自动化运维神器之saltstack (五)salt-ssh的应用场景

    satlstack号称自动化运维的利器,那么saltstack能不能实现自身的批量部署呢?如果你也有这样的疑问,那么就更要看这篇文章了。答案当然是肯定的啦!saltstack可以利用salt-ssh来实现自身的批量部署。首先看待salt-ssh,很容易想到它是一个依赖 ssh 来进行远程命令执行的工具,这样做的好处是你不必在客户端安装minion程序,就可以实现远程命令的执行,而且salt-ssh支持salt的绝大部分功能。

    既然不安装minion端,那么master怎样识别到客户端并与客户端进行通信呢?这里主要使用的是一个roster 配置文件来实现的,首先我们来看下环境:

     hadoop0.updb.com    192.168.0.100    OS:CentOS 6.5        Role:master

     uadoop4.updb.com    192.168.0.204    OS:CentOS 6.5        Role:minion

     uadoop5.updb.com    192.168.0.205    OS:CentOS 6.5        Role:minion       

    在开始实验之前,uadoop4、uadoop5两个节点上是不存在minion服务的,最终的目的是通过salt-ssh在uadoop4、uadoop5上自动化部署好minion端。

    首先,我们来配置roster状态文件,让master能够与uadoop4、uadoop5来通信

## 在/etc/salt/目录下创建roster文件,内容如下
[root@hadoop0 ~]# cat  /etc/salt/roster 
uadoop4:
  host: 192.168.0.204    ## 主机
  user: root             ## ssh连接的用户名
  passwd: upbjsxt        ## ssh连接的密码
  port: 22               ## 端口
  timeout: 3             
uadoop5:
  host: 192.168.0.205    ## 主机
  user: root             ## ssh连接的用户名
  passwd: upbjsxt        ## ssh连接的密码
  port: 22               ## 端口
  timeout: 3             
## 不需要重启master服务就可以使用salt-ssh来测试  
[root@hadoop0 ~]# salt-ssh 'uadoop[4,5]' test.ping
uadoop5:
    True
uadoop4:
    True
## 需要注意的是,由于salt-ssh并没有继承salt的zeroMQ,所以执行起来要慢的多,-r选项可以执行系统命令
[root@hadoop0 ~]# salt-ssh 'uadoop[4,5]' -r 'free -m'
uadoop4:
    ----------
    retcode:
        0
    stderr:
        
    stdout:
                     total       used       free     shared    buffers     cached
        Mem:           988        174        814          0         35         55
        -/+ buffers/cache:         83        905
        Swap:         2047          0       2047
        
uadoop5:
    ----------
    retcode:
        0
    stderr:
        
    stdout:
                     total       used       free     shared    buffers     cached
        Mem:           988        172        815          0         34         55
        -/+ buffers/cache:         82        906
        Swap:         2047          0       2047

    ok,你会发现使用salt-ssh也是件非常简单的事情,接下来进入minion的批量部署,如下

## 将所有的与minion部署相关的文件全部放在/srv/salt/epel目录下
[root@hadoop0 epel]# pwd
/srv/salt/epel
[root@hadoop0 epel]# tree -f
.
├── ./epel-release-6-8.noarch.rpm
└── ./salt_install.sls

0 directories, 2 files
## salt_install文件内容
[root@hadoop0 epel]# cat salt_install.sls
## 首先要安装epel扩展源,然后才能使用yum的方式安装salt-minion                                    
epel_install:
  file.managed:
    - name: /tmp/epel-release-6-8.noarch.rpm    ## 指定4、5节点的epel安装包的存放路径
    - source: salt://epel/epel-release-6-8.noarch.rpm ## 指定从master的哪个位置拷贝epel的rpm包
    - user: root    ## 文件的拥有者
    - group: root   ## 文件的所属组
  cmd.run:
    - name: rpm -ivh /tmp/epel-release-6-8.noarch.rpm    ## 执行rpm包的安装
    - unless: test -f /etc/yum.repos.d/epel.repo    ## 如果存在这个文件就不再执行安装程序
    - require:
      - file: epel_install    ## 安装epel包要在epel文件拷贝之后

cache_yum:
  cmd.run:                    
    - name: yum makecache     ## 生成yum的缓存
    - require: 
      - file: epel_install    ## 生成缓存要在epel安装之后

salt_install:
  pkg.installed:              ## 安装salt-minion
    - name: salt-minion
    - require:                ## 安装minion要在epel安装之后
      - file: epel_install

## 远程执行
[root@hadoop0 salt]# salt-ssh  'uadoop[4,5]' state.sls epel.salt_install 
uadoop4:
    ----------
    cmd_|-cache_yum_|-yum makecache_|-run:
        ----------
        __run_num__:
            2
        changes:
            ----------
            pid:
                1993
            retcode:
                0
            stderr:
                
            stdout:
                Loaded plugins: fastestmirror, security
                Loading mirror speeds from cached hostfile
                 * base: ftp.stust.edu.tw
                 * epel: ftp.cuhk.edu.hk
                 * extras: mirrors.btte.net
                 * updates: mirrors.btte.net
                Metadata Cache Created
        comment:
            Command "yum makecache" run
        name:
            yum makecache
        result:
            True
    cmd_|-epel_install_|-rpm -ivh /tmp/epel-release-6-8.noarch.rpm_|-run:
        ----------
        __run_num__:
            1
        changes:
            ----------
            pid:
                1991
            retcode:
                0
            stderr:
                warning: /tmp/epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
            stdout:
                Preparing...                ##################################################
                epel-release                ##################################################
        comment:
            Command "rpm -ivh /tmp/epel-release-6-8.noarch.rpm" run
        name:
            rpm -ivh /tmp/epel-release-6-8.noarch.rpm
        result:
            True
    file_|-epel_install_|-/tmp/epel-release-6-8.noarch.rpm_|-managed:
        ----------
        __run_num__:
            0
        changes:
            ----------
            diff:
                New file
            mode:
                0644
        comment:
            File /tmp/epel-release-6-8.noarch.rpm updated
        name:
            /tmp/epel-release-6-8.noarch.rpm
        result:
            True
    pkg_|-salt_install_|-salt-minion_|-installed:
        ----------
        __run_num__:
            3
        changes:
            ----------
            PyYAML:
                ----------
                new:
                    3.10-3.1.el6
                old:
                    
            libyaml:
                ----------
                new:
                    0.1.6-1.el6
                old:
                    
            m2crypto:
                ----------
                new:
                    0.20.2-9.el6
                old:
                    
            openpgm:
                ----------
                new:
                    5.1.118-3.el6
                old:
                    
            python-babel:
                ----------
                new:
                    0.9.4-5.1.el6
                old:
                    
            python-backports:
                ----------
                new:
                    1.0-3.el6.centos
                old:
                    
            python-backports-ssl_match_hostname:
                ----------
                new:
                    3.4.0.2-4.el6.centos
                old:
                    
            python-chardet:
                ----------
                new:
                    2.0.1-1.el6.centos
                old:
                    
            python-crypto:
                ----------
                new:
                    2.0.1-22.el6
                old:
                    
            python-jinja2:
                ----------
                new:
                    2.2.1-2.el6_5
                old:
                    
            python-msgpack:
                ----------
                new:
                    0.1.13-3.el6
                old:
                    
            python-ordereddict:
                ----------
                new:
                    1.1-2.el6.centos
                old:
                    
            python-requests:
                ----------
                new:
                    1.1.0-4.el6.centos
                old:
                    
            python-six:
                ----------
                new:
                    1.7.3-1.el6.centos
                old:
                    
            python-urllib3:
                ----------
                new:
                    1.5-7.el6.centos
                old:
                    
            python-zmq:
                ----------
                new:
                    14.3.1-1.el6
                old:
                    
            salt:
                ----------
                new:
                    2014.7.0-3.el6
                old:
                    
            salt-minion:
                ----------
                new:
                    2014.7.0-3.el6
                old:
                    
            sshpass:
                ----------
                new:
                    1.05-1.el6
                old:
                    
            zeromq3:
                ----------
                new:
                    3.2.4-1.el6
                old:
                    
        comment:
            The following packages were installed/updated: salt-minion.
        name:
            salt-minion
        result:
            True
uadoop5:
    ----------
    cmd_|-cache_yum_|-yum makecache_|-run:
        ----------
        __run_num__:
            2
        changes:
            ----------
            pid:
                1937
            retcode:
                0
            stderr:

            stdout:
                Loaded plugins: fastestmirror, security
                Loading mirror speeds from cached hostfile
                 * base: mirror.neu.edu.cn
                 * epel: ftp.cuhk.edu.hk
                 * extras: mirror.neu.edu.cn
                 * updates: mirror01.idc.hinet.net
                Metadata Cache Created
        comment:
            Command "yum makecache" run
        name:
            yum makecache
        result:
            True
    cmd_|-epel_install_|-rpm -ivh /tmp/epel-release-6-8.noarch.rpm_|-run:
        ----------
        __run_num__:
            1
        changes:
            ----------
            pid:
                1935
            retcode:
                0
            stderr:
                warning: /tmp/epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
            stdout:
                Preparing...                ##################################################
                epel-release                ##################################################
        comment:
            Command "rpm -ivh /tmp/epel-release-6-8.noarch.rpm" run
        name:
            rpm -ivh /tmp/epel-release-6-8.noarch.rpm
        result:
            True
    file_|-epel_install_|-/tmp/epel-release-6-8.noarch.rpm_|-managed:
        ----------
        __run_num__:
            0
        changes:
            ----------
            diff:
                New file
            mode:
                0644
        comment:
            File /tmp/epel-release-6-8.noarch.rpm updated
        name:
            /tmp/epel-release-6-8.noarch.rpm
        result:
            True
    pkg_|-salt_install_|-salt-minion_|-installed:
        ----------
        __run_num__:
            3
        changes:
            ----------
            PyYAML:
                ----------
                new:
                    3.10-3.1.el6
                old:
                    
            libyaml:
                ----------
                new:
                    0.1.6-1.el6
                old:
                    
            m2crypto:
                ----------
                new:
                    0.20.2-9.el6
                old:
                    
            openpgm:
                ----------
                new:
                    5.1.118-3.el6
                old:
                    
            python-babel:
                ----------
                new:
                    0.9.4-5.1.el6
                old:
                    
            python-backports:
                ----------
                new:
                    1.0-3.el6.centos
                old:
                    
            python-backports-ssl_match_hostname:
                ----------
                new:
                    3.4.0.2-4.el6.centos
                old:
                    
            python-chardet:
                ----------
                new:
                    2.0.1-1.el6.centos
                old:
                    
            python-crypto:
                ----------
                new:
                    2.0.1-22.el6
                old:
                    
            python-jinja2:
                ----------
                new:
                    2.2.1-2.el6_5
                old:
                    
            python-msgpack:
                ----------
                new:
                    0.1.13-3.el6
                old:
                    
            python-ordereddict:
                ----------
                new:
                    1.1-2.el6.centos
                old:
                    
            python-requests:
                ----------
                new:
                    1.1.0-4.el6.centos
                old:
                    
            python-six:
                ----------
                new:
                    1.7.3-1.el6.centos
                old:
                    
            python-urllib3:
                ----------
                new:
                    1.5-7.el6.centos
                old:
                    
            python-zmq:
                ----------
                new:
                    14.3.1-1.el6
                old:
                    
            salt:
                ----------
                new:
                    2014.7.0-3.el6
                old:
                    
            salt-minion:
                ----------
                new:
                    2014.7.0-3.el6
                old:
                    
            sshpass:
                ----------
                new:
                    1.05-1.el6
                old:
                    
            zeromq3:
                ----------
                new:
                    3.2.4-1.el6
                old:
                    
        comment:
            The following packages were installed/updated: salt-minion.
        name:
            salt-minion
        result:
            True
## 根据反馈的结果看到已经安装成功

    需要手动修改uadoop4、uadoop5上的minion配置文件,只用修改两行

[root@uadoop4 tmp]# vi /etc/salt/minion 
master: 192.168.0.100
id: uadoop4
[root@uadoop5 ~]# vi  /etc/salt/minion 
master: 192.168.0.100
id: uadoop5

    master上远程启动uadoop4、uadoop5的minion服务

[root@hadoop0 epel]# salt-ssh  'uadoop[4,5]' -r '/etc/init.d/salt-minion restart'
uadoop5:
    ----------
    retcode:
        0
    stderr:
        
    stdout:
        Stopping salt-minion daemon: [FAILED]
        Starting salt-minion daemon: [  OK  ]
        
uadoop4:
    ----------
    retcode:
        0
    stderr:
        
    stdout:
        Stopping salt-minion daemon: [FAILED]
        Starting salt-minion daemon: [  OK  ]

    启动成功,master上接受minions的认证请求

[root@hadoop0 epel]# salt-key -L
Accepted Keys:
hadoop1
hadoop2
hadoop3
hadoop4
hadoop5
uadoop0
uadoop1
uadoop2
uadoop3
Unaccepted Keys:
uadoop4
uadoop5
Rejected Keys:
[root@hadoop0 epel]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
uadoop4
uadoop5
Proceed? [n/Y] Y
Key for minion uadoop4 accepted.
Key for minion uadoop5 accepted.
## 测试master与新部署的两个minions通信是否正常
[root@hadoop0 epel]# salt 'uadoop[4,5]' test.ping
uadoop5:
    True
uadoop4:
    True

    ok,通信正常,说明我们使用salt-ssh已经成功的部署好了两个节点上的minion,如果有很多个节点,那么使用salt-ssh是很容易完成minions的批量部署的,而且salt-ssh也常用在master对不能安装minion服务的主机远程命令的执行。除了自身的执行速度较慢之外,salt-ssh还是足够强大,能够满足我们的需求。本文中需要手动修改每个节点minion的配置文件,因为每个minion id是不一样的,所以这个问题还是没有办法避免,好在minion配置文件需要我们修改的地方只有两行,所以这个问题就不是什么问题了。



本文出自 “勇敢向前,坚决向左” 博客,转载请与作者联系!

你可能感兴趣的:(自动部署,saltstack,salt-ssh)