Saltstack--------部署keepalived,Job管理,salt-ssh,salt-syndic,salt-api
Posted S4061222
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Saltstack--------部署keepalived,Job管理,salt-ssh,salt-syndic,salt-api相关的知识,希望对你有一定的参考价值。
目录
前言
一、自动化安装keepalived模块
实验环境:
server1 服务端 saltstack-master 172.24.28.1
server2 客户端 saltstack-minion 172.25.28.2
server3 客户端 saltstack-minion 172.25.28.3
apache下面的lib.sls中的生效
测试:
keepalived+pillar
salt/keepaliveed/lib.sls写pillar中条件:会推倒minion端
pillar不会推到minion
1.配置vim /srv/salt/keepalived/init.sls
[root@server1 ~]# cd /srv/salt
[root@server1 salt]# ls
apache _grains _modules nginx test.sls top.sls
[root@server1 salt]# mkdir keepalived
[root@server1 salt]# cd keepalived/
[root@server1 keepalived]# ls
[root@server1 keepalived]# vim init.sls
2.配置pillar vim /srv/pillar/top.sls和vim /srv/pillar/kp.sls
3.配置 vim /srv/salt/top.sls
4.复制server2的/etc/keepalived/keepalived.conf的文件到server1
5.配置vim /srv/salt/keepalived/keepalived.conf
6.server1(master)服务端推送至minion端
7.查看真机访问172.25.28.100
二、Job管理
• master在下发指令任务时,会附带上产生的jid。
• minion在接收到指令开始执行时,会在本地的/var/cache/salt/minion/proc
目录下产生该jid命名的文件,用于在执行过程中master查看当前任务的执行
情况。
• 指令执行完毕将结果传送给master后,删除该临时文件。
• Job Cache
- Job缓存默认保存24小时:
- vim /etc/salt/master中keep_jobs: 24##默认值
- master端Job缓存目录:
- /var/cache/salt/master/jobs
安装数据库, 开启mariadb服务,安全认证
把Job存储到数据库
1.方式一
###vim test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
test.sql 导入数据库
查看一下数据库的表和库,在server1上添加用户认证
修改server2的minion的配置文件,重启服务测试
测试
2.方式二:
直接从master端传到数据库
修改server1的master的配置文件,重启服务测试
测试:
三、salt-ssh
• salt-ssh可以独立运行的,不需要minion端。
• salt-ssh 用的是sshpass进行密码交互的。
• 以串行模式工作,性能下降。
假定server3 minion无法安,使用salt-ssh方式
实验步骤:
server1安装salt-ssh
vim /etc/salt/roster
测试:
四、salt-syndic
syndic其实就是个代理,隔离master与minion。 Syndic必须要运行在master上,再连接到另一个topmaster上。
Topmaster下发的状态需要通过syndic来传递给下级master,minion传递给master的数据也是由syndic传递给topmaster。
topmaster并不知道有多少个minion。
syndic与topmaster的file_roots和pillar_roots的目录要保持一致。
四台虚拟机:
server1 服务端 master 172.24.28.1
server2 客户端 minion 172.25.28.2
server3 客户端 minion 172.25.28.3
server4 客户端 top-master 172.25.28.4
server4配置:
server1配置:
在server4上获得密钥
测试:
server4 作为 顶级master 执行任务会派发给下级 master(server1)执行
五、salt-api
1.server1下载api
2.server1生成key和crt
生成证书
3.激活rest_cherrypy
4.创建用户认证
重启服务
6.salt-api使用:获取认证token
7.推送任务:测试
推送任务:df -h
8.结合python脚本直接推送任务
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://172.25.28.1:8000',username='saltapi',password='westos')
sapi.token_id()
print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
#sapi.deploy('*','apache')
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
以上是关于Saltstack--------部署keepalived,Job管理,salt-ssh,salt-syndic,salt-api的主要内容,如果未能解决你的问题,请参考以下文章