自动化运维

24.1 自动化运维介绍

自动化运维_第1张图片

自动化运维_第2张图片

24.2 saltstack安装

•saltstack介绍https://docs.saltstack.com/en/latest/topics/index.html

• 可以使用salt-ssh远程执行,类似ansible,

 也支持c/s模式

下面我们将讲述该种模式的使用,需要准备两台机器,128服务端,131客户端

自动化运维_第3张图片

设置hostname以及hosts

[root@hongwei-02 ~]# hostname
hongwei-02
[root@hongwei-02 ~]# 
[root@hongwei-03 ~]# hostname
hongwei-03
[root@hongwei-03 ~]# 
[root@hongwei-02 ~]# vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 aming.com
192.168.93.128 hongwei-02
192.168.93.131 hongwei-03

二台机器都要yum安装

[root@hongwei-02 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm

客户只需要安装一个包

[root@hongwei-03 ~]# yum install -y salt-minion
已加载插件:fastestmirror

服务端要二个包

[root@hongwei-02 ~]# yum install -y salt-master salt-minion

24.3 启动saltstack服务

服务端编辑配置文件,增加二行

[root@hongwei-02 ~]# vi /etc/salt/minion

自动化运维_第4张图片

客户端也要同样编辑

自动化运维_第5张图片

启动服务

[root@hongwei-03 ~]# systemctl start salt-minion
[root@hongwei-03 ~]# ps aux|grep salt
root      2741  7.4  2.1 313708 21364 ?        Ss   20:09   0:00 /usr/bin/python /usr/bin/salt-minion
root      2744 33.6  4.2 565068 42424 ?        Sl   20:09   0:02 /usr/bin/python /usr/bin/salt-minion
root      2752  0.0  1.9 403996 20132 ?        S    20:09   0:00 /usr/bin/python /usr/bin/salt-minion
root      2809  0.0  0.0 112664   964 pts/0    R+   20:09   0:00 grep --color=auto salt
[root@hongwei-02 ~]# systemctl start salt-master
[root@hongwei-02 ~]# systemctl start salt-minion
[root@hongwei-02 ~]# 
[root@hongwei-02 ~]# ps aux|grep salt
root      2691 27.0  4.0 391204 40724 ?        Ss   20:10   0:02 /usr/bin/python /usr/bin/salt-master
root      2700  0.1  1.9 308928 20004 ?        S    20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2705  0.0  3.3 471868 34300 ?        Sl   20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2708  0.0  3.3 389940 33828 ?        S    20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2709  2.6  3.7 393472 37556 ?        S    20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2710  5.5  3.4 390796 34604 ?        S    20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2711 16.4  3.4 636580 35072 ?        Rl   20:10   0:01 /usr/bin/python /usr/bin/salt-master
root      2718  0.1  3.4 464936 34960 ?        Sl   20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2720 16.1  3.6 393140 36448 ?        R    20:10   0:01 /usr/bin/python /usr/bin/salt-master
root      2721 16.0  3.6 393140 36448 ?        R    20:10   0:01 /usr/bin/python /usr/bin/salt-master
root      2722 14.8  3.6 393144 36444 ?        R    20:10   0:01 /usr/bin/python /usr/bin/salt-master
root      2723 13.2  3.6 393140 36440 ?        S    20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2724 15.8  3.6 393144 36436 ?        S    20:10   0:00 /usr/bin/python /usr/bin/salt-master
root      2742  0.0  0.0 112668   964 pts/0    S+   20:10   0:00 grep --color=auto salt
[root@hongwei-02 ~]# 

24.4 saltstack配置认证

自动化运维_第6张图片

[root@hongwei-02 ~]# salt-key -a hongwei-03
The following keys are going to be accepted:
Unaccepted Keys:
hongwei-03
Proceed? [n/Y] y
Key for minion hongwei-03 accepted.
[root@hongwei-02 ~]# 
[root@hongwei-02 ~]# salt-key
Accepted Keys:
hongwei-03
Denied Keys:
Unaccepted Keys:
hongwei-02
Rejected Keys:
[root@hongwei-02 ~]# 

绿色表示通过的

salt-key命令用法

认证所有主机

[root@hongwei-02 ~]# salt-key -A 
The following keys are going to be accepted:
Unaccepted Keys:
hongwei-02
Proceed? [n/Y] y
Key for minion hongwei-02 accepted.
[root@hongwei-02 ~]# salt-key
Accepted Keys:
hongwei-02
hongwei-03
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@hongwei-02 ~]# 

跟主机名,拒绝指定主机

[root@hongwei-02 ~]# salt-key -r hongwei-02

拒绝所有主机

[root@hongwei-02 ~]# salt-key -R

•-d 跟主机名,删除指定主机认证

• -D 删除全部主机认证

• -y 省略掉交互,相当于直接按了y

24.5 saltstack远程执行命令

[root@hongwei-02 ~]# salt '*' test.ping
hongwei-03:
    True
hongwei-02:
    True
[root@hongwei-02 ~]# 
[root@hongwei-02 ~]# salt '*' cmd.run "hostname"
hongwei-03:
    hongwei-03
hongwei-02:
    hongwei-02
[root@hongwei-02 ~]# 

这里的*表示所有已经签名的minion端,也可以指定一个

[root@hongwei-02 ~]# salt 'hongwei-03' test.ping
hongwei-03:
    True
[root@hongwei-02 ~]# 

说明: 这里的*必须是在master上已经被接受过认证的客户端,可以通过salt-key查到,通常是我们已经设定的id值。关于这部分内容,它支持通配、列表以及正则。 比如两台客户端aming-01,aming-02, 那我们可以写成salt 'aming-*', salt 'aming-0[12]'  salt -L 'aming-01,aming-02'   salt -E 'aming-(01|02)'等形式,使用列表,即多个机器用逗号分隔,而且需要加-L,使用正则必须要带-E选项。 它还支持grains,加-G选项,pillar 加-I选项

[root@hongwei-02 ~]# salt -L 'hongwei-03' test.ping
hongwei-03:
    True
[root@hongwei-02 ~]# salt -E 'hongwei-03' test.ping
hongwei-03:
    True
[root@hongwei-02 ~]# salt -E 'hongwei-[0-9]' test.ping
hongwei-03:
    True
hongwei-02:
    True
[root@hongwei-02 ~]# 

24.6 grains

grains是在minion启动时收集到的一些信息,比如操作系统类型、网卡ip、内核版本、cpu架构等。

列出所有的grains项目名字

[root@hongwei-02 ~]# salt 'hongwei-02' grains.ls
hongwei-02:
    - SSDs
    - biosreleasedate
    - biosversion
    - cpu_flags
    - cpu_model
    - cpuarch
    - disks
    - dns
    - domain
    - fqdn
    - fqdn_ip4
    - fqdn_ip6
    - gid
    - gpus
    - groupname
    - host
    - hwaddr_interfaces
    - id
    - init
    - ip4_gw
    - ip4_interfaces
    - ip6_gw
    - ip6_interfaces
    - ip_gw
    - ip_interfaces
    - ipv4
    - ipv6
    - kernel
    - kernelrelease
    - kernelversion
    - locale_info
    - localhost
    - lsb_distrib_codename
    - lsb_distrib_id
    - machine_id
    - manufacturer
    - master
    - mdadm
    - mem_total
    - nodename
    - num_cpus
    - num_gpus
    - os
    - os_family
    - osarch
    - oscodename
    - osfinger
    - osfullname
    - osmajorrelease
    - osrelease
    - osrelease_info
    - path
    - pid
    - productname
    - ps
    - pythonexecutable
    - pythonpath
    - pythonversion
    - saltpath
    - saltversion
    - saltversioninfo
    - selinux
    - serialnumber
    - server_id
    - shell
    - swap_total
    - systemd
    - uid
    - username
    - uuid
    - virtual
    - zfs_feature_flags
    - zfs_support
    - zmqversion
[root@hongwei-02 ~]# 

列出所有grains项目以及值

[root@hongwei-02 ~]# salt 'hongwei-02' grains.items
hongwei-02:
    ----------
    SSDs:
    biosreleasedate:
        07/31/2013
    biosversion:
        6.00
    cpu_flags:
        - fpu
        - vme
        - de
        - pse
        - tsc
        - msr
        - pae
        - mce
        - cx8
        - apic
        - sep
        - mtrr
        - pge
        - mca
        - cmov
        - pat
        - pse36
        - clflush
        - dts
        - mmx
        - fxsr
        - sse
        - sse2
        - ss
        - syscall
        - nx
        - rdtscp
        - lm
        - constant_tsc
        - arch_perfmon
        - pebs
        - bts
        - nopl
        - xtopology
        - tsc_reliable
        - nonstop_tsc
        - aperfmperf
        - eagerfpu
        - pni
        - pclmulqdq
        - ssse3
        - cx16
        - pcid
        - sse4_1
        - sse4_2
        - x2apic
        - popcnt
        - aes
        - xsave
        - avx
        - f16c
        - rdrand
        - hypervisor
        - lahf_lm
        - ida
        - arat
        - epb
        - pln
        - pts
        - dtherm
        - fsgsbase
        - smep
        - xsaveopt
    cpu_model:
        Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
    cpuarch:
        x86_64
    disks:
        - fd0
        - sda
        - sdb
        - sr0
        - dm-0
        - dm-1
    dns:
        ----------
        domain:
        ip4_nameservers:
            - 119.29.29.29
        ip6_nameservers:
        nameservers:
            - 119.29.29.29
        options:
        search:
        sortlist:
    domain:
    fqdn:
        hongwei-02
    fqdn_ip4:
        - 192.168.93.128
    fqdn_ip6:
    gid:
        0
    gpus:
        |_
          ----------
          model:
              SVGA II Adapter
          vendor:
              unknown
    groupname:
        root
    host:
        hongwei-02
    hwaddr_interfaces:
        ----------
        ens33:
            00:0c:29:a8:7a:67
        lo:
            00:00:00:00:00:00
    id:
        hongwei-02
    init:
        systemd
    ip4_gw:
        192.168.93.2
    ip4_interfaces:
        ----------
        ens33:
            - 192.168.93.128
        lo:
            - 127.0.0.1
    ip6_gw:
        False
    ip6_interfaces:
        ----------
        ens33:
            - fe80::20c:29ff:fea8:7a67
        lo:
            - ::1
    ip_gw:
        True
    ip_interfaces:
        ----------
        ens33:
            - 192.168.93.128
            - fe80::20c:29ff:fea8:7a67
        lo:
            - 127.0.0.1
            - ::1
    ipv4:
        - 127.0.0.1
        - 192.168.93.128
    ipv6:
        - ::1
        - fe80::20c:29ff:fea8:7a67
    kernel:
        Linux
    kernelrelease:
        3.10.0-327.el7.x86_64
    kernelversion:
        #1 SMP Thu Nov 19 22:10:57 UTC 2015
    locale_info:
        ----------
        defaultencoding:
            UTF-8
        defaultlanguage:
            zh_CN
        detectedencoding:
            UTF-8
    localhost:
        hongwei-02
    lsb_distrib_codename:
        CentOS Linux 7 (Core)
    lsb_distrib_id:
        CentOS Linux
    machine_id:
        32d38a18a3b244e895c71a7dec6bd3e7
    manufacturer:
        VMware, Inc.
    master:
        hongwei-02
    mdadm:
    mem_total:
        985
    nodename:
        hongwei-02
    num_cpus:
        1
    num_gpus:
        1
    os:
        CentOS
    os_family:
        RedHat
    osarch:
        x86_64
    oscodename:
        CentOS Linux 7 (Core)
    osfinger:
        CentOS Linux-7
    osfullname:
        CentOS Linux
    osmajorrelease:
        7
    osrelease:
        7.2.1511
    osrelease_info:
        - 7
        - 2
        - 1511
    path:
        /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
    pid:
        8817
    productname:
        VMware Virtual Platform
    ps:
        ps -efHww
    pythonexecutable:
        /usr/bin/python
    pythonpath:
        - /usr/bin
        - /usr/lib64/python27.zip
        - /usr/lib64/python2.7
        - /usr/lib64/python2.7/plat-linux2
        - /usr/lib64/python2.7/lib-tk
        - /usr/lib64/python2.7/lib-old
        - /usr/lib64/python2.7/lib-dynload
        - /usr/lib64/python2.7/site-packages
        - /usr/lib/python2.7/site-packages
    pythonversion:
        - 2
        - 7
        - 5
        - final
        - 0
    saltpath:
        /usr/lib/python2.7/site-packages/salt
    saltversion:
        2018.3.2
    saltversioninfo:
        - 2018
        - 3
        - 2
        - 0
    selinux:
        ----------
        enabled:
            False
        enforced:
            Disabled
    serialnumber:
        VMware-56 4d ea 79 c2 82 7d 18-0a 52 d9 d8 ac a8 7a 67
    server_id:
        404998496
    shell:
        /bin/sh
    swap_total:
        2047
    systemd:
        ----------
        features:
            +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
        version:
            219
    uid:
        0
    username:
        root
    uuid:
        564dea79-c282-7d18-0a52-d9d8aca87a67
    virtual:
        VMware
    zfs_feature_flags:
        False
    zfs_support:
        False
    zmqversion:
        4.1.4
[root@hongwei-02 ~]# 

•grains的信息并不是动态的,并不会实时变更,它是在minion启动时收集到的。

• 我们可以根据grains收集到的一些信息,做配置管理工作。

自定义grains  

客户端机器上,添加文件,加入二行

[root@hongwei-03 ~]# vim /etc/salt/grains

role: nginx 
env: test
~          

重启minion服务

[root@hongwei-03 ~]# systemctl restart salt-minion
[root@hongwei-03 ~]# 
 

回到服务端机器上查看

[root@hongwei-02 ~]# salt '*' grains.item role env
hongwei-03:
    ----------
    env:
        test
    role:
        nginx
hongwei-02:
    ----------
    env:
    role:
[root@hongwei-02 ~]# 

可以借助grains的一些属性信息来执行

[root@hongwei-02 ~]# salt -G role:nginx cmd.run 'hostname'
hongwei-03:
    hongwei-03
[root@hongwei-02 ~]# 

24.7 pillar

• pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息。像一些比较重要的数据(密码)可以存在pillar里,还可以定义变量等。

配置自定义pillar

首先编辑配置文件

[root@hongwei-02 ~]# vim  /etc/salt/master

找到下面的文件前面#号去掉

89ecb2d4eb40a30ec1f650f8ac319022c89.jpg

重启服务:

[root@hongwei-02 ~]# systemctl restart salt-master
[root@hongwei-02 ~]# 

创建目录

ls: 无法访问/srv/pillar: 没有那个文件或目录
[root@hongwei-02 ~]# mkdir !$
mkdir /srv/pillar
[root@hongwei-02 ~]# 

到这个目录下去编辑一个文件

[root@hongwei-02 ~]# cd /srv/pillar/
[root@hongwei-02 pillar]# vi test.sls

conf: /etc/123.conf

在定义一个文件的入口

[root@hongwei-02 pillar]# vi /srv/pillar/top.sls

base:
  'hongwei-03':
    - test

重启master

[root@hongwei-02 pillar]# systemctl restart salt-master
[root@hongwei-02 pillar]# 

当更改完pillar配置文件后,我们可以通过刷新pillar配置来获取新的pillar状态

[root@hongwei-02 pillar]# salt '*' saltutil.refresh_pillar
hongwei-03:
    True
hongwei-02:
    True
[root@hongwei-02 pillar]# 

验证

[root@hongwei-02 pillar]# salt  '*' pillar.item conf
hongwei-03:
    ----------
    conf:
        /etc/123.conf
hongwei-02:
    ----------
    conf:
[root@hongwei-02 pillar]# 

pillar同样可以用来作为salt的匹配对象

[root@hongwei-02 pillar]# salt  -I 'conf:/etc/123.conf' cmd.run "w"
hongwei-03:
     21:00:26 up  1:14,  1 user,  load average: 0.02, 0.05, 0.13
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    192.168.93.1     19:47    5:46   0.37s  0.37s -bash
[root@hongwei-02 pillar]# 

24.8 安装配置httpd

在master机器上,vi /etc/salt/master //搜索找到file_roots

•打开如下内容的注释:

•file_roots:

•  base: #前面有两个空格

    - /srv/salt #前面有4个空格

自动化运维_第7张图片

重启服务

[root@hongwei-02 ~]# systemctl restart salt-master

创建目录,并且创建文件,写入如下内容

[root@hongwei-02 ~]# mkdir /srv/salt
[root@hongwei-02 ~]# cd !$
cd /srv/salt
[root@hongwei-02 salt]# vi /srv/salt/top.sls

base:
  '*':
    - httpd

意思是,在所有的客户端上执行httpd模块

重启服务

[root@hongwei-02 salt]# systemctl restart salt-master

master上vi /srv/salt/httpd.sls  //加入如下内容,这个就是httpd模块的内容

[root@hongwei-02 salt]# vi /srv/salt/httpd.sls

httpd-service:
  pkg.installed:
    - names:    
      - httpd
      - httpd-devel
  service.running:
    - name: httpd
    - enable: True

说明: httpd-service是id的名字,自定义的。pkg.installed 为包安装函数,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动。

执行: salt 'aming-02' state.highstate//执行过程会比较慢,因为客户端上在yum install httpd httpd-devel

[root@hongwei-02 salt]# salt 'hongwei-02' state.highstate
[root@hongwei-02 salt]# salt 'hongwei-02' state.highstate
^Z
[1]+  已停止               salt 'hongwei-02' state.highstate
[root@hongwei-02 salt]# ps aux|grep yum
root     16340 37.4  5.6 278552 56684 ?        S    21:30   0:05 /usr/bin/python /usr/bin/yum -y install httpd
root     16354  2.0  0.0 112664   964 pts/1    S+   21:30   0:00 grep --color=auto yum
[root@hongwei-02 salt]# ps aux|grep yum
root     16340 29.5  5.6 278552 56684 ?        S    21:30   0:05 /usr/bin/python /usr/bin/yum -y install httpd
root     16360  0.0  0.0 112664   960 pts/1    S+   21:30   0:00 grep --color=auto yum
[root@hongwei-02 salt]# ps aux|grep yum
root     16340 25.6  5.6 278580 56744 ?        S    21:30   0:05 /usr/bin/python /usr/bin/yum -y install httpd
root     16362  0.0  0.0 112664   964 pts/1    S+   21:30   0:00 grep --color=auto yum
[root@hongwei-02 salt]#
[root@hongwei-02 salt]# salt 'hongwei-02' state.highstate
hongwei-02:
----------
          ID: httpd-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 21:37:02.428428
    Duration: 1490.535 ms
     Changes:   
----------
          ID: httpd-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 21:37:03.919644
    Duration: 55.233 ms
     Changes:   
----------
          ID: httpd-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 21:37:03.976170
    Duration: 583.721 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for hongwei-02
------------
Succeeded: 3 (changed=1)
Failed:    0
------------
Total states run:     3
Total run time:   2.129 s

24.9 配置管理文件 

•master上vi /srv/salt/test.sls  //加入如下内容

[root@hongwei-02 salt]# vi /srv/salt/test.sls

file_test:
  file.managed:
    - name: /tmp/aminglinux.com
    - source: salt://test/123/1.txt
    - user: root
    - group: root
    - mode: 600

•说明:第一行的file_test为自定的名字,表示该配置段的名字,可以在别的配置段中引用它,source指定文件从哪里拷贝,这里的salt://test/123/1.txt相当于是/srv/salt/test/123/1.txt

创建文件

[root@hongwei-02 salt]# mkdir /srv/salt/test/123
[root@hongwei-02 salt]# 

拷贝一个文件

[root@hongwei-02 salt]# cp /etc/passwd /srv/salt/test/123/1.txt
[root@hongwei-02 salt]# 

编辑文件内容,改为如下内容

[root@hongwei-02 salt]# vi /srv/salt/top.sls

base:
  '*':
    - test

执行: salt 'hongwei-02' state.highstate

[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
          ID: file_test
    Function: file.managed
        Name: /tmp/aminglinux.com
      Result: True
     Comment: File /tmp/aminglinux.com updated
     Started: 21:47:09.382374
    Duration: 1217.106 ms
     Changes:   
              ----------
              diff:
                  New file

Summary for hongwei-03
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   1.217 s
[root@hongwei-02 salt]# 

•检查aming-02上是否有/tmp/aminglinux.com,检查内容以及权限

root@hongwei-02 salt]# cat test/123/1.txt 
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:997:995:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin
mysql:x:1000:1000::/home/mysql:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
php-fpm:x:1001:1001::/home/php-fpm:/bin/bash
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
virftp:x:1002:1002::/home/virftp:/sbin/nologin
pure-ftp:x:1010:1010::/home/pure-ftp:/bin/bash
zabbix:x:995:994:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin
mongod:x:994:993:mongod:/var/lib/mongo:/bin/false
git:x:1011:1011::/home/git:/usr/bin/git-shell
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
[root@hongwei-02 salt]#

24.10 配置管理目录

master上vi /srv/salt/test_dir.sls  //加入如下内容

[root@hongwei-02 salt]# vi /srv/salt/test_dir.sls

file_dir:
  file.recurse:
    - name: /tmp/testdir
    - source: salt://test/123
    - user: root
    - file_mode: 640
    - dir_mode: 750
    - mkdir: True
    - clean: True

修改top.sls, vi /srv/salt/top.sls //改为如下内容

[root@hongwei-02 salt]# vi /srv/salt/top.sls

base:
  '*':
    - test
    - test_dir

执行: salt 'hongwei-03' state.highstate

[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
          ID: file_test
    Function: file.managed
        Name: /tmp/aminglinux.com
      Result: True
     Comment: File /tmp/aminglinux.com is in the correct state
     Started: 21:55:37.724418
    Duration: 774.506 ms
     Changes:   
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: Recursively updated /tmp/testdir
     Started: 21:55:38.499711
    Duration: 404.873 ms
     Changes:   
              ----------
              /tmp/testdir/1.txt:
                  ----------
                  diff:
                      New file
                  mode:
                      0640

Summary for hongwei-03
------------
Succeeded: 2 (changed=1)
Failed:    0
------------
Total states run:     2
Total run time:   1.179 s
[root@hongwei-02 salt]# 

•检查aming-02上是否有/tmp/testdir,检查里面的目录、文件以及权限

• 说明:这里有一个问题,如果source对应的目录里有空目录的话,客户端上不会创建该目录

[root@hongwei-03 ~]# ls -l /tmp/testdir/
总用量 4
-rw-r-----. 1 root root 1760 9月   2 21:55 1.txt
[root@hongwei-03 ~]# 

24.11 配置管理远程命令

master上vi /srv/salt/shell_test.sls  //加入如下内容

[root@hongwei-02 salt]# vi /srv/salt/shell_test.sls

shell_test:
  cmd.script:
    - source: salt://test/1.sh
    - user: root

vi /srv/salt/test/1.sh //加入如下内容

[root@hongwei-02 salt]# vi /srv/salt/test/1.sh

#!/bin/bash
touch /tmp/111.txt 
if [ ! -d /tmp/1233 ]
then
    mkdir /tmp/1233
fi

更改top.sls内容

[root@hongwei-02 salt]# vi top.sls

base:
  '*':
    - test
    - shell_test
~                

• 执行: salt 'hongwei-02' state.highstate

[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
          ID: file_test
    Function: file.managed
        Name: /tmp/aminglinux.com
      Result: True
     Comment: File /tmp/aminglinux.com is in the correct state
     Started: 22:20:16.507989
    Duration: 354.885 ms
     Changes:   
----------
          ID: shell_test
    Function: cmd.script
      Result: True
     Comment: Command 'shell_test' run
     Started: 22:20:16.884538
    Duration: 62.575 ms
     Changes:   
              ----------
              pid:
                  4881
              retcode:
                  0
              stderr:
              stdout:

Summary for hongwei-03
------------
Succeeded: 2 (changed=1)
Failed:    0
------------
Total states run:     2
Total run time: 417.460 ms
[root@hongwei-02 salt]# 

检查是否有/tmp/111.txt和/tmp/1233

[root@hongwei-03 tmp]# ls -lt
总用量 4
drwxr-xr-x. 2 root   root      6 9月   2 22:20 1233
-rw-r--r--. 1 root   root      0 9月   2 22:20 111.txt
drwxr-x---. 2 root   root     18 9月   2 21:55 testdir
-rw-------. 1 root   root   1760 9月   2 21:47 aminglinux.com
srwxrwxrwx. 1 mysql  mysql     0 9月   2 19:47 mysql.sock
srwx------. 1 mongod mongod    0 9月   2 19:47 mongodb-27017.sock
srw-rw-rw-. 1 root   root      0 9月   2 19:47 php-fcgi.sock
srw-rw-rw-. 1 root   root      0 9月   2 19:47 aming.sock
-rw-r--r--. 1 root   root      0 9月   2 19:47 test.com.log
[root@hongwei-03 tmp]# 

24.12 配置管理计划任务

master上vi /srv/salt/cron_test.sls  //加入如下内容

[root@hongwei-02 salt]# vi /srv/salt/cron_test.sls

cron_test:
  cron.present:
    - name: /bin/touch /tmp/111.txt
    - user: root
    - minute: '*'
    - hour: 20
    - daymonth: '*'
    - month: '*'
    - dayweek: '*

注意,*需要用单引号引起来。当然我们还可以使用file.managed模块来管理cron,因为系统的cron都是以配置文件的形式存在的。想要删除该cron,需要增加:

更改top.sls

[root@hongwei-02 salt]# vi top.sls 

base:
  '*':
    - test
    - cron_test

执行: salt 'hongwei-03' state.highstate

[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
          ID: file_test
    Function: file.managed
        Name: /tmp/aminglinux.com
      Result: True
     Comment: File /tmp/aminglinux.com is in the correct state
     Started: 22:26:25.560940
    Duration: 179.606 ms
     Changes:   
----------
          ID: cron_test
    Function: cron.present
        Name: /bin/touch /tmp/111.txt
      Result: True
     Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
     Started: 22:26:25.779743
    Duration: 895.032 ms
     Changes:   
              ----------
              root:
                  /bin/touch /tmp/111.txt

Summary for hongwei-03
------------
Succeeded: 2 (changed=1)
Failed:    0
------------
Total states run:     2
Total run time:   1.075 s
[root@hongwei-02 salt]# 

到03主机去执行下面命令

[root@hongwei-03 tmp]# crontab -l
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt
* 20 * * * /bin/touch /tmp/111.txt
[root@hongwei-03 tmp]# 

•到aming-02上检查cron,会看到提示# Lines below here are managed by Salt, do not edit

• 我们不能随意改动它,否则就没法删除或者修改这个cron了。

24.13 其他命令

cp.get_file拷贝master上的文件到客户端

[root@hongwei-02 salt]# salt '*' cp.get_file salt://test/1.txt  /tmp/123.txt
hongwei-03:
hongwei-02:
[root@hongwei-02 salt]# ls /tmp/123.txt
ls: 无法访问/tmp/123.txt: 没有那个文件或目录
[root@hongwei-02 salt]# cp /etc/passwd
passwd   passwd-  
[root@hongwei-02 salt]# cp /etc/passwd test/1.txt
[root@hongwei-02 salt]# salt '*' cp.get_file salt://test/1.txt  /tmp/123.txt
hongwei-03:
    /tmp/123.txt
hongwei-02:
    /tmp/123.txt
[root@hongwei-02 salt]# 

• cp.get_dir 拷贝目录

[root@hongwei-02 salt]# salt '*' cp.get_dir salt://test/123 /tmp
hongwei-03:
    - /tmp/123/1.txt
hongwei-02:
    - /tmp/123/1.txt
[root@hongwei-02 salt]# 

salt-run manage.up  显示存活的minion

[root@hongwei-02 salt]# salt-run manage.up
- hongwei-02
- hongwei-03
[root@hongwei-02 salt]# 

命令行下执行master上的shell脚本

[root@hongwei-02 salt]# salt '*' cmd.script salt://test/1.sh  
hongwei-02:
    ----------
    pid:
        21489
    retcode:
        0
    stderr:
    stdout:
hongwei-03:
    ----------
    pid:
        5178
    retcode:
        0
    stderr:
    stdout:
[root@hongwei-02 salt]# 

24.14 salt-ssh使用

salt-ssh不需要对客户端做认证,客户端也不用安装salt-minion,它类似pssh/expect

安装很简单yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm

[root@hongwei-02 salt]# yum install -y salt-ss

先要编辑配置文件,vi /etc/salt/roster //增加如下内容

hongwei-02:
  host: 192.168.93.128
  user: root
  passwd: wos
hongwei-03:
  host: 192.168.93.131
  user: root
  passwd: wo

//第一次执行的时候会自动把本机的公钥放到对方机器上,然后就可以把roster里面的密码去掉

[root@hongwei-02 salt]# salt-ssh --key-deploy '*' -r 'w' 
hongwei-03:
    ----------
    retcode:
        254
    stderr:
    stdout:
        The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
        The authenticity of host '192.168.93.131 (192.168.93.131)' can't be established.
        ECDSA key fingerprint is 51:1c:64:b5:38:a5:ef:75:d9:a3:17:c6:fc:b2:b1:dd.
        Are you sure you want to continue connecting (yes/no)? 
hongwei-02:
    ----------
    retcode:
        0
    stderr:
    stdout:
        [email protected]'s password: 
         22:37:42 up  2:53,  2 users,  load average: 0.34, 0.12, 0.07
        USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
        root     pts/0    192.168.93.1     19:45    1:37m  0.40s  0.40s -bash
        root     pts/1    192.168.93.1     21:08   22.00s 14.80s  0.13s salt-ssh
[root@hongwei-02 salt]# 
[root@hongwei-03 ~]# ls -l /root/.ssh/authorized_keys 
-rw-------. 1 root root 397 9月   2 22:37 /root/.ssh/authorized_keys
[root@hongwei-03 ~]# date
2018年 09月 02日 星期日 22:41:24 CST
[root@hongwei-03 ~]# 
[root@hongwei-02 salt]# ls -l /root/.ssh/authorized_keys
-rw------- 1 root root 397 9月   2 22:37 /root/.ssh/authorized_keys
[root@hongwei-02 salt]# date
2018年 09月 02日 星期日 22:41:09 CST
[root@hongwei-02 salt]# 

 

 

转载于:https://my.oschina.net/u/3851487/blog/1941336

你可能感兴趣的:(自动化运维)