2自动化运维之SaltStack远程执行详解
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了2自动化运维之SaltStack远程执行详解相关的知识,希望对你有一定的参考价值。
SaltStack远程执行详解
●目标(Targeting)
●模块(Module)
●返回(Returnners)
混合模式-C 选项
主机名设置参照:
redis-node1-redis03-idc04-soa.example.com(电商)
1.1模块介绍
[[email protected] salt]# salt ‘*‘ service.available sshd
linux-node1.zhurui.com:
True
linux-node2.zhurui.com:
True
服务重载:
[[email protected]-node1 salt]# salt ‘*‘ service.reload httpd
linux-node2.zhurui.com:
True
linux-node1.zhurui.com:
True
服务状态:
[[email protected]-node1 salt]# salt ‘*‘ service.status httpd
linux-node1.zhurui.com:
True
linux-node2.zhurui.com:
True
[[email protected]-node1 salt]#
1.2network模块介绍
1.2.1返回tcp状态
[[email protected]-node1 salt]# salt ‘*‘ network.active_tcp
linux-node2.zhurui.com:
----------
0:
----------
local_addr:
0.0.0.0
local_port:
2049
remote_addr:
0.0.0.0
remote_port:
0
1:
----------
local_addr:
0.0.0.0
local_port:
35682
remote_addr:
0.0.0.0
remote_port:
0
10:
----------
local_addr:
192.168.0.16
local_port:
48670
remote_addr:
192.168.0.15
remote_port:
4506
2:
----------
local_addr:
0.0.0.0
local_port:
875
remote_addr:
0.0.0.0
remote_port:
0
3:
----------
local_addr:
0.0.0.0
local_port:
111
remote_addr:
0.0.0.0
remote_port:
0
4:
----------
local_addr:
0.0.0.0
local_port:
51349
remote_addr:
0.0.0.0
remote_port:
0
5:
----------
local_addr:
0.0.0.0
local_port:
22
remote_addr:
0.0.0.0
remote_port:
0
6:
----------
local_addr:
0.0.0.0
local_port:
55993
remote_addr:
0.0.0.0
remote_port:
0
7:
----------
local_addr:
0.0.0.0
local_port:
58267
remote_addr:
0.0.0.0
remote_port:
0
8:
----------
local_addr:
192.168.0.16
local_port:
22
remote_addr:
192.168.0.101
remote_port:
49285
9:
----------
local_addr:
192.168.0.16
local_port:
59181
remote_addr:
192.168.0.15
remote_port:
4505
linux-node1.zhurui.com:
----------
0:
----------
local_addr:
0.0.0.0
local_port:
58975
remote_addr:
0.0.0.0
remote_port:
0
1:
----------
local_addr:
0.0.0.0
local_port:
49856
remote_addr:
0.0.0.0
remote_port:
0
10:
----------
local_addr:
0.0.0.0
local_port:
4505
remote_addr:
0.0.0.0
remote_port:
0
11:
----------
local_addr:
0.0.0.0
local_port:
4506
remote_addr:
0.0.0.0
remote_port:
0
12:
----------
local_addr:
192.168.0.15
local_port:
4505
remote_addr:
192.168.0.15
remote_port:
51071
13:
----------
local_addr:
192.168.0.15
local_port:
4506
remote_addr:
192.168.0.16
remote_port:
48670
14:
----------
local_addr:
192.168.0.15
local_port:
4506
remote_addr:
192.168.0.15
remote_port:
33972
15:
----------
local_addr:
192.168.0.15
local_port:
22
remote_addr:
192.168.0.101
remote_port:
49268
16:
----------
local_addr:
192.168.0.15
local_port:
33972
remote_addr:
192.168.0.15
remote_port:
4506
17:
----------
local_addr:
192.168.0.15
local_port:
4505
remote_addr:
192.168.0.16
remote_port:
59181
18:
----------
local_addr:
127.0.0.1
local_port:
45016
remote_addr:
127.0.0.1
remote_port:
4506
19:
----------
local_addr:
192.168.0.15
local_port:
51071
remote_addr:
192.168.0.15
remote_port:
4505
2:
----------
local_addr:
0.0.0.0
local_port:
2049
remote_addr:
0.0.0.0
remote_port:
0
3:
----------
local_addr:
0.0.0.0
local_port:
44356
remote_addr:
0.0.0.0
remote_port:
0
4:
----------
local_addr:
0.0.0.0
local_port:
40808
remote_addr:
0.0.0.0
remote_port:
0
5:
----------
local_addr:
0.0.0.0
local_port:
11211
remote_addr:
0.0.0.0
remote_port:
0
1.2.1在master设置规则允许特定用户,可使用的特定方法
[[email protected]-node1 salt]# vim /etc/salt/master
245 client_acl:
246 zhurui1:
247 - test.ping
248 - network.
[[email protected] salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[[email protected] salt]# useradd zhurui1 ##创建用户,并且设置密码
[[email protected] salt]# echo ‘123456‘|passwd --stdin zhurui1
Changing password for user zhurui.
passwd: all authentication tokens updated successfully.
[[email protected] salt]#
[[email protected] home]# chmod 777 /var/log/salt/master
[[email protected] home]# su - zhurui1
[[email protected] ~]$ salt ‘*‘ test.ping
linux-node2.zhurui.com:
True
linux-node1.zhurui.com:
True
[[email protected] ~]$
截图如下:
运行其他模块跟方法会报错,没有权限
1.2.2 指定特定主机,在特定用户下允许的操作
client_acl:
zhurui1:
- test.ping
- network.*
user01:
- linux-node1*:
- test.ping
[[email protected] home]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[[email protected] home]# su - user01
[[email protected] ~]$ salt ‘*‘ test.ping
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
[[email protected] ~]$ salt ‘linux-node1*‘ test.ping
linux-node1.zhurui.com:
True
1.2.3 指定黑名单,禁止特定用户的操作
开启如下行:
以上是关于2自动化运维之SaltStack远程执行详解的主要内容,如果未能解决你的问题,请参考以下文章