what-saltstack
1>是一個服務器基礎架構集中化管理平臺,具備配置管理,遠程執行,監控等功能。
2>使用Python開發,部署簡單,主從集中化管理,支持API和自定義模塊.
3>由Master和Minion構成(基於證書驗證),通過輕量級消息隊列ZeroMQ進行通信。
how-saltstack
Saltstack的master端監聽4505與4506端口,4505爲salt的消息發佈系統,4506爲salt客戶端與服務端通信的端口;
salt客戶端程序不監聽端口,客戶端啓動後,會主動連接master端註冊,然後一直保持該TCP連接,master通過這條TCP連接對客戶端控制,如果連接斷開,master對客戶端就無能爲力了。當然,客戶端若檢查到斷開後會定期的一直連接master端的。
安裝saltstack
saltstack源可以通過epel現在,本機是自己做的yum源
在真機添加一個yum源
[root@foundation88 rhel6]# pwd
/var/www/html/saltstack/rhel6
[root@foundation88 rhel6]# createrepo . #創建第三方yum源
Spawning worker 0 with 7 pkgs
Spawning worker 1 with 7 pkgs
Spawning worker 2 with 7 pkgs
Spawning worker 3 with 7 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
server3,server4:
yum 源配置:
vim /etc/yum.repos.d/rhel-source.repo
[salt]
name=saltstack
baseurl=http://172.25.88.250/saltstack/rhel6
gpgcheck=0
server3
yum install salt-master -y
[root@server3 ~]# ss -ntla
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:4505 (發送) *:*
LISTEN 0 128 *:4506 (訂閱) *:*
server4
yum install salt-minion -y
[root@server3 ~]#vim /etc/salt/minion master: server3.lalala.com
還需要認證
[root@server3 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server4.lalala.com
Proceed? [n/Y] Y
Key for minion server4.lalala.com accepted..
[root@server3 ~]# salt-key -L
Accepted Keys:
server4.lalala.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
檢驗
[root@server3 yum.repos.d]# salt server4.lalala.com test.ping
server4.lalala.com:
True
[root@server3 yum.repos.d]# salt '*' test.ping #可以正則匹配
server4.lalala.com:
True
[root@server3 yum.repos.d]# salt -S 172.25.4.4 test.ping
server4.lalala.com:
True
可以指定其他主機的任何操作。。
[root@server3 ~]# salt server4.lalala.com cmd.run 'df -h'
server4.lalala.com:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 1.3G 17G 8% /
tmpfs 499M 16K 499M 1% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot
[root@server3 yum.repos.d]# salt -S 172.25.88.4 cmd.run 'cp /etc/passwd /mnt'
[root@server3 yum.repos.d]# salt -S 172.25.88.4 cmd.run 'ls -l /mnt'
server4.lalala.com:
total 4
-rw-r--r-- 1 root root 1066 Apr 15 10:15 passwd
關於key
當初始化安裝 minion 啓動服務啓動後
minion端生成一個祕鑰對,併產生一個ID值,minion服務會安裝ID值命名的公鑰發送給 master ,直到接受爲止;
master認證完畢後,會將minion 端發送來的,以ID值命名的公鑰存放在 /etc/salt/pki/master/minions 目錄中(無擴展名); master認證完畢後,會將自身的公鑰發送給 minion,並存儲爲 /etc/salt/pki/minion/minion_master.pub.
用tree,查看master的目錄樹
[root@server3 salt]# pwd
/etc/salt
[root@server3 salt]# tree
|-- cloud
|-- cloud.conf.d
|-- cloud.deploy.d
|-- cloud.maps.d
|-- cloud.profiles.d
|-- cloud.providers.d
|-- master
|-- master.d
|-- minion
|-- minion.d
|-- pki #與密碼相關
| |-- master
| | |-- master.pem
| | |-- master.pub
| | |-- minions
| | | `-- server4.lalala.com #已添加進來的主機.
| | |-- minions_autosign
| | |-- minions_denied
| | |-- minions_pre
| | `-- minions_rejected
| `-- minion
|-- proxy
|-- proxy.d
`-- roster
被同步主機的目錄
[root@server4 salt]# tree .
.
|-- cloud
|-- cloud.conf.d
|-- cloud.deploy.d
|-- cloud.maps.d
|-- cloud.profiles.d
|-- cloud.providers.d
|-- master
|-- master.d
|-- minion
|-- minion.d
| `-- _schedule.conf
|-- minion_id
|-- pki
| |-- master
| `-- minion
| |-- minion_master.pub
安裝apache狀態模塊
vim /etc/salt/master
534 file_roots:
535 base:
536 - /srv/salt
vim /srv/salt/httpd/apache.sls
apache-install:
pkg.installed:
- name: httpd
檢測與執行
[root@server3 httpd]# salt '' state.sls httpd.apache test=True
[root@server3 httpd]# salt '' state.sls httpd.apache
server4.lalala.com:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed
Started: 14:13:13.995696
Duration: 832.407 ms
Changes:
Summary for server4.lalala.com
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 832.407 ms
推送配置信息,在minion中緩存的位置
[root@server4 httpd]# pwd
/var/cache/salt/minion/files/base/httpd
[root@server4 httpd]# cat apache.sls
apache-install:
pkg.installed:
- name: httpd
配置與應用
實現:
1.服務啓動服務器更改apache文件
2.實現服務器更改配置文件,客戶端觸發更改,並且reload生效
mkdir /srv/salt/httpd/files
vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- httpd-tools
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- require:
- pkg: apache-install
-
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch: #監控apache配置文件,一修改就reload
- file: apache-config
配置文件的端口進行更改,同步到client
vim /srv/salt/httpd/files/httpd.conf 改變默認端口
Listen 8080
[root@server3 httpd]# salt '*' state.sls httpd.apache
server4.lalala.com:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 11:42:54.769981
Duration: 445.517 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 11:42:55.217486
Duration: 45.472 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 11:42:55.395103
Duration: 75.042 ms
Changes:
----------
httpd:
True
Summary for server4.lalala.com
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 566.031 ms
查看文件兩個配置文件的hash,相同
[root@server4 files]# md5sum httpd.conf
b7ca7a0e786418ba7b5ad84efac70265 httpd.conf
[root@server3 files]# md5sum httpd.conf
b7ca7a0e786418ba7b5ad84efac70265 httpd.conf