cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.43.118 master.com
192.168.43.71 slave.com
yum -y install salt-master salt-minion
chkconfig salt-master on
chkconfig salt-minion on
systemctl start salt-master.service
grep '^[a-Z]' /etc/salt/minion
master: 192.168.43.118
systemctl start salt-minion
cd /etc/salt/pki/minion/
[root@localhost minion]#ll
總用量 8
-r-------- 1 root root 1675 11月 14 20:40 minion.pem
-rw-r--r-- 1 root root 451 11月 14 20:40 minion.pub
[root@localhost minion]# cd /etc/salt/pki/master/
[root@localhost master]# ll
總用量 8
-r-------- 1 root root 1675 11月 14 20:32 master.pem
-rw-r--r-- 1 root root 451 11月 14 20:32 master.pub
drwxr-xr-x 2 root root 6 11月 14 20:32 minions
drwxr-xr-x 2 root root 6 11月 14 20:32 minions_autosign
drwxr-xr-x 2 root root 6 11月 14 20:32 minions_denied
drwxr-xr-x 2 root root 49 11月 14 20:40 minions_pre
drwxr-xr-x 2 root root 6 11月 14 20:32 minions_rejected
[root@localhost master]# tree
.
├── master.pem
├── master.pub
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
│?? ├── 192.168.43.118
│?? └── 192.168.43.71
└── minions_rejected
[root@localhost master]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
192.168.43.118
192.168.43.71
Rejected Keys:
[root@localhost master]# salt-key -A 同意所有
[root@localhost master]# salt-key -a 192* 可選 *代表所有
-L 列表
-D 刪除所有
-d 刪除選中的
[root@localhost master]# salt-key -a 192*
The following keys are going to be accepted:
Unaccepted Keys:
192.168.43.118
192.168.43.71
Proceed? [n/Y] Y
Key for minion 192.168.43.118 accepted.
Key for minion 192.168.43.71 accepted.
[root@localhost master]# tree
.
├── master.pem
├── master.pub
├── minions
│?? ├── 192.168.43.118
│?? └── 192.168.43.71
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
[root@localhost minions]# cat 192.168.43.118 公鑰
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyk+GLHO1im00+OkGVVzN
LCa/kdZV9y5b4PjTyCspzwY978R+ItxR9mWW2jF8N0XAvfg73genqxbBOIoWoSoS
nBCv34dk8PUeI4FBlFCTzs7p0xuHQKESV1EDSXQBfcnS1vDQf3A3Ik9R+bw3aDGe
SeSOYQC+VTZr8kmTCC8vAJxK94F2xB3QPmY30efEdq/e2L2zufomOIPweEi5ll6r
9vfck9x3oBFBn6lQAbZUKFfsu6KyxW8fqIUICrv8NCqGD7vLKZchw2qh7YT01hxl
iMGhCkV0eV+1quAIb+EVsduW4hRQDFJCERPeQaoBN+AvFGIrBYQbXxsOPbPqtmDo
7QIDAQAB
-----END PUBLIC KEY-----
[root@localhost ~]# cd /etc/salt/pki/minion/
[root@localhost minion]# ll
總用量 12
-rw-r--r-- 1 root root 451 11月 14 20:47 minion_master.pub master公鑰
-r-------- 1 root root 1675 11月 14 20:40 minion.pem
-rw-r--r-- 1 root root 451 11月 14 20:40 minion.pub
[root@localhost ~]# salt '*' test.ping test模塊的ping方法
192.168.43.71:
True
192.168.43.118:
True
[root@localhost ~]# salt '*' cmd.run 'uptime' cmd模塊的run方法
192.168.43.71:
20:52:54 up 29 min, 2 users, load average: 0.01, 0.04, 0.09
192.168.43.118:
20:52:54 up 1:31, 3 users, load average: 0.00, 0.04, 0.10
[root@localhost ~]#grep -v '#' /etc/salt/master |grep -v '^$'
file_roots:
base:
- /srv/salt #配置存放路徑
[root@localhost ~]# mkdir /srv/salt
[root@localhost ~]# systemctl restart salt-master
[root@localhost ~]# cd /srv/salt/ 寫一個安裝http服務
[root@localhost salt]# vim apache.sls
apache-install: 標題
pkg.installed: 2個空格 pkg模塊的installed方法
- names: 4個\n
- httpd 6個\n
- httpd-devel 6個\n
apache-service: 標題
service.running: 2個空格 service模塊的runing方法
- name: httpd 4個\n
- enable: True 4個\n
- reload: True 4個\n
拓展:vim
:set list 顯示所有字符
[root@localhost salt]# salt '*' state.sls apache state模塊的sls方法 ,apache參數
[root@localhost salt]# salt '*' state.sls apache
192.168.43.71:
----------
ID: apache-install 標題
Function: pkg.installed 某塊的方法
Name: httpd
Result: True 返回的結果
Comment: Package httpd is already installed. 安裝的包是httpd
Started: 21:26:20.274263
Duration: 695.339 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: Package httpd-devel is already installed.
Started: 21:26:20.969739
Duration: 0.335 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is running
Started: 21:26:20.970489
Duration: 3101.22 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=1)
Failed: 0 #失敗0個
高級狀態:
top.sls 必須放在base環境下
[root@localhost salt]# vim top.sls
base:
'192.168*': *可以代表多有主機
- apache 執行apache的狀態 及上面的參數
[root@localhost salt]# salt '*' state.highstate
saltstack 數據系統:
grains: 信息收集和匹配minion
[root@localhost salt]# salt '*' grains.ls 把主機grains的所有key列出來:
192.168.43.71:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gpus
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- systemd
- virtual
- zmqversion
[root@localhost salt]# salt '192.168.43.118' grains.items 把所有grains的內容顯示出來
192.168.43.118:
----------
SSDs:
biosreleasedate: base的時間
05/19/2017
biosversion: base的版本
6.00
cpu_flags: cpu的標誌位
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- xsaveopt
- arat
cpu_model: cpu的型號
Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz
cpuarch: cpu的架構
x86_64
domain: 域名
fqdn: fqdn名
fqdn_ip4: fqdn名解析ip
fqdn_ip6:
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
host: 主機名
hwaddr_interfaces: 硬件信息
----------
ens33: 網卡的mac地址
00:0c:29:e3:a8:1c
lo:
00:00:00:00:00:00
id:
192.168.43.118
init:
systemd
ip4_interfaces:
----------
ens33:
- 192.168.43.118
lo:
- 127.0.0.1
ip6_interfaces:
----------
ens33:
- fe80::532f:a2de:497a:dc6d
lo:
- ::1
ip_interfaces:
----------
ens33:
- 192.168.43.118
- fe80::532f:a2de:497a:dc6d
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.43.118
ipv6:
- ::1
- fe80::532f:a2de:497a:dc6d
kernel:
Linux
kernelrelease:
3.10.0-862.14.4.el7.x86_64
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
zh_CN
detectedencoding:
UTF-8
localhost:
localhost.localdomain
lsb_distrib_id:
CentOS Linux
machine_id:
0ed2bd568b0d42b9a188e4a84ee0d8db
manufacturer:
VMware, Inc.
master:
192.168.43.118
mdadm:
mem_total:
974
nodename:
localhost.localdomain
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
Core
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.5.1804
osrelease_info:
- 7
- 5
- 1804
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
productname:
VMware Virtual Platform
ps:
ps -efH
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2015.5.10
saltversioninfo:
- 2015
- 5
- 10
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d 47 9d ed 95 83 61-2a 82 46 ce de e3 a8 1c
server_id:
633234648
shell:
/bin/sh
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
virtual:
VMware
zmqversion:
3.2.5
[root@localhost salt]# salt '192.168.43.118' grains.item fqdn 顯示單個grais的key或者使用get
192.168.43.118:
----------
fqdn:
[root@localhost salt]# salt '192.168.43.118' grains.get selinux
192.168.43.118:
----------
enabled:
False
enforced:
Disabled
[root@localhost salt]# salt '192.168.43.118' grains.get os
[root@localhost salt]# salt -G os:CentOS cmd.run 'w' -G是使用grains
手動編寫grains信息:
[root@localhost minion]# grep -v '#' /etc/salt/minion |grep -v '^$'
master: 192.168.43.118
grains:
roles:
- webserver
- memcache
[root@localhost minion]# systemctl restart salt-minion
[root@localhost salt]# salt -G 'roles:memcache' cmd.run 'echo oo'
192.168.43.71:
oo
默認grains文件路徑/etc/salt/
[root@localhost minion]# vim /etc/salt/grains
[root@localhost minion]# cat /etc/salt/grains
web: nginx
[root@localhost minion]# systemctl restart salt-minion
[root@localhost salt]# salt -G 'web:nginx' cmd.run 'echo oo'
192.168.43.71:
oo
top裏面匹配grains:
base:
'web:nginx': 匹配grains的web等於nginx
- match: grain 指定grains匹配
- apache 執行apache狀態
[root@localhost salt]# salt '*' state.highstate
pillar:
[root@localhost salt]#grep '^[a-Z]' /etc/salt/master
file_roots:
pillar_opts: True 設置爲Ture
[root@localhost salt]# systemctl restart salt-master
[root@localhost salt]# salt '*' pillar.items
[root@localhost salt]# grep -v '#' /etc/salt/master |grep -v '^$'
file_roots:
base:
- /srv/salt 設置配置路徑
pillar_roots:
base:
- /srv/pillar 設置pillar路徑
pillar_opts: True
[root@localhost salt]# mkdir /srv/pillar
把pillar_opts: False 設置爲False
[root@localhost salt]# systemctl restart salt-master
[root@localhost salt]# vim /srv/pillar/apache.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
{% elif grains['os'] == 'Dehiah' %}
apache: apache2
{% endif %}
[root@localhost salt]# vim /srv/pillar/top.sls
base:
'*':
- apache
[root@localhost pillar]# salt '*' pillar.items
192.168.43.71:
----------
apache:
httpd
192.168.43.118:
----------
apache:
httpd
[root@localhost pillar]# salt '*' saltutil.refresh_pillar 刷新pillar
192.168.43.71:
True
192.168.43.118:
True
[root@localhost pillar]# salt -I 'apache:httpd' test.ping 測試
192.168.43.118:
True
192.168.43.71:
True
區別:
grains 存貯minion 靜態數據類型
pillar 存儲master 動態數據類型
-S ip
-I
-C 子網段
and or not
statstack安裝
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.