Saltstac之salt-ssh,salt-api,salt-syndic及数据库返回
1.salt-ssh
salt-ssh 不需要安装minion服务对客户端进行管理。
1)将server7的minion服务关闭
[root@server7 ~]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server7 daemon: OK
2)master端安装salt-ssh,将server7的主机信息写入文件
[root@server6 salt]# yum install salt-ssh -y
[root@server6 salt]# vim /etc/salt/roster
server7:
host: 172.25.0.123
user: root
password: westos
3)利用ssh方式查看server7信息
[root@server6 salt]# salt-ssh 'server7' test.ping
Permission denied for host server7, do you want to deploy the salt-ssh key? (password required):
[Y/n] y
Password for root@server7:
server7:
True
[root@server6 salt]# salt-ssh 'server7' my_disk.df
server7:
----------
retcode:
0
stderr:
'my_disk.df' is not available.
stdout:
2.salt-api
1)master端,安装salt-api
[root@server6 salt]# yum install salt-api -y
[root@server6 salt]# cd /etc/pki/tls/private/
[root@server6 private]# openssl genrsa 1024 > localhost.key //生成key文件
Generating RSA private key, 1024 bit long modulus
.................++++++
..++++++
e is 65537 (0x10001)
[root@server6 private]# ls
localhost.key
2)配置自签名证书:
[root@server6 private]# cd ..
[root@server6 tls]# cd certs/
[root@server6 certs]# make testcert
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server6
Email Address []:root@localhost
3)编辑api.conf,auth.conf文件
[root@server6 certs]# cd /etc/salt/master.d/
[root@server6 master.d]# vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
[root@server6 master.d]# vim auth.conf
external_auth:
pam:
saltapi:
- '.*'
- '@wheel'
- '@runner'
- '@jobs'
4)添加用户,修改密码
[root@server6 master.d]# useradd saltapi
[root@server6 master.d]# passwd saltapi
5)重启salt-master服务,打开salt-api服务
[root@server6 master.d]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server6 master.d]# /etc/init.d/salt-api start
Starting salt-api daemon: [ OK ]
查看端口
[root@server6 master.d]# netstat -antlp|grep 8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 16626/salt-api -d
tcp 0 0 127.0.0.1:56960 127.0.0.1:8000 TIME_WAIT -
6)获取token
[root@server6 master.d]# curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=westos -d eauth=pam
return:
- eauth: pam
expire: 1542227130.6229601
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1542183930.6229589
token: c6eaf6b44a679b4378bd0d275eda8ba980bf5504
user: saltapi
测试
[root@server6 master.d]# curl -sSk https://localhost:8000 -H 'Accept:application/x-yaml' -H 'X-Auth-Token:c6eaf6b44a679b4378bd0d275eda8ba980bf5504' -d client=local -d tgt='*' -d fun=test.ping
return:
- server6: true
server7: true
server8: true
server9: true
7)编辑.py脚本
[root@server6 ~]# vim saltapi.py
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://172.25.0.122:8000',username='saltapi',password='westos') //修改为刚才配置的信息
sapi.token_id()
print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
sapi.deploy('*','httpd.apache')
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
[root@server6 ~]# python saltapi.py
([u'server6', u'server7', u'server8', u'server9'], [])
修改脚本测试
[root@server6 ~]# vim saltapi.py
...
sapi = SaltAPI(url='https://172.25.0.122:8000',username='saltapi',password='westos')
#sapi.token_id()
print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
#sapi.deploy('*','httpd.apache')
sapi.deploy('*','nginx.service')
#print sapi.remote_noarg_execution('test-01','grains.items')
[root@server8 ~]# /etc/init.d/nginx stop
Stopping nginx: [ OK ]
[root@server6 ~]# python saltapi.py
([u'server6', u'server7', u'server8', u'server9'], [])
[root@server8 ~]# /etc/init.d/nginx status
nginx (pid 2170) is running...
nginx服务已经打开。
3.salt-syndic
通过建立top-master主机管理salt-master端及其salt-minion节点,同时可以进行salt-master主机的横向扩展,从而通过一个或几个
top-master管理多个salt-master及其salt-minion,实现大规模的集群管理。
实验中我们要将server9作为topmaster端。server6作为master端,server7,8为server1的minion端。
1)将原本对server9的认证删除
[root@server6 ~]# salt-key -L
Accepted Keys:
server6
server7
server8
server9
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server6 ~]# salt-key -d server9
The following keys are going to be deleted:
Accepted Keys:
server9
Proceed? [N/y] y
Key for minion server9 deleteed.
[root@server6 ~]# salt-key -L
Accepted Keys:
server6
server7
server8
Denied Keys:
Unaccepted Keys:
Rejected Keys:
server9关闭salt-minion服务,设置开机不自启并关闭配置的所有服务
[root@server9 ~]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server9 daemon: OK
[root@server9 ~]# chkconfig salt-minion off
[root@server9 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@server9 ~]# /etc/init.d/haproxy stop
Shutting down haproxy: [ OK ]
2)将server9设置为topmaster
[root@server9 ~]# yum install salt-master -y
[root@server9 ~]# vim /etc/salt/master
order_masters: True
[root@server9 ~]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
3)server6(master端)安装syndic服务,指定top master
[root@server6 ~]# yum install salt-syndic -y
[root@server6 ~]# vim /etc/salt/master
syndic_master: 172.25.0.125
[root@server6 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server6 ~]# /etc/init.d/salt-syndic start
Starting salt-syndic daemon: [ OK ]
4、server9(topmaster端)接收server6的认证
[root@server9 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server6
Rejected Keys:
[root@server9 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server6
Proceed? [n/Y] y
Key for minion server6 accepted.
[root@server9 ~]# salt-key -L
Accepted Keys:
server6
Denied Keys:
Unaccepted Keys:
Rejected Keys:
测试
[root@server9 ~]# salt '*' cmd.run hostname
server7:
server7
server6:
server6
server8:
server8
top master实现包括master在内的所有minion节点管理。
4. 数据库返回
1.Minion端将内容返回master端和数据库
[root@server7 ~]# yum install MySQL-python -y
[root@server7 ~]# vim /etc/salt/minion
mysql.host: '172.25.0.122'
mysql.user: 'salt'
mysql.pass: 'westos'
mysql.db: 'salt'
mysql.port: 3306
[root@server7 ~]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server7 daemon: OK
Starting salt-minion:root:server7 daemon: OK
master安装数据库创建用户并授权
[root@server6 ~]# yum install mysql-server -y
[root@server6 ~]# /etc/init.d/mysqld start
[root@server6 ~]# mysql
mysql> grant all on salt.* to salt@'172.25.0.%' identified by 'westos';
导入数据到数据库
[root@server6 ~]# vim test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE; //注释
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
[root@server6 ~]# mysql < test.sql //导入
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| salt |
| test |
+--------------------+
4 rows in set (0.00 sec)
将与server7的连通信息返回数据库,执行成功后,在数据库中查看
[root@server6 ~]# salt 'server7' cmd.run hostname --return mysql
server7:
server7
[root@server6 ~]# mysql
mysql> select * from salt.salt_returns;
+---------+----------------------+-----------+---------+---------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| fun | jid | return | id | success | full_ret | alter_time |
+---------+----------------------+-----------+---------+---------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| cmd.run | 20181114175231936432 | "server7" | server7 | 1 | {"fun_args": ["hostname"], "jid": "20181114175231936432", "return": "server7", "retcode": 0, "success": true, "fun": "cmd.run", "id": "server7"} | 2018-11-14 17:52:32 |
+---------+----------------------+-----------+---------+---------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
1 row in set (0.00 sec)
2,利用master端的配置测试mysql的返回值
[root@server6 ~]# yum install MySQL-python -y
[root@server6 ~]# vim /etc/salt/master
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'westos'
mysql.db: 'salt'
mysql.port: 3306
[root@server6 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
给本机授权
[root@server6 ~]# mysql
mysql> grant all on salt.* to salt@'localhost' identified by 'westos';
mysql> flush privileges;
测试,登陆数据库查看
[root@server6 ~]# salt server8 cmd.run 'free -m'
server8:
total used free shared buffers cached
Mem: 996 272 723 0 65 90
-/+ buffers/cache: 116 880
Swap: 991 0 991
mysql> select * from salt.salt_returns;
+---------+----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| fun | jid | return | id | success | full_ret | alter_time |
+---------+----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| cmd.run | 20181114175231936432 | "server7" | server7 | 1 | {"fun_args": ["hostname"], "jid": "20181114175231936432", "return": "server7", "retcode": 0, "success": true, "fun": "cmd.run", "id": "server7"} | 2018-11-14 17:52:32 |
| cmd.run | 20181114180108851349 | " total used free shared buffers cached\nMem: 996 272 723 0 65 90\n-/+ buffers/cache: 116 880\nSwap: 991 0 991" | server8 | 1 | {"fun_args": ["free -m"], "jid": "20181114180108851349", "return": " total used free shared buffers cached\nMem: 996 272 723 0 65 90\n-/+ buffers/cache: 116 880\nSwap: 991 0 991", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2018-11-14T10:01:09.359144", "fun": "cmd.run", "id": "server8"} | 2018-11-14 18:01:09 |
+---------+----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
2 rows in set (0.00 sec)
以python脚本的方式,添加查看磁盘的模块.
[root@server6 ~]# cd /srv/salt/
[root@server6 salt]# mkdir _modules
[root@server6 salt]# cd _modules/
[root@server6 _modules]# vim my_disk.py
#!/usr/bin/env python
def df():
return __salt__['cmd.run']('df -h')
所有主机同步模块
[root@server6 _modules]# salt '*' saltutil.sync_modules
server6:
- modules.my_disk
server7:
- modules.my_disk
server8:
- modules.my_disk
推送到所有节点
[root@server6 _modules]# salt '*' my_disk.df
server8:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 1.1G 17G 7% /
tmpfs 499M 16K 499M 1% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot
server7:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 1.1G 17G 7% /
tmpfs 499M 64K 499M 1% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot
server6:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 1.2G 17G 7% /
tmpfs 499M 112K 499M 1% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot