官方文档
官方网站:https://www.saltstack.com/
官方文档 https://docs.saltstack.cn/contents.html
GitHub: https://github.com/saltstack
中国saltstack用户组:https://www.saltstack.cn/
master和minion之间用秘钥双向加密
[root@node1 /]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
root@node1 /]# yum -y install salt-master
/etc/init.d/salt-master start
[root@node1 /]#vim /etc/hosts
10.240.17.100 node1
10.240.17.103 node2
[root@node2]# vim /etc/salt/minion
16 master 211.103.138.122
systemctl start salt-minion
tree /etc/salt/minion/ ####如果主机名变了需要删除/etc/salt/minion_id文件 相当于缓存
[root@node1/]# tree /etc/salt/master ###如果主机名改了需要删除 minions_pre下对应的minion客户端名字
[root@node1/]#salt-key -A ###添加所有主机
[root@node1/]#salt '*' test.ping #所有的主机执行模块ping操作
###master和minion通过zeromq消息队列来通信,所有的minion都连到master的4505端口上,当master发送指令的时候通过4506给minion发送消息
[root@node1/]#salt '*' cmd.run 'w' ###远程执行命令
[root@node1/]# vim /etc/salt/master
416
file_roots:
base:
- /srv/salt/base
dev:
- /srv/salt/dev
test:
- /srv/salt/test
prod:
- /srv/salt/prod
[root@node1/]# mkdir -p /srv/salt/{base,dev,test,prod}
[root@node1/]#/etc/init.d/salt-master restart
[root@node1/]# cd /srv/salt/base
vim apache.sls
apache-install: ###ID状态唯一标示
pkg.installed: ###pkg是个状态模块,installed是状态模块的方法
- name: httpd ### name是个方法参数 httpd是这台机子应该有个httpd,如果有就上面都不做,如果没有就安装。
apache-service: ###
service.running: ###service状态模块,runing状态模块方法
- name: httpd ###name方法参数
- enable: True ###enable方法参数 true是保证httpd应该处于启动,如果启动了什么都不做,如果没有就启动
[root@node1 base]# salt 'node2' state.sls apache #########执行apache.sls方法命令
[root@node1 base]# mkdir web && mv apache.sls web
[root@node1 base]# salt 'node2' state.sls web.apache ####以.来区别层次关系,而不是用/
[root@node1 base]# vim /etc/salt/master
329 state_top: top.sls
[root@node1 base]# vim top.sls
base:
'node1' :
- web.apache
'node2' :
- web.apache
[root@node1 base]# salt '*' state.highstate ###高级状态,去查top.sls,然后根据编排来执行各自的任务
https://www.unixhot.com/docs/saltstack/
[root@node1 base]# cd web
[root@node1 web]# vim lamp.sls
lamp-install: ###以后要安装什么包可以先从其他先装一次然后把包名在放到pkgs下
pkg.installed: ###一个ID下只能一个状态只能出现一次
- pkgs:
- httpd
- php
- php-pdo
- php-mysql
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://web/httpd.conf ##//表示当前环境/srv/salt/base/
- user: root
- group: root
- mode: 644
php-config:
file.managed:
- name: /etc/php.ini
- source: salt://web/php.ini
- user: root
- group: root
- mode: 644
[root@node2 ]# sz /etc/httpd/conf/httpd.conf
[root@node2 ]#sz /etc/php.ini
把下载出来的2个文件 上传到 node1服务器/srv/salt/base/web/下
[root@node1 web]# salt '*' state.sls web.lamp
[root@node1 web]#mkdir files
[root@node1 web]#mv httpd.conf php.ini files/
vim lamp.sls
lamp-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-pdo
- php-mysql
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://web/files/httpd.conf
- user: root
- group: root
- mode: 644
php-config:
file.managed:
- name: /etc/php.ini
- source: salt://web/files/php.ini
- user: root
- group: root
- mode: 644
lamp-service:
service.running:
- name: httpd
- enable: True
[root@node1 base]#vim top.sls
base :
'node1' :
- web.lamp
'node2' :
- web.lamp
[root@node1 base]# salt '*' state.highstate
[root@node1 web]# vim lamp.sls
apache-conf:
file.recurse:
- name: /etc/httpd/conf.d
- source: salt://web/files/apache-conf.d
[root@node1 web] # mkdir /srv/salt/base/web/files/apache-conf.d
[root@node1 web] # cd /srv/salt/base/web/files/apache-conf.d
[root@node1 web] #scp 10.240.17.103:/etc/httpd/conf.d/* ./
[root@node1 web] # salt 'node2' state.highstate test=True
[root@node1 web] # salt '*' file.append /etc/profile '#hha' ######给minion端 /etc/profile文件里 追加#hha
[root@node1 web] # vim lamp.sls
lamp-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-pdo
- php-mysql
apache-config: ###针对文件
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://web/files/httpd.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: lamp-install #####当lamp-install安装完的时候才执行文件配置,如果没执行完则不会执行下面的
apache-conf: ####针对目录改变
file.recurse:
- name: /etc/httpd/conf.d
- source: salt://web/files/apache-conf.d
php-config:
file.managed:
- name: /etc/php.ini
- source: salt://web/files/php.ini
- user: root
- group: root
- mode: 644
lamp-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-conf ### 要监控apache-conf这个目录,有变更就重启
- file: apache-config ### 监控apache-config这个目录,有变更 就重启
[root@node1 web] #salt '*' state.highstate
[root@node1 web] #mkdir /var/www/html/admin/ && cd /var/www/html/admin/
[root@node1 web] # vim info.php
<?php
phpinfo();
[root@node2 web] #mkdir /var/www/html/admin/ && cd /var/www/html/admin/
[root@node2 web] # vim info.php
<?php
phpinfo();
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from All
AuthUserFile /etc/httpd/conf/htpasswd_file
AuthName "hehe"
AuthType Basic
Require user admin
</Directory>
[root@node1 web] #whereis htpasswd
[root@node1 web] #rpm -qf /usr/bin/htpasswd
[root@node1 web] # vim /srv/salt/base/web/lamp.sls
lamp-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-pdo
- php-mysql
apache-config: ###针对文件
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://web/files/httpd.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: lamp-install #####当lamp-install安装完的时候才执行文件配置,如果没执行完则不会执行下面的
apache-auth:
pkg.installed:
- name: httpd-tools
- require_in:
- cmd: apache-auth
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file ##unless 如果条件为真,就不执行
apache-conf: ####针对目录改变
file.recurse:
- name: /etc/httpd/conf.d
- source: salt://web/files/apache-conf.d
- watch_in:
- service: lamp-service ###如果目录里东西改变就去执行service模块
php-config:
file.managed:
- name: /etc/php.ini
- source: salt://web/files/php.ini
- user: root
- group: root
- mode: 644
lamp-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-conf ### 要监控apache-conf这个目录,有变更就重启
- file: apache-config ### 监控apache-config这个目录,有变更 就重启
[root@node1 web] #salt '*' state.highstate
[root@node1 web] # vim tomcat.sls
jdk-install:
pkg.installed:
- name: java-1.8.0-openjdk
tomcat-install:
file.managed:
- name: /usr/local/src/apache-tomcat-8.0.46.tar.gz
- source: salt://web/files/apache-tomcat-8.0.46.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar xvf apache-tomcat-8.0.46.tar.gz && mv apache-tomcat-8.0.46 /usr/local/ && ln -s /usr/local/apache-tomcat-8.0.46 /usr/local/tomcat
- unless: test -L /usr/local/tomcat && test -d /usr/local/apache-tomcat-8.0.46
[root@node1 web] # salt '*' state.sls tomcat
#################################################################
[root@node1 web] # salt 'node2' grains.items ######grains 数据收集
[root@node1 web] # salt 'node2' grains.item fqdn_ip4
[root@node1 web] #salt -G 'os:CentOS' cmd.run 'uptime'
##################################################################
[root@node1 web] # vim lamp.sls
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://web/files/httpd.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: lamp-install
- template: jinja ###变成jinja模板文件
- defaults:
PORT: 80 ###添加变量名 以及端口号
IPADDR: {{ grains['fqdn_ip4'][0] }} ###添加变量IP地址名,调用grains来获取主机名,[0]代表python列表里取第一个
[root@node1 web] vim /srv/salt/base/web/files/httpd.conf
Listen {{ IPADDR }}:{{ PORT }} ######配置文件里使用lamp.sls里定义的变量名
1.停止salt-minion 2.salt-key 删除老的ID 3 删除/etc/salt/minion_id 4.删除minion端/etc/salt/pki 5.修改ID 6 启动 7 重新salt-key 加入
/var/log/salt/cache/ 缓存文件位置
zabbix-agent
zabbix-install: pkg.installed: - name: zabbix-agent agent-config: file.managed: - name: /etc/zabbix/zabbix_agentd.conf - source: salt://web/files/zabbix_agentd.conf - user: root - group: root - require: - pkg: zabbix-install cmd.run: - name: chmod 755 /var/log/zabbix/ /var/run/zabbix/ && useradd zabbix && chown zabbix.zabbix /var/log/zabbix/ -R && chown zabbix.zabbix /var/run/zabbix/ -R - unless: test -d /home/zabbix/ - template: jinjia - defaults: Server: {{ 'haha' }} agent-service: service.running: - name: zabbix-agent - enable: True - reload: True - watch: - file: agent-config