溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

SaltStack自動化運維的安裝和實現(xiàn)

發(fā)布時間:2020-05-23 12:01:37 來源:億速云 閱讀:409 作者:鴿子 欄目:系統(tǒng)運維

最新版實戰(zhàn) Latest release: 3000 (February 10, 2020)

參考saltStack官方文檔
ON THE SALT MASTER
Run these commands on the system that you want to use as the central management point.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M
Your Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.

ON EACH SALT MINION
Run these commands on each system that you want to manage using Salt.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P

實戰(zhàn)配置服務(wù)器如下

master    192.168.0.120  centos120 
node1     192.168.0.121  centos121
node2      192.168.0.122  centos122

以上三臺服務(wù)均關(guān)閉selinux ,firewalld,設(shè)置/etc/hosts ,也就是它們可以hostname相互訪問,且可以訪問互聯(lián)網(wǎng),這些簡單操作就不在這里展示步驟了。

1.下面開始安裝
在master 端

[root@centos120 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  283k  100  283k    0     0  51683      0  0:00:05  0:00:05 --:--:-- 70732

[root@centos120 ~]# ll install_salt.sh 
-rw-r--r-- 1 root root 290571 Mar  8 13:09 install_salt.sh
[root@centos120 ~]# 

[root@centos120 ~]# sh install_salt.sh -P -M
 *  INFO: Running version: 2020.02.24
 *  INFO: Executed by: sh
 *  INFO: Command line: 'install_salt.sh -P -M'

 *  INFO: System Information:
 *  INFO:   CPU:          GenuineIntel
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   3.10.0-957.el7.x86_64
 *  INFO:   Distribution: CentOS 7.6

 *  INFO: Installing minion
 *  INFO: Installing master
 *  INFO: Found function install_centos_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_centos_stable
 *  INFO: Found function install_centos_stable_post
 *  INFO: Found function install_centos_restart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_centos_check_services
 *  INFO: Running install_centos_stable_deps()

.......

Installed:
  salt-master.noarch 0:3000-1.el7        salt-minion.noarch 0:3000-1.el7       

Dependency Installed:
  libsodium.x86_64 0:1.0.18-1.el7                                               
  libtomcrypt.x86_64 0:1.17-26.el7                                              
  libtommath.x86_64 0:0.42.0-6.el7                                              
  openpgm.x86_64 0:5.2.122-2.el7                                                
  python-babel.noarch 0:0.9.6-8.el7                                             
  python-backports_abc.noarch 0:0.5-11.el7                                      
  python-jinja2.noarch 0:2.7.2-4.el7                                            
  python-markupsafe.x86_64 0:0.11-10.el7                                        
  python-requests.noarch 0:2.6.0-8.el7_7                                        
  python-singledispatch.noarch 0:3.4.0.3-16.el7                                 
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urllib3.noarch 0:1.10.2-7.el7                                          
  python-zmq.x86_64 0:15.3.0-3.el7                                              
  python2-crypto.x86_64 0:2.6.1-16.el7                                          
  python2-futures.noarch 0:3.1.1-5.el7                                          
  python2-msgpack.x86_64 0:0.6.2-2.el7                                          
  python2-psutil.x86_64 0:5.6.7-1.el7                                           
  salt.noarch 0:3000-1.el7                                                      
  systemd-python.x86_64 0:219-67.el7_7.3                                        
  zeromq.x86_64 0:4.1.4-7.el7                                                   

Dependency Updated:
  python-setuptools.noarch 0:36.6.0-2.ius.el7                                   
  systemd.x86_64 0:219-67.el7_7.3                                               
  systemd-libs.x86_64 0:219-67.el7_7.3                                          
  systemd-sysv.x86_64 0:219-67.el7_7.3                                          

Complete!
 *  INFO: Running install_centos_stable_post()
 *  INFO: Running install_centos_check_services()
 *  INFO: Running install_centos_restart_daemons()
 *  INFO: Running daemons_running()
 *  INFO: Salt installed!
[root@centos120 ~]#

從上面可以知道其安裝了那些包,到此處master 端安裝成功,也就是管理節(jié)點。

  1. 下面開始安裝minion節(jié)點,也就是需要管理的節(jié)點(在生產(chǎn)環(huán)境中,如web服務(wù)節(jié)點,數(shù)據(jù)庫節(jié)點,存儲節(jié)點,這些需要批量發(fā)布代碼,配置等等服務(wù)器)
[root@centos121 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh

[root@centos121 ~]# ll  install_salt.sh
-rw-r--r-- 1 root root 290571 Mar  8 13:13 install_salt.sh
[root@centos121 ~]# 

[root@centos121 ~]# sh install_salt.sh -P
*  INFO: Running version: 2020.02.24
 *  INFO: Executed by: sh
 *  INFO: Command line: 'install_salt.sh -P'

 *  INFO: System Information:
 *  INFO:   CPU:          GenuineIntel
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   3.10.0-957.el7.x86_64
 *  INFO:   Distribution: CentOS 7.6

 *  INFO: Installing minion
 *  INFO: Found function install_centos_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_centos_stable
 *  INFO: Found function install_centos_stable_post
 *  INFO: Found function install_centos_restart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_centos_check_services
 *  INFO: Running install_centos_stable_deps()
 .............
 Installed:
  salt-minion.noarch 0:3000-1.el7                                               

Dependency Installed:
  libsodium.x86_64 0:1.0.18-1.el7                                               
  libtomcrypt.x86_64 0:1.17-26.el7                                              
  libtommath.x86_64 0:0.42.0-6.el7                                              
  openpgm.x86_64 0:5.2.122-2.el7                                                
  python-babel.noarch 0:0.9.6-8.el7                                             
  python-backports.x86_64 0:1.0-8.el7                                           
  python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7                    
  python-backports_abc.noarch 0:0.5-11.el7                                      
  python-ipaddress.noarch 0:1.0.16-2.el7                                        
  python-jinja2.noarch 0:2.7.2-4.el7                                            
  python-markupsafe.x86_64 0:0.11-10.el7                                        
  python-requests.noarch 0:2.6.0-8.el7_7                                        
  python-setuptools.noarch 0:36.6.0-2.ius.el7                                   
  python-singledispatch.noarch 0:3.4.0.3-16.el7                                 
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urllib3.noarch 0:1.10.2-7.el7                                          
  python-zmq.x86_64 0:15.3.0-3.el7                                              
  python2-crypto.x86_64 0:2.6.1-16.el7                                          
  python2-futures.noarch 0:3.1.1-5.el7                                          
  python2-msgpack.x86_64 0:0.6.2-2.el7                                          
  python2-psutil.x86_64 0:5.6.7-1.el7                                           
  salt.noarch 0:3000-1.el7                                                      
  systemd-python.x86_64 0:219-67.el7_7.3                                        
  zeromq.x86_64 0:4.1.4-7.el7                                                   

Dependency Updated:
  systemd.x86_64 0:219-67.el7_7.3        systemd-libs.x86_64 0:219-67.el7_7.3  
  systemd-sysv.x86_64 0:219-67.el7_7.3  

Complete!
 *  INFO: Running install_centos_stable_post()
 *  INFO: Running install_centos_check_services()
 *  INFO: Running install_centos_restart_daemons()
 *  INFO: Running daemons_running()
 *  INFO: Salt installed!
[root@centos121 ~]#

同理centos122節(jié)點minion,到此處minion 端安裝完成。

3.下面開始配置
配置之前需要了解的知識點:

saltstack簡單介紹
Saltstack是一種全新的基礎(chǔ)設(shè)施管理方式,是一個服務(wù)器基礎(chǔ)架構(gòu)集中化管理平臺,幾分鐘內(nèi)便可運行起來,速度夠快,服務(wù)器之間秒級通訊,擴展性好,很容易批量管理上萬臺服務(wù)器,顯著降低人力與運維成本;它具備配置管理、遠程執(zhí)行、監(jiān)控等功能,一般可以理解為簡化版的puppet和加強版的func;通過部署SaltStack環(huán)境,可以在成千上萬臺服務(wù)器上做到批量執(zhí)行命令,根據(jù)不同業(yè)務(wù)特性進行配置集中化管理、分發(fā)文件、采集服務(wù)器數(shù)據(jù)、操作系統(tǒng)基礎(chǔ)及軟件包管理等,SaltStack是運維人員提高工作效率、規(guī)范業(yè)務(wù)配置與操作的利器。SaltStack基于Python語言實現(xiàn),結(jié)合輕量級消息隊列(ZeroMQ)(SaltStack的通信模式總共分為2種模式:ZeroMQ、REAT,鑒于REAT目前還不是太穩(wěn)定,通常會選擇ZeroMQ模式)與Python第三方模塊(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)構(gòu)建。

Saltstack運行模式:

Local:本地,一臺機器玩,不建議。

Master/Minion:通過server/agent的方式進行管理,效率很高(批量管理1000臺機器,25秒搞定)。

Salt SSH:通過SSH方式進行管理,效率相對來說比較低(批量管理1000臺機器,83秒搞定)。

Saltstack三大功能:

遠程執(zhí)行(執(zhí)行遠程命令)

配置管理(狀態(tài)管理)

云管理

Saltstack特征:
1)部署簡單、方便;
2)支持大部分UNIX/Linux及Windows環(huán)境;
3)主從集中化管理;
4)配置簡單、功能強大、擴展性強;
5)主控端(master)和被控端(minion)基于證書認證,安全可靠;
6)支持API及自定義模塊,可通過Python輕松擴展。

SaltStack自動化運維的安裝和實現(xiàn)

Master與Minion認證:
1)minion在第一次啟動時,會在/etc/salt/pki/minion/(該路徑在/etc/salt/minion里面設(shè)置)下自動生成minion.pem(private key)和 minion.pub(public key),然后將 minion.pub發(fā)送給master。

2)master在接收到minion的public key后,通過salt-key命令accept minion public key,這樣在master的/etc/salt/pki/master/minions下的將會存放以minion id命名的 public key,然后master就能對minion發(fā)送指令了。

Master與Minion的連接:
1)SaltStack master啟動后默認監(jiān)聽4505和4506兩個端口。4505(publish_port)為saltstack的消息發(fā)布系統(tǒng),4506(ret_port)為saltstack客戶端與服務(wù)端通信的端口。如果使用lsof 查看4505端口,會發(fā)現(xiàn)所有的minion在4505端口持續(xù)保持在ESTABLISHED狀態(tài)。

SaltStack自動化運維的安裝和實現(xiàn)

2)minion與master之間的通信模式如下:

SaltStack自動化運維的安裝和實現(xiàn)

現(xiàn)在開始配置,

先查看服務(wù)端安裝了那些文件:

[root@centos120 ~]# ll /etc/salt/
total 132
-rw------- 1 root root  2927 Feb  2 07:15 cloud
drwx------ 2 root root     6 Feb  5 02:46 cloud.conf.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.deploy.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.maps.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.profiles.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb  2 07:15 master
drwxr-xr-x 2 root root     6 Feb  5 02:46 master.d
-rw-r----- 1 root root 37370 Feb  2 07:15 minion
drwxr-xr-x 2 root root     6 Feb  5 02:46 minion.d
-rw-r--r-- 1 root root     9 Mar  8 13:13 minion_id
drwxr-xr-x 4 root root    34 Mar  8 13:13 pki
-rw-r----- 1 root root 28289 Feb  2 07:15 proxy
drwxr-xr-x 2 root root     6 Feb  5 02:46 proxy.d
-rw-r----- 1 root root   344 Feb  2 07:15 roster
[root@centos120 ~]#

minion 端安裝了什么文件

[root@centos121 ~]# ll /etc/salt/
total 132
-rw------- 1 root root  2927 Feb  2 07:15 cloud
drwx------ 2 root root     6 Feb  5 02:46 cloud.conf.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.deploy.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.maps.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.profiles.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb  2 07:15 master
drwxr-xr-x 2 root root     6 Feb  5 02:46 master.d
-rw-r----- 1 root root 37370 Feb  2 07:15 minion
drwxr-xr-x 2 root root     6 Feb  5 02:46 minion.d
-rw-r--r-- 1 root root     9 Mar  8 13:45 minion_id
drwxr-xr-x 4 root root    34 Mar  8 13:45 pki
-rw-r----- 1 root root 28289 Feb  2 07:15 proxy
drwxr-xr-x 2 root root     6 Feb  5 02:46 proxy.d
-rw-r----- 1 root root   344 Feb  2 07:15 roster
[root@centos121 ~]#

配置主控端:

[root@centos120 salt]# cp -p master master.bk.20200308
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308 
15c15
< interface: 192.168.0.120
---
> #interface: 0.0.0.0
[root@centos120 salt]#

配置minion端,一共有3個minion:

[root@centos120 salt]# cp -p minion minion.bk.20200308
[root@centos120 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos120 salt]# 

[root@centos121 salt]# cp -p minion minion.bk.20200308
[root@centos121 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos121 salt]# 
[root@centos122 salt]# cp -p minion minion.bk.20200308
[root@centos122 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos122 salt]#

啟動master端 服務(wù):

[root@centos120 salt]# systemctl start salt-master
[root@centos120 salt]# systemctl status  salt-master
● salt-master.service - The Salt Master Server
   Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-03-08 13:13:55 CST; 1h 3min ago
     Docs: man:salt-master(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 8295 (salt-master)
   CGroup: /system.slice/salt-master.service
           ├─8295 /usr/bin/python /usr/bin/salt-master
           ├─8302 /usr/bin/python /usr/bin/salt-master
           ├─8321 /usr/bin/python /usr/bin/salt-master
           ├─8323 /usr/bin/python /usr/bin/salt-master
           ├─8326 /usr/bin/python /usr/bin/salt-master
           ├─8327 /usr/bin/python /usr/bin/salt-master
           ├─8328 /usr/bin/python /usr/bin/salt-master
           ├─8329 /usr/bin/python /usr/bin/salt-master
           ├─8330 /usr/bin/python /usr/bin/salt-master
           ├─8331 /usr/bin/python /usr/bin/salt-master
           ├─8332 /usr/bin/python /usr/bin/salt-master
           ├─8340 /usr/bin/python /usr/bin/salt-master
           └─8342 /usr/bin/python /usr/bin/salt-master

Mar 08 13:13:53 centos120 systemd[1]: Starting The Salt Master Server...
Mar 08 13:13:54 centos120 salt-master[8295]: /usr/lib/python2.7/site-packages/salt/scripts.py:109: DeprecationWarni...ater.
Mar 08 13:13:55 centos120 systemd[1]: Started The Salt Master Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos120 salt]#

[root@centos120 salt]# netstat -antupl | grep python
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      8321/python         
tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      8328/python         
[root@centos120 salt]# 

[root@centos120 salt]# ps -ef | grep  salt
root       8295      1  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8302   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8321   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8322      1  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       8323   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8326   8295  0 13:13 ?        00:00:12 /usr/bin/python /usr/bin/salt-master
root       8327   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8328   8327  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8329   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8330   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8331   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8332   8295  0 13:13 ?        00:00:08 /usr/bin/python /usr/bin/salt-master
root       8340   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8342   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8365   8322  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-minion
root       8371   8365  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root      14012   7302  0 14:31 pts/0    00:00:00 grep --color=auto salt
[root@centos120 salt]#

啟動minion端 服務(wù):

[root@centos122 salt]# systemctl start salt-minion
[root@centos122 salt]# systemctl status  salt-minion
● salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-03-08 14:00:46 CST; 27min ago
     Docs: man:salt-minion(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 7563 (salt-minion)
   CGroup: /system.slice/salt-minion.service
           ├─7563 /usr/bin/python /usr/bin/salt-minion
           ├─7567 /usr/bin/python /usr/bin/salt-minion
           └─7573 /usr/bin/python /usr/bin/salt-minion

Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos122 salt]# ll

[root@centos122 salt]# ps -ef | grep  salt
root       7563      1  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       7567   7563  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       7573   7567  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       8968   7030  0 14:29 pts/0    00:00:00 grep --color=auto salt
[root@centos122 salt]#

同理centos120 ,centos121一樣啟動。

  1. 開始配置認證:
    重啟所有服務(wù):
[root@centos120 salt]# sytemctl restart salt-master 
[root@centos120 salt]# systemctl restart salt-minion
[root@centos121 salt]# systemctl restart salt-minion
[root@centos122 salt]# systemctl restart salt-minion

salt-minion 啟動后,會自動向salt-master 發(fā)送公鑰,

所以只要在salt-master 接受一下就可以

開始接受所有salt-minion公鑰:

[root@centos120 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
centos120
centos121
centos122
Proceed? [n/Y] Y
Key for minion centos120 accepted.
Key for minion centos121 accepted.
Key for minion centos122 accepted.
[root@centos120 salt]#

查看salt-minion端接受到的公鑰:

[root@centos120 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1674 Mar  8 14:42 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:42 minion.pub
[root@centos120 salt]# ll /etc/salt/pki/master/
total 8
-r-------- 1 root root 1678 Mar  8 13:13 master.pem
-rw-r--r-- 1 root root  450 Mar  8 13:13 master.pub
drwxr-xr-x 2 root root   57 Mar  8 14:45 minions
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_autosign
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_denied
drwxr-xr-x 2 root root    6 Mar  8 14:45 minions_pre
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_rejected
[root@centos120 salt]# cat /etc/salt/pki/minion/minion_master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTwWyV0gi7yFKKBt2tiS
thOEu6v1kn4OKM1TEcdIz7XzNUUS+ve/Jz51dH2X2ykW3lLkJqzM7AXunlWH0E5n
9vAzckMtXgjQ8/JrbRbIjDNiEAFqrJDMwDb5Zl4KUJUHZJW6LaT2WR5S9iCRNR+w
lK9SIpvCcBgfboUNt6u2ttIc4CW5UeIS7w6DGlrXv+9sD6djmjiWrmEjKJt0o9vR
myyJOQ3gXC9o/rv4HCmhJwSpqkDb93d4zs4M7jFssY2jfRKzY9paId/dgtkMcT1J
/J801mZv1DNV0mXZjEk8CqGFziO+8/UOFs/9yu1L3gDOQoysR5eAqOmTQN2pKgxL
FwIDAQAB
-----END PUBLIC KEY-----
[root@centos120 salt]#

查看生成的key:

[root@centos121 minion]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar  8 14:41 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:41 minion.pub
[root@centos121 minion]# 
[root@centos121 minion]# 
[root@centos121 minion]# ll /etc/salt/pki/master/
total 0
[root@centos121 minion]# 

[root@centos122 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar  8 14:42 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:42 minion.pub

[root@centos122 salt]# ll /etc/salt/pki/master/
total 0
[root@centos122 salt]#

salt-master 和 salt-minion 證書認證配置到此完成。

  1. 測試批量處理
    遠程執(zhí)行命令:
[root@centos120 salt]# salt 'centos121' test.ping
centos121:
    True
[root@centos120 salt]# salt '*' test.ping
centos121:
    True
centos122:
    True
centos120:
    True
[root@centos120 salt]# 

[root@centos120 salt]# salt 'centos121' cmd.run 'df -h'
centos121:
    Filesystem               Size  Used Avail Use% Mounted on
    /dev/mapper/centos-root   17G  1.5G   16G   9% /
    devtmpfs                 475M     0  475M   0% /dev
    tmpfs                    487M   40K  487M   1% /dev/shm
    tmpfs                    487M  7.7M  479M   2% /run
    tmpfs                    487M     0  487M   0% /sys/fs/cgroup
    /dev/sdb2                105M  8.0M   97M   8% /gluster/brick2
    /dev/sda1               1014M  146M  869M  15% /boot
    /dev/sdb1                 92M  7.2M   85M   8% /gluster/brick1
    tmpfs                     98M     0   98M   0% /run/user/0

[root@centos120 salt]# salt 'centos121' cmd.run 'w'
centos121:
     14:52:54 up  1:45,  1 user,  load average: 0.08, 0.03, 0.05
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    192.168.0.101    13:08    3:10   0.10s  0.10s -bash
[root@centos120 salt]#

遠程指定多臺server :

[root@centos120 salt]# salt -L 'centos120, centos121' cmd.run 'hostname'
centos121:
    centos121
centos120:
    centos120
[root@centos120 salt]#
  1. salt組件介紹

saltstack之grains介紹:
GRAINS 組件是saltstack中非常重要的一個組件,其主要用于記錄Minion的一些靜態(tài)信息,如比:CPU、內(nèi)存、磁盤、網(wǎng)絡(luò)等。grains信息是每次客戶端啟動后自動上報給master的,一旦這些靜態(tài)信息發(fā)生改變需要重啟minion 或者 重新同步下 grains。

grains 是在minion啟動收集到的一些信息,比如操作系統(tǒng)的類型,網(wǎng)卡IP,內(nèi)存版本,CPU信息等。

[root@centos120 salt]# salt -L 'centos121' grains.ls
centos121:
    - SSDs
    - biosreleasedate
    - biosversion
    - cpu_flags
    - cpu_model
    - cpuarch
    - cwd
    - disks
    - dns
    - domain
    - fqdn
    - fqdn_ip4
    - fqdn_ip6
    - fqdns
    - gid
    - gpus
    - groupname
    - host
    - hwaddr_interfaces
    - id
    - init
    - ip4_gw
    - ip4_interfaces
    - ip6_gw
    - ip6_interfaces
    - ip_gw
    - ip_interfaces
    - ipv4
    - ipv6
    - kernel
    - kernelrelease
    - kernelversion
    - locale_info
    - localhost
    - lsb_distrib_codename
    - lsb_distrib_id
    - machine_id
    - manufacturer
    - master
    - mdadm
    - mem_total
    - nodename
    - num_cpus
    - num_gpus
    - os
    - os_family
    - osarch
    - oscodename
    - osfinger
    - osfullname
    - osmajorrelease
    - osrelease
    - osrelease_info
    - path
    - pid
    - productname
    - ps
    - pythonexecutable
    - pythonpath
    - pythonversion
    - saltpath
    - saltversion
    - saltversioninfo
    - selinux
    - serialnumber
    - server_id
    - shell
    - swap_total
    - systemd
    - uid
    - username
    - uuid
    - virtual
    - zfs_feature_flags
    - zfs_support
    - zmqversion
[root@centos120 salt]#

查看items:

[root@centos120 salt]# salt -L 'centos121' grains.items
centos121:
    ----------
    SSDs:
    biosreleasedate:
        07/02/2015
    biosversion:
        6.00
    cpu_flags:
        - fpu
        - vme
        - de
        - pse
        - tsc
        - msr
        - pae
        - mce
        - cx8
        - apic
        - sep
        - mtrr
        - pge
        - mca
        - cmov
        - pat
        - pse36
        - clflush
        - dts
        - mmx
        - fxsr
        - sse
        - sse2
        - ss
        - ht
        - syscall
        - nx
        - pdpe1gb
        - rdtscp
        - lm
        - constant_tsc
        - arch_perfmon
        - pebs
        - bts
        - nopl
        - xtopology
        - tsc_reliable
        - nonstop_tsc
        - aperfmperf
        - eagerfpu
        - pni
        - pclmulqdq
        - vmx
        - ssse3
        - fma
        - cx16
        - pcid
        - sse4_1
        - sse4_2
        - x2apic
        - movbe
        - popcnt
        - tsc_deadline_timer
        - aes
        - xsave
        - avx
        - f16c
        - rdrand
        - hypervisor
        - lahf_lm
        - abm
        - 3dnowprefetch
        - epb
        - tpr_shadow
        - vnmi
        - ept
        - vpid
        - fsgsbase
        - tsc_adjust
        - bmi1
        - avx2
        - smep
        - bmi2
        - invpcid
        - rdseed
        - adx
        - smap
        - xsaveopt
        - dtherm
        - ida
        - arat
        - pln
        - pts
        - hwp
        - hwp_notify
        - hwp_act_window
        - hwp_epp
    cpu_model:
        Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
    cpuarch:
        x86_64
    cwd:
        /
    disks:
        - sda
        - sdb
        - sr0
        - dm-0
        - dm-1
    dns:
        ----------
        domain:
        ip4_nameservers:
            - 192.168.0.1
            - 192.168.1.1
        ip6_nameservers:
        nameservers:
            - 192.168.0.1
            - 192.168.1.1
        options:
        search:
            - DHCP
            - HOST
        sortlist:
    domain:
    fqdn:
        centos121
    fqdn_ip4:
        - 192.168.0.121
    fqdn_ip6:
        - fe80::4eff:a5b2:4d5b:ae08
        - fe80::2f47:1e27:f7e1:ea88
    fqdns:
    gid:
        0
    gpus:
        |_
          ----------
          model:
              SVGA II Adapter
          vendor:
              vmware
    groupname:
        root
    host:
        centos121
    hwaddr_interfaces:
        ----------
        ens33:
            00:0c:29:51:46:50
        ens37:
            00:0c:29:51:46:5a
        lo:
            00:00:00:00:00:00
    id:
        centos121
    init:
        systemd
    ip4_gw:
        192.168.0.1
    ip4_interfaces:
        ----------
        ens33:
            - 192.168.0.121
        ens37:
            - 192.168.0.102
        lo:
            - 127.0.0.1
    ip6_gw:
        False
    ip6_interfaces:
        ----------
        ens33:
            - fe80::2f47:1e27:f7e1:ea88
        ens37:
            - fe80::4eff:a5b2:4d5b:ae08
        lo:
            - ::1
    ip_gw:
        True
    ip_interfaces:
        ----------
        ens33:
            - 192.168.0.121
            - fe80::2f47:1e27:f7e1:ea88
        ens37:
            - 192.168.0.102
            - fe80::4eff:a5b2:4d5b:ae08
        lo:
            - 127.0.0.1
            - ::1
    ipv4:
        - 127.0.0.1
        - 192.168.0.102
        - 192.168.0.121
    ipv6:
        - ::1
        - fe80::2f47:1e27:f7e1:ea88
        - fe80::4eff:a5b2:4d5b:ae08
    kernel:
        Linux
    kernelrelease:
        3.10.0-957.el7.x86_64
    kernelversion:
        #1 SMP Thu Nov 8 23:39:32 UTC 2018
    locale_info:
        ----------
        defaultencoding:
            UTF-8
        defaultlanguage:
            en_US
        detectedencoding:
            UTF-8
        timezone:
            unknown
    localhost:
        centos121
    lsb_distrib_codename:
        CentOS Linux 7 (Core)
    lsb_distrib_id:
        CentOS Linux
    machine_id:
        25f97b4fbbea4c2a8e8940747c895695
    manufacturer:
        VMware, Inc.
    master:
        192.168.0.120
    mdadm:
    mem_total:
        972
    nodename:
        centos121
    num_cpus:
        8
    num_gpus:
        1
    os:
        CentOS
    os_family:
        RedHat
    osarch:
        x86_64
    oscodename:
        CentOS Linux 7 (Core)
    osfinger:
        CentOS Linux-7
    osfullname:
        CentOS Linux
    osmajorrelease:
        7
    osrelease:
        7.6.1810
    osrelease_info:
        - 7
        - 6
        - 1810
    path:
        /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
    pid:
        9033
    productname:
        VMware Virtual Platform
    ps:
        ps -efHww
    pythonexecutable:
        /usr/bin/python
    pythonpath:
        - /usr/bin
        - /usr/lib64/python27.zip
        - /usr/lib64/python2.7
        - /usr/lib64/python2.7/plat-linux2
        - /usr/lib64/python2.7/lib-tk
        - /usr/lib64/python2.7/lib-old
        - /usr/lib64/python2.7/lib-dynload
        - /usr/lib64/python2.7/site-packages
        - /usr/lib/python2.7/site-packages
    pythonversion:
        - 2
        - 7
        - 5
        - final
        - 0
    saltpath:
        /usr/lib/python2.7/site-packages/salt
    saltversion:
        3000
    saltversioninfo:
        - 3000
        - None
        - None
        - 0
    selinux:
        ----------
        enabled:
            False
        enforced:
            Disabled
    serialnumber:
        VMware-56 4d f8 fe ac f0 e1 1a-34 0a 67 d6 1b 51 46 50
    server_id:
        1110840923
    shell:
        /bin/sh
    swap_total:
        2047
    systemd:
        ----------
        features:
            +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
        version:
            219
    uid:
        0
    username:
        root
    uuid:
        fef84d56-f0ac-1ae1-340a-67d61b514650
    virtual:
        VMware
    zfs_feature_flags:
        False
    zfs_support:
        False
    zmqversion:
        4.1.4
[root@centos120 salt]#
  1. 啟動grains的信息并不是動態(tài)的,并不會時時變更,它只是在minion啟動時收集到的,我們可以根據(jù)grains收集到的一些信息,做配置管理工作,可以支持自定義一些監(jiān)控項。
[root@centos121 minion]# vi /etc/salt/grains 
[root@centos121 minion]# cat /etc/salt/grains
role: web1_server
env: test
myname: web1
myhostname: web1.com
[root@centos121 minion]#

然后重啟minion

7.1 查看剛剛自定義的值
8.

[root@centos120 salt]# salt -L 'centos121' grains.items | egrep -A 1  'role|env|myname|myhostname'
    env:
        test
--
    myhostname:
        web1.com
    myname:
        web1
--
    role:
        web1_server
[root@centos120 salt]#

7.2 單獨查看item:

[root@centos120 salt]# salt -L 'centos121' grains.item env
centos121:
    ----------
    env:
        test
[root@centos120 salt]#

7.3 我們可以借助grains的一些屬性信息來執(zhí)行一些命令:

[root@centos120 salt]# salt -G env:test cmd.run 'w'
centos121:
     15:06:41 up  1:59,  1 user,  load average: 0.08, 0.03, 0.05
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    192.168.0.101    13:08    5:45   0.14s  0.14s -bash
[root@centos120 salt]#
  1. saltstack之pillar介紹:
    grains用于存儲靜態(tài)不易變更的數(shù)據(jù),而pillar一般用來存儲動態(tài)的、敏感的數(shù)據(jù);通過minion端和master端都可以配置設(shè)置或獲取grains信息,而pillar信息只能在master端配置,再到minion端執(zhí)行。
    pillar和grains不一樣,是在master上定義的,并且是針對minion定義的一些信息,可以自定義變量等

自定義配置pillar過程:

8.1 在master 端centos120上配置pillar :
找到pillar_roots 這項,取消下面三行的注釋

[root@centos120 salt]# cp -p master master.bk.20200308-2
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-2
837,839c837,839
<  pillar_roots:
<    base:
<      - /srv/pillar
---
> #pillar_roots:  
# base:
> #    - /srv/pillar

創(chuàng)建pillar文件的存放目錄:

[root@centos120 salt]#  mkdir -p /srv/pillar
[root@centos120 salt]#  cd !$
 cd /srv/pillar
[root@centos120 pillar]#

創(chuàng)建配置文件,編輯如下內(nèi)容:

[root@centos120 pillar]# vi httpd.sls
[root@centos120 pillar]# cat httpd.sls 
conf: /etc/httpd/conf/httpd.conf
servername: web1.com

注意冒號后有空格

創(chuàng)建編寫入口配置文件 即top.sls文件

[root@centos120 pillar]# pwd
/srv/pillar
[root@centos120 pillar]# vi top.sls
[root@centos120 pillar]# cat top.sls 
base:
  'centos121':
    - httpd
[root@centos120 pillar]#

注意- 后有空格

重啟salt-master 服務(wù)

[root@centos120 pillar]# systemctl restart salt-master
[root@centos120 pillar]#

可以通過刷新來獲取新的狀態(tài)

[root@centos120 pillar]# salt '*' saltutil.refresh_pillar
centos121:
    True
centos122:
    True
centos120:
    True
[root@centos120 pillar]#

查看

[root@centos120 pillar]# salt '*' pillar.items
centos120:
    ----------
centos121:
    ----------
    conf:
        /etc/httpd/conf/httpd.conf
    servername:
        web1.com
centos122:
    ----------
[root@centos120 pillar]#

9 .Saltstack 配置管理服務(wù)
1、配置安裝apache

取消下面三行注釋,注意空格

[root@centos120 salt]# cp -p master master.bk.20200308-3
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-3
657,659c657,659
< file_roots:
<   base:
<     - /srv/salt/
---
> # file_roots:
> #   base:
> #     - /srv/salt/
[root@centos120 salt]#

創(chuàng)建配置文件存儲目錄 并創(chuàng)建入口文件

[root@centos120 ~]# mkdir /srv/salt
[root@centos120 ~]# cd !$
cd /srv/salt
[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
[root@centos120 salt]#

重啟服務(wù):

[root@centos120 salt]# !syste
systemctl restart salt-master
[root@centos120 salt]#

創(chuàng)建編寫apache模塊的配置文件

[root@centos120 salt]# vi apache.sls
[root@centos120 salt]# cat apache.sls 
apache-service:
  pkg.installed:
    - names:
        -httpd
        -httpd-devel
  service.running:
    - name: httpd
    - enable: True

[root@centos120 salt]#

注意:行對齊 -有空格
apache-service是ID的名稱,自定義的。pkg.installed為包安裝函數(shù),下面是要安裝的包的名字。service.running也是一個函數(shù),來保證指定的服務(wù)啟動,enable表示開機啟動。

配置好文件,執(zhí)行

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: The following packages were installed/updated: httpd
     Started: 18:43:58.483864
    Duration: 18618.516 ms
     Changes:   
              ----------
              apr:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              httpd:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              mailcap:
                  ----------
                  new:
                      2.1.41-2.el7
                  old:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 18:44:17.118830
    Duration: 7455.336 ms
     Changes:   
              ----------
              apr-devel:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util-devel:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              cyrus-sasl:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              cyrus-sasl-devel:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              expat-devel:
                  ----------
                  new:
                      2.1.0-10.el7_3
                  old:
              httpd-devel:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              libdb:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-24.el7
              libdb-devel:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
              libdb-utils:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-24.el7
              openldap:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
                      2.4.44-20.el7
              openldap-devel:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 18:44:24.583323
    Duration: 211.858 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for centos121
------------
Succeeded: 3 (changed=3)
Failed:    0
------------
Total states run:     3
Total run time:  26.286 s
[root@centos120 salt]#

從上述結(jié)果可以知道,可以成功執(zhí)行

查看被執(zhí)行的minion上的httpd的確被安裝,啟動和enabled

[root@centos121 salt]# netstat -antupl | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      10233/httpd         
udp6       0      0 fe80::2f47:1e27:f7e:123 :::*                                6525/ntpd           
[root@centos121 salt]# 
[root@centos121 salt]# systemctl is-enabled httpd 
enabled
[root@centos121 salt]#

10.配置遠程文件管理

創(chuàng)建一個文件管理的模塊

[root@centos120 salt]# pwd
/etc/salt
[root@centos120 salt]# vi filecopy.sls
[root@centos120 salt]# cat filecopy.sls 
filecopy:
  file.managed:
    - name: /tmp/test.file
    - source: salt://test/index.php
    - user: root
    - group: root
    - mode: 644
[root@centos120 salt]#

注意:第一行的 filecopy 為自定的名字,表示該配置段的名字,可以在別的配置段中引用它;source指定文件從哪里拷貝,這里的 test 目錄相當于是 /srv/salt/test 目錄;name指定遠程客戶端要生成的文件。

新建所要測試的源文件

[root@centos120 srv]# mkdir -p /srv/salt/test
[root@centos120 srv]# echo "test salt file managed" > /srv/salt/test/index.php

在入口文件里添加模塊

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
     - filecopy
[root@centos120 salt]#

測試執(zhí)行

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:38:32.908055
    Duration: 760.4 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:38:33.668754
    Duration: 16.474 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:38:33.686516
    Duration: 46.938 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file updated
     Started: 22:38:33.753042
    Duration: 32.348 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644

Summary for centos121
------------
Succeeded: 4 (changed=1)
Failed:    0
------------
Total states run:     4
Total run time: 856.160 ms
[root@centos120 salt]#

查看結(jié)果

[root@centos121 ~]# ll /tmp/test.file 
-rw-r--r-- 1 root root 23 Mar  8 22:38 /tmp/test.file
[root@centos121 ~]# cat !$
cat /tmp/test.file
test salt file managed
[root@centos121 ~]#

12.配置文件夾管理:
創(chuàng)建一個文件夾管理的模塊

[root@centos120 salt]# cat filedir.sls 
file_dir:
  file.recurse:
    - name: /tmp/testdir
    - source: salt://test
    - user: root
    - group: root
    - file_mode: 644
    - dir_mode: 755
    - mkdir: True
    - clean: True

在入口文件里添加模塊

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
     - filecopy
     - filedir
[root@centos120 salt]#

測試文件夾管理

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:47:17.475869
    Duration: 636.77 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:47:18.112930
    Duration: 16.986 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:47:18.130854
    Duration: 45.213 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file is in the correct state
     Started: 22:47:18.179219
    Duration: 21.548 ms
     Changes:   
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: Recursively updated /tmp/testdir
     Started: 22:47:18.200950
    Duration: 86.558 ms
     Changes:   
              ----------
              /tmp/testdir/index.php:
                  ----------
                  diff:
                      New file
                  mode:
                      0644

Summary for centos121
------------
Succeeded: 5 (changed=1)
Failed:    0
------------
Total states run:     5
Total run time: 807.075 ms
[root@centos120 salt]#

客戶端查看是否有/tmp/testdir 目錄

[root@centos121 ~]# ls -ltr /tmp/testdir
total 4
-rw-r--r-- 1 root root 23 Mar  8 22:47 index.php
[root@centos121 ~]#
  1. saltstack遠程執(zhí)行命令

創(chuàng)建執(zhí)行命令的配置文件:

[root@centos120 salt]# vi cmd.sls
[root@centos120 salt]# cat cmd.sls 
cmd_test:
  cmd.run:
  - unless: test -f /tmp/gnu.index
  - names:
      - touch /tmp/cmdfile.index
      - mkdir /tmp/cmd
  - user: root
[root@centos120 salt]#

注意:unless: 表示若 /tmp/gnu.index文件不存在,也就是結(jié)果為True則執(zhí)行-name后面的命令,為false則不執(zhí)行;還可以使用 onlyif 表示若 /tmp/gnu.index文件存在,則執(zhí)行后面的命令;兩者正好相反。

在入口文件里添加模塊

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
     - filecopy
     - filedir
     - cmd
[root@centos120 salt]#

測試執(zhí)行命令

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:53:35.762137
    Duration: 635.316 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:53:36.397764
    Duration: 16.511 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:53:36.415052
    Duration: 44.985 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file is in the correct state
     Started: 22:53:36.463189
    Duration: 21.523 ms
     Changes:   
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: The directory /tmp/testdir is in the correct state
     Started: 22:53:36.484894
    Duration: 29.106 ms
     Changes:   
----------
          ID: cmd_test
    Function: cmd.run
        Name: touch /tmp/cmdfile.index
      Result: True
     Comment: Command "touch /tmp/cmdfile.index" run
     Started: 22:53:36.522364
    Duration: 31.084 ms
     Changes:   
              ----------
              pid:
                  11407
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: cmd_test
    Function: cmd.run
        Name: mkdir /tmp/cmd
      Result: True
     Comment: Command "mkdir /tmp/cmd" run
     Started: 22:53:36.553711
    Duration: 20.647 ms
     Changes:   
              ----------
              pid:
                  11409
              retcode:
                  0
              stderr:
              stdout:

Summary for centos121
------------
Succeeded: 7 (changed=2)
Failed:    0
------------
Total states run:     7
Total run time: 799.172 ms
[root@centos120 salt]#

查看客戶端結(jié)果

[root@centos121 ~]# ls -ltr /tmp/ | tail -2
-rw-r--r-- 1 root root     0 Mar  8 22:53 cmdfile.index
drwxr-xr-x 2 root root     6 Mar  8 22:53 cmd
[root@centos121 ~]#

14.saltstack遠程執(zhí)行shell腳本

創(chuàng)建執(zhí)行shell 腳本配置文件

[root@centos120 salt]# vi shell.sls
[root@centos120 salt]# cat shell.sls 
shell_test:
  cmd.script:
  - source: salt://test/gnu.sh
  - user: root
[root@centos120 salt]#

創(chuàng)建shell腳本

[root@centos120 salt]# vi test/gnu.sh
[root@centos120 salt]# cat test/gnu.sh 
#!/bin/bash
systemctl stop httpd >> /tmp/log

在入口文件中添加執(zhí)行配置

[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - shell
[root@centos120 salt]#

測試執(zhí)行

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: shell_test
    Function: cmd.script
      Result: True
     Comment: Command 'shell_test' run
     Started: 23:03:13.523069
    Duration: 1064.226 ms
     Changes:   
              ----------
              pid:
                  11703
              retcode:
                  0
              stderr:
              stdout:

Summary for centos121
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   1.064 s
[root@centos120 salt]#

查看結(jié)果

[root@centos121 ~]# cat /tmp/log 
[root@centos121 ~]#

向AI問一下細節(jié)

免責聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI