python Saltstack
python Saltstack
一. 安装配置
a. 环境准备
|
1
2
3
4
5
6
7
8
9
10
11
12
|
服务端:192.168.1.24 oldboy客户端:192.168.1.147 oldgirl客户端:192.168.1.119 olddog官方文档:https://docs.saltstack.com/en/latest/赵班长:https://github.com/unixhot/#CentOS7 安装yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm -y#CentOS6 安装https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm |
b. 服务端安装
|
1
2
3
4
5
6
7
|
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmrpm -qa | grep saltyum install -y salt-masterservice salt-master startchkconfig salt-master onvim /etc/salt/master |
c. 客户端安装
|
1
2
3
4
5
6
7
8
|
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmyum -y install salt-minionvim /etc/salt/minionmaster: 192.168.1.24service salt-minion startchkconfig salt-minion on |
d. 服务端增加客户端
|
1
2
3
4
5
6
7
|
salt-key salt-key -L #两个都是查看salt-key -A #增加所有salt-key -a olddog #把olddog、oldgirl加入通信salt-key -a oldgirl salt-key -D . #删除所有salt-key -d olddog #删除某个IP |
e. salt的常用命令
|
1
2
3
4
5
6
7
|
salt '*' test.ping #ping服务器salt '*' cmd.run 'echo Hello world!' #输出Hello worldsalt '*' cmd.run 'df -h' #查看磁盘salt 'old*' cmd.run 'w'salt '*' pkg.install httpd #远程命令安装httpdsalt '*' service.stop httpd #命令关闭服务salt '*' service.available sshd #查看服务是否开启 |
f. 匹配minion_id(IP和子网不是匹配minion_id)
|
1
2
3
4
5
|
salt -L 'olddog,oldgirl' test.ping #列表方式匹配salt -E 'old(dog|girl)' test.ping #正则方式匹配salt 'old*' cmd.run 'w' #以通配符匹配salt -S 172.16.77.100 test.ping #以IP地址匹配salt -S 172.16.77.0/24 test.ping #以子网方式匹配 |
二 模块
a. service模块
|
1
2
3
4
5
6
7
8
|
service.running #确保服务处于运行状态,如果没有运行就启动service.enabled #确保服务开机自动启动service.disabled #确保服务开机不自动启动service.dead #确保服务当前没有运行,如果运行就停止service.available #查看服务是否开启salt 'oldboy' service.available sshd #查看sshd服务是否开启salt 'oldboy' service.get_all #显示所有启动的服务 |
b. state模块
|
1
|
salt '*' state.show_top #查看top.sls指定的模块 |
c. return模块
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
#minion:yum -y install MySQL-python mysq vim /etc/salt/minion mysql.host: '192.168.8.130' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306/etc/init.d/salt-minion restart#master: yum -y install mysql-server MySQL-python/etc/init.d/mysqld startvim /etc/salt/master master_job_cache: mysql mysql.host: '192.168.8.130' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306/etc/init.d/salt-master restart/etc/init.d/salt-minion restartmysql #连接Mysql创建数据库和表 CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; USE `salt`; DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE INDEX jid ON jids(jid) USING BTREE; DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; DROP TABLE IF EXISTS `salt_events`; CREATE TABLE `salt_events` ( `id` BIGINT NOT NULL AUTO_INCREMENT, `tag` varchar(255) NOT NULL, `data` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, `master_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `tag` (`tag`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; grant all on salt.* to salt@'%'identified by 'salt'; #确定客户机能连上mysql flush privileges;salt '*' test.ping --return mysql #将过程结果返回mysqlmysqluse saltselect * from salt_returns; #查看 |
d. pkg模块
|
1
2
3
4
|
pkg.installed #确保软件安装,如果没有安装就安装。pkg.latest #确保软件包是最新版本,如果不是,进行升级pkg.remove #确保软件包已卸载,如果之前已安装,进行卸载pkg.purge #除remove外,也会删除其配置文件 |
e. file模块
|
1
2
3
|
file.managed #保证文件存在并且为对应的状态file.recure #保证目录存在并且为对应状态file.absent #确保文件不存在,如果存在就删除 |
f. resquisites模块
|
1
2
3
4
|
require #我依赖某个状态recure_in #我被某个状态依赖watch #我关注某个状态watch_in #我被某个状态关注 |
三. 数据系统Grains
|
1
2
3
4
5
|
salt '*' grains.ls #列出所有查询的目标salt '*' grains.items #查看所有item和值salt '*' grains.get ip4_interfaces:eth0 #查看eth0的Ipsalt '*' grains.get saltversion #查看salt的版本salt '*' grains.get os #查看操作系统 |
a. example
|
1
2
3
4
5
6
7
8
|
客户机oldgirl上执行:vim /etc/salt/grains cloud: openstack/etc/init.d/salt-minion restart服务器上执行:salt 'oldgirl' grains.get cloudsalt -G cloud:openstack cmd.run 'uptime' #执行有cloud:openstack的服务器salt -G os:CentOS cmd.run 'uptime' #执行所有系统是CentOS的服务器 |
四 pillar的介绍
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
vim /etc/salt/master pillar_roots: base: - /srv/pillar #定义目录 state_top: top.sls #定义topmkdir -p /srv/pillarcd /srv/pillarvim packages.sls {% if grains['os'] == 'CentOS' %} apache: httpd git: git {% elif grains['os'] == 'Debian' %} apache: apache2 git: git-core {% endif %}vim top.sls base: '*': - packages salt '*' saltutil.refresh_pillar #刷新所有客户端的缓存salt '*' pillar.get git #查看上面定义的gitsalt '*' pillar.get apache #查看上面定义的apache |
五 自定义组配置文件
|
1
2
3
4
5
6
7
|
cd /etc/salt/mkdir master.d && cd master.d/vim nodegroups.conf nodegroups: web-cluster: 'old*' #定义组,组里面增加主机,可以写多个组salt -N web-cluster test.ping #根据定义的组执行命令salt -N web-cluster -b 20% service.start httpd #每次重启20%的主机,直到重启完 |
六 上传文件
|
1
2
3
4
5
6
7
8
9
|
vim /etc/salt/master # file_roots: # base: # - /srv/salt/ #上传文件的目录 #state_top: top.sls #定义topcd /srv/salt/ && mv /etc/hosts .salt '*' cp.get_file salt://hosts /mnt/hosts #把hosts文件上传到其它服务器上salt-cp '*' /tmp/hosts /tmp/ #上传其它目录下的文件用salt-cp |
七. YAML用法
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
mkdir /scripts && cd /scriptsvim test.yaml - penyao - oldboyvim parse_yaml.py #!/usr/bin/env python import yaml import sys fd = open(sys.argv[1]) print yaml.load(fd)#ls parse_yaml.py test.yaml#chmod +x parse_yaml.py# ./parse_yaml.py test.yaml['penyao', 'oldboy'] |
