SaltStack实战
#安装
安装注意几点
python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64
yum install python-libs解决
yum的版本太低的话是会出现问题的
http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm
rpm –Uvh yum-3.2.29-69.el6.centos.noarch.rpm
Error:
|
问题: file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64 |
|
解决: [root@client ~]# yum install python-lib* -y [root@client ~]# yum install salt-minion -y |
|
问题: Error: Package: yum-utils-1.1.30-30.el6.noarch (saltstack-repo) Requires: yum >= 3.2.29-56 Installed: yum-3.2.29-40.el6.centos.noarch (@anaconda-CentOS-201303020151.x86_64/6.4) yum = 3.2.29-40.el6.centos |
|
解决: [root@python ~]# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm [root@python ~]# rpm -Uvh yum-3.2.29-69.el6.centos.noarch.rpm warning: yum-3.2.29-69.el6.centos.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Preparing... ########################################### [100%] 1:yum ########################################### [100%] |
|
问题: Error Downloading Packages: python-ordereddict-1.1-2.el6.noarch: failure: python-ordereddict-1.1-2.el6.noarch.rpm from epel: [Errno 256] No more mirrors to try. python-msgpack-0.4.6-1.el6.x86_64: failure: python-msgpack-0.4.6-1.el6.x86_64.rpm from epel: [Errno 256] No more mirrors to try. |
|
解决:估计要使用黄灯FQ或者使用国内的源 [root@python yum.repos.d]# yum install python-ordereddict* -y |
yum install python-ordereddict* -y
|
[root@master ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:C7:F1:FD inet addr:10.0.0.7 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fec7:f1fd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10368 errors:0 dropped:0 overruns:0 frame:0 TX packets:6210 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9829001 (9.3 MiB) TX bytes:478004 (466.8 KiB) [root@master ~]# hostname master [root@master ~]# uname -a Linux master 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [root@master ~]# yum install salt-master -y |
|
Server |
Client |
|
#开启服务 [root@master ~]# service salt-master start Starting salt-master daemon: [确定] [root@master ~]# netstat –lanput tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2682/python2.6 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 2691/python2.6 [root@master salt]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2682 root 13u IPv4 24479 0t0 TCP *:4505 (LISTEN) [root@master salt]# lsof -i:4506 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2691 root 21u IPv4 24490 0t0 TCP *:4506 (LISTEN) [root@master salt]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.10.7 drbd01 master.saltstack.com master 10.0.10.8 drbd02 minion.saltstack.com minion [root@master salt]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: client minion.saltstack.com Rejected Keys: |
[root@ client ~]# cd /etc/salt/ [root@ client salt]# pwd /etc/salt [root@ client salt]# ls cloud cloud.maps.d master minion.d roster cloud.conf.d cloud.profiles.d master.d pki cloud.deploy.d cloud.providers.d minion proxy [root@minion salt]# grep "^#|^$" minion -v master: 10.0.0.7 id: minion.saltstack.com [root@minion salt]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.10.8 drbd02 minion.saltstack.com minion 10.0.10.7 drbd01 master.saltstack.com master [root@client ~]# /etc/init.d/salt-minion restart Starting salt-minion daemon: [确定] |
|
#完成认证欢迎客户端的加入 [root@master salt]# salt-key -a minion.saltstack.com The following keys are going to be accepted: Unaccepted Keys: minion.saltstack.com Proceed? [n/Y] Y Key for minion minion.saltstack.com accepted. [root@master salt]# salt-key Accepted Keys: minion.saltstack.com Denied Keys: Unaccepted Keys: client Rejected Keys: #测试ping #泛型 [root@master ~]# salt '*' test.ping minion.saltstack.com: True #针对性 [root@master ~]# salt 'minion.saltstack.com' test.ping minion.saltstack.com: True [root@master ~]# salt '*' cmd.run 'df -h' minion.saltstack.com: Filesystem Size Used Avail Use% Mounted on /dev/sda3 12G 1.7G 9.5G 15% / tmpfs 935M 12K 935M 1% /dev/shm /dev/sda1 194M 26M 159M 14% /boot /dev/sr1 1.4G 1.4G 0 100% /iso1 /dev/sr0 4.1G 4.1G 0 100% /iso [root@master ~]# salt '*' cmd.run 'uptime' minion.saltstack.com: 21:21:34 up 3:37, 4 users, load average: 0.10, 0.03, 0.00 |
|
|
在增加一台: |
|
|
[root@master ~]# mkdir -p /etc/salt/states/prod [root@master ~]# grep "^#|^$" /etc/salt/master -v default_include: master.d/*.conf interface: 0.0.0.0 file_roots: base: - /etc/salt/states prod: - /etc/salt/states/prod [root@master ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定] [root@master ~]# tail -f /var/log/salt/master |
|
|
[root@master states]# grep "^#|^$" -v /etc/salt/master default_include: master.d/*.conf interface: 0.0.0.0 state_top: top.sls file_roots: base: - /etc/salt/states prod: - /etc/salt/states/prod [root@master states]# cat ./init/pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap [root@master states]# cat ./prod/top.sls base: 'minion.saltstack.com' - init.pkg [root@master states]# salt '*' state.sls init.pkg minion.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: The following packages were installed/updated: mtr Started: 22:28:11.931751 Duration: 22421.578 ms Changes: ---------- mtr: ---------- new: 2:0.75-5.el6 old: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: The following packages were installed/updated: nmap Started: 22:28:34.362114 Duration: 22710.914 ms Changes: ---------- libpcap: ---------- new: 14:1.0.0-6.20091201git117cb5.el6 old: nmap: ---------- new: 2:5.51-2.el6 old: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: The following packages were installed/updated: lrzsz Started: 22:28:57.082576 Duration: 8267.01 ms Changes: ---------- lrzsz: ---------- new: 0.12.20-27.1.el6 old: Summary for minion.saltstack.com ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3 |
|
|
[root@minion ~]# which rz /usr/bin/rz |
|
|
[root@master states]# tree ./ ./ ├── init │ ├── files │ │ └── limits.conf │ ├── limit.sls │ └── pkg.sls ├── prod └── top.sls 3 directories, 4 files [root@master states]# cat ./init/limit.sls limit-conf-config: file.managed: - name: /etc/security/limits.conf - source: salt://init/files/limits.conf - user: root - group: root - mode: 644 [root@master states]# cat ./init/pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap [root@master states]# cat ./top.sls base: 'minion.saltstack.com': - init.pkg - init.limit [root@master states]# salt '*' state.highstate minion.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed Started: 23:05:41.185346 Duration: 817.998 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed Started: 23:05:42.003701 Duration: 0.914 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed Started: 23:05:42.004743 Duration: 0.587 ms Changes: ---------- ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf updated Started: 23:05:42.009035 Duration: 34.642 ms Changes: ---------- diff: --- +++ @@ -39,8 +39,8 @@ #<domain> <type> <item> <value> #
-#* soft core 0 -#* hard rss 10000 +* soft core 0 +* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 Summary for minion.saltstack.com ------------ Succeeded: 4 (changed=1) Failed: 0 ------------ Total states run: 4 |
|
|
[root@minion ~]# cat /etc/security/limits.conf * soft core 0 * hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 |
|
|
[root@master salt]# tree /etc/salt/pki/ /etc/salt/pki/ ├── master │ ├── master.pem │ ├── master.pub │ ├── minions │ │ └── minion.saltstack.com │ ├── minions_autosign │ ├── minions_denied │ ├── minions_pre │ │ └── client │ └── minions_rejected └── minion |
|
|
[root@master ~]# salt-key Accepted Keys: 10.0.0.9 正则表达式: [root@master ~]# salt -E '((?:(?:25[0-5]|2[0-4]d|((1d{2})|([1-9]?d))).){3}(?:25[0-5]|2[0-4]d|((1d{2})|([1-9]?d))))' test.ping 10.0.0.9: True [root@master ~]# cat /etc/salt/states/top.sls base: '((?:(?:25[0-5]|2[0-4]d|((1d{2})|([1-9]?d))).){3}(?:25[0-5]|2[0-4]d|((1d{2})|([1-9]?d))))': - match: pcre - init.pkg - init.limit [root@master ~]# salt ‘*’ state.highstate minion.saltstack.com: ID: states Function: no.None Result: False Comment: No Top file or external nodes data matches found. Started: Duration: Changes: Summary for minion.saltstack.com Succeeded: 0 Failed: 1 Total states run: 1 10.0.0.9: ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed Started: 08:59:28.505182 Duration: 720.628 ms Changes: ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed Started: 08:59:29.226111 Duration: 0.839 ms Changes: ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed Started: 08:59:29.227087 Duration: 0.607 ms Changes: ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf is in the correct state Started: 08:59:29.231194 Duration: 27.495 ms Changes: Summary for 10.0.0.9 Succeeded: 4 Failed: 0 Total states run: 4 ERROR: Minions returned with non-zero exit code |
|
-E 正则 -L list -S IP |
|
Salt into MySQL |
|
mysql.host: '10.0.0.7' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 mysql_job_cache: mysql【主master插入】 |
附件:
|
Iso.repo: |
|
# CentOS-Media.repo # # This repo can be used with mounted DVD media, verify the mount point for # CentOS-6. You can use this repo and yum to install items directly off the # DVD ISO that we release. # # To use this repo, put in your DVD and use it with the other repos too: # yum --enablerepo=c6-media [command] # # or for ONLY the media repo, do this: # # yum --disablerepo=* --enablerepo=c6-media [command] [c6-media] name=CentOS-$releasever - Media baseurl=file:///iso/ file:///iso1/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 |
|
saltstack.repo |
|
[saltstack-repo] name=SaltStack repo for RHEL/CentOS $releasever baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest enabled=1 gpgcheck=0 gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-EL5-GPG-KEY.pub |
数据系统:
|
Grains-静态数据 |
|
自定义grains [root@drbd02 ~]# tail -n 3 /etc/salt/minion grains: roles: nginx env: prod [root@master ~]# salt -G 'env:prod' test.ping minion.saltstack.com: True [root@master ~]# salt -G 'roles:nginx' test.ping minion.saltstack.com: True [root@drbd02 ~]# cat /etc/salt/grains cloud: openstack [root@master ~]# salt -G 'cloud:openstack' test.ping minion.saltstack.com: True [root@master ~]# salt -G 'test:salt' test.ping No minions matched the target. No command was sent, no jid was assigned. ERROR: No return received #不用重启刷新 [root@master ~]# salt '*' saltutil.sync_grains minion.saltstack.com: 10.0.0.9: [root@master ~]# salt -G 'test:salt' test.ping minion.saltstack.com: True Top.sls: 'roles:nginx': - match: grain - init.pkg |
|
Pillar:敏感数据 master指定Pillar 结合grains处理平台差异性 |
|
[root@master ~]# salt '*' pillar.ls minion.saltstack.com: 10.0.0.9: "/etc/salt/master" 840L, 32677C written 586 pillar_roots: 587 base: 588 - /etc/salt/pillar 589 [root@master pillar]# cat top.sls base: '*': - init.rsyslog [root@master pillar]# mkdir init [root@master pillar]# cd init/ [root@master init]# pwd /etc/salt/pillar/init [root@master init]# cat rsyslog.sls {% if grains['osfinger'] == 'CentOS-6' %} syslog: rsyslog {% elif %} syslog: syslog {% endif %} [root@master init]# pwd /etc/salt/pillar/init [root@master init]# salt '*' saltutil.refresh_pillar 10.0.0.9: True minion.saltstack.com: True |