Saltstack由master和minion构成,master是服务器端,表示一台服务器;minion是客户端,表示有多台服务器。在master上发送命令给符合条件的minion,minion就会执行相应的命令,master和minion之间是通过Zero(消息队列)进行通信的。
SaltStack的master端监听4505和4506端口,4505为master和minion认证通信端口,4506为master用来发送命令或接收minion的命令执行返回信息。
当客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,而master通过这条TCP连接对客户端进行控制。如果断开连接,master对客户端将不能进行控制。但是,当客户端检查到连接断开后,会定期向master端请求注册连接
Master:控制中心,salt命令运行和资源状态管理端
Minions:需要管理的客户端机器,会主动去连接master端,并从master端得到资源状态,同步资源管理信息
[root@server1 2018]# systemctl start salt-master
[root@server1 2018]# systemctl enable salt-master
[root@server2 2018]# vim /etc/salt/minion
16 master: 172.25.76.1
[root@server2 2018]# systemctl start salt-minion
[root@server2 2018]# systemctl enable salt-minion
[root@server3 2018]# vim /etc/salt/minion
16 master: 172.25.76.1
[root@server3 2018]# systemctl start salt-minion
[root@server3 2018]# systemctl enable salt-minion
[root@server1 2018]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
server3
Rejected Keys:
[root@server1 2018]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
server3
Proceed? [n/Y] y
Key for minion server2 accepted.
Key for minion server3 accepted.
[root@server1 2018]# salt-key -L
Accepted Keys:
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
4505 用于连接slave,发布订阅
4506 接受响应,模式为zmq(消息队列)
[root@server1 2018]# salt '*' test.ping
server3:
True
server2:
True
查看端口关系
[root@server1 2018]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 2241 root 15u IPv4 23991 0t0 TCP *:4505 (LISTEN)
salt-mast 2241 root 17u IPv4 26759 0t0 TCP server1:4505->server2:60394 (ESTABLISHED)
salt-mast 2241 root 18u IPv4 26785 0t0 TCP server1:4505->server3:56000 (ESTABLISHED)
查看master minion关系
[root@server1 salt]# cd pki/
[root@server1 pki]# tree
.
|-- master
| |-- master.pem
| |-- master.pub
| |-- minions
| | |-- server2
| | `-- server3
| |-- minions_autosign
| |-- minions_denied
| |-- minions_pre
| `-- minions_rejected
`-- minion
|-- minion_master.pub
|-- minion.pem
`-- minion.pub
[root@server1 pki]# ls
master minion
[root@server1 pki]# cd master/
[root@server1 master]# ls
master.pem minions minions_denied minions_rejected
master.pub minions_autosign minions_pre
[root@server1 master]# md5sum master.pub
9b89041a0520dd9f196649559e19bcee master.pub
[root@server2 pki]# cd minion/
[root@server2 minion]# ls
minion_master.pub minion.pem minion.pub
[root@server2 minion]# md5sum minion_master.pub
9b89041a0520dd9f196649559e19bcee minion_master.pub
配置环境
[root@server1 master]# vim /etc/salt/master
674 file_roots:
675 base:
676 - /srv/salt
[root@server1 salt]# systemctl restart salt-master
[root@server1 master]# mkdir /srv/salt
安装apache
[root@server1 salt]# mkdir apache
[root@server1 salt]# cd apache/
[root@server1 apache]# vim install.sls
httpd:
pkg.installed
[root@server1 apache]# salt server2 state.sls apache.install
安装多个服务,启动httpd服务
[root@server1 apache]# mkdir files
[root@server1 files]# scp [email protected]:/etc/httpd/conf/httpd.conf .
[root@server1 apache]# vim install.sls
httpd-install:
pkg.installed:
- pkgs:
- httpd
- php
- httpd-tools
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
[root@server1 apache]# salt server2 state.sls apache.install
[root@server1 salt]# tree
.
└── apache
├── files
│ └── httpd.conf
└── install.sls
缓存信息存储在cache
[root@server1 apache]# cd /var/cache/
[root@server1 cache]# ls
ldconfig man salt yum
[root@server1 cache]# cd salt/
[root@server1 salt]# ls
master
[root@server1 salt]# cd master/
[root@server1 master]# ls
file_lists jobs minions proc queues roots syndics tokens
[root@server2 salt]# cd /var/cache/salt/minion/
[root@server2 minion]# tree
.
├── accumulator
├── extmods
├── files
│ └── base
│ └── apache
│ ├── files
│ │ └── httpd.conf
│ └── install.sls
├── highstate.cache.p
├── pkg_refresh
├── proc
└── sls.p
7 directories, 5 files
将install 和服务启动分开
[root@server1 apache]# vim install.sls
httpd-install:
pkg.installed:
- pkgs:
- httpd
- php
- httpd-tools
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
[root@server1 apache]# cat service.sls
include:
- apache.install
httpd-service:
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: httpd-install
安装编译nginx
[root@server1 salt]# mkdir nginx
[root@server1 nginx]# mkdir files
[root@foundation66 Desktop]# scp nginx.service [email protected]:/srv/salt/nginx/files
[root@server1 nginx]# ls
files install.sls
[root@server1 nginx]# cat install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- make
- pcre-devel
- zlib-devel
file.managed:
- name: /mnt/nginx-1.15.8.tar.gz
- source: salt://nginx/files/nginx-1.15.8.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.15.8.tar.gz && cd nginx-1.15.8 && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /mnt/nginx-1.15.8
[root@server1 nginx]# tree
.
├── files
│ ├── nginx-1.15.8.tar.gz
│ └── nginx.service
└── install.sls
[root@server1 nginx]# salt server3 state.sls nginx.install
在server3上查看
[root@server3 minion]# du -h /usr/local/nginx/
796K /usr/local/nginx/sbin
68K /usr/local/nginx/conf
0 /usr/local/nginx/logs
8.0K /usr/local/nginx/html
872K /usr/local/nginx/
[root@server3 minion]# du -sh /usr/local/nginx/
872K /usr/local/nginx/
[root@server1 nginx]# tree
.
├── files
│ ├── nginx-1.15.8.tar.gz
│ ├── nginx.conf
│ └── nginx.service
├── install.sls
└── service.sls
[root@server1 nginx]# vim service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
service.running:
- name: nginx
- enable: true
- reload: true
- watch:
- file: /usr/local/nginx/conf/nginx.conf
[root@server1 files]# vim nginx.conf
worker_processes auto;
[root@server1 files]# salt server3 state.sls nginx.service
grains是minion第一次启动的时候采集的静态数据,可以用在salt的模块和其他组件中。其实grains在每次的minion启动(重启)的时候都会采集,即向master汇报一次的
应用场景:
grains的特性–每次启动汇报、静态决定了它没有pillar灵活,要知道pillar是随时可变的,只要在master端修改了那一般都会立刻生效的。所以grains更适合做一些静态的属性值的采集,例如设备的角色(role),磁盘个数(disk_num)等诸如此类非常固定的属性。
那么我们就可以得到一个大致的判断,如果你想定义的属性值是经常变化的,那请采用pillar,如果是很固定、不易变的那请用grains
grain和pillar区别:
设置top文件使不同主机执行不同服务
[root@server1 salt]# vim top.sls
base:
'server2':
- apache.service
'server3':
- nginx.service
[root@server1 salt]# salt '*' state.highstate
设置变量
[root@server1 salt]# salt '*' grains.items
[root@server2 minion]# vim /etc/salt/minion
120 grains:
121 roles:
122 apache
[root@server2 minion]# systemctl restart salt-minion
查看
[root@server1 salt]# salt '*' grains.item roles
server3:
----------
roles:
server2:
----------
roles:
apache
[root@server3 salt]# vim grains
roles: nginx
[root@server3 salt]# systemctl restart salt-minion
[root@server1 _grains]# salt server3 saltutil.sync_grains
server3:
[root@server1 salt]# salt '*' grains.item roles
server3:
----------
roles:
nginx
server2:
----------
roles:
apache
[root@server1 salt]# salt -G 'roles:nginx' test.ping
server3:
True
[root@server1 salt]# salt -G 'roles:apache' test.ping
server2:
True
[root@server1 salt]# salt -G 'salt:stack' test.ping
server2:
True
server3:
True
[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# ls
[root@server1 _grains]# vim my_grains.py
#!/usr/bin/env python
def my_granns():
grains = {'foo': 'bar', 'hello': 'world'}
grains['salt'] = 'stack'
return grains
[root@server1 salt]# vim top.sls
base:
'roles:apache':
- match: grain
- apache.service
'roles:nginx':
- match: grain
- nginx.service
[root@server1 salt]# salt '*' state.highstate
[root@server1 salt]# vim /etc/salt/master
844 pillar_roots:
845 base:
846 - /srv/pillar
[root@server1 salt]# mkdir /srv/pillar
[root@server1 salt]# systemctl restart salt-master
[root@server1 pillar]# tree
.
├── top.sls
└── web
└── vars.sls
[root@server1 pillar]# cat top.sls
base:
'*':
- web.vars
[root@server1 pillar]# cd web/
[root@server1 web]# cat vars.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
state: master
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
state: backup
{% endif %}
[root@server1 pillar]# salt '*' pillar.items
server3:
----------
state:
backup
webserver:
nginx
server2:
----------
state:
master
webserver:
httpd
[root@server1 pillar]# salt '*' saltutil.refresh_pillar
server3:
True
server2:
True
[root@server1 pillar]# salt -I 'state:master' test.ping
server2:
True
[root@server1 pillar]# salt -I 'state:backup' test.ping
server3:
True
设置高可用
[root@server1 salt]# cd keepalived/
[root@server1 keepalived]# tree
.
├── files
│ └── keepalived.conf
└── install.sls
[root@server1 keepalived]# cat install.sls
kp-install:
pkg.installed:
- pkgs:
- keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid'] }}
PRIORITY: {{ pillar['priority'] }}
service.running:
- name: keepalived
- enable: true
- reload: true
- watch:
- file: kp-install
#设置配置文件
[root@server1 keepalived]# ls
files install.sls
[root@server1 keepalived]# cd files/
[root@server1 files]# pwd
/srv/salt/keepalived/files
[root@server1 files]# ls
keepalived.conf
[root@server1 files]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.76.100
}
}
#设置变量
[root@server1 files]# cat /srv/pillar/web/vars.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
state: MASTER
vrid: 76
priority: 100
ip: 172.25.76.2
port: 80
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
state: BACKUP
vrid: 176
priority: 50
ip: 172.25.76.3
port: 80
{% endif %}
[root@server1 salt]# salt '*' state.highstate
[root@server2 minion]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:d8:c0:0b brd ff:ff:ff:ff:ff:ff
inet 172.25.76.2/24 brd 172.25.76.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.25.76.100/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fed8:c00b/64 scope link
valid_lft forever preferred_lft forever