Linux自动化运维之SaltStack实践

         1.1、环境

linux-node1(master服务端) 192.168.0.15
linux-node2(minion客户端) 192.168.0.16

1.2、SaltStack三种运行模式介绍

Local 本地
Master/Minion 传统运行方式(server端跟agent端)
Salt SSH SSH

1.3、SaltStack三大功能

  • 远程执行
  • 配置管理
  • 云管理

1.4、SaltStack安装基础环境准备

[root@linux-node1 ~]# cat /etc/redhat-release  ##查看系统版本

CentOS release 6.7 (Final)

[root@linux-node1 ~]# uname -r ##查看系统内核版本

2.6.32-573.el6.x86_64

[root@linux-node1 ~]# getenforce ##查看selinux的状态

Enforcing

[root@linux-node1 ~]# setenforce 0 ##关闭selinux

[root@linux-node1 ~]# getenforce

Permissive

[root@linux-node1 ~]# /etc/init.d/iptables stop

[root@linux-node1 ~]# /etc/init.d/iptables stop

[root@linux-node1 ~]# ifconfig eth0|awk -F ‘[: ]+’ ‘NR==2{print $4}’ ##过滤Ip地址

192.168.0.15

[root@linux-node1 ~]# hostname ##查看主机名

linux-node1.zhurui.com

[root@linux-node1 yum.repos.d]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo  ##安装salt必须使用到epel源

1.4、安装Salt

服务端:

[root@linux-node1 yum.repos.d]# yum install -y salt-master salt-minion ##salt-master包跟salt-minion包

[root@linux-node1 yum.repos.d]# chkconfig salt-master on  ##加入到开机自动启动

[root@linux-node1 yum.repos.d]# chkconfig salt-minion on  ##加入到开机自动启动

[root@linux-node1 yum.repos.d]# /etc/init.d/salt-master start   ##启动salt-master

Starting salt-master daemon:                                   [  OK  ]

启动到这里需要修改minion配置文件,才能启动salt-minion服务

[root@linux-node1 yum.repos.d]# grep ‘^[a-z]’ /etc/salt/minion

master: 192.168.0.15  ##指定master主机

[root@linux-node1 yum.repos.d]# cat /etc/hosts

192.168.0.15 linux-node1.zhurui.com linux-node1  ##确认主机名是否解析

192.168.0.16 linux-node2.zhurui.com linux-node2

解析结果:

  1. [root@linux-node1 yum.repos.d]# ping linux-node1.zhurui.com
  2. PING linux-node1.zhurui.com (192.168.0.15)56(84) bytes of data.
  3. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=1 ttl=64 time=0.087 ms
  4. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=2 ttl=64 time=0.060 ms
  5. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=3 ttl=64 time=0.053 ms
  6. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=4 ttl=64 time=0.060 ms
  7. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=5 ttl=64 time=0.053 ms
  8. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=6 ttl=64 time=0.052 ms
  9. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=7 ttl=64 time=0.214 ms
  10. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=8 ttl=64 time=0.061 ms

[root@linux-node1 yum.repos.d]# /etc/init.d/salt-minion start  ##启动minion客户端

Starting salt-minion daemon:                               [  OK  ]

[root@linux-node1 yum.repos.d]#

客户端:

[root@linux-node2 ~]# yum install -y salt-minion  ##安装salt-minion包,相当于客户端包

[root@linux-node2 ~]# chkconfig salt-minion on  ##加入开机自启动

[root@linux-node2 ~]# grep ‘^[a-z]’ /etc/salt/minion   ##客户端指定master主机

master: 192.168.0.15

[root@linux-node2 ~]# /etc/init.d/salt-minion start  ##接着启动minion

Starting salt-minion daemon:                               [  OK  ]

1.5、Salt秘钥认证设置

1.5.1使用salt-kes -a linux*命令之前在目录/etc/salt/pki/master目录结构如下

1.5.2使用salt-kes -a linux*命令将秘钥通过允许,随后minions_pre下的文件会转移到minions目录下

  1. [root@linux-node1 minion]# salt-key -a linux*
  2. The following keys are going to be accepted:
  3. UnacceptedKeys:
  4. linux-node1.zhurui.com
  5. linux-node2.zhurui.com
  6. Proceed?[n/Y] Y
  7. Keyfor minion linux-node1.zhurui.com accepted.
  8. Keyfor minion linux-node2.zhurui.com accepted.
  9. [root@linux-node1 minion]# salt-key
  10. AcceptedKeys:
  11. linux-node1.zhurui.com
  12. linux-node2.zhurui.com
  13. DeniedKeys:
  14. UnacceptedKeys:
  15. RejectedKeys:

1.5.3此时目录机构变化成如下:

1.5.4并且伴随着客户端/etc/salt/pki/minion/目录下有master公钥生成

1.6、salt远程执行命令详解

1.6.1 salt ‘*’ test.ping 命令

[root@linux-node1 master]# salt ‘*’ test.ping  ##salt命令  test.ping的含义是,test是一个模块,ping是模块内的方法

linux-node2.zhurui.com:

True

linux-node1.zhurui.com:

True

[root@linux-node1 master]#

1.6.2  salt ‘*’ cmd.run ‘uptime’ 命令

1.7、saltstack配置管理

1.7.1编辑配置文件/etc/salt/master,将file_roots注释去掉

1.7.2接着saltstack远程执行如下命令

[root@linux-node1 master]# ls /srv/

[root@linux-node1 master]# mkdir /srv/salt

[root@linux-node1 master]# /etc/init.d/salt-master restart

Stopping salt-master daemon:                               [  OK  ]

Starting salt-master daemon:                                 [  OK  ]

[root@linux-node1 salt]# cat apache.sls   ##进入到/srv/salt/目录下创建

[root@linux-node1 salt]# salt ‘*’ state.sls apache  ##接着执行如下语句

接着会出现如下报错:

便捷apache.sls文件添加如下:

最后成功如下:

  1. [root@linux-node1 salt]# salt ‘*’ state.sls apache
  2. linux-node2.zhurui.com:
  3. ———-
  4. ID: apache-install
  5. Function: pkg.installed
  6. Name: httpd
  7. Result:True
  8. Comment:Package httpd is already installed.
  9. Started:22:38:52.954973
  10. Duration:1102.909 ms
  11. Changes:
  12. ———-
  13. ID: apache-install
  14. Function: pkg.installed
  15. Name: httpd-devel
  16. Result:True
  17. Comment:Package httpd-devel is already installed.
  18. Started:22:38:54.058190
  19. Duration:0.629 ms
  20. Changes:
  21. ———-
  22. ID: apache-service
  23. Function: service.running
  24. Name: httpd
  25. Result:True
  26. Comment:Service httpd has been enabled, and is running
  27. Started:22:38:54.059569
  28. Duration:1630.938 ms
  29. Changes:
  30. ———-
  31. httpd:
  32. True
  33. Summary
  34. ————
  35. Succeeded:3(changed=1)
  36. Failed:0
  37. ————
  38. Total states run:3
  39. linux-node1.zhurui.com:
  40. ———-
  41. ID: apache-install
  42. Function: pkg.installed
  43. Name: httpd
  44. Result:True
  45. Comment:Package httpd is already installed.
  46. Started:05:01:17.491217
  47. Duration:1305.282 ms
  48. Changes:
  49. ———-
  50. ID: apache-install
  51. Function: pkg.installed
  52. Name: httpd-devel
  53. Result:True
  54. Comment:Package httpd-devel is already installed.
  55. Started:05:01:18.796746
  56. Duration:0.64 ms
  57. Changes:
  58. ———-
  59. ID: apache-service
  60. Function: service.running
  61. Name: httpd
  62. Result:True
  63. Comment:Service httpd has been enabled, and is running
  64. Started:05:01:18.798131
  65. Duration:1719.618 ms
  66. Changes:
  67. ———-
  68. httpd:
  69. True
  70. Summary
  71. ————
  72. Succeeded:3(changed=1)
  73. Failed:0
  74. ————
  75. Total states run:3
  76. [root@linux-node1 salt]#

1.7.3验证使用saltstack安装httpd是否成功

linux-node1:

[root@linux-node1 salt]# lsof -i:80  ##已经成功启动

COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

httpd   7397   root    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7399 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7400 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7401 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7403 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7404 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7405 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7406 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7407 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

linux-node2:

[root@linux-node2 pki]# lsof -i:80

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

httpd   12895   root    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12897 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12898 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12899 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12901 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12902 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12906 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12908 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12909 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

[root@linux-node2 pki]#

1.7.4使用saltstack状态管理

[root@linux-node1 salt]# salt ‘*’ state.highstate

2.1、SaltStack之Grains数据系统

  • Grains
  • Pillar

2.1.1使用salt命令查看系统版本

  1. [root@linux-node1 salt]# salt ‘linux-node1*’ grains.ls
  2. linux-node1.zhurui.com:
  3. -SSDs
  4. – biosreleasedate
  5. – biosversion
  6. – cpu_flags
  7. – cpu_model
  8. – cpuarch
  9. – domain
  10. – fqdn
  11. – fqdn_ip4
  12. – fqdn_ip6
  13. – gpus
  14. – host
  15. – hwaddr_interfaces
  16. – id
  17. – init
  18. – ip4_interfaces
  19. – ip6_interfaces
  20. – ip_interfaces
  21. – ipv4
  22. – ipv6
  23. – kernel
  24. – kernelrelease
  25. – locale_info
  26. – localhost
  27. – lsb_distrib_codename
  28. – lsb_distrib_id
  29. – lsb_distrib_release
  30. – machine_id
  31. – manufacturer
  32. – master
  33. – mdadm
  34. – mem_total
  35. – nodename
  36. – num_cpus
  37. – num_gpus
  38. – os
  39. – os_family
  40. – osarch
  41. – oscodename
  42. – osfinger
  43. – osfullname
  44. – osmajorrelease
  45. – osrelease
  46. – osrelease_info
  47. – path
  48. – productname
  49. – ps
  50. – pythonexecutable
  51. – pythonpath
  52. – pythonversion
  53. – saltpath
  54. – saltversion
  55. – saltversioninfo
  56. – selinux
  57. – serialnumber
  58. – server_id
  59. – shell
  60. – virtual
  61. – zmqversion
  62. [root@linux-node1 salt]#

2.1.2系统版本相关信息:

  1. [root@linux-node1 salt]# salt ‘linux-node1*’ grains.items
  2. linux-node1.zhurui.com:
  3. ———-
  4. SSDs:
  5. biosreleasedate:
  6. 07/31/2013
  7. biosversion:
  8. 00
  9. cpu_flags:
  10. – fpu
  11. – vme
  12. – de
  13. – pse
  14. – tsc
  15. – msr
  16. – pae
  17. – mce
  18. – cx8
  19. – apic
  20. – sep
  21. – mtrr
  22. – pge
  23. – mca
  24. – cmov
  25. – pat
  26. – pse36
  27. – clflush
  28. – dts
  29. – mmx
  30. – fxsr
  31. – sse
  32. – sse2
  33. – ss
  34. – syscall
  35. – nx
  36. – rdtscp
  37. – lm
  38. – constant_tsc
  39. – up
  40. – arch_perfmon
  41. – pebs
  42. – bts
  43. – xtopology
  44. – tsc_reliable
  45. – nonstop_tsc
  46. – aperfmperf
  47. – unfair_spinlock
  48. – pni
  49. – ssse3
  50. – cx16
  51. – sse4_1
  52. – sse4_2
  53. – x2apic
  54. – popcnt
  55. – hypervisor
  56. – lahf_lm
  57. – arat
  58. – dts
  59. cpu_model:
  60. Intel(R)Core(TM) i3 CPU M 380@2.53GHz
  61. cpuarch:
  62. x86_64
  63. domain:
  64. com
  65. fqdn:
  66. linux-node1.zhurui.com
  67. fqdn_ip4:
  68. -192.168.0.15
  69. fqdn_ip6:
  70. gpus:
  71. |_
  72. ———-
  73. model:
  74. SVGA II Adapter
  75. vendor:
  76. unknown
  77. host:
  78. linux-node1
  79. hwaddr_interfaces:
  80. ———-
  81. eth0:
  82. 00:0c:29:fc:ba:90
  83. lo:
  84. 00:00:00:00:00:00
  85. id:
  86. linux-node1.zhurui.com
  87. init:
  88. upstart
  89. ip4_interfaces:
  90. ———-
  91. eth0:
  92. -192.168.0.15
  93. lo:
  94. -127.0.0.1
  95. ip6_interfaces:
  96. ———-
  97. eth0:
  98. – fe80::20c:29ff:fefc:ba90
  99. lo:
  100. -::1
  101. ip_interfaces:
  102. ———-
  103. eth0:
  104. -192.168.0.15
  105. – fe80::20c:29ff:fefc:ba90
  106. lo:
  107. -127.0.0.1
  108. -::1
  109. ipv4:
  110. -127.0.0.1
  111. -192.168.0.15
  112. ipv6:
  113. -::1
  114. – fe80::20c:29ff:fefc:ba90
  115. kernel:
  116. Linux
  117. kernelrelease:
  118. 6.32-573.el6.x86_64
  119. locale_info:
  120. ———-
  121. defaultencoding:
  122. UTF8
  123. defaultlanguage:
  124. en_US
  125. detectedencoding:
  126. UTF-8
  127. localhost:
  128. linux-node1.zhurui.com
  129. lsb_distrib_codename:
  130. Final
  131. lsb_distrib_id:
  132. CentOS
  133. lsb_distrib_release:
  134. 7
  135. machine_id:
  136. da5383e82ce4b8d8a76b5a3e00000010
  137. manufacturer:
  138. VMware,Inc.
  139. master:
  140. 168.0.15
  141. mdadm:
  142. mem_total:
  143. 556
  144. nodename:
  145. linux-node1.zhurui.com
  146. num_cpus:
  147. 1
  148. num_gpus:
  149. 1
  150. os:
  151. CentOS
  152. os_family:
  153. RedHat
  154. osarch:
  155. x86_64
  156. oscodename:
  157. Final
  158. osfinger:
  159. CentOS-6
  160. osfullname:
  161. CentOS
  162. osmajorrelease:
  163. 6
  164. osrelease:
  165. 7
  166. osrelease_info:
  167. -6
  168. -7
  169. path:
  170. /sbin:/usr/sbin:/bin:/usr/bin
  171. productname:
  172. VMwareVirtualPlatform
  173. ps:
  174. ps -efH
  175. pythonexecutable:
  176. /usr/bin/python2.6
  177. pythonpath:
  178. -/usr/bin
  179. -/usr/lib64/python26.zip
  180. -/usr/lib64/python2.6
  181. -/usr/lib64/python2.6/plat-linux2
  182. -/usr/lib64/python2.6/lib-tk
  183. -/usr/lib64/python2.6/lib-old
  184. -/usr/lib64/python2.6/lib-dynload
  185. -/usr/lib64/python2.6/site-packages
  186. -/usr/lib64/python2.6/site-packages/gtk-2.0
  187. -/usr/lib/python2.6/site-packages
  188. pythonversion:
  189. -2
  190. -6
  191. -6
  192. – final
  193. -0
  194. saltpath:
  195. /usr/lib/python2.6/site-packages/salt
  196. saltversion:
  197. 5.10
  198. saltversioninfo:
  199. -2015
  200. -5
  201. -10
  202. -0
  203. selinux:
  204. ———-
  205. enabled:
  206. True
  207. enforced:
  208. Permissive
  209. serialnumber:
  210. VMware-564d8f43912d3a99-eb c4 3b a9 34 fc ba 90
  211. server_id:
  212. 295577080
  213. shell:
  214. /bin/bash
  215. virtual:
  216. VMware
  217. zmqversion:
  218. 2.5

2.1.3系统版本相关信息:

2.1.4查看node1所有ip地址:

[root@linux-node1 salt]# salt ‘linux-node1*’ grains.get ip_interfaces:eth0 ##用于信息的收集

linux-node1.zhurui.com:

– 192.168.0.15

– fe80::20c:29ff:fefc:ba90

2.1.4使用Grains收集系统信息:

[root@linux-node1 salt]# salt ‘linux-node1*’ grains.get os

linux-node1.zhurui.com:

CentOS

[root@linux-node1 salt]# salt -G os:CentOS cmd.run ‘w’  ##  -G:代表使用Grains收集,使用w命令,查看登录信息

linux-node2.zhurui.com:

20:29:40 up 2 days, 16:09,  2 users,  load average: 0.00, 0.00, 0.00

USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

root     tty1     –                Sun14   29:07m  0.32s  0.32s -bash

root     pts/0    192.168.0.101    Sun20   21:41m  0.46s  0.46s -bash

linux-node1.zhurui.com:

02:52:01 up 1 day, 22:31,  3 users,  load average: 4.00, 4.01, 4.00

USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

root     tty1     –                Sat20   24:31m  0.19s  0.19s -bash

root     pts/0    192.168.0.101    Sun02    1.00s  1.33s  0.68s /usr/bin/python

root     pts/1    192.168.0.101    Sun04   21:36m  0.13s  0.13s -bash

[root@linux-node1 salt]#

截图如下:

2.1.5 使用Grains规则匹配到memcache的主机上运行输入hehe

[root@linux-node1 salt]# vim /etc/salt/minion ##编辑minion配置文件,取消如下几行注释

88 grains:

89   roles:

90     – webserver

91     – memcache

截图如下:

[root@linux-node1 salt]# /etc/init.d/salt-minion restart   ##

Stopping salt-minion daemon:                               [  OK  ]

Starting salt-minion daemon:                               [  OK  ]

[root@linux-node1 salt]#

[root@linux-node1 salt]# salt -G ‘roles:memcache’ cmd.run ‘echo zhurui’  ##使用grains匹配规则是memcache的客户端机器,然后输出命令

linux-node1.zhurui.com:

zhurui

[root@linux-node1 salt]#

截图如下:

2.1.5 也可以通过创建新的配置文件/etc/salt/grains文件来配置规则

[root@linux-node1 salt]# cat /etc/salt/grains

web: nginx

[root@linux-node1 salt]# /etc/init.d/salt-minion restart  ##修改完配置文件以后需要重启服务

Stopping salt-minion daemon:                               [  OK  ]

Starting salt-minion daemon:                               [  OK  ]

[root@linux-node1 salt]#

[root@linux-node1 salt]# salt -G web:nginx cmd.run ‘w’  ##使用grains匹配规则为web:nginx的主机运行命令w

linux-node1.zhurui.com:

03:31:07 up 1 day, 23:11,  3 users,  load average: 4.11, 4.03, 4.01

USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

root     tty1     –                Sat20   25:10m  0.19s  0.19s -bash

root     pts/0    192.168.0.101    Sun02    0.00s  1.41s  0.63s /usr/bin/python

root     pts/1    192.168.0.101    Sun04   22:15m  0.13s  0.13s -bash

 

grains的用法:

1.收集底层系统信息

2、远程执行里面匹配minion

3、top.sls里面匹配minion

 

2.1.5 也可以/srv/salt/top.sls配置文件匹配minion

 

[root@linux-node1 salt]# cat /srv/salt/top.sls

base:

‘web:nginx’:

– match: grain

– apache

[root@linux-node1 salt]#

2.2、SaltStack之Pillar数据系统

2.2.1 首先在master配置文件552行打开pillar开关

 

[root@linux-node1 salt]# grep ‘^[a-z]’ /etc/salt/master

file_roots:

pillar_opts: True

[root@linux-node1 salt]# /etc/init.d/salt-master restart   ##重启master

Stopping salt-master daemon:                               [  OK  ]

Starting salt-master daemon:                                 [  OK  ]

[root@linux-node1 salt]# salt ‘*’ pillar.items  ##使用如下命令验证

截图如下:

[root@linux-node1 salt]# grep ‘^[a-z]’ /etc/salt/master

529 pillar_roots:  ##打开如下行

530   base:

531     – /srv/pillar

截图如下:

[root@linux-node1 salt]# mkdir /srv/pillar

[root@linux-node1 salt]# /etc/init.d/salt-master restart  ##重启master

Stopping salt-master daemon:                               [  OK  ]

Starting salt-master daemon:                                 [  OK  ]

[root@linux-node1 salt]# vim /srv/pillar/apache.sls

[root@linux-node1 salt]# cat /srv/pillar/apache.sls

{%if grains[‘os’] == ‘CentOS’ %}

apache: httpd

{% elif grains[‘os’] == ‘Debian’ %}

apache: apache2

{% endif %}

[root@linux-node1 salt]#

截图如下:

接着指定哪个minion可以看到:

[root@linux-node1 salt]# cat /srv/pillar/top.sls

base:

‘*’:

– apache

 

 

[root@linux-node1 salt]# salt ‘*’ pillar.items ##修改完成以后使用该命令验证

linux-node1.zhurui.com:

———-

apache:

httpd

linux-node2.zhurui.com:

———-

apache:

httpd

截图如下:

2.2.1 使用Pillar定位主机

报错处理:

[root@linux-node1 salt]# salt ‘*’ saltutil.refresh_pillar  ##需要执行刷新命令

linux-node2.zhurui.com:

True

linux-node1.zhurui.com:

True

[root@linux-node1 salt]#

截图如下:

 

[root@linux-node1 salt]# salt -I ‘apache:httpd’ test.ping

linux-node1.zhurui.com:

True

linux-node2.zhurui.com:

True

[root@linux-node1 salt]#

 

2.3、SaltStack数据系统区别介绍

名称 存储位置 数据类型 数据采集更新方式 应用
Grains minion端 静态数据 minion启动时收集,也可以使用saltutil.sync_grains进行刷新。 存储minion基本数据,比如用于匹配minion,自身数据可以用来做资产管理等。
Pillar master端 动态数据 在master端定义,指定给对应的minion,可以使用saltutil.refresh_pillar刷新 存储Master指定的数据,只有指定的minion可以看到,用于敏感数据保存。

 

以下文章点击率最高

Loading…

发表评论