what-saltstack
1>是一个服务器基础架构集中化管理平台,具备配置管理,远程执行,监控等功能。
2>使用Python开发,部署简单,主从集中化管理,支持API和自定义模块.
3>由Master和Minion构成(基于证书验证),通过轻量级消息队列ZeroMQ进行通信。
how-saltstack
Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口;
salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制,如果连接断开,master对客户端就无能为力了。当然,客户端若检查到断开后会定期的一直连接master端的。
安装saltstack
saltstack源可以通过epel现在,本机是自己做的yum源
在真机添加一个yum源
[[email protected] rhel6]# pwd/var/www/html/saltstack/rhel6[[email protected] rhel6]# createrepo . #创建第三方yum源Spawning worker 0 with 7 pkgsSpawning worker 1 with 7 pkgsSpawning worker 2 with 7 pkgsSpawning worker 3 with 7 pkgsWorkers FinishedSaving Primary metadataSaving file lists metadataSaving other metadataGenerating sqlite DBsSqlite DBs complete
server3,server4:
yum 源配置:
vim /etc/yum.repos.d/rhel-source.repo
[salt]name=saltstackbaseurl=http://172.25.88.250/saltstack/rhel6gpgcheck=0
server3
yum install salt-master -y
[[email protected] ~]# ss -ntlaState Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:4505 (发送) *:* LISTEN 0 128 *:4506 (订阅) *:*
server4
yum install salt-minion -y
[[email protected] ~]#vim /etc/salt/minion master: server3.lalala.com
还需要认证
[[email protected] ~]# salt-key -AThe following keys are going to be accepted:Unaccepted Keys:server4.lalala.comProceed? [n/Y] YKey for minion server4.lalala.com accepted..[[email protected] ~]# salt-key -LAccepted Keys:server4.lalala.comDenied Keys:Unaccepted Keys:Rejected Keys:
检验
[[email protected] yum.repos.d]# salt server4.lalala.com test.pingserver4.lalala.com: True[[email protected] yum.repos.d]# salt ‘*‘ test.ping #可以正则匹配server4.lalala.com: True[[email protected] yum.repos.d]# salt -S 172.25.4.4 test.pingserver4.lalala.com: True
可以指定其他主机的任何操作。。
[[email protected] ~]# salt server4.lalala.com cmd.run ‘df -h‘server4.lalala.com: Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup-lv_root 19G 1.3G 17G 8% / tmpfs 499M 16K 499M 1% /dev/shm /dev/vda1 485M 33M 427M 8% /boot
[[email protected] yum.repos.d]# salt -S 172.25.88.4 cmd.run ‘cp /etc/passwd /mnt‘[[email protected] yum.repos.d]# salt -S 172.25.88.4 cmd.run ‘ls -l /mnt‘server4.lalala.com: total 4 -rw-r--r-- 1 root root 1066 Apr 15 10:15 passwd
关于key
当初始化安装 minion 启动服务启动后
minion端生成一个秘钥对,并产生一个ID值,minion服务会安装ID值命名的公钥发送给 master ,直到接受为止;
master认证完毕后,会将minion 端发送来的,以ID值命名的公钥存放在 /etc/salt/pki/master/minions 目录中(无扩展名); master认证完毕后,会将自身的公钥发送给 minion,并存储为 /etc/salt/pki/minion/minion_master.pub.
用tree,查看master的目录树
[[email protected] salt]# pwd/etc/salt[[email protected] salt]# tree|-- cloud|-- cloud.conf.d|-- cloud.deploy.d|-- cloud.maps.d|-- cloud.profiles.d|-- cloud.providers.d|-- master|-- master.d|-- minion|-- minion.d|-- pki #与密码相关| |-- master| | |-- master.pem| | |-- master.pub| | |-- minions| | | `-- server4.lalala.com #已添加进来的主机.| | |-- minions_autosign| | |-- minions_denied| | |-- minions_pre| | `-- minions_rejected| `-- minion|-- proxy|-- proxy.d`-- roster
被同步主机的目录
[[email protected] salt]# tree ..|-- cloud|-- cloud.conf.d|-- cloud.deploy.d|-- cloud.maps.d|-- cloud.profiles.d|-- cloud.providers.d|-- master|-- master.d|-- minion|-- minion.d| `-- _schedule.conf|-- minion_id|-- pki| |-- master| `-- minion| |-- minion_master.pub
安装apache状态模块
vim /etc/salt/master
534 file_roots: 535 base:536 - /srv/salt
vim /srv/salt/httpd/apache.sls
apache-install: pkg.installed: - name: httpd
检测与执行
[[email protected] httpd]# salt ‘‘ state.sls httpd.apache test=True
[[email protected] httpd]# salt ‘‘ state.sls httpd.apache
server4.lalala.com:---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed Started: 14:13:13.995696 Duration: 832.407 ms Changes: Summary for server4.lalala.com------------Succeeded: 1Failed: 0------------Total states run: 1Total run time: 832.407 ms
推送配置信息,在minion中缓存的位置
[[email protected] httpd]# pwd/var/cache/salt/minion/files/base/httpd[[email protected] httpd]# cat apache.sls apache-install: pkg.installed: - name: httpd
配置与应用
实现:
1.服务启动服务器更改apache文件
2.实现服务器更改配置文件,客户端触发更改,并且reload生效
mkdir /srv/salt/httpd/files
vim apache.slsapache-install: pkg.installed: - pkgs: - httpd - httpd-tools apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://httpd/files/httpd.conf - mode: 644 - user: root - group: root - require: - pkg: apache-install - apache-service: service.running: - name: httpd - enable: True - reload: True - watch: #监控apache配置文件,一修改就reload - file: apache-config
配置文件的端口进行更改,同步到client
vim /srv/salt/httpd/files/httpd.conf 改变默认端口Listen 8080
[[email protected] httpd]# salt ‘*‘ state.sls httpd.apacheserver4.lalala.com:---------- ID: apache-install Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 11:42:54.769981 Duration: 445.517 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 11:42:55.217486 Duration: 45.472 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen 80 +Listen 8080 # # Dynamic Shared Object (DSO) Support---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service reloaded Started: 11:42:55.395103 Duration: 75.042 ms Changes: ---------- httpd: True Summary for server4.lalala.com------------Succeeded: 3 (changed=2)Failed: 0------------Total states run: 3Total run time: 566.031 ms
查看文件两个配置文件的hash,相同
[[email protected] files]# md5sum httpd.conf b7ca7a0e786418ba7b5ad84efac70265 httpd.conf [[email protected] files]# md5sum httpd.conf b7ca7a0e786418ba7b5ad84efac70265 httpd.conf
时间: 2024-10-12 09:52:26