Linux操作文档——saltstack安装配置和使用

文章目录

• • 一、SaltStack 安装配置过程
  • • 1、服务组件安装
    • • 1、master安装
      • 2、minion安装
    • 2、服务启动
    • 3、配置认证
    • 4、grains组件
    • 5、pillar组件
  • 二、Saltstack 配置管理服务
  • • 1、配置安装apache
    • 2、配置远程文件管理
    • 3、配置文件夹管理
    • 4、远程执行命令
    • 5、远程执行shell脚本

---

一、SaltStack 安装配置过程

1、服务组件安装

1、master安装

[root@master ~]# vim /etc/hosts
192.168.1.10 master
192.168.1.20 minion
[root@master ~]# yum -y install epel-release             //安装 epel源
[root@master ~]# yum -y install salt-master salt-minion             //安装服务端和被监控端服务

2、minion安装

[root@minion ~]# vim /etc/hosts
[root@minion ~]# yum -y install epel-release
[root@minion ~]# yum -y install salt-minion             //安装被监控端服务

2、服务启动

[root@master ~]# vim /etc/salt/minion
#master: salt             //第16行下方添加
master: 192.168.1.10             //说明服务端的地址
[root@master ~]# systemctl start salt-master
[root@master ~]# systemctl start salt-minion
[root@minion ~]# vim /etc/salt/minion
#master: salt             //第16行下方添加
master: 192.168.1.10             //指定服务端的地址
[root@minion ~]# systemctl start salt-minion
[root@master ~]# ps aux | grep salt
root      11175  0.0  0.8 234056 15508 ?        Ss   08:19   0:00 /usr/bin/python /usr/bin/salt-minion
root      11181  0.3  1.4 533332 27040 ?        Sl   08:19   0:00 /usr/bin/python /usr/bin/salt-minion
......

3、配置认证

[root@master ~]# salt-key -a minion             //增加一个minion的密钥认证
The following keys are going to be accepted:
Unaccepted Keys:
minion
Proceed? [n/Y] y
Key for minion minion accepted.
[root@master ~]# salt-key -A|d             //签名所有主机|删除指定的主机
[root@minion ~]# cd /etc/salt/pki/minion/
[root@minion minion]# ls             //在被监控端看到生成的密钥minion_master.pub
minion_master.pub  minion.pem  minion.pub
[root@master ~]# salt 'minion' test.ping             //探测主机是否在线
minion:
    True
[root@master ~]# salt 'minion' cmd.run 'df -hT'             //查看分区

4、grains组件

[root@master ~]# salt 'minion' grains.ls             //列出所有的grains项目名称
[root@master ~]# salt 'minion' grains.items             //列出所有的grains项和对应的值
[root@minion ~]# vim /etc/salt/grains             //自定义grains组件
role: zabbix_server
env: test
myname: linux-zabbix
myhostname: minion
[root@minion ~]# systemctl restart salt-minion
[root@master ~]# salt 'minion' grains.items env
    domain:
    env:
        test
    fqdn:
        minion        
    myhostname:
        minion
    myname:
        linux-zabbix
    role:
        zabbix_server
[root@master ~]# salt -G env:test cmd.run 'w'             //指定env:test子项运行‘w’命令

5、pillar组件

[root@master ~]# vim /etc/salt/master              //取消下面三行的注释
 pillar_roots:              //pillar_roots 前面有一个空格
  base:
    - /srv/pillar
[root@master ~]# mkdir -p /srv/pillar             //创建pillar文件的存放目录
[root@master ~]# cd /srv/pillar/
[root@master pillar]# vim test.sls             //创建配置文件
conf: /etc/123.conf             //注意冒号后有空格
myname: saltstack-server
[root@master ~]# vim /srv/pillar/top.sls             //创建编写入口配置文件
base:
  'minion':
     - test             //注意- 后有空格
[root@master ~]# salt '*' pillar.items
master:
    ----------
minion:
    ----------
    conf:
        /etc/123.conf
    myname:
        saltstack-server
[root@master ~]# salt '*' saltutil.refresh_pillar
master:
    True
minion:
    True

二、Saltstack 配置管理服务

1、配置安装apache

[root@master ~]# vim /etc/salt/master             //取消注释
 file_roots:
   base:
     - /srv/salt/
[root@master ~]# mkdir /srv/salt
[root@master ~]# cd /srv/salt
[root@master salt]# vim top.sls
 base:
  'minion':
      - apache
[root@master salt]# systemctl restart salt-master
[root@master salt]# vim /srv/salt/apache.sls
 apache-service:
   pkg.installed:
    - names:
      - httpd
      - httpd-devel
   service.running:
    - name: httpd
    - enable: True
[root@master salt]# salt 'minion' state.highstate
minion:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: Package httpd is already installed.
     Started: 09:11:33.886157
    Duration: 1135.946 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 09:11:35.022221
    Duration: 29384.803 ms
     Changes:   
              ----------
[root@minion ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Apr  2 2020 13:13:23

2、配置远程文件管理

[root@master salt]# vim filetest.sls
#该配置段的名字
file_test:
  file.managed:
  	#指定远程客户端要生成的文件
    - name: /tmp/httpd.txt
	#指定文件从哪里拷贝，test目录相当于是 /srv/salt/test 目录
    - source: salt://test/httpd.php
    - user: root
    - group: root
    - mode: 644
[root@master salt]# mkdir -p /srv/salt/test
[root@master salt]# echo 'apache'>/srv/salt/test/httpd.php
[root@master salt]# vim top.sls 
 base:
  'minion':
      - apache
      - filetest
[root@master salt]# salt 'minion' state.highstate
----------
          ID: file_test
    Function: file.managed
        Name: /tmp/httpd.txt
      Result: True
     Comment: File /tmp/httpd.txt updated
     Started: 09:27:06.359565
    Duration: 11.056 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644

Summary
------------
[root@minion ~]# cat /tmp/httpd.txt 
apache

3、配置文件夹管理

[root@master salt]# vim filedir.sls
file_dir:
  file.recurse:
    - name: /tmp/testdir
    - source: salt://test
    - user: root
    - file_mode: 644
    - dir_mode: 755
    - mkdir: True
    - clean: True
[root@master salt]# vim top.sls 
base:
  'minion':
      - filedir
[root@master salt]# salt 'minion' state.highstate
[root@master salt]# salt 'minion' state.highstate
minion:
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: Recursively updated /tmp/testdir
     Started: 10:03:10.963932
    Duration: 203.504 ms
     Changes:   
              ----------
              /tmp/testdir/httpd.php:
                  ----------
                  diff:
                      New file
                  mode:
                      0644

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[root@minion ~]# ls /tmp/testdir/
httpd.php

4、远程执行命令

[root@master salt]# vim cmd.sls
cmd_test:
 cmd.run:
#unless: 表示若/tmp/httpd.txt文件不存在，也就是结果为True则执行-name后面的命令，为false则不执行
  - unless: test -f /tmp/httpd.txt
  - names:
    - touch /tmp/11.txt
    - mkdir /tmp/1233
  - user: root
 #使用 onlyif 表示若/tmp/httpd.txt文件存在，则执行后面的命令
[root@master salt]# vim top.sls 
base:
  'minion':
      - cmd
[root@master salt]# salt 'minion' state.highstate
minion:
----------
          ID: cmd_test
    Function: cmd.run
        Name: mkdir /tmp/1233
      Result: True
     Comment: unless execution succeeded
     Started: 10:13:15.402465
    Duration: 59.776 ms
     Changes:   
----------
          ID: cmd_test
    Function: cmd.run
        Name: touch /tmp/11.txt
      Result: True
     Comment: unless execution succeeded
     Started: 10:13:15.462395
    Duration: 47.15 ms
     Changes:   

Summary
------------
Succeeded: 2
Failed:    0
------------
Total states run:     2

5、远程执行shell脚本

[root@master salt]# vim shell.sls
shell_test:
 cmd.script:
  - source: salt://test/1.sh
  - user: root
[root@master salt]# vim test/1.sh
#!/bin/bash
touch /tmp/111222333.jsp
echo 'this is jsp page'>> /tmp/111222333.jsp
[root@master salt]# vim top.sls 
base:
  'minion':
      - shell
[root@master salt]# salt 'minion' state.highstate
minion:
----------
          ID: shell_test
    Function: cmd.script
      Result: True
     Comment: Command 'shell_test' run
     Started: 10:16:28.555925
    Duration: 59.914 ms
     Changes:   
              ----------
              pid:
                  50147
              retcode:
                  0
              stderr:
              stdout:

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[root@minion ~]# ls /tmp/
111222333.jsp