注:本文同学看一些牛人博客及saltstack社区总结的,感谢牛人们的分享,像开源致敬
通过实验测试总结saltstack所实现的功能
1.安装软件包
2.文件分发
3.添加删除用户,组并将用户加入sudo
4.执行系统命令
还有很多功能没有测试
一、saltstack 安装配置
一般测试注意selinux和iptables,最好是关闭selinux 开启iptables但开放相应端口
1.1 环境
centos 6.2 192.168.101.77 salt-master
centos 6.2 192.168.101.88 salt-minion
1.2 Master 安装配置
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm
yum -y install salt-master
master配置文件简单
[root@open-source ~]# cat /etc/salt/master |grep -v "#"|grep -v "^$"
interface: 192.168.101.77 #监听地址
publish_port: 4505
ret_port: 4506
pidfile: /var/run/salt-master.pid #
file_roots:
base:
- /srv/salt/
pillar_roots:
base:
- /srv/pillar
nodegroups: #可以根据mimion不同分组管理
group1: '[email protected],bar.domain.com,baz.domain.com and bl*.domain.com'
group2: 'G@os:Debian and foo.domain.com'
添加iptables
[root@open-source ~]# iptables -I INPUT -p tcp --dport 4505 -j ACCEPT
[root@open-source ~]# iptables -I INPUT -p tcp --dport 4506 -j ACCEPT
启动mater
[root@open-source ~]# /etc/init.d/salt-master restart
1.3 client 安装配置
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm
yum -y install salt-minion
[root@open2 ~]# vim /etc/salt/minion
master: 192.168.101.77
[root@open2 ~]# /etc/init.d/salt-minion start #启动
Starting salt-minion daemon: [ OK ]
[root@open2 ~]# tail -f /var/log/salt/minion #查看日志
1.4 server 端查看连接过来的key
[root@open-source ~]# salt-key list
Accepted Keys:
Unaccepted Keys:
open2 #可以看到连接过来的客户端
Rejected Keys:
1.5 接收客户端key
[root@open-source ~]# salt-key -a open2
The following keys are going to be accepted:
Unaccepted Keys:
open2
Proceed? [n/Y] Y
Key for minion open2 accepted.
1.6 客户端key存放位置
[root@open-source ~]# ls /etc/salt/pki/master/minions
open2
1.7 下面是几个测试命令
[root@open-source ~]# salt '*' cmd.run "hostname"
open2:
open2
[root@open-source ~]# salt '*' test.ping
open2:
True
[root@open-source ~]# salt '*' disk.usage
二、 salt 常用命令
-E 后面正则表达式
[root@open-source ~]# salt -E 'open*' test.ping
open2:
True
不带-E 后面可以带shell正则
[root@open-source ~]# salt 'open*' cmd.run 'uname -a'
-L 后面可以跟多个客户端
[root@open-source ~]# salt -L 'open1,open2,open3' cmd.run 'uname -a'
-N 后面可以按组分
-L 列出客户端
[root@open-source ~]# salt-key -L
Accepted Keys:
open2
Unaccepted Keys:
Rejected Keys:
cmd.run 一个很强大的命令,可以远程执行shell命令
例如:远程简历用户
[root@open-source ~]# salt -E 'open2' cmd.run 'useradd testuser'
grain 责采集客户端一些基本信息
minion基本信息管理
salt '*' grains.ls 查看grains分类
salt '*' grains.items 查看grains所有信息
salt '*' grains.item osrelease 查看grains某个信息
pillar
# mkdir /srv/pillar/
[root@open-source pillar]# cat top.sls
base:
'*':
- data
[root@open-source pillar]# cat data.sls
info: some data
[root@open-source pillar]# salt '*' pillar.data
三、 salt-stack安装rpm包及文件分发
例如安装LNMP并分发配置文件到各个minion
3.1 目录组织结构
[root@open-source salt]# tree
.
├── conf
│?? ├── mysql.sls
│?? ├── nginx.sls
│?? ├── pack.sls
│?? ├── php.sls
│?? └── software.sls
├── mysql
│?? └── my.cnf
├── nginx
│?? └── nginx.conf
├── php
│?? └── php.ini
├── software
│?? ├── mysql-5.6.14.tar.gz
│?? ├── nginx-1.5.6.tar.gz
│?? └── php-5.5.5.tar.gz
└── top.sls
3.2 建立所需目录,前期准备
[root@open-source ~]# cd /srv/salt/
[root@open-source salt]# mkdir -p {conf,nginx,php,mysql,software}
[root@open-source salt]# cp -p /usr/local/mysql/my.cnf mysql/
[root@open-source salt]# cp -p /usr/local/app/nginx/conf/nginx.conf nginx/
[root@open-source salt]# cp -p /usr/local/php/etc/php.ini php/
[root@open-source salt]# cd software/
[root@open-source software]# cp -p /usr/src/php-5.5.5.tar.gz .
[root@open-source software]# cp -p /usr/src/nginx-1.5.6.tar.gz .
[root@open-source software]# cp -p /usr/src/mysql-5.6.14.tar.gz .
[root@open-source software]# cd ../conf/
[root@open-source conf]# touch nginx.sls mysql.sls php.sls pack.sls software.sls
3.3 入口文件top配置
在/srv/salt目录下面新建top.sls文件,该文件是Saltstack入口配置文件。
Saltstack "top.sls"文件开头一般用base:书写,通配符'*'表示所有的minion,
-conf.pack表示conf目录下面的pack.sls文件,在这里我定义的是RPM软件包管理。
[root@open-source salt]# vim top.sls
base:
'*':
- conf.nginx
- conf.mysql
- conf.php
- conf.pack
- conf.software
3.4 安装mysql rpm包
创建软件包管理的配置文件pack.sls 文件,httpd表示要安装软件包,pkg:表示Saltstack安装包管理,
-name表示安装软件包名称,-installed表示安装,-removed表示卸载,service:表示Saltstack服务管理,
后两行保证mysql的服务是开启的。
[root@open-source conf]# cat pack.sls
mysql:
pkg:
- name: mysql
- installed
service:
- running
- enable: True
3.5 推送my.cnf文件
创建Nginx sls配置文件nginx.sls ,第一行表示分发到minion文件路径,-managed表示Saltstack文件管理,
-source:表示master端配置文件地址,是从master配置文件定义的路径/srv/salt开始查找的,下面三行表示文件的属性。
[root@open-source conf]# cat mysql.sls
/usr/local/mysql/conf/my.cnf:
file:
- managed
- source: salt://mysql/my.cnf
- user: mysql
- group: mysql
- mode: 644
- backup: minion
3.6 测试结果
[root@open-source conf]# salt '*' state.highstate
open2:
----------
State: - file
Name: /usr/local/mysql/conf/my.cnf
Function: managed
Result: True
Comment: File /usr/local/mysql/conf/my.cnf updated
Changes: diff: New file
group: mysql
user: mysql
----------
State: - pkg
Name: mysql
Function: installed
Result: True
Comment: The following packages were installed/updated: mysql.
Changes: openssl: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}
openssl-devel: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}
mysql-libs: { new : 5.1.71-1.el6
old : 5.1.52-1.el6_0.1
}
mysql: { new : 5.1.71-1.el6
old :
}
openssl-perl: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}
openssl-static: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}
----------
State: - service
Name: mysql
Function: running
Result: False
Comment: The named service mysql is not available
Changes:
Summary
------------
Succeeded: 2
Failed: 1
------------
Total: 3
注:提示3个成功一个失败,mysql服务没启动成功,应该是pack.sls配置文件的错误
[root@open-source conf]# cat pack.sls
mysqld: #这儿是服务名应该是mysqld我上边写的是mysql所以报服务没起来错误
pkg:
- name: mysql #这儿是包名
- installed
service:
- running
- enable: True
[root@open-source conf]# salt '*' state.highstate
open2:
----------
State: - file
Name: /usr/local/mysql/conf/my.cnf
Function: managed
Result: True
Comment: File /usr/local/mysql/conf/my.cnf is in the correct state
Changes:
----------
State: - pkg
Name: mysql
Function: installed
Result: True
Comment: Package mysql is already installed
Changes:
----------
State: - service
Name: mysqld
Function: running
Result: True
Comment: Service mysqld has been enabled, and is in the desired state
Changes: mysqld: True
Summary
------------
Succeeded: 3
Failed: 0
------------
Total: 3
卸载RPM软件包
[root@open-source conf]# cat smb.sls
smb:
pkg:
- name: samba
- removed
运行结果:
[root@open-source conf]# salt '*' state.sls conf.smb
open2:
----------
State: - pkg
Name: samba
Function: removed
Result: True
Comment: All targeted packages were removed.
Changes: samba: { new :
old : 3.6.9-167.el6_5
}
Summary
------------
Succeeded: 1
Failed: 0
------------
Total: 1
其它
altstack通过cp.get_file可以将master文件分发到minion,/software/httpd-2.4.3.tar.bz2表示把文件分发到minion上的文件路径,
makedirs=True表示如果目录不存在自动创建,在传输大文件的时候还支持压缩传输,在传输大文件的时候还支持压缩传输gzip。
[root@salt-server ~]# salt '*' cp.get_file salt://software/httpd-2.4.3.tar.bz2 /usr/src/httpd-2.4.3.tar.bz2 makedirs=True
bt-199-034.bta.net.cn:
/usr/src/httpd-2.4.3.tar.bz2
cp.get_dir和cp.get_file一样,不过get_dir是用来下载整个目录的,也支持压缩传输。
[root@salt-server ~]# salt '*' cp.get_dir salt://software/ /usr/src/ gzip=5
四、用户管理
4.1 添加harry用户
生成密码
[root@open-source ~]# openssl passwd -1 -salt 'harry'
Password:
$1$harry$DDLDUWLoTFUMB0biMDIv..
top.sls文件
[root@open-source salt]# cat top.sls
base:
'*':
- conf.nginx
- conf.mysql
- conf.php
- conf.pack
- conf.software
- user.users
- user.userdel
- user.addsudo
- user.addgroup
- user.delgroup
[root@open-source user]# cat users.sls
harry:
user.present:
- fullname: harry D
- shell: /bin/bash
- password: '$1$harry$DDLDUWLoTFUMB0biMDIv..'
- home: /home/jarry
- uid: 10001
- gid: 10001
- groups:
- root
- harry
- require:
- group: harry
group.present:
- gid: 10001
运行结果
因为有多个.sls文件,如果想单独运行某个的话
salt '*' state.sls xxx
[root@open-source user]# salt '*' state.sls user.users
open2:
----------
State: - group
Name: harry
Function: present
Result: True
Comment: Added group harry
Changes: passwd: x
gid: 10001
name: harry
members: []
----------
State: - user
Name: harry
Function: present
Result: True
Comment: New user harry created
Changes: shell: /bin/bash
workphone:
uid: 10001
passwd: x
roomnumber:
gid: 10001
groups: ['harry', 'root']
home: /home/jarry
fullname: harry D
password: $1$harry$DDLDUWLoTFUMB0biMDIv..
homephone:
name: harry
Summary
------------
Succeeded: 2
Failed: 0
------------
Total: 2
4.2 删除用户
[root@open-source user]# cat userdel.sls
harry:
user.absent:
- purge: True #设置清除用户的文件(家目录)
- force: True #如果用户当前已登录,则absent state会失败. 设置force选项为True时,就算用户当前处于登录状态也会删除本用户.
运行结果
[root@open-source user]# salt '*' state.sls user.userdel
open2:
----------
State: - user
Name: harry
Function: absent
Result: True
Comment: Removed user harry
Changes: harry group: removed
harry: removed
Summary
------------
Succeeded: 1
Failed: 0
------------
Total: 1
4.3 添加sudo用户
[root@open-source user]# cat addsudo.sls
harry:
user.present:
- fullname: harry D
- shell: /bin/bash
- password: '$1$harry$DDLDUWLoTFUMB0biMDIv..'
- home: /home/jarry
- uid: 10001
- gid: 10001
- groups:
- root
- harry
- require:
- group: harry
group.present:
- gid: 10001
/etc/sudoers:
file.append:
- text:
- "harry ALL=(ALL) NOPASSWD: ALL"
执行结果
[root@open-source user]# salt '*' state.sls user.addsudo
open2:
----------
State: - group
Name: harry
Function: present
Result: True
Comment: Added group harry
Changes: passwd: x
gid: 10001
name: harry
members: []
----------
State: - user
Name: harry
Function: present
Result: True
Comment: New user harry created
Changes: shell: /bin/bash
workphone:
uid: 10001
passwd: x
roomnumber:
gid: 10001
groups: ['harry', 'root']
home: /home/jarry
fullname: harry D
password: $1$harry$DDLDUWLoTFUMB0biMDIv..
homephone:
name: harry
----------
State: - file
Name: /etc/sudoers
Function: append
Result: True
Comment: Appended 1 lines
Changes: diff: ---
+++
@@ -113,3 +113,4 @@
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
+harry ALL=(ALL) NOPASSWD: ALL
Summary
------------
Succeeded: 3
Failed: 0
------------
Total: 3
4.4 添加组:
[root@open-source user]# cat addgroup.sls
devgroup:
group.present:
- gid: 10002
yunwei:
group.present:
- gid: 1003
运行结果:
[root@open-source user]# salt '*' state.sls user.addgroup
open2:
----------
State: - group
Name: devgroup
Function: present
Result: True
Comment: No change
Changes:
----------
State: - group
Name: yunwei
Function: present
Result: True
Comment: No change
Changes:
Summary
------------
Succeeded: 2
Failed: 0
------------
Total: 2
4.5 删除组
[root@open-source user]# cat delgroup.sls
devgroup:
group.absent
运行结果
[root@open-source user]# salt '*' state.sls user.delgroup
open2:
----------
State: - group
Name: devgroup
Function: absent
Result: True
Comment: Removed group devgroup
Changes: devgroup:
Summary
------------
Succeeded: 1
Failed: 0
------------
Total: 1