24.1 自动化运维介绍
24.2 saltstack安装
•saltstack介绍https://docs.saltstack.com/en/latest/topics/index.html
• 可以使用salt-ssh远程执行,类似ansible,
也支持c/s模式
下面我们将讲述该种模式的使用,需要准备两台机器,128服务端,131客户端
设置hostname以及hosts
[root@hongwei-02 ~]# hostname
hongwei-02
[root@hongwei-02 ~]#
[root@hongwei-03 ~]# hostname
hongwei-03
[root@hongwei-03 ~]#
[root@hongwei-02 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 aming.com
192.168.93.128 hongwei-02
192.168.93.131 hongwei-03
二台机器都要yum安装
[root@hongwei-02 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
客户只需要安装一个包
[root@hongwei-03 ~]# yum install -y salt-minion
已加载插件:fastestmirror服务端要二个包
[root@hongwei-02 ~]# yum install -y salt-master salt-minion
24.3 启动saltstack服务
服务端编辑配置文件,增加二行
[root@hongwei-02 ~]# vi /etc/salt/minion
客户端也要同样编辑
启动服务
[root@hongwei-03 ~]# systemctl start salt-minion
[root@hongwei-03 ~]# ps aux|grep salt
root 2741 7.4 2.1 313708 21364 ? Ss 20:09 0:00 /usr/bin/python /usr/bin/salt-minion
root 2744 33.6 4.2 565068 42424 ? Sl 20:09 0:02 /usr/bin/python /usr/bin/salt-minion
root 2752 0.0 1.9 403996 20132 ? S 20:09 0:00 /usr/bin/python /usr/bin/salt-minion
root 2809 0.0 0.0 112664 964 pts/0 R+ 20:09 0:00 grep --color=auto salt[root@hongwei-02 ~]# systemctl start salt-master
[root@hongwei-02 ~]# systemctl start salt-minion
[root@hongwei-02 ~]#
[root@hongwei-02 ~]# ps aux|grep salt
root 2691 27.0 4.0 391204 40724 ? Ss 20:10 0:02 /usr/bin/python /usr/bin/salt-master
root 2700 0.1 1.9 308928 20004 ? S 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2705 0.0 3.3 471868 34300 ? Sl 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2708 0.0 3.3 389940 33828 ? S 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2709 2.6 3.7 393472 37556 ? S 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2710 5.5 3.4 390796 34604 ? S 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2711 16.4 3.4 636580 35072 ? Rl 20:10 0:01 /usr/bin/python /usr/bin/salt-master
root 2718 0.1 3.4 464936 34960 ? Sl 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2720 16.1 3.6 393140 36448 ? R 20:10 0:01 /usr/bin/python /usr/bin/salt-master
root 2721 16.0 3.6 393140 36448 ? R 20:10 0:01 /usr/bin/python /usr/bin/salt-master
root 2722 14.8 3.6 393144 36444 ? R 20:10 0:01 /usr/bin/python /usr/bin/salt-master
root 2723 13.2 3.6 393140 36440 ? S 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2724 15.8 3.6 393144 36436 ? S 20:10 0:00 /usr/bin/python /usr/bin/salt-master
root 2742 0.0 0.0 112668 964 pts/0 S+ 20:10 0:00 grep --color=auto salt
[root@hongwei-02 ~]#
24.4 saltstack配置认证
[root@hongwei-02 ~]# salt-key -a hongwei-03
The following keys are going to be accepted:
Unaccepted Keys:
hongwei-03
Proceed? [n/Y] y
Key for minion hongwei-03 accepted.
[root@hongwei-02 ~]# [root@hongwei-02 ~]# salt-key
Accepted Keys:
hongwei-03
Denied Keys:
Unaccepted Keys:
hongwei-02
Rejected Keys:
[root@hongwei-02 ~]#
绿色表示通过的
salt-key命令用法
认证所有主机
[root@hongwei-02 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
hongwei-02
Proceed? [n/Y] y
Key for minion hongwei-02 accepted.
[root@hongwei-02 ~]# salt-key
Accepted Keys:
hongwei-02
hongwei-03
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@hongwei-02 ~]# 跟主机名,拒绝指定主机
[root@hongwei-02 ~]# salt-key -r hongwei-02
拒绝所有主机
[root@hongwei-02 ~]# salt-key -R
•-d 跟主机名,删除指定主机认证
• -D 删除全部主机认证
• -y 省略掉交互,相当于直接按了y
24.5 saltstack远程执行命令
[root@hongwei-02 ~]# salt '*' test.ping
hongwei-03:
True
hongwei-02:
True
[root@hongwei-02 ~]#
[root@hongwei-02 ~]# salt '*' cmd.run "hostname"
hongwei-03:
hongwei-03
hongwei-02:
hongwei-02
[root@hongwei-02 ~]#
这里的*表示所有已经签名的minion端,也可以指定一个
[root@hongwei-02 ~]# salt 'hongwei-03' test.ping
hongwei-03:
True
[root@hongwei-02 ~]#
说明: 这里的*必须是在master上已经被接受过认证的客户端,可以通过salt-key查到,通常是我们已经设定的id值。关于这部分内容,它支持通配、列表以及正则。 比如两台客户端aming-01,aming-02, 那我们可以写成salt 'aming-*', salt 'aming-0[12]' salt -L 'aming-01,aming-02' salt -E 'aming-(01|02)'等形式,使用列表,即多个机器用逗号分隔,而且需要加-L,使用正则必须要带-E选项。 它还支持grains,加-G选项,pillar 加-I选项
[root@hongwei-02 ~]# salt -L 'hongwei-03' test.ping
hongwei-03:
True
[root@hongwei-02 ~]# salt -E 'hongwei-03' test.ping
hongwei-03:
True
[root@hongwei-02 ~]# salt -E 'hongwei-[0-9]' test.ping
hongwei-03:
True
hongwei-02:
True
[root@hongwei-02 ~]#
24.6 grains
grains是在minion启动时收集到的一些信息,比如操作系统类型、网卡ip、内核版本、cpu架构等。
列出所有的grains项目名字
[root@hongwei-02 ~]# salt 'hongwei-02' grains.ls
hongwei-02:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
[root@hongwei-02 ~]#
列出所有grains项目以及值
[root@hongwei-02 ~]# salt 'hongwei-02' grains.items
hongwei-02:
----------
SSDs:
biosreleasedate:
07/31/2013
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- ssse3
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- popcnt
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- ida
- arat
- epb
- pln
- pts
- dtherm
- fsgsbase
- smep
- xsaveopt
cpu_model:
Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
cpuarch:
x86_64
disks:
- fd0
- sda
- sdb
- sr0
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
- 119.29.29.29
ip6_nameservers:
nameservers:
- 119.29.29.29
options:
search:
sortlist:
domain:
fqdn:
hongwei-02
fqdn_ip4:
- 192.168.93.128
fqdn_ip6:
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
groupname:
root
host:
hongwei-02
hwaddr_interfaces:
----------
ens33:
00:0c:29:a8:7a:67
lo:
00:00:00:00:00:00
id:
hongwei-02
init:
systemd
ip4_gw:
192.168.93.2
ip4_interfaces:
----------
ens33:
- 192.168.93.128
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens33:
- fe80::20c:29ff:fea8:7a67
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens33:
- 192.168.93.128
- fe80::20c:29ff:fea8:7a67
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.93.128
ipv6:
- ::1
- fe80::20c:29ff:fea8:7a67
kernel:
Linux
kernelrelease:
3.10.0-327.el7.x86_64
kernelversion:
#1 SMP Thu Nov 19 22:10:57 UTC 2015
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
zh_CN
detectedencoding:
UTF-8
localhost:
hongwei-02
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
32d38a18a3b244e895c71a7dec6bd3e7
manufacturer:
VMware, Inc.
master:
hongwei-02
mdadm:
mem_total:
985
nodename:
hongwei-02
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.2.1511
osrelease_info:
- 7
- 2
- 1511
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
8817
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2018.3.2
saltversioninfo:
- 2018
- 3
- 2
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d ea 79 c2 82 7d 18-0a 52 d9 d8 ac a8 7a 67
server_id:
404998496
shell:
/bin/sh
swap_total:
2047
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
564dea79-c282-7d18-0a52-d9d8aca87a67
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
[root@hongwei-02 ~]#
•grains的信息并不是动态的,并不会实时变更,它是在minion启动时收集到的。
• 我们可以根据grains收集到的一些信息,做配置管理工作。
自定义grains
客户端机器上,添加文件,加入二行
[root@hongwei-03 ~]# vim /etc/salt/grains
role: nginx
env: test
~
重启minion服务
[root@hongwei-03 ~]# systemctl restart salt-minion
[root@hongwei-03 ~]#
回到服务端机器上查看
[root@hongwei-02 ~]# salt '*' grains.item role env
hongwei-03:
----------
env:
test
role:
nginx
hongwei-02:
----------
env:
role:
[root@hongwei-02 ~]#
可以借助grains的一些属性信息来执行
[root@hongwei-02 ~]# salt -G role:nginx cmd.run 'hostname'
hongwei-03:
hongwei-03
[root@hongwei-02 ~]#
24.7 pillar
• pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息。像一些比较重要的数据(密码)可以存在pillar里,还可以定义变量等。
配置自定义pillar
首先编辑配置文件
[root@hongwei-02 ~]# vim /etc/salt/master
找到下面的文件前面#号去掉
重启服务:
[root@hongwei-02 ~]# systemctl restart salt-master
[root@hongwei-02 ~]#
创建目录
ls: 无法访问/srv/pillar: 没有那个文件或目录
[root@hongwei-02 ~]# mkdir !$
mkdir /srv/pillar
[root@hongwei-02 ~]#
到这个目录下去编辑一个文件
[root@hongwei-02 ~]# cd /srv/pillar/
[root@hongwei-02 pillar]# vi test.sls
conf: /etc/123.conf
在定义一个文件的入口
[root@hongwei-02 pillar]# vi /srv/pillar/top.sls
base:
'hongwei-03':
- test
重启master
[root@hongwei-02 pillar]# systemctl restart salt-master
[root@hongwei-02 pillar]#
当更改完pillar配置文件后,我们可以通过刷新pillar配置来获取新的pillar状态
[root@hongwei-02 pillar]# salt '*' saltutil.refresh_pillar
hongwei-03:
True
hongwei-02:
True
[root@hongwei-02 pillar]#
验证
[root@hongwei-02 pillar]# salt '*' pillar.item conf
hongwei-03:
----------
conf:
/etc/123.conf
hongwei-02:
----------
conf:
[root@hongwei-02 pillar]#
pillar同样可以用来作为salt的匹配对象
[root@hongwei-02 pillar]# salt -I 'conf:/etc/123.conf' cmd.run "w"
hongwei-03:
21:00:26 up 1:14, 1 user, load average: 0.02, 0.05, 0.13
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.93.1 19:47 5:46 0.37s 0.37s -bash
[root@hongwei-02 pillar]#
24.8 安装配置httpd
在master机器上,vi /etc/salt/master //搜索找到file_roots
•打开如下内容的注释:
•file_roots:
• base: #前面有两个空格
- /srv/salt #前面有4个空格
重启服务
[root@hongwei-02 ~]# systemctl restart salt-master创建目录,并且创建文件,写入如下内容
[root@hongwei-02 ~]# mkdir /srv/salt
[root@hongwei-02 ~]# cd !$
cd /srv/salt
[root@hongwei-02 salt]# vi /srv/salt/top.sls
base:
'*':
- httpd
意思是,在所有的客户端上执行httpd模块
重启服务
[root@hongwei-02 salt]# systemctl restart salt-master
•master上vi /srv/salt/httpd.sls //加入如下内容,这个就是httpd模块的内容
[root@hongwei-02 salt]# vi /srv/salt/httpd.sls
httpd-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
说明: httpd-service是id的名字,自定义的。pkg.installed 为包安装函数,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动。
执行: salt 'aming-02' state.highstate//执行过程会比较慢,因为客户端上在yum install httpd httpd-devel
[root@hongwei-02 salt]# salt 'hongwei-02' state.highstate
[root@hongwei-02 salt]# salt 'hongwei-02' state.highstate
^Z
[1]+ 已停止 salt 'hongwei-02' state.highstate
[root@hongwei-02 salt]# ps aux|grep yum
root 16340 37.4 5.6 278552 56684 ? S 21:30 0:05 /usr/bin/python /usr/bin/yum -y install httpd
root 16354 2.0 0.0 112664 964 pts/1 S+ 21:30 0:00 grep --color=auto yum
[root@hongwei-02 salt]# ps aux|grep yum
root 16340 29.5 5.6 278552 56684 ? S 21:30 0:05 /usr/bin/python /usr/bin/yum -y install httpd
root 16360 0.0 0.0 112664 960 pts/1 S+ 21:30 0:00 grep --color=auto yum
[root@hongwei-02 salt]# ps aux|grep yum
root 16340 25.6 5.6 278580 56744 ? S 21:30 0:05 /usr/bin/python /usr/bin/yum -y install httpd
root 16362 0.0 0.0 112664 964 pts/1 S+ 21:30 0:00 grep --color=auto yum
[root@hongwei-02 salt]#[root@hongwei-02 salt]# salt 'hongwei-02' state.highstate
hongwei-02:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 21:37:02.428428
Duration: 1490.535 ms
Changes:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 21:37:03.919644
Duration: 55.233 ms
Changes:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 21:37:03.976170
Duration: 583.721 ms
Changes:
----------
httpd:
True
Summary for hongwei-02
------------
Succeeded: 3 (changed=1)
Failed: 0
------------
Total states run: 3
Total run time: 2.129 s24.9 配置管理文件
•master上vi /srv/salt/test.sls //加入如下内容
[root@hongwei-02 salt]# vi /srv/salt/test.sls
file_test:
file.managed:
- name: /tmp/aminglinux.com
- source: salt://test/123/1.txt
- user: root
- group: root
- mode: 600
•说明:第一行的file_test为自定的名字,表示该配置段的名字,可以在别的配置段中引用它,source指定文件从哪里拷贝,这里的salt://test/123/1.txt相当于是/srv/salt/test/123/1.txt
创建文件
[root@hongwei-02 salt]# mkdir /srv/salt/test/123
[root@hongwei-02 salt]#
拷贝一个文件
[root@hongwei-02 salt]# cp /etc/passwd /srv/salt/test/123/1.txt
[root@hongwei-02 salt]#
编辑文件内容,改为如下内容
[root@hongwei-02 salt]# vi /srv/salt/top.sls
base:
'*':
- test执行: salt 'hongwei-02' state.highstate
[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
ID: file_test
Function: file.managed
Name: /tmp/aminglinux.com
Result: True
Comment: File /tmp/aminglinux.com updated
Started: 21:47:09.382374
Duration: 1217.106 ms
Changes:
----------
diff:
New file
Summary for hongwei-03
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 1.217 s
[root@hongwei-02 salt]#
•检查aming-02上是否有/tmp/aminglinux.com,检查内容以及权限
root@hongwei-02 salt]# cat test/123/1.txt
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:997:995:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin
mysql:x:1000:1000::/home/mysql:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
php-fpm:x:1001:1001::/home/php-fpm:/bin/bash
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
virftp:x:1002:1002::/home/virftp:/sbin/nologin
pure-ftp:x:1010:1010::/home/pure-ftp:/bin/bash
zabbix:x:995:994:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin
mongod:x:994:993:mongod:/var/lib/mongo:/bin/false
git:x:1011:1011::/home/git:/usr/bin/git-shell
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
[root@hongwei-02 salt]#24.10 配置管理目录
master上vi /srv/salt/test_dir.sls //加入如下内容
[root@hongwei-02 salt]# vi /srv/salt/test_dir.sls
file_dir:
file.recurse:
- name: /tmp/testdir
- source: salt://test/123
- user: root
- file_mode: 640
- dir_mode: 750
- mkdir: True
- clean: True
修改top.sls, vi /srv/salt/top.sls //改为如下内容
[root@hongwei-02 salt]# vi /srv/salt/top.sls
base:
'*':
- test
- test_dir执行: salt 'hongwei-03' state.highstate
[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
ID: file_test
Function: file.managed
Name: /tmp/aminglinux.com
Result: True
Comment: File /tmp/aminglinux.com is in the correct state
Started: 21:55:37.724418
Duration: 774.506 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 21:55:38.499711
Duration: 404.873 ms
Changes:
----------
/tmp/testdir/1.txt:
----------
diff:
New file
mode:
0640
Summary for hongwei-03
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 1.179 s
[root@hongwei-02 salt]#
•检查aming-02上是否有/tmp/testdir,检查里面的目录、文件以及权限
• 说明:这里有一个问题,如果source对应的目录里有空目录的话,客户端上不会创建该目录
[root@hongwei-03 ~]# ls -l /tmp/testdir/
总用量 4
-rw-r-----. 1 root root 1760 9月 2 21:55 1.txt
[root@hongwei-03 ~]# 24.11 配置管理远程命令
master上vi /srv/salt/shell_test.sls //加入如下内容
[root@hongwei-02 salt]# vi /srv/salt/shell_test.sls
shell_test:
cmd.script:
- source: salt://test/1.sh
- user: root
vi /srv/salt/test/1.sh //加入如下内容
[root@hongwei-02 salt]# vi /srv/salt/test/1.sh
#!/bin/bash
touch /tmp/111.txt
if [ ! -d /tmp/1233 ]
then
mkdir /tmp/1233
fi更改top.sls内容
[root@hongwei-02 salt]# vi top.sls
base:
'*':
- test
- shell_test
~ • 执行: salt 'hongwei-02' state.highstate
[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
ID: file_test
Function: file.managed
Name: /tmp/aminglinux.com
Result: True
Comment: File /tmp/aminglinux.com is in the correct state
Started: 22:20:16.507989
Duration: 354.885 ms
Changes:
----------
ID: shell_test
Function: cmd.script
Result: True
Comment: Command 'shell_test' run
Started: 22:20:16.884538
Duration: 62.575 ms
Changes:
----------
pid:
4881
retcode:
0
stderr:
stdout:
Summary for hongwei-03
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 417.460 ms
[root@hongwei-02 salt]#
•检查是否有/tmp/111.txt和/tmp/1233
[root@hongwei-03 tmp]# ls -lt
总用量 4
drwxr-xr-x. 2 root root 6 9月 2 22:20 1233
-rw-r--r--. 1 root root 0 9月 2 22:20 111.txt
drwxr-x---. 2 root root 18 9月 2 21:55 testdir
-rw-------. 1 root root 1760 9月 2 21:47 aminglinux.com
srwxrwxrwx. 1 mysql mysql 0 9月 2 19:47 mysql.sock
srwx------. 1 mongod mongod 0 9月 2 19:47 mongodb-27017.sock
srw-rw-rw-. 1 root root 0 9月 2 19:47 php-fcgi.sock
srw-rw-rw-. 1 root root 0 9月 2 19:47 aming.sock
-rw-r--r--. 1 root root 0 9月 2 19:47 test.com.log
[root@hongwei-03 tmp]#
24.12 配置管理计划任务
master上vi /srv/salt/cron_test.sls //加入如下内容
[root@hongwei-02 salt]# vi /srv/salt/cron_test.sls
cron_test:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: '*'
- month: '*'
- dayweek: '*
注意,*需要用单引号引起来。当然我们还可以使用file.managed模块来管理cron,因为系统的cron都是以配置文件的形式存在的。想要删除该cron,需要增加:
更改top.sls
[root@hongwei-02 salt]# vi top.sls
base:
'*':
- test
- cron_test
执行: salt 'hongwei-03' state.highstate
[root@hongwei-02 salt]# salt 'hongwei-03' state.highstate
hongwei-03:
----------
ID: file_test
Function: file.managed
Name: /tmp/aminglinux.com
Result: True
Comment: File /tmp/aminglinux.com is in the correct state
Started: 22:26:25.560940
Duration: 179.606 ms
Changes:
----------
ID: cron_test
Function: cron.present
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
Started: 22:26:25.779743
Duration: 895.032 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for hongwei-03
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 1.075 s
[root@hongwei-02 salt]#
到03主机去执行下面命令
[root@hongwei-03 tmp]# crontab -l
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt
* 20 * * * /bin/touch /tmp/111.txt
[root@hongwei-03 tmp]#
•到aming-02上检查cron,会看到提示# Lines below here are managed by Salt, do not edit
• 我们不能随意改动它,否则就没法删除或者修改这个cron了。
24.13 其他命令
cp.get_file拷贝master上的文件到客户端
[root@hongwei-02 salt]# salt '*' cp.get_file salt://test/1.txt /tmp/123.txt
hongwei-03:
hongwei-02:
[root@hongwei-02 salt]# ls /tmp/123.txt
ls: 无法访问/tmp/123.txt: 没有那个文件或目录
[root@hongwei-02 salt]# cp /etc/passwd
passwd passwd-
[root@hongwei-02 salt]# cp /etc/passwd test/1.txt
[root@hongwei-02 salt]# salt '*' cp.get_file salt://test/1.txt /tmp/123.txt
hongwei-03:
/tmp/123.txt
hongwei-02:
/tmp/123.txt
[root@hongwei-02 salt]#
• cp.get_dir 拷贝目录
[root@hongwei-02 salt]# salt '*' cp.get_dir salt://test/123 /tmp
hongwei-03:
- /tmp/123/1.txt
hongwei-02:
- /tmp/123/1.txt
[root@hongwei-02 salt]#
salt-run manage.up 显示存活的minion
[root@hongwei-02 salt]# salt-run manage.up
- hongwei-02
- hongwei-03
[root@hongwei-02 salt]#
命令行下执行master上的shell脚本
[root@hongwei-02 salt]# salt '*' cmd.script salt://test/1.sh
hongwei-02:
----------
pid:
21489
retcode:
0
stderr:
stdout:
hongwei-03:
----------
pid:
5178
retcode:
0
stderr:
stdout:
[root@hongwei-02 salt]#
24.14 salt-ssh使用
salt-ssh不需要对客户端做认证,客户端也不用安装salt-minion,它类似pssh/expect
安装很简单yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@hongwei-02 salt]# yum install -y salt-ss先要编辑配置文件,vi /etc/salt/roster //增加如下内容
hongwei-02:
host: 192.168.93.128
user: root
passwd: wos
hongwei-03:
host: 192.168.93.131
user: root
passwd: wo
//第一次执行的时候会自动把本机的公钥放到对方机器上,然后就可以把roster里面的密码去掉
[root@hongwei-02 salt]# salt-ssh --key-deploy '*' -r 'w'
hongwei-03:
----------
retcode:
254
stderr:
stdout:
The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
The authenticity of host '192.168.93.131 (192.168.93.131)' can't be established.
ECDSA key fingerprint is 51:1c:64:b5:38:a5:ef:75:d9:a3:17:c6:fc:b2:b1:dd.
Are you sure you want to continue connecting (yes/no)?
hongwei-02:
----------
retcode:
0
stderr:
stdout:
[email protected]'s password:
22:37:42 up 2:53, 2 users, load average: 0.34, 0.12, 0.07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.93.1 19:45 1:37m 0.40s 0.40s -bash
root pts/1 192.168.93.1 21:08 22.00s 14.80s 0.13s salt-ssh
[root@hongwei-02 salt]# [root@hongwei-03 ~]# ls -l /root/.ssh/authorized_keys
-rw-------. 1 root root 397 9月 2 22:37 /root/.ssh/authorized_keys
[root@hongwei-03 ~]# date
2018年 09月 02日 星期日 22:41:24 CST
[root@hongwei-03 ~]#
[root@hongwei-02 salt]# ls -l /root/.ssh/authorized_keys
-rw------- 1 root root 397 9月 2 22:37 /root/.ssh/authorized_keys
[root@hongwei-02 salt]# date
2018年 09月 02日 星期日 22:41:09 CST
[root@hongwei-02 salt]#