(1)salt-syndic简介
如果大家知道zabbix proxy的话那就很容易理解了,syndic其实就是个代理,隔离master与minion。
Syndic必须要运行在master上,再连接到另一个topmaster上。
Topmaster 下发的状态需要通过syndic来传递给下级master,minion传递给master的数据也是由syndic传递给topmaster,topmaster并不知道有多少个minion。
syndic与topmaster的file_roots和pillar_roots的目录要保持一致
(2)salt-syndic配置
(1)topmaster端:server3
vim /etc/salt/master
order_masters: True
#修改该参数,作为顶级master
systemctl start salt-master
(2)下级master端:server1
yum install -y salt-syndic
vim /etc/salt/master
syndic_master: 172.25.33.3
#指向topmaster
systemctl restart salt-master
systemctl start salt-syndic
(3)查看下级master的连接授权
salt-key -L
#查看下级master的连接授权
salt-key -A
#接受证书
(1)salt-ssh简介
Salt-ssh是Saltstack的另外一种管理方式,无需安装minion端,可以运用salt的一切功能,管理和使用方法基本和salt一样。但是,salt-ssh并没有继承原来的ZeroMQ通讯架构。所以,它的执行速度比较慢。作为salt的补充在初次批量安装minion或某些不能安装minion的特殊场景下还是非常好用的。总结来说:
(2)master端安装salt-ssh,minion端停掉saslt-minion:
yum install -y salt-ssh
systemctl stop minion
(3)配置roster文件,默认的本地路径是 /etc/salt/roster:
server2:
host: 172.25.33.2
user: root
passwd: westos
(4)部署sshkey:
salt-ssh '*' test.ping
ls /etc/salt/pki/master/ssh/
salt-ssh.rsa salt-ssh.rsa.pub
salt-ssh server2 -r "df"
#远端主机执行命令df
(1)salt-api简介
saltStack 官方提供有REST API格式的 salt-api 项目,将使Salt与第三方系统集成变得尤为简单。
官方提供了三种api模块:
rest_cherrypy
rest_tornado
rest_wsgi
官方链接:https://docs.saltstack.com/en/latest/ref/netapi/all/index.html#all-netapi-modules
(2)安装salt-api:
yum install -y salt-api python-cherrypy
生成证书:
cd /etc/pki/tls/private
openssl genrsa 2048 > localhost.key
cd /etc/pki/tls/certs
make testcert
#根据提示填写相关信息即可
(3)创建用户认证文件:
useradd -s /sbin/nologin saltapi
echo westos | passwd --stdin saltapi
vim /etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
vim /etc/salt/master.d/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
重启服务:
systemctl restart salt-master
systemctl start salt-api
(5)获取认证token:
curl -sSk https://172.25.33.1:8000/login \ -H 'Accept: application/x-yaml' \ -d username=saltapi \ -d password=westos \ -d eauth=pam
(6)推送任务:
curl -sSk https://172.25.33.1:8000 \ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: a4932690053d8673f67938a18e957308e920bb10'\ -d client=local \ -d tgt='*' \ -d fun=test.ping
token值是上面命令获取的toekn值。
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://localhost:8000',username='saltapi',password='westos')
#sapi.token_id()
print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
#sapi.deploy('server2','apache.install')
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
运行脚本:python saltapi.py
结果:
([u'server2', u'server3'], [])
##列出的就是salt-key -L的值