saltstack之远程执行

#########################################TARGETING############################################

[root@linux-node1 pillar]# salt '*' cmd.run 'w'

linux-node1.example.com:

     09:22:01 up 37 min,  1 user,  load average: 0.00, 0.01, 0.06

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     pts/0    10.0.0.1         08:45    1.00s  0.95s  0.78s /usr/bin/python

linux-node2.example.com:

     09:22:01 up 37 min,  1 user,  load average: 0.00, 0.00, 0.00

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     pts/0    10.0.0.1         08:45   21:14   0.02s  0.02s -bash


salt           命令

*              代表指定目标

cmd.run        cmd模块的run方法

w              参数


[root@linux-node1 pillar]# salt 'linux-node1.example.com' cmd.run 'w' 

linux-node1.example.com:

     09:28:16 up 43 min,  1 user,  load average: 0.10, 0.04, 0.05

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     pts/0    10.0.0.1         08:45    1.00s  0.98s  0.80s /usr/bin/python


[root@linux-node1 pillar]# salt 'linux-node[1,2].example.com' cmd.run 'w'

通配符:https://docs.saltstack.com/en/latest/topics/targeting/globbing.html#targeting-glob


正则表达式:

-E     显示正则匹配

例子:

[root@linux-node1 pillar]# salt -E 'linux-(node1|node2).example.com' test.ping

linux-node2.example.com:

    True

linux-node1.example.com:

    True


-L      显示列表

例子:

[root@linux-node1 pillar]# salt -L 'linux-node1.example.com,linux-node2.example.com' test.ping

linux-node2.example.com:

    True

linux-node1.example.com:

    True


grains:  https://docs.saltstack.com/en/latest/topics/targeting/grains.html

例子:

[root@linux-node1 pillar]# salt -G 'os:CentOS' test.ping                -G  指定为grains

linux-node1.example.com:

    True

linux-node2.example.com:

    True


指定目标主机:https://docs.saltstack.com/en/latest/topics/targeting/pillar.html

[root@linux-node1 pillar]# salt -I 'apache:httpd' test.ping                -I  指定目标主机

linux-node1.example.com:

    True

linux-node2.example.com:

    True


匹配子网或者IP地址:https://docs.saltstack.com/en/latest/topics/targeting/ipcidr.html

例一:

[root@linux-node1 pillar]# salt -S 10.0.0.8 test.ping                     -S   匹配IP地址

linux-node2.example.com:

    True

例二:

[root@linux-node1 pillar]# salt -S 10.0.0.0/24 test.ping                  -S   匹配子网 

linux-node2.example.com:          

    True

linux-node1.example.com:

    True


例三:

[root@linux-node1 pillar]# salt -C '[email protected] or G@web:nginx' test.ping     -C    混合使用    -S   匹配IP地址   -G  匹配grains

linux-node2.example.com:

    True

linux-node1.example.com:

    True


混合使用:https://docs.saltstack.com/en/latest/topics/targeting/compound.html


节点组(NODE GROUPS):https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html       -N     匹配节点组

#####################################################TARGETING#########################################################


远程执行模块

#########################################FULL LIST OF BUILTIN STATE MODULES############################################

远程执行模块:https://docs.saltstack.com/en/latest/ref/modules/all/index.html

service模块讲解:https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#module-salt.modules.service


场景1:判断当前服务是否在运行

[root@linux-node1 pillar]# salt '*' service.available sshd

linux-node2.example.com:

    True

linux-node1.example.com:

    True


场景2:显示当前正在运行的服务:

[root@linux-node1 pillar]# salt '*' service.get_all


场景3:如果服务正在运行则返回false:

[root@linux-node1 pillar]# salt '*' service.missing sshd

linux-node1.example.com:

    False

linux-node2.example.com:

    False


场景4:服务的启动,关闭,重启,加载及状态:

[root@linux-node1 pillar]# salt '*' service.start/stop/restart/reload/status httpd 

 



network模块讲解:https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#module-salt.modules.network

场景1: 返回所有活动的tcp链接:

[root@linux-node1 pillar]# salt '*' network.active_tcp


场景2: 返回arp

[root@linux-node1 pillar]# salt '*' network.arp


场景3: 返回所有eth0的网卡的相关内容

[root@linux-node1 pillar]# salt '*' network.interface eth0



模块的acl:权限控制管理

[root@linux-node1 pillar]# vim /etc/salt/master

client_acl:               指定oldboy用户只能运行test.ping和network模块

  oldboy:

    - test.ping

    - network.*


[root@linux-node1 pillar]# useradd oldboy          添加oldboy用户

[root@linux-node1 pillar]# passwd oldboy           设置oldboy用户密码

更改用户 oldboy 的密码 。

新的 密码:

无效的密码: 过于简单化/系统化

无效的密码: 过于简单

重新输入新的 密码:

passwd: 所有的身份验证令牌已经成功更新。

[root@linux-node1 pillar]# chmod 777 /var/log/salt/master

[root@linux-node1 pillar]# chmod 755 /var/cache/salt/ /var/cache/salt/master/ /var/cache/salt/master/jobs/ /var/run/salt /var/run/salt/master/

[root@linux-node1 ~]# su - oldboy

[oldboy@linux-node1 ~]$ salt '*' test.ping              ======>此处用oldboy用户执行test.ping能够成功返回,证明oldboy用户可以使用此命令

linux-node2.example.com:

    True

linux-node1.example.com:

    True


[oldboy@linux-node1 ~]$ salt '*' cmd.run 'w'             ======>此处用oldboy用户执行别的命令会报错,因为salt-master的配置文件中没有指定,证明acl设置成功

Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).


acl中的正则匹配:

场景1 user01只能在linux-node1上执行test.ping命令

[root@linux-node1 pillar]# vim /etc/salt/master

client_acl:

  oldboy:

    - test.ping

    - network.*

  user01:

    - linux-node1*:

    - test.ping


[root@linux-node1 ~]# /etc/init.d/salt-master restart

Stopping salt-master daemon:                               [确定]

Starting salt-master daemon:                               [确定]

[root@linux-node1 ~]# useradd user01

[root@linux-node1 ~]# su - user01

[user01@linux-node1 ~]$ salt 'linux-node1*' test.ping 

linux-node1.example.com:

    True

[user01@linux-node1 ~]$ salt '*' test.ping 

Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).


禁止使用***模块,在master配置文件中配置blacklist即可

#########################################FULL LIST OF BUILTIN STATE MODULES############################################


返回模块

#########################################FULL LIST OF BUILTIN RETURNER MODULES############################################

返回数据至mysql数据库:https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html#module-salt.returners.mysql

创建salt数据库及所需表:

CREATE DATABASE  `salt`

  DEFAULT CHARACTER SET utf8

  DEFAULT COLLATE utf8_general_ci;

USE `salt`;


CREATE TABLE `jids` (

  `jid` varchar(255) NOT NULL,

  `load` mediumtext NOT NULL,

  UNIQUE KEY `jid` (`jid`)

) ENGINE=InnoDB DEFAULT CHARSET=utf8;


CREATE TABLE `salt_returns` (

  `fun` varchar(50) NOT NULL,

  `jid` varchar(255) NOT NULL,

  `return` mediumtext NOT NULL,

  `id` varchar(255) NOT NULL,

  `success` varchar(10) NOT NULL,

  `full_ret` mediumtext NOT NULL,

  `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,

  KEY `id` (`id`),

  KEY `jid` (`jid`),

  KEY `fun` (`fun`)

) ENGINE=InnoDB DEFAULT CHARSET=utf8;


CREATE TABLE `salt_events` (

`id` BIGINT NOT NULL AUTO_INCREMENT,

`tag` varchar(255) NOT NULL,

`data` mediumtext NOT NULL,

`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,

`master_id` varchar(255) NOT NULL,

PRIMARY KEY (`id`),

KEY `tag` (`tag`)

) ENGINE=InnoDB DEFAULT CHARSET=utf8;


最后一定要记得授权,至关重要:

mysql> grant all on salt.* to salt@'10.0.0.0/255.255.255.0' identified by 'salt';

Query OK, 0 rows affected (0.00 sec)


返回程序是minion返回的,所以在所有minion端都必须要安装MySQL-python包

[root@linux-node1 ~]# yum install MySQL-python -y

[root@linux-node2 ~]# yum install MySQL-python -y


在每个master和minion的配置文件末尾加上以下配置,则OK

[root@linux-node1 ~]# vim /etc/salt/minion  

[root@linux-node2 ~]# vim /etc/salt/minion  

[root@linux-node1 ~]# vim /etc/salt/master  

mysql.host: '10.0.0.7'

mysql.user: 'salt'

mysql.pass: 'salt'

mysql.db: 'salt'

mysql.port: 3306

修改之后重新启动salt-master和salt-minion服务

/etc/init.d/salt-master restart

/etc/init.d/salt-minion restart


然后刷新pillar

[root@linux-node1 ~]# salt '*' saltutil.refresh_pillar

linux-node2.example.com:

    True

linux-node1.example.com:

    True


[root@linux-node1 ~]# salt '*' test.ping --return mysql

linux-node1.example.com:

    True

linux-node2.example.com:

    True


之后查询数据库,则出现返回的数据:

mysql> select * from salt.salt_returns;

+-----------+----------------------+--------+-------------------------+---------


+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

| fun       | jid                  | return | id                      | success | full_ret                                                                                                   


                                         | alter_time          |

+-----------+----------------------+--------+-------------------------+---------


+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

| test.ping | 20151117113743783244 | true   | linux-node1.example.com | 1       | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun": 


"test.ping", "id": "linux-node1.example.com"} | 2015-11-17 11:37:43 |

| test.ping | 20151117113743783244 | true   | linux-node2.example.com | 1       | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun": 


"test.ping", "id": "linux-node2.example.com"} | 2015-11-17 11:37:43 |

+-----------+----------------------+--------+-------------------------+---------


+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

2 rows in set (0.00 sec)

则代表返回成功。



#####################################################################return: mysql############################################################################

将minion端和master端的注释打开,则无需指定--return mysql,如下所示:

#return: mysql    ================>   return: mysql

重新启动salt-master和salt-minion

[root@linux-node1 ~]# salt '*' cmd.run 'w' ======================>在master端执行以下命令

linux-node2.example.com:

     11:41:38 up  2:56,  1 user,  load average: 0.00, 0.00, 0.00

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     pts/0    10.0.0.1         08:45   15:17   0.09s  0.09s -bash

linux-node1.example.com:

     11:41:38 up  2:57,  2 users,  load average: 0.34, 0.14, 0.10

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     pts/0    10.0.0.1         10:44    3:06   0.37s  0.10s mysql

    root     pts/1    10.0.0.1         11:32    1.00s  0.91s  0.86s /usr/bin/python


在库中查看:

mysql> select * from salt.salt_returns;

+-----------+----------------------+--------+-------------------------+---------


+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

| fun       | jid                  | return | id                      | success | full_ret                                                                                                   


                                         | alter_time          |

+-----------+----------------------+--------+-------------------------+---------


+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

| test.ping | 20151117113743783244 | true   | linux-node1.example.com | 1       | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun": 


"test.ping", "id": "linux-node1.example.com"} | 2015-11-17 11:37:43 |

| test.ping | 20151117113743783244 | true   | linux-node2.example.com | 1       | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun": 


"test.ping", "id": "linux-node2.example.com"} | 2015-11-17 11:37:43 |

+-----------+----------------------+--------+-------------------------+---------


+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

2 rows in set (0.00 sec)


mysql> select * from salt.salt_returns;

| cmd.run   | 20151117114138375756 | " 11:41:38 up  2:56,  1 user,  load average: 0.00, 0.00, 0.00\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\nroot     pts/0    


10.0.0.1         08:45   15:17   0.09s  0.09s -bash"                                                                                   | linux-node2.example.com | 1       | {"fun_args": 


["w"], "jid": "20151117114138375756", "return": " 11:41:38 up  2:56,  1 user,  load average: 0.00, 0.00, 0.00\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\nroot    


 pts/0    10.0.0.1         08:45   15:17   0.09s  0.09s -bash", "retcode": 0, "success": true, "fun": "cmd.run", "id": "linux-node2.example.com"}                                            


                                       | 2015-11-17 11:41:38 |

| cmd.run   | 20151117114138375756 | " 11:41:38 up  2:57,  2 users,  load average: 0.34, 0.14, 0.10\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\nroot     pts/0    


10.0.0.1         10:44    3:06   0.37s  0.10s mysql\nroot     pts/1    10.0.0.1         11:32    1.00s  0.91s  0.86s /usr/bin/python" | linux-node1.example.com | 1       | {"fun_args": 


["w"], "jid": "20151117114138375756", "return": " 11:41:38 up  2:57,  2 users,  load average: 0.34, 0.14, 0.10\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\nroot   


  pts/0    10.0.0.1         10:44    3:06   0.37s  0.10s mysql\nroot     pts/1    10.0.0.1         11:32    1.00s  0.91s  0.86s /usr/bin/python", "retcode": 0, "success": true, "fun": 


"cmd.run", "id": "linux-node1.example.com"} | 2015-11-17 11:41:38 |

2 rows in set (0.00 sec)

已返回两行,则代表去掉master和minion中的注释,无需加--return mysql,数据仍可返回,OK

############################################################################return: mysql############################################################################


###########################################################################master_job_cache##########################################################################

参考网址:https://docs.saltstack.com/en/latest/topics/jobs/job_cache.html

使用job_cache:

[root@linux-node1 ~]# vim /etc/salt/master

742 master_job_cache: mysql

743 mysql.host: '10.0.0.7'

744 mysql.user: 'salt'

745 mysql.pass: 'salt'

746 mysql.db: 'salt'

747 mysql.port: 3306


重新启动salt-master

[root@linux-node1 ~]# salt '*' cmd.run 'free -m'     

linux-node1.example.com:

                 total       used       free     shared    buffers     cached

    Mem:          1873        886        986          2        124        247

    -/+ buffers/cache:        515       1358 

    Swap:         1023          0       1023

linux-node2.example.com:

                 total       used       free     shared    buffers     cached

    Mem:          1873        385       1487          0         29        218

    -/+ buffers/cache:        137       1736 

    Swap:         1023          0       1023


在数据库中查看结果,里面有返回的free -m数据

mysql> select * from salt.salt_returns;

| cmd.run   | 20151117115059880549 | "             total       used       free     shared    buffers     cached\nMem:          1873        886        986          2        124        


247\n-/+ buffers/cache:        515       1358 \nSwap:         1023          0       1023"                                                   | linux-node1.example.com | 1       | 


{"fun_args": ["free -m"], "jid": "20151117115059880549", "return": "             total       used       free     shared    buffers     cached\nMem:          1873        886        986      


    2        124        247\n-/+ buffers/cache:        515       1358 \nSwap:         1023          0       1023", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2015-11-


17T03:51:00.124707", "fun": "cmd.run", "id": "linux-node1.example.com"} | 2015-11-17 11:51:00 |

| cmd.run   | 20151117115059880549 | "             total       used       free     shared    buffers     cached\nMem:          1873        385       1487          0         29        


218\n-/+ buffers/cache:        137       1736 \nSwap:         1023          0       1023"                                                   | linux-node2.example.com | 1       | 


{"fun_args": ["free -m"], "jid": "20151117115059880549", "return": "             total       used       free     shared    buffers     cached\nMem:          1873        385       1487      


    0         29        218\n-/+ buffers/cache:        137       1736 \nSwap:         1023          0       1023", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2015-11-


17T03:51:00.164240", "fun": "cmd.run", "id": "linux-node2.example.com"} | 2015-11-17 11:51:00 |


则代表master_job_cache生效,这里不是minion直接返回,而是minion将数据传输给master,而master将数据写入数据库中

###########################################################################master_job_cache##########################################################################

老男孩网址:http://www.etiantian.org

QQ:406564728

你可能感兴趣的:(saltstack,远程执行, , , )