salt-stack功能:三大功能:远程执行、配置管理(状态)、云管理
一、salt安装、配置、启动方法
[root@salt-stack_master ~]# systemctl stop firewalld
[root@salt-stack_master ~]# systemctl disable firewalld //先需要关闭防火墙,否则master和minion有可能无法通信
[root@salt-stack_master ~]# vim /etc/hosts //在配置文件末尾添加下面两行内容,因为在配置minion的时候能靠主机名识别,所有机器都需要加
192.168.100.133 salt-master
192.168.100.134 salt-minion
[root@salt-minion salt]# ping salt-master //ping检测一下,确保没有问题
PING salt-master (192.168.100.133) 56(84) bytes of data.
64 bytes from salt-master (192.168.100.133): icmp_seq=1 ttl=64 time=0.443 ms
64 bytes from salt-master (192.168.100.133): icmp_seq=2 ttl=64 time=1.23 ms
^C
--- salt-master ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.443/0.838/1.234/0.396 ms
1、环境准备和安装
[root@salt-stack_master ~]# sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm
[root@salt-stack_master ~]# sudo yum install salt-master
[root@salt-stack_master ~]# sudo yum install salt-minion
参考地址:http://repo.saltstack.com/#rhel
2、在主节点上安装salt-master、salt-minion,在需要管理的节点上安装slat-minion
[root@salt-stack_master ~]# systemctl start salt-master //先启动master,minion需要配置才能启动
[root@salt-stack_master ~]# vim /etc/salt/minion //这里可以填IP,也可以写主机名,前提是有主机名解析才能识别master
master: salt-master
[root@salt-stack_master ~]# systemctl start salt-minion //修改后启动minion
[root@salt-stack_master salt]# pwd //在启动minion后,会生成一个minion_id的文件,我们不能随便更改主机名,否则会导致master和minion无法通信,修改的话先删除minion_id文件
/etc/salt
[root@salt-stack_master salt]# cat minion_id
salt-stack_master
3、master上需要接受minion的key后才能进行通信
[root@salt-stack_master salt]# salt-key -L //在主节点上列出所有的key
Accepted Keys:
salt-minion
salt-stack_master
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@salt-stack_master salt]# salt-key -A //同意所有的key,如果想同意一个key,使用 -a
[root@salt-stack_master ~]# salt-key -d [key名称] //删除一个key
二、常用命令
1、常用的命令介绍
[root@salt-stack_master ~]# salt '*' test.ping //测试minion是否存活
salt-minion:
True
salt-master:
True
[root@salt-stack_master ~]# salt 'salt-min*' cmd.run 'w'
salt-minion:
04:03:02 up 6:18, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.100.1 02:12 1:49m 0.04s 0.04s -bash
root pts/1 192.168.100.1 02:56 16:14 0.27s 0.27s -bash
[root@salt-stack_master ~]# salt '*' cmd.run 'mkdir /tmp/test' //在所有机器创建目录
salt-master:
salt-minion:
[root@salt-stack_master ~]# ls /tmp
test
三、YAMLy格式
YAML:
1. 缩进 2个空格,不能用tab
2. 冒号 key: value
3. 短横线 - list1
- list2
四、salt状态管理配置
[root@salt-stack_master ~]# vim /etc/salt/master //环境的定义
# Example:
# file_roots:
# base:
# - /srv/salt/
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
file_roots:
base:
- /srv/salt
[root@salt-stack_master ~]# systemctl restart salt-master //改完配置文件后重启master
例1:写一个安装、运行apache的sls文件
[root@salt-stack_master srv]# tree
.
└── salt
└── web
└── apache.sls
2 directories, 1 file
[root@salt-stack_master web]# cat apache.sls
apache-install:
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service:
service.running:
- name: httpd
- enable: True
[root@salt-stack_master web]# salt '*' state.sls web.apache //在master执行安装命令。只截取了minion的输出信息
salt-minion:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 23:27:09.697648
Duration: 19217.845 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-89.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-89.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 23:27:28.958061
Duration: 6553.724 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-89.el7.centos
old:
libdb:
----------
new:
5.3.21-24.el7
old:
5.3.21-20.el7
libdb-devel:
----------
new:
5.3.21-24.el7
old:
libdb-utils:
----------
new:
5.3.21-24.el7
old:
5.3.21-20.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-5.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 23:27:36.441424
Duration: 186.563 ms
Changes:
----------
httpd:
True
Summary for salt-minion
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 25.958 s
五、高级状态管理
[root@salt-master web]# vim /etc/salt/master //修改master的配置文件
state_top: top.sls
[root@salt-master salt]# pwd //创建top文件
/srv/salt
[root@salt-master salt]# cat top.sls
base:
'salt-minion':
- web.apache
'salt-master':
- web.apache
[root@salt-master ~]# salt 'salt-master' state.highstate test=True //不执行,输出执行后的结果,用于先测试,然后进行执行命令
[root@salt-master /srv/salt]# salt '*' state.highstate
salt-minion:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 23:50:53.668711
Duration: 593.209 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 23:50:54.262186
Duration: 17.839 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 23:50:54.280899
Duration: 37.414 ms
Changes:
Summary for salt-minion
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 648.462 ms
salt-master:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 23:50:42.128371
Duration: 551.484 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 23:50:42.680173
Duration: 16.562 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 23:50:42.697628
Duration: 51.981 ms
Changes:
Summary for salt-master
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 620.027 ms