具体操作参考modules那篇,这里只陈述调用runner模块执行相关操作
需要注意的是,在master端需要定义好runner模块的目录,否则执行时会报无效模块:
[root@jiang salt]# grep runner_dirs /etc/salt/master
runner_dirs: ['/srv/salt/_runner']
安装salt-ssh:
yum install -y salt-ssh
编写/etc/salt/roster内容,这里选择调用shell脚本添加:
[root@jiang rosterip]# ls
addIP.sh clearPW.sh ip.txt[root@jiang rosterip]# vim addIP.sh
#!/bin/bash
ip=`grep -w "$1:" /etc/salt/roster`
if [[ -z $ip ]]
then
echo "$1:" >> /etc/salt/roster
echo " host: $1" >> /etc/salt/roster
echo " user: root" >> /etc/salt/roster
echo " passwd: 123456" >> /etc/salt/roster
#echo " sudo: True" >> /etc/salt/roster
else
echo "error"
fi
当ssh-key完成秘钥认证后,可以选择删除roster内的passwd
[root@jiang rosterip]# vim clearPW.sh#!/bin/bash
sed -i '/passwd.*/d' /etc/salt/roster
编写mvpub脚本:
[root@jiang _shell]# ls
installminion.sh mvpub.sh pkg rosterip
[root@jiang _shell]# vim mvpub.sh
#!/bin/bash
salt-ssh -L "$1" cp.get_file salt://_file/epel.repo /etc/yum.repos.d/epel.repo
salt-ssh -L $1 -r 'yum clean all && yum makecache'
salt-ssh -L "$1" -r 'cd /root/ && mkdir .ssh/ && chmod 700 .ssh/'
salt-ssh -L "$1" cp.get_file salt://_file/authorized_keys /root/.ssh/authorized_keys
#需要注意的是这里key文件内容是/etc/salt/pki/master/ssh/salt-ssh.rsa.pub,这个是salt-ssh的公钥
salt-ssh -L "$1" -r 'cd /root/.ssh && chmod 600 authorized_keys'
相关master配置参数如下:
[root@jiang _runner]# grep -v ^# /etc/salt/master | grep -v ^$
default_include: master.d/*.conf
conf_file: /etc/salt/master
interface: 192.168.137.130
pki_dir: /etc/salt/pki/master
auto_accept: True
runner_dirs: ['/srv/salt/_runner']
file_roots:
base:
- /srv/saltlog_file: /var/log/salt/master
log_level_logfile: warning
编写masterApp模块,这个需要存放到/srv/salt/_runner目录下
import json
import commands
def publicKey(ip): #定义携带的ip参数,因为下面使用salt-ssh -L执行,所以可以是单个ip或者多个ip
resultBean = dict()
cmd = "salt-ssh -L '{0}' cp.get_file salt://_shell/installpub.sh /usr/local/sbin/mvpub.sh".format(ip)
status, output = commands.getstatusoutput(cmd)
if status == 0:
resultBean['code'] = 0
resultBean['message'] = 'success'
resultBean['data'] = output
return json.dumps(resultBean)
masterApp模块升级版(通过内部调用shell脚本实现全自动):
import codecs
import json
import commands
def addClientIP(ip): #处理输入的ip后重新写入到ip.txt文件里
with codecs.open('/srv/salt/_shell/rosterip/ip.txt', 'w') as file: # 读取输入的minion端ip地址写入到文件
file.write(ip + ' ')
with codecs.open('/srv/salt/_shell/rosterip/ip.txt', 'r') as file:
ids = list()
for i in file.read().splitlines(): # 字符串方法splitlines过滤掉换行符
# print(i)
for j in i.split(','):
ids.append(j)
nids = list(set(ids)) # 利用集合方法set去重
# print(nids)
with codecs.open('/srv/salt/_shell/rosterip/ip.txt', 'w') as f:
for i in nids:
f.write(i + ' ')def publicKey(ip):
addClientIP(ip)
with codecs.open('/srv/salt/_shell/rosterip/ip.txt', 'r') as file: #这里是要判断输入的ip是否存活,然后执行不同操作
resultList = list()
for i in file.readlines():
ipaddr = i.rstrip(" ") #通过rstrip方法去掉换行符
status1, output1 = commands.getstatusoutput("ping {0} -c 1 -w 1".format(ipaddr))
if status1 == 0:
resultBean = dict()
commands.getoutput("sh /srv/salt/_shell/rosterip/addIP.sh {0}".format(ipaddr)) #执行shell脚本添加检测存活的ip到roster文件里
status2, output2 = commands.getstatusoutput("sh /srv/salt/_shell/mvpub.sh {0}".format(ip))
if status2 == 0:
resultBean['code'] = 0
resultBean['message'] = 'success'
resultBean['data'] = output2
resultList.append(json.dumps(resultBean))
commands.getoutput("sh /srv/salt/_shell/rosterip/clearPW.sh") #清除roster文件里的密码
else:
resultBean = dict()
resultBean['code'] = -1
resultBean['message'] = "The IP:{0} is not alive".format(ipaddr)
resultBean['data'] = output1
resultList.append(json.dumps(resultBean))
return resultList
测试:
from saltUtil.util.saltapi import SaltServer
saltServer = SaltServer()
result2 = saltServer.runRunner('masterApp.publicKey', ip='192.168.137.10,192.168.137.20')
print(result2)
命令行测试:
[root@jiang _runner]# salt-run masterApp.publicKey 192.168.137.10
{"message": "success", "code": 0, "data": "192.168.137.10: True"}