1.目标
2.执行模块
3.返回
salt ‘*’ cmd.run ‘uptime’ 命令 目标 执行模块 执行模块参数
1、SlatStack远程执行–目标
执行目标:https://docs.saltstack.com/en/latest/topics/targeting/index.html#advanced-targeting-methods
- (1)和Minion ID相关的目标匹配方式
1、MinionID匹配 [root@linux-node1 ~]# salt 'linux-node1.example.com' service.status sshd linux-node1.example.com: True 2、通配符* ? [1-2]等匹配 [root@linux-node1 ~]# salt 'linux*' service.status sshd linux-node2.example.com: True linux-node1.example.com: True [root@linux-node1 ~]# salt 'linux-node?.example.com' service.status sshd linux-node2.example.com: True linux-node1.example.com: True [root@linux-node1 ~]# salt 'linux-node[1-2].example.com' service.status sshd linux-node2.example.com: True linux-node1.example.com: True 3、列表匹配 [root@linux-node1 ~]# salt -L 'linux-node1.example.com,linux-node2.example.com' test.ping linux-node2.example.com: True linux-node1.example.com: True 4、正则表达式匹配 [root@linux-node1 ~]# salt -E 'linux-(node1|node2)*' test.ping linux-node2.example.com: True linux-node1.example.com: True
- (2)和Minion无关匹配
1、Grains匹配 [root@linux-node1 ~]# salt -G 'os:CentOS' test.ping linux-node2.example.com: True linux-node1.example.com: True 2、子网、IP地址匹配 [root@linux-node1 ~]# salt -S '192.168.56.0/24' test.ping linux-node1.example.com: True linux-node2.example.com: True 3、Pillar匹配 #这里目标key:value,是在pillar系统中定义 [root@linux-node1 ~]# salt -I 'apache:httpd' test.ping linux-node2.example.com: True linux-node1.example.com: True
- (3)混合匹配(少用)
- (4)Node Groups匹配
#在master配置文件进行定义node-groups [root@linux-node1 ~]# vim /etc/salt/master nodegroups: web-group: 'L@linux-node1.example.com,linux-node2.example.com' [root@linux-node1 ~]# systemctl restart salt-master [root@linux-node1 ~]# salt -N web-group test.ping linux-node2.example.com: True linux-node1.example.com: True
- (5)批处理执行–Batch size
#先执行1台完成后再执行一台,按比例去执行 [root@linux-node1 ~]# salt '*' -b 1 test.ping Executing run on ['linux-node2.example.com'] jid: 20180117172632455823 linux-node2.example.com: True retcode: 0 Executing run on ['linux-node1.example.com'] jid: 20180117172632650981 linux-node1.example.com: True retcode: 0 #按比例匹配执行,好比在重启服务器时,为了不影响业务,可以先重启一部分,再重启后面一部分 [root@linux-node1 ~]# salt -G 'os:CentOS' --batch-size 50% test.ping Executing run on ['linux-node2.example.com'] jid: 20180117172759207757 linux-node2.example.com: True retcode: 0 Executing run on ['linux-node1.example.com'] jid: 20180117172759402383 linux-node1.example.com: True retcode: 0
2、SlatStack远程执行–执行模块
执行模块:https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules
3、SlatStack远程执行–返回
返回模块:https://docs.saltstack.com/en/latest/ref/returners/index.html
Return组件可以理解为SaltStack系统对执行Minion返回后的数据进行存储或者返回给其他程序,它支持多种存储方式,如MySQL、Redis、ELK、zabbix,通过Return我们可以对SaltStack的每次操作进行记录,对以后的日志审计提供了数据来源。
Return是在Master端触发任务,然后Minion接受处理任务直接与Return存储服务器建立链接,然后把数据存储到服务器。
返回是minion直接将命令执行结果写入到MySQL,需要的依赖包:MySQL-python
- (1)SATL.RETURNERS.MYSQL(minion返回MySQL)
(1)所有minion需要安装MySQL-python [root@linux-node1 ~]# salt '*' cmd.run 'yum install -y MySQL-python' [root@linux-node1 ~]# salt '*' pkg.install MySQL-python #使用pkg模块安装MySQL-python (2)安装mariadb数据库 [root@linux-node1 ~]# yum install -y mariadb-server [root@linux-node1 ~]# systemctl start mariadb (3)创建salt库,创建jid、salt_returns、salt_events表,授权 [root@linux-node1 ~]# mysql -uroot -p Enter password: MariaDB [(none)]> CREATE DATABASE `salt` -> DEFAULT CHARACTER SET utf8 -> DEFAULT COLLATE utf8_general_ci; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> USE `salt`; Database changed MariaDB [salt]> CREATE TABLE `jids` ( -> `jid` varchar(255) NOT NULL, -> `load` mediumtext NOT NULL, -> UNIQUE KEY `jid` (`jid`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.00 sec) MariaDB [salt]> CREATE TABLE `salt_returns` ( -> `fun` varchar(50) NOT NULL, -> `jid` varchar(255) NOT NULL, -> `return` mediumtext NOT NULL, -> `id` varchar(255) NOT NULL, -> `success` varchar(10) NOT NULL, -> `full_ret` mediumtext NOT NULL, -> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, -> KEY `id` (`id`), -> KEY `jid` (`jid`), -> KEY `fun` (`fun`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.03 sec) MariaDB [salt]> CREATE TABLE `salt_events` ( -> `id` BIGINT NOT NULL AUTO_INCREMENT, -> `tag` varchar(255) NOT NULL, -> `data` mediumtext NOT NULL, -> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, -> `master_id` varchar(255) NOT NULL, -> PRIMARY KEY (`id`), -> KEY `tag` (`tag`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.02 sec) MariaDB [salt]> show tables; +----------------+ | Tables_in_salt | +----------------+ | jids | | salt_events | | salt_returns | +----------------+ 3 rows in set (0.00 sec) MariaDB [salt]> grant all on salt.* to salt@'%' identified by 'salt'; Query OK, 0 rows affected (0.00 sec) (4)修改salt-minion,配置MySQL链接 [root@linux-node2 ~]# vim /etc/salt/minion ###### Returner settings ###### ############################################ mysql.host: '192.168.56.11' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 [root@linux-node2 ~]# systemctl restart salt-minion [root@linux-node1 ~]# vim /etc/salt/minion ###### Returner settings ###### ############################################ mysql.host: '192.168.56.11' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 [root@linux-node1 ~]# systemctl restart salt-minion (5)测试,并在数据库查看返回结果 [root@linux-node1 ~]# salt '*' test.ping --return mysql linux-node2.example.com: True linux-node1.example.com: True MariaDB [salt]> select * from salt_returns; +-----------+----------------------+--------+-------------------------+---------+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ | fun | jid | return | id | success | full_ret | alter_time | +-----------+----------------------+--------+-------------------------+---------+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ | test.ping | 20180118093222060862 | true | linux-node2.example.com | 1 | {"fun_args": [], "jid": "20180118093222060862", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "linux-node2.example.com"} | 2018-01-18 09:32:22 | | test.ping | 20180118093222060862 | true | linux-node1.example.com | 1 | {"fun_args": [], "jid": "20180118093222060862", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "linux-node1.example.com"} | 2018-01-18 09:32:24 | +-----------+----------------------+--------+-------------------------+---------+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ 2 rows in set (0.00 sec)
- 使用salt的job_cache机制将命令写入mysql(常用方法)
- 执行的所有命令都会写入mysql,不用使用return,把cache写在mysql
[root@linux-node1 ~]# vim /etc/salt/master master_job_cache: mysql mysql.host: '192.168.56.11' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 [root@linux-node1 ~]# systemctl restart salt-master [root@linux-node1 ~]# salt '*' cmd.run 'w' [root@linux-node1 ~]# mysql -uroot -p123456 -e "select * from salt.salt_returns;" #加上-v参数可以看到jid,并且通过jid可以查看运行的结果 [root@linux-node1 ~]# salt '*' cmd.run 'uptime' -v Executing job with jid 20180118095000725560 ------------------------------------------- linux-node2.example.com: 09:50:00 up 14 days, 4:24, 2 users, load average: 0.00, 0.01, 0.05 linux-node1.example.com: 09:50:00 up 23 days, 3:56, 2 users, load average: 0.00, 0.06, 0.18 [root@linux-node1 ~]# salt-run jobs.lookup_jid 20180118095000725560 linux-node1.example.com: 09:50:00 up 23 days, 3:56, 2 users, load average: 0.00, 0.06, 0.18 linux-node2.example.com: 09:50:00 up 14 days, 4:24, 2 users, load average: 0.00, 0.01, 0.05