Saltstack【金沙官网线上】

作用:为了不手动去安装一台一台去salt-minion,并进重复的配置

Saltstack是Python开发的,上千台的服务器都可以管理。

一、环境

运维重复性工作:系统安装、环境部署、添加监控、代码发布(基于git或svn二次开发)、项目迁移、计划任务。

系统环境:

salt是一个新的基础平台管理工具。只需花费数分钟即可运行起来,扩展性足以支撑管理上万台服务器,数秒即可完成数据传递。

#cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

salt可以做配置管理、远程命令、包管理。

#python -V

金沙官网线上 1

Python 2.7.5

金沙官网线上 2

各节点环境说明:

salt配置

准备3台虚拟机,按照规范修改主机名:test-c2c-console01、test-c2c-php01、test-c2c-php02。

  1. [root@test-c2c-console01 ~]# cat /etc/sysconfig/network

  2. NETWORKING=yes

  3. HOSTNAME=test-c2c-console01.bj

 

  1. [root@test-c2c-console01 ~]# cat /etc/hosts

  2. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 oldboylinux

  1. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 oldboylinux

  2.  

  3. 192.168.31.138 test-c2c-php01

  4. 192.168.31.137 test-c2c-php02

  5. 192.168.31.128 test-c2c-console01.bj

配置yum源

  1. [root@test-c2c-console01 ~]# cd /etc/yum.repos.d/

  2. [root@test-c2c-console01 yum.repos.d]# ls

  3. CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo

  4. CentOS-Base.repo.20161216.oldboy CentOS-fasttrack.repo CentOS-Vault.repo

 

  1. rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 

  1. wget http://mirrors.163.com/.help/CentOS6-Base-163.repo

 

  1. [root@test-c2c-console01 yum.repos.d]# ls

  2. CentOS6-Base-163.repo CentOS-Debuginfo.repo CentOS-Vault.repo

  3. CentOS-Base.repo CentOS-fasttrack.repo epel.repo

  4. CentOS-Base.repo.20161216.oldboy CentOS-Media.repo epel-testing.repo

 

服务端

yum install salt-master –y

/etc/init.d/salt-master start

chkconfig salt-master on

客户端

yum install salt-minion -y

 

vim /etc/salt/minion

master: 192.168.31.128 #master端地址

cachedir: /etc/salt/modules #模块目录

log_file: /var/log/salt/minion.log #日志路径

log_level: warning #日志级别

 

/etc/init.d/salt-minion start

chkconfig salt-minion on

金沙官网线上 3

key管理

  1. [root@test-c2c-console01 ~]# salt-key -L

  2. Accepted Keys: #已认证

  3. Denied Keys: #未认证

  4. Unaccepted Keys:

  5. test-c2c-php01

  6. test-c2c-php02

  7. Rejected Keys: #被吊销

 

  1. [root@test-c2c-console01 ~]# salt-key -A

  2. The following keys are going to be accepted:

  3. Unaccepted Keys:

  4. test-c2c-php01

  5. test-c2c-php02

  6. Proceed? [n/Y] y

  7. Key for minion test-c2c-php01 accepted.

  1. Key for minion test-c2c-php02 accepted.
  1. [root@test-c2c-console01 ~]# salt-key -L

  2. Accepted Keys:

  3. test-c2c-php01

  4. test-c2c-php02

  5. Denied Keys:

  6. Unaccepted Keys:

  7. Rejected Keys:

 

  1. [root@test-c2c-console01 ~]# salt '*' test.ping

  2. test-c2c-php02:

  3.     True

  4. test-c2c-php01:

  5.     True

常用参数:

-L:查看key状态

-A:允许所有

-D:删除所有

-a:认证指定的key

金沙官网线上,-d:删除指定的key

-r:注销指定的key(该key状态为未认证)

 

管理

分组

[root@test-c2c-console01 salt]# pwd

/etc/salt

[root@test-c2c-console01 salt]# vim master

nodegroups:

#dev:'L@ops-dev01.bj,ops-dev02.bj' #列表匹配

dev:'E@ops-dev0[1-9].bj' #正则匹配

  1. [root@test-c2c-console01 salt]# salt -N 'php' test.ping #ping php组的机器

  2. test-c2c-php02:

  3.     True

  4. test-c2c-php01:

  5.     True

  6. [root@test-c2c-console01 salt]# salt -N 'php' cmd.run 'uptime' #查看php组机器的负载

  7. test-c2c-php01:

  8.      11:45:01 up 1:45, 2 users, load average: 0.00, 0.00, 0.00

  9. test-c2c-php02:

  10.      11:44:20 up 1:46, 2 users, load average: 0.00, 0.00, 0.00

环境配置

file_roots:

base: #测试环境

-/srv/salt

dev: #开发环境

- /srv/salt/dev/services

- /srv/salt/dev/states

prod: #生产环境

- /srv/salt/prod/services

- /srv/salt/prod/states

即时管理

salt -N 'dev' test.ping #匹配分组主机,即时ping

salt -N 'dev' cmd.run 'uptime' #执行命令

salt -N 'ops-dev(02|03)' test.ping #正则匹配主机,即时ping

salt '*' cmd.run "ab -n 10 -c 2 http://www.google.com/" #匹配所有机器做压力测试

salt -N 'dev' sys.doc cmd #查看模块文档

salt -N 'dev' saltutil.sync_all #同步到dev分组

salt -N 'dev' sys.doc mi #查看模块使用帮助

salt -N 'dev' mi.sshkey #执行该模块

salt -N 'dev' state.sls yum -v test=true #同步指定配置模块

salt -N 'dev' state.hightstate -v test=true #同步所有模块

二、hosts文件解析

#vim /etc/hosts

192.168.1.101 salt.node1.com
192.168.1.200 salt.node2.com
192.168.1.201 salt.node3.com

三、安装salt-ssh

a.添加yum源:

*参考salt-stack官网:https://docs.saltstack.com/en/latest/topics/installation/rhel.html

# vim /etc/yum.repos.d/salt-stack.repo
[saltstack-repo]
name=SaltStack repo for Red Hat Enterprise Linux $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7

b.安装salt-ssh

#yum install salt-ssh -y

c.配置roster文件

*可以在user下面配置passwd,如不配置的话,就要使用salt-ssh '*' test.ping -i命令时配置输入密码进行认证

# vim /etc/salt/roster

node1:
host: 192.168.1.200
user: root
port: 22
node2:
host: 192.168.1.201
user: root
port: 22
四、配置state.sls文件及给复制相关文件到部署目录

a.创建文件目录

本文由金沙官网线上发布于操作系统,转载请注明出处:Saltstack【金沙官网线上】

您可能还会对下面的文章感兴趣: