saltstack初步学习

注:本文同学看一些牛人博客及saltstack社区总结的,感谢牛人们的分享,像开源致敬

通过实验测试总结saltstack所实现的功能

1.安装软件包
2.文件分发
3.添加删除用户,组并将用户加入sudo
4.执行系统命令

还有很多功能没有测试

一、saltstack 安装配置
一般测试注意selinux和iptables,最好是关闭selinux 开启iptables但开放相应端口

1.1 环境
centos 6.2 192.168.101.77 salt-master
centos 6.2 192.168.101.88 salt-minion

1.2 Master 安装配置
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm
yum -y install salt-master

master配置文件简单
[root@open-source ~]# cat /etc/salt/master |grep -v "#"|grep -v "^$"
interface: 192.168.101.77 #监听地址
publish_port: 4505
ret_port: 4506
pidfile: /var/run/salt-master.pid  #
file_roots:
 base:
   - /srv/salt/
pillar_roots:
 base:
   - /srv/pillar
nodegroups:     #可以根据mimion不同分组管理
 group1: '[email protected],bar.domain.com,baz.domain.com and bl*.domain.com'
 group2: 'G@os:Debian and foo.domain.com'



添加iptables
[root@open-source ~]# iptables -I INPUT -p tcp --dport 4505 -j ACCEPT
[root@open-source ~]# iptables -I INPUT -p tcp --dport 4506 -j ACCEPT
启动mater
[root@open-source ~]# /etc/init.d/salt-master restart

1.3 client 安装配置
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm
yum -y install salt-minion

[root@open2 ~]# vim /etc/salt/minion
master: 192.168.101.77
[root@open2 ~]# /etc/init.d/salt-minion start #启动
Starting salt-minion daemon:                               [  OK  ]
[root@open2 ~]# tail -f /var/log/salt/minion  #查看日志


1.4 server 端查看连接过来的key
[root@open-source ~]# salt-key list                  
Accepted Keys:
Unaccepted Keys:
open2            #可以看到连接过来的客户端
Rejected Keys:

1.5 接收客户端key
[root@open-source ~]# salt-key -a open2
The following keys are going to be accepted:
Unaccepted Keys:
open2
Proceed? [n/Y] Y
Key for minion open2 accepted.

1.6 客户端key存放位置
[root@open-source ~]# ls /etc/salt/pki/master/minions
open2

1.7 下面是几个测试命令
[root@open-source ~]# salt '*' cmd.run "hostname"
open2:
   open2
[root@open-source ~]# salt '*' test.ping
open2:
   True
[root@open-source ~]# salt '*' disk.usage


二、 salt 常用命令
-E 后面正则表达式
[root@open-source ~]# salt -E 'open*' test.ping
open2:
   True

不带-E 后面可以带shell正则
[root@open-source ~]# salt 'open*' cmd.run 'uname -a'

-L 后面可以跟多个客户端
[root@open-source ~]# salt -L 'open1,open2,open3' cmd.run 'uname -a'

-N 后面可以按组分

-L 列出客户端
[root@open-source ~]# salt-key -L              
Accepted Keys:
open2
Unaccepted Keys:
Rejected Keys:

cmd.run 一个很强大的命令,可以远程执行shell命令
例如:远程简历用户
[root@open-source ~]# salt -E 'open2' cmd.run 'useradd testuser'

grain 责采集客户端一些基本信息
minion基本信息管理
salt '*' grains.ls  查看grains分类
salt '*' grains.items 查看grains所有信息
salt '*' grains.item osrelease 查看grains某个信息




pillar
# mkdir /srv/pillar/
[root@open-source pillar]# cat top.sls
base:
'*':
 - data

[root@open-source pillar]# cat data.sls
info: some data

[root@open-source pillar]# salt '*' pillar.data


三、 salt-stack安装rpm包及文件分发
例如安装LNMP并分发配置文件到各个minion
3.1 目录组织结构
[root@open-source salt]# tree
.
├── conf
│?? ├── mysql.sls
│?? ├── nginx.sls
│?? ├── pack.sls
│?? ├── php.sls
│?? └── software.sls
├── mysql
│?? └── my.cnf
├── nginx
│?? └── nginx.conf
├── php
│?? └── php.ini
├── software
│?? ├── mysql-5.6.14.tar.gz
│?? ├── nginx-1.5.6.tar.gz
│?? └── php-5.5.5.tar.gz
└── top.sls

3.2 建立所需目录,前期准备
[root@open-source ~]# cd /srv/salt/
[root@open-source salt]# mkdir -p {conf,nginx,php,mysql,software}

[root@open-source salt]# cp -p /usr/local/mysql/my.cnf mysql/
[root@open-source salt]# cp -p /usr/local/app/nginx/conf/nginx.conf nginx/
[root@open-source salt]# cp -p /usr/local/php/etc/php.ini php/

[root@open-source salt]# cd software/
[root@open-source software]# cp -p /usr/src/php-5.5.5.tar.gz .
[root@open-source software]# cp -p /usr/src/nginx-1.5.6.tar.gz .
[root@open-source software]# cp -p /usr/src/mysql-5.6.14.tar.gz .

[root@open-source software]# cd ../conf/
[root@open-source conf]# touch nginx.sls mysql.sls php.sls pack.sls software.sls

3.3 入口文件top配置
在/srv/salt目录下面新建top.sls文件,该文件是Saltstack入口配置文件。
Saltstack "top.sls"文件开头一般用base:书写,通配符'*'表示所有的minion,
-conf.pack表示conf目录下面的pack.sls文件,在这里我定义的是RPM软件包管理。
[root@open-source salt]# vim top.sls
base:
 '*':
   - conf.nginx
   - conf.mysql
   - conf.php
   - conf.pack
   - conf.software

3.4 安装mysql rpm包
创建软件包管理的配置文件pack.sls 文件,httpd表示要安装软件包,pkg:表示Saltstack安装包管理,
-name表示安装软件包名称,-installed表示安装,-removed表示卸载,service:表示Saltstack服务管理,
后两行保证mysql的服务是开启的。
[root@open-source conf]# cat pack.sls
mysql:
 pkg:
   - name: mysql
   - installed
 service:
   - running
   - enable: True

3.5 推送my.cnf文件
创建Nginx sls配置文件nginx.sls ,第一行表示分发到minion文件路径,-managed表示Saltstack文件管理,
-source:表示master端配置文件地址,是从master配置文件定义的路径/srv/salt开始查找的,下面三行表示文件的属性。
[root@open-source conf]# cat mysql.sls
/usr/local/mysql/conf/my.cnf:
 file:
   - managed
   - source: salt://mysql/my.cnf
   - user: mysql
   - group: mysql
   - mode: 644
   - backup: minion

3.6 测试结果
[root@open-source conf]# salt '*' state.highstate
open2:
----------
   State: - file
   Name:      /usr/local/mysql/conf/my.cnf
   Function:  managed
       Result:    True
       Comment:   File /usr/local/mysql/conf/my.cnf updated
       Changes:   diff: New file
                  group: mysql
                  user: mysql

----------
   State: - pkg
   Name:      mysql
   Function:  installed
       Result:    True
       Comment:   The following packages were installed/updated: mysql.
       Changes:   openssl: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}
                  openssl-devel: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}
                  mysql-libs: { new : 5.1.71-1.el6
old : 5.1.52-1.el6_0.1
}
                  mysql: { new : 5.1.71-1.el6
old :
}
                  openssl-perl: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}
                  openssl-static: { new : 1.0.1e-16.el6_5
old : 1.0.0-27.el6_4.2
}

----------
   State: - service
   Name:      mysql
   Function:  running
       Result:    False
       Comment:   The named service mysql is not available
       Changes:  

Summary
------------
Succeeded: 2
Failed:    1
------------
Total:     3

注:提示3个成功一个失败,mysql服务没启动成功,应该是pack.sls配置文件的错误
[root@open-source conf]# cat pack.sls
mysqld:       #这儿是服务名应该是mysqld我上边写的是mysql所以报服务没起来错误
 pkg:
   - name: mysql      #这儿是包名
   - installed
 service:
   - running
   - enable: True

[root@open-source conf]# salt '*' state.highstate
open2:
----------
   State: - file
   Name:      /usr/local/mysql/conf/my.cnf
   Function:  managed
       Result:    True
       Comment:   File /usr/local/mysql/conf/my.cnf is in the correct state
       Changes:  
----------
   State: - pkg
   Name:      mysql
   Function:  installed
       Result:    True
       Comment:   Package mysql is already installed
       Changes:  
----------
   State: - service
   Name:      mysqld
   Function:  running
       Result:    True
       Comment:   Service mysqld has been enabled, and is in the desired state
       Changes:   mysqld: True


Summary
------------
Succeeded: 3
Failed:    0
------------
Total:     3

卸载RPM软件包
[root@open-source conf]# cat smb.sls
smb:
 pkg:
   - name: samba
   - removed

运行结果:    
[root@open-source conf]# salt '*' state.sls conf.smb
open2:
----------
   State: - pkg
   Name:      samba
   Function:  removed
       Result:    True
       Comment:   All targeted packages were removed.
       Changes:   samba: { new :
old : 3.6.9-167.el6_5
}


Summary
------------
Succeeded: 1
Failed:    0
------------
Total:     1

其它
altstack通过cp.get_file可以将master文件分发到minion,/software/httpd-2.4.3.tar.bz2表示把文件分发到minion上的文件路径,
makedirs=True表示如果目录不存在自动创建,在传输大文件的时候还支持压缩传输,在传输大文件的时候还支持压缩传输gzip。                  
[root@salt-server ~]# salt '*' cp.get_file salt://software/httpd-2.4.3.tar.bz2 /usr/src/httpd-2.4.3.tar.bz2 makedirs=True
bt-199-034.bta.net.cn:
   /usr/src/httpd-2.4.3.tar.bz2

cp.get_dir和cp.get_file一样,不过get_dir是用来下载整个目录的,也支持压缩传输。
[root@salt-server ~]# salt '*' cp.get_dir salt://software/ /usr/src/ gzip=5

四、用户管理

4.1 添加harry用户
生成密码
[root@open-source ~]# openssl passwd -1 -salt 'harry'    
Password:
$1$harry$DDLDUWLoTFUMB0biMDIv..

top.sls文件
[root@open-source salt]# cat top.sls
base:
 '*':
   - conf.nginx
   - conf.mysql
   - conf.php
   - conf.pack
   - conf.software
   - user.users
   - user.userdel
   - user.addsudo
   - user.addgroup
   - user.delgroup

[root@open-source user]# cat users.sls
harry:
 user.present:
   - fullname: harry D
   - shell: /bin/bash
   - password: '$1$harry$DDLDUWLoTFUMB0biMDIv..'
   - home: /home/jarry
   - uid: 10001
   - gid: 10001
   - groups:
     - root
     - harry
   - require:
     - group: harry
 group.present:
   - gid: 10001

运行结果
因为有多个.sls文件,如果想单独运行某个的话
salt '*' state.sls xxx

[root@open-source user]# salt '*' state.sls user.users
open2:
----------
   State: - group
   Name:      harry
   Function:  present
       Result:    True
       Comment:   Added group harry
       Changes:   passwd: x
                  gid: 10001
                  name: harry
                  members: []

----------
   State: - user
   Name:      harry
   Function:  present
       Result:    True
       Comment:   New user harry created
       Changes:   shell: /bin/bash
                  workphone:
                  uid: 10001
                  passwd: x
                  roomnumber:
                  gid: 10001
                  groups: ['harry', 'root']
                  home: /home/jarry
                  fullname: harry D
                  password: $1$harry$DDLDUWLoTFUMB0biMDIv..
                  homephone:
                  name: harry


Summary
------------
Succeeded: 2
Failed:    0
------------
Total:     2

4.2 删除用户
[root@open-source user]# cat userdel.sls
harry:
 user.absent:
   - purge: True  #设置清除用户的文件(家目录)
   - force: True  #如果用户当前已登录,则absent state会失败. 设置force选项为True时,就算用户当前处于登录状态也会删除本用户.

运行结果
[root@open-source user]# salt '*' state.sls user.userdel
open2:
----------
   State: - user
   Name:      harry
   Function:  absent
       Result:    True
       Comment:   Removed user harry
       Changes:   harry group: removed
                  harry: removed


Summary
------------
Succeeded: 1
Failed:    0
------------
Total:     1

4.3 添加sudo用户
[root@open-source user]# cat  addsudo.sls
harry:
 user.present:
   - fullname: harry D
   - shell: /bin/bash
   - password: '$1$harry$DDLDUWLoTFUMB0biMDIv..'
   - home: /home/jarry
   - uid: 10001
   - gid: 10001
   - groups:
     - root
     - harry
   - require:
     - group: harry
 group.present:
   - gid: 10001

/etc/sudoers:
 file.append:
   - text:
     - "harry ALL=(ALL) NOPASSWD: ALL"

执行结果
[root@open-source user]# salt '*' state.sls user.addsudo
open2:
----------
   State: - group
   Name:      harry
   Function:  present
       Result:    True
       Comment:   Added group harry
       Changes:   passwd: x
                  gid: 10001
                  name: harry
                  members: []

----------
   State: - user
   Name:      harry
   Function:  present
       Result:    True
       Comment:   New user harry created
       Changes:   shell: /bin/bash
                  workphone:
                  uid: 10001
                  passwd: x
                  roomnumber:
                  gid: 10001
                  groups: ['harry', 'root']
                  home: /home/jarry
                  fullname: harry D
                  password: $1$harry$DDLDUWLoTFUMB0biMDIv..
                  homephone:
                  name: harry

----------
   State: - file
   Name:      /etc/sudoers
   Function:  append
       Result:    True
       Comment:   Appended 1 lines
       Changes:   diff: ---  
+++  
@@ -113,3 +113,4 @@

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
+harry ALL=(ALL) NOPASSWD: ALL



Summary
------------
Succeeded: 3
Failed:    0
------------
Total:     3

4.4 添加组:
[root@open-source user]# cat addgroup.sls
devgroup:
 group.present:
   - gid: 10002

yunwei:
 group.present:
   - gid: 1003

运行结果:
[root@open-source user]# salt '*' state.sls user.addgroup
open2:
----------
   State: - group
   Name:      devgroup
   Function:  present
       Result:    True
       Comment:   No change
       Changes:  
----------
   State: - group
   Name:      yunwei
   Function:  present
       Result:    True
       Comment:   No change
       Changes:  

Summary
------------
Succeeded: 2
Failed:    0
------------
Total:     2

4.5 删除组
[root@open-source user]# cat delgroup.sls
devgroup:
 group.absent

运行结果  
[root@open-source user]# salt '*' state.sls user.delgroup
open2:
----------
   State: - group
   Name:      devgroup
   Function:  absent
       Result:    True
       Comment:   Removed group devgroup
       Changes:   devgroup:


Summary
------------
Succeeded: 1
Failed:    0
------------
Total:     1















你可能感兴趣的:(saltstack)