccepted Keys:
salt-agent
salt-key -A -y
Unaccepted Keys: 信任许可客户端证书
salt-agent
salt-key -D -y
Unaccepted Keys: 删除许可客户端证书
salt '*' test.ping 测试客户端连通性
salt-agent:
True
salt '*' cmd.run 'ip addr | grep eth0'
salt-slave:
3: eth0:
inet 192.168.1.104/24 brd 192.168.1.255 scope global eth0
salt '*' cmd.run 'df -Th'
salt-agent:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3 ext4 77G 2.7G 71G 4% /
tmpfs tmpfs 495M 12K 495M 1% /dev/shm
/dev/sda1 ext4 1.2G 35M 1.1G 4% /boot
salt -L Minion,Minion1 test.ping
salt '*' cmd.run 'yum install -y httpd httpd-devel'
salt '*' cmd.run 'service httpd restart'
salt-slave:
Stopping httpd: ?[60G[?[0;32m OK ?[0;39m]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.1.104 for ServerName
?[60G[?[0;32m OK ?[0;39m]
cp -p /etc/salt/roster /etc/salt/roster.bak 配置ssh模式
vim /etc/salt/roster
salt-server:
host: 192.168.1.102
user: root
password: 1
port: 22
satl-agent1:
host: 192.168.1.104
user: root
password: 1
port: 22 写入配置
salt-ssh '*' test.ping -i
salt-server:
True
satl-agent:
True
salt-ssh '*' -r 'ip addr | grep eth0'
salt-server:
eth0:
inet 192.168.1.102/24 brd 192.168.1.255 scope global eth0
satl-agent:
eth0:
inet 192.168.1.104/24 brd 192.168.1.255 scope global eth0
-r, –raw, –raw-shell 直接使用shell命令
–priv 指定SSH私有密钥文件
–roster #定义使用哪个roster系统,如果定义了一个后端数据库,扫描方式,或者用户自定义的的roster系统,默认的就是/etc/salt/roster文件
–roster-file #指定roster文件
–refresh, –refresh-cache #刷新cache,如果target的grains改变会自动刷新
–max-procs 指定进程数,默认为25
-i, –ignore-host-keys 当ssh连接时,忽略keys
–passwd 指定默认密码
–key-deploy 配置keys 设置这个参数对于所有minions用来部署ssh-key认证,参和–passwd结合使用初始化部署很快很方便。当调用master模块时,并加上参数 –key-deploy 即可在minions生成keys,下次开始就不使用密码
cd /usr/local/
git clone https://github.com/saltstack/halite
cd halite/halite/
./genindex.py -C
ll /usr/local/halite/halite/index.html
/usr/local/halite/halite/index.html
useradd salt && echo admin123 | passwd --stdin salt admin123为用户登入密码
tail -n 12 /etc/salt/master
rest_cherrypy:
host: 0.0.0.0
port: 8080
deubg: true
disable_ssl: True
static: /usr/local/halite/halite/
app: /usr/local/halite/halite/index.html
external_auth:
pam:
salt:
- .* 配置文件最后添加
chkconfig --level 35 salt-master on && chkconfig --level 35 salt-api on
chkconfig --level 35 salt-minion on minion执行
nohup python /usr/local/halite/halite/server_bottle.py -d -C -l debug -s cherrypy & 启动服务后台运行 不加nohup为前台运行
salt-api -d 也可以实现后台运行
cp -pv /etc/rc.d/rc.local /etc/rc.d/rc.local.bak
echo "nohup python /usr/local/halite/halite/server_bottle.py -d -C -l debug -s cherrypy &" >> /etc/rc.d/rc.local 设置开机启动
pkill cherrypy 杀死进程
pkill salt-master/salt-minion/salt-api
netstat -tuplna | grep 4505
tcp 0 0 192.168.1.102:4505 0.0.0.0:* LISTEN 15704/python2.6
netstat -tuplna | grep 4506
tcp 0 0 192.168.1.102:4506 0.0.0.0:* LISTEN 16254/python2.6
tcp 0 0 192.168.1.102:4506 103.75.44.204:46119 ESTABLISHED 16254/python2.6
ps -ef | grep python
root 2430 1 0 22:46 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2431 2430 0 22:46 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d
netstat -tuplna | grep 8080
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 6244/python
ps -ef | grep 8080
root 6755 6709 0 19:28 pts/5 00:00:00 grep 8080
http://serverip:8080/app/console username:salt password:salt