- 原理:
minion端和master端认证的原理
Master与Minion认证
(1)、minion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。(2)、master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。
- 实验图解
3实验配置
4.具体实验:
1.安装epel源(三台机器上都得执行)
CentOS6-64bit:
rpm -Uvh http://mirrors.yun-idc.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm
CentOS5-64bit:
rpm -Uvh http://mirrors.yun-idc.com/epel/5Server/x86_64/epel-release-5-4.noarch.rpm
[[email protected] ~]# rpm -Uvh http://mirrors.yun-idc.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://mirrors.yun-idc.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.406Pc0: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
[[email protected] ~]#
2.安装saltsatck2016/05/05 11:51
①安装master
yum -y install salt-master
②安装minion(两台都得执行)
yum -y install salt-minion
3.salt命令介绍
4.配置minion端的配置文件(两台minion都要配置)
[[email protected] salt]# less /etc/salt/minion
#master: salt 默认的主机名是salt(master端)
#id: id要是唯一的 默认是本机的主机名
所以直接在本地/etc/hosts 配置本地电脑名称和IP的对应关系即可(两台minion都要配置)
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.20 salt
10.0.0.21 client01
10.0.0.22 client02
注;10.0.0.20 是salt-master的ip
5.启动服务 (先启动master端)
master端:
[[email protected] ~]# /etc/init.d/salt-master start
Starting salt-master daemon:
[[email protected] ~]# /etc/init.d/salt-master status
salt-master (pid 1733) is running...
[[email protected] ~]#
minion端(两台都一样都要启动):
[[email protected] salt]# /etc/init.d/salt-minion start
Starting salt-minion daemon: [ OK ]
[[email protected] salt]# /etc/init.d/salt-minion status
salt-minion (pid 1927) is running...
[[email protected] salt]#
6.配置文件master(只是测试)
[[email protected] salt]# vim /etc/salt/master
#log_level: warning
log_level: debug(先修改为debug 调试查看日志文件)
[email protected] salt]# /etc/init.d/salt-master stop
Stopping salt-master daemon: [ OK ]
[[email protected] salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[[email protected] salt]#
查看启动的过程
[[email protected] salt]# pwd
/var/log/salt
[[email protected] salt]# less master
2016-05-01 09:46:58,066 [salt.utils.verify][WARNING ][27997] Insecure logging configuration detected! Sensitive data may be logged.
2016-05-01 09:46:58,066 [salt.cli.daemons ][INFO ][27997] Setting up the Salt Master
2016-05-01 09:46:59,942 [salt.crypt ][DEBUG ][27997] Loaded master key: /etc/salt/pki/master/master.pem
2016-05-01 09:46:59,957 [salt.daemons.masterapi ][INFO ][27997] Preparing the root key for local communication
备注:master端修改配置文件不用重启,默认直接生效
7.命令服务端master
salt-key
-l 列出特定minion端发过来的请求( List the specified keys)
-L 列出所有的minion端的key (List all public keys)
-a 允许一台minion 后边跟上主机名(Accept the specified public key)
-A 允许所有的minion( Accept all pending keys)
-r 拒绝一台minion (Reject the specified public key)
-R 拒绝所有的minion (Reject all pending keys)
-d 删除指定的minion ( Delete the specified key)
-D 删除所有的minion (Delete all keys)
-y 类似于 yum -y 自动加上yes
8.客户端查看minion
出现问题(原因是第一次没有接收-A 允许所有):
[[email protected] ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
client01
client02
Rejected Keys:
解决方法:
[[email protected] ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
client01
client02
Proceed? [n/Y] Y
Key for minion client01 accepted.
Key for minion client02 accepted.
[[email protected] ~]# salt-key -L
Accepted Keys:
client01
client02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
练习1:
公司的业务调整,现从其他产品线送来一批机器(已在salt中),为了规范,需要将这批机器进行改名操作
[[email protected] ~]# hostname salt-client01
[[email protected] ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=salt-client01
[[email protected] ~]#
重启服务:
[[email protected] ~]# /etc/init.d/salt-minion restart
Stopping salt-minion daemon: [ OK ]
Starting salt-minion daemon: [ OK ]
在master端进行查看(可以看出没有生效):
[[email protected] ~]# salt-key -L
Accepted Keys:
client01
client02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[[email protected] ~]#
在minion端找原因(原因是/etc/salt/minion_id 中的主机名缓存的还是client01,因此清空重新启动服务即可):
[[email protected] salt]# pwd
/etc/salt
[[email protected] salt]# cat minion_id
client01[[email protected] salt]#
清空并重新启动服务(minion端)
[[email protected] ~]# cd /etc/salt/
[[email protected] salt]# ls
minion minion.d minion_id pki
[[email protected] salt]# >minion_id
[[email protected] salt]# cat minion_id
[[email protected] salt]# /etc/init.d/salt-minion restart
Stopping salt-minion daemon: [ OK ]
Starting salt-minion daemon: [ OK ]
[[email protected] salt]#
再次在master端查看
[[email protected] ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt-client01
Proceed? [n/Y] Y
Key for minion salt-client01 accepted.
[[email protected] ~]# salt-key -L
Accepted Keys:
client01
client02
salt-client01
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[[email protected] ~]# salt-key -d client01 -y
Deleting the following keys:
Accepted Keys:
client01
Key for minion client01 deleted.
[[email protected] ~]# salt-key -L
Accepted Keys:
client02
salt-client01
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[[email protected] ~]#
拓展:minion端的一台机器修改主机名,但是服务器起不来,怎么办,也加不进去master
minion端:
[[email protected] salt]# hostname salt-client-01
[[email protected] salt]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=salt-client-01
[[email protected] salt]#
把minion端的minion_id pki 删除
[[email protected] salt]# cd /etc/salt
[[email protected] salt]# ls
minion minion.d minion_id pki
[[email protected] salt]# rm -f minion_id pki
rm: cannot remove `pki‘: Is a directory
[[email protected] salt]# rm -rf minion_id pki
[[email protected] salt]# ls
minion minion.d
[[email protected] salt]#
minion端重启服务
[[email protected] salt]# /etc/init.d/salt-minion restart
Stopping salt-minion daemon: [ OK ]
Starting salt-minion daemon: [ OK ]
[[email protected] salt]#
在master端,把更改的主机名删除重新加上去
[[email protected] ~]# salt-key -d salt-client01 -y
Deleting the following keys:
Accepted Keys:
salt-client01
Key for minion salt-client01 deleted.
[[email protected] ~]# salt-key -L
Accepted Keys:
client02
Denied Keys:
Unaccepted Keys:
salt-client-01
Rejected Keys:
[[email protected] ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt-client-01
Proceed? [n/Y] Y
Key for minion salt-client-01 accepted.
[[email protected] ~]# salt-key -L
Accepted Keys:
client02
salt-client-01
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[[email protected] ~]#
master端测试链接是否正常
[[email protected] ~]# salt ‘salt-client-01‘ test.ping
salt-client-01:
True
[[email protected] ~]# salt ‘*‘ test.ping
salt-client-01:
True
client02:
True
[[email protected] ~]#
针对改名问题做一个小结
主机名缓存:删除:/etc/salt/minion_id
删除:/etc/salt/pki
master
salt-key -d salt-client -y
salt-key -A 重新加载
salt-key -L 从的数据从什么地方加载而来的
[[email protected] minions]# pwd
/etc/salt/pki/master/minions
[[email protected] minions]# ls
client02 salt-client-01
[[email protected] minions]#
练习2:
公司在飞速发展,机器在不断的增加(假设现在有1000台服务器),按照当初的需求给配置的salt-master压力越来越大,现在将其(master)更换性能更好,配置更高的机器
思想:把minion端的master ip替换成最新的服务器
把master端的key拷贝到新的服务器上面
1.先打包配置文件
[[email protected] salt]# ls
master pki
[[email protected] salt]# tar zcvf /root/pki.tar.gz pki
pki/
pki/master/
pki/master/master.pub
pki/master/master.pem
pki/master/minions_rejected/
pki/master/minions_autosign/
pki/master/minions_pre/
pki/master/minions/
pki/master/minions/salt-client-01
pki/master/minions/client02
pki/master/minions_denied/
[[email protected] ~]# ls
anaconda-ks.cfg install.log install.log.syslog pki.tar.gz
[[email protected] ~]#
2.把打包的配置文件传到最新的服务器上面去
把打包的压缩包上传到最新的服务器上面(rz和sz命令)
性能好的服务器上面的
[[email protected] salt]# ls
master pki pki.tar.gz
[[email protected] salt]# pwd
/etc/salt
[[email protected] salt]#
启动服务(服务不要先启动)
服务的启动如果有pki就不在生成
[[email protected] salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
可以看出启动服务以后调用原来的minion
[[email protected] salt]# salt-key
Accepted Keys:
client02
salt-client-01
Denied Keys:
Unaccepted Keys:
Rejected Keys:
3.更改所有minion的master的ip(在未更改的master服务器上面更改)
[[email protected] salt]# salt ‘*‘ cmd.run "sed -i ‘s#10.0.0.20#10.0.0.23#g‘ /etc/hosts"
salt-client-01:
client02:
[[email protected] salt]# salt ‘*‘ cmd.run "grep salt /etc/hosts"
client02:
10.0.0.23 salt
salt-client-01:
10.0.0.23 salt
[[email protected] salt]#
4.重启minion服务(在未更改的master服务器上面更改)
[[email protected] salt]# salt ‘*‘ service.restart salt-minion
salt-client-01:
True
client02:
True
[[email protected] salt]#
5.测试在最新的master服务器上面(迁移以后的ip)
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
returnner
默认请款修改,发送给salt minion的命令执行结果将返回给salt master。saltsatck returnner的接口允许将结果发送给任意系统
在master端执行动作
返回syslog_return
[[email protected] ~]# salt ‘*‘ test.ping --return syslog
这个log会放在每一个minion中的 /var/log/messages 中 ,根本不是我们想要的结果
将结果返回给mysql
将结果返回给mysql(在新的一台服务器上面安装mysql,随便一台)
[[email protected] ~]# yum -y install mysql mysql-server
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
event
event是一个本地的ZeroMQ PUB Interface,event是一个开放的系统,用于发送信息通知salt
或者其它的操作系统
每个event都有一个标签。事件变迁允许快速至顶过滤事件。除了标签之外,每个事件都有一个数据
结构。这个数据结构是一个dict类型,其中包含关于事件的信息
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
把本机的命令到远程执行:
master端默认放置的文件夹是 /srv/salt/ (默认是不存在)
测试1(执行脚本):
[[email protected] salt]# pwd
/srv/salt
[[email protected] salt]# cat hello.sh
echo "hello world"
[[email protected] salt]#
测试结果:
执行脚本的命令(执行master的命令):
[[email protected] salt]# salt ‘*‘ cmd.script salt://hello.sh
client02:
----------
pid:
27629
retcode:
0
stderr:
stdout:
hello world
salt-client-01:
----------
pid:
28358
retcode:
0
stderr:
stdout:
hello world
[[email protected] salt]#
测试2(远程执行脚本命令)
master
[[email protected] salt]# cat /srv/salt/hello.sh
echo "hello world"
cd /tmp &&\
touch matertest
[[email protected] salt]#
master执行:
[[email protected] salt]# salt ‘*‘ cmd.script salt://hello.sh
salt-client-01:
----------
pid:
28390
retcode:
0
stderr:
stdout:
hello world
client02:
----------
pid:
27661
retcode:
0
stderr:
stdout:
hello world
[[email protected] salt]#
测试minion:
[[email protected] tmp]# ls
matertest
[[email protected] tmp]#
测试3(查看命令)
[[email protected] salt]# salt ‘*‘ cmd.run ‘df -h‘
salt-client-01:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.6G 5.0G 24% /
tmpfs 245M 12K 245M 1% /dev/shm
/dev/sda1 190M 36M 145M 20% /boot
client02:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.6G 5.0G 24% /
tmpfs 245M 12K 245M 1% /dev/shm
/dev/sda1 190M 36M 145M 20% /boot
[[email protected] salt]#
测试4(查看客户端minion端的up还是down的状态)
[[email protected] salt]# salt-run manage.status
down:
up:
- client02
- salt-client-01
[[email protected] salt]# salt-run manage.up
- client02
- salt-client-01
[[email protected] salt]# salt-run manage.down
[[email protected] salt]#
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
salt批量拷贝文件;
master端:
[[email protected] salt]# salt-cp "*" /etc/hosts /tmp/
{‘client02‘: {‘/tmp/hosts‘: True}, ‘salt-client-01‘: {‘/tmp/hosts‘: True}}
[[email protected] salt]#
minion端(OK):
[[email protected] tmp]# ls
hosts matertest
[[email protected] tmp]#
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
saltstack的基本命令总结:
salt-master 端的默认脚本存放位置
/srv/salt/ (默认是不存在)
如果是想推送目录或者脚本都必须在这个脚本的目录下,否则都不会生效
salt-key
-l 列出特定minion端发过来的请求( List the specified keys)
-L 列出所有的minion端的key (List all public keys)
-a 允许一台minion 后边跟上主机名(Accept the specified public key)
-A 允许所有的minion( Accept all pending keys)
-r 拒绝一台minion (Reject the specified public key)
-R 拒绝所有的minion (Reject all pending keys)
-d 删除指定的minion ( Delete the specified key)
-D 删除所有的minion (Delete all keys)
-y 类似于 yum -y 自动加上yes
(模块)命令:
推送本机一个目录 /srv/salt/hellotestdir 目录(必须在这个目录下)
[[email protected] salt]# salt ‘*’ cp.get_dir salt://hellotestdir /data #拷贝目录
[[email protected] salt]# salt ‘*‘ cmd.run ‘ifconfig eth0‘ #执行命令
[[email protected] salt]# salt ‘*‘ cron.set_job root ‘*‘ ‘*‘ ‘*‘ ‘*‘ ‘*‘ ‘date >/dev/null 2>&1‘ #给被控制主机添加定时任务,也要执行下一条命令
[[email protected] salt]# salt ‘*‘ cron.raw_cron root
[[email protected] salt]# salt ‘*‘ cron.rm_job root ‘date >/dev/null 2>&1‘ # 删除被控主机上额的命令
[[email protected] salt]# salt ‘*‘ cron.raw_cron root
salt:
-S 子网IP地址匹配
-L minion列表
-G grains 匹配
[[email protected] salt]# salt -S ‘10.0.0.21‘ test.ping
salt-client-01:
True
[[email protected] salt]#
cmd.run 可以远程执行shell命令
[[email protected] ~]# salt -N group1 cmd.run ‘ifconfig eth0‘
salt-client-01:
eth0 Link encap:Ethernet HWaddr 00:0C:29:D7:B0:87
inet addr:10.0.0.21 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed7:b087/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10784 errors:0 dropped:0 overruns:0 frame:0
TX packets:2054 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:981321 (958.3 KiB) TX bytes:306933 (299.7 KiB)
[[email protected] ~]#
cmd.script 可以知心本地的脚本/srv/salt 下(在本机执行此脚本,控制minion端的,就可以在远程执行)
[[email protected] salt]# salt ‘*‘ cmd.script salt://test.sh
[[email protected] salt]# salt ‘*‘ pkg.install tree 远程安装服务 相当于在minion端执行 yum -y install tree
[[email protected] salt]# salt ‘*‘ network.interfaces 查看minion端的网络接口
[[email protected] salt]#salt -E ‘230|68‘ test.ping
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
SaltStack Event系统监听events测试
1.在salt-master /server/scripts 下新建一个文件 为test.py
test.py的内容为:
[[email protected] scripts]# cat test.py
import salt.utils.event
event = salt.utils.event.MasterEvent(‘/var/run/salt/master‘)
for eachevent in event.iter_events(full=True):
print eachevent
print "------"
[[email protected] scripts]#
2.在salt-master中运行(可以新开一个窗口,观察效果)
[[email protected] salt]# salt ‘*‘ test.ping
3.查看脚本的监控(取一小部分)
[[email protected] scripts]# python test.py
{‘tag‘: ‘salt/event/new_client‘, ‘data‘: {‘_stamp‘: ‘2016-05-05T02:12:34.253208‘}}
------
{‘tag‘: ‘20160505101234289235‘, ‘data‘: {‘_stamp‘: ‘2016-05-05T02:12:34.289798‘, ‘minions‘: [‘salt-client-01‘, ‘salt-client-02‘]}}
------
{‘tag‘: ‘salt/job/20160505101234289235/new‘, ‘data‘: {‘tgt_type‘: ‘glob‘, ‘jid‘: ‘20160505101234289235‘, ‘tgt‘: ‘*‘, ‘_stamp‘: ‘2016-05-05T02:12:34.291631‘, ‘user‘: ‘root‘, ‘arg‘: [], ‘fun‘: ‘test.ping‘, ‘minions‘: [‘salt-client-01‘, ‘salt-client-02‘]}}
4.反思:
监控脚本不用执行(test.py)
对于监控到的数据可以导入一个单门的数据库中,然后做一个页面显示出来,方便人的观察和查看
对返回的数据插入到本地的数据库中:
# yum -y install mysql-server
#yum -y install mysql-devel
安装MySQLdb依赖:
#yum -y install MySQL-python
#/etc/init.d/mysqld restart
# mysql -u root
¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥
mysql中的脚本:
配置本次测试需要使用的数据库及用户:
create database salt
grant all on salt.* to [email protected] identified by "salt_pass"
创建用于存储Job的数据库表结构:
USE `salt`;
DROP TABLE IF EXISTS `jids`;CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
DROP TABLE IF EXISTS `salt_returns`;CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥
将MySQL连接权限等信息添加到Salt Master配置文件中:
#echo -e "\n\n# MySQL\nmysql.host: ‘localhost‘\nmysql.user: ‘salt‘\nmysql.pass: ‘salt_pass‘
配置master_job_cache选项, 以使将Job结果存储在MySQL中:
echo -e "\n\n# Master Job Cache\nmaster_job_cache: mysql" >> /etc/salt/master
重启Salt Master, 以使配置生效:
service salt-master restart
测试查看本机数据库中是否有返回值
[[email protected] scripts]# mysql -u root
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| salt |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> use salt;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------+
| Tables_in_salt |
+----------------+
| jids |
| salt_returns |
+----------------+
2 rows in set (0.00 sec)
mysql> select * from salt_returns
-> \G ###可以更好的显示不用分号
*************************** 1. row ***************************
fun: test.ping
jid: 20160505103653530719
return: true
id: salt-client-02
success: 1
full_ret: {"fun_args": [], "jid": "20160505103653530719", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2016-05-05T02:36:53.817840", "fun": "test.ping", "id": "salt-client-02"}
alter_time: 2016-05-05 10:36:53
*************************** 2. row ***************************
fun: test.ping
jid: 20160505103653530719
return: true
id: salt-client-01
success: 1
full_ret: {"fun_args": [], "jid": "20160505103653530719", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2016-05-05T02:36:53.854340", "fun": "test.ping", "id": "salt-client-01"}
alter_time: 2016-05-05 10:36:53
*************************** 3. row ***************************
fun: test.ping
jid: 20160505103721895235
return: true
id: salt-client-01
success: 1
full_ret: {"fun_args": [], "jid": "20160505103721895235", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2016-05-05T02:37:22.098735", "fun": "test.ping", "id": "salt-client-01"}
alter_time: 2016-05-05 10:37:22
*************************** 4. row ***************************
fun: test.ping
jid: 20160505103721895235
return: true
id: salt-client-02
success: 1
full_ret: {"fun_args": [], "jid": "20160505103721895235", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2016-05-05T02:37:22.096824", "fun": "test.ping", "id": "salt-client-02"}
alter_time: 2016-05-05 10:37:22
4 rows in set (0.00 sec)
配置信息可以在/etc/salt/master中查看
# MySQL
mysql.host: ‘localhost‘
mysql.user: ‘salt‘
mysql.pass: ‘salt_pass‘
mysql.db: ‘salt‘
mysql.port: 3306
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
saltstack的分组信息:
在/etc/salt/master 中查看分组,根据分组的格式写group1和group2 前面有两个空格(必须的)
cat /etc/salt/master (根据样式在/etc/salt/master 中新建两个分组)
#nodegroups:
# group1: ‘[email protected],bar.domain.com,baz.domain.com and bl*.domain.com‘
# group2: ‘[email protected]:Debian and foo.domain.com‘
nodegroups:
group1: ‘salt-client-01‘
group2: ‘salt-client-02‘
保存就可以了 不用重启服务
测试:
[[email protected] salt]# salt -N group1 test.ping
salt-client-01:
True
[[email protected] salt]# salt -N group2 test.ping
salt-client-02:
True
[[email protected] salt]#
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
minion基本信息管理(grains):
查看grains的分类:
[[email protected] ~]# salt ‘*‘ grains.ls
查看grains的所有信息:
[[email protected] ~]# salt ‘*‘ grains.items
查看grains某个信息:
[[email protected] ~]# salt ‘*‘ grains.item osrelease
[[email protected] ~]# salt ‘*‘ grains.item osrelease
salt-client-02:
----------
osrelease:
6.7
salt-client-01:
----------
osrelease:
6.7
[[email protected] ~]#
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
grains和pillar
grains 负责采集一些客户端的一些信息,可以在客户端上定义,然后自动汇报上来,也可以在服务端上定义推下去,
采集完后,在汇报上来
pillar
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
个人学习:写的不好,敬请谅解