2自动化运维之SaltStack远程执行详解

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了2自动化运维之SaltStack远程执行详解相关的知识,希望对你有一定的参考价值。

SaltStack远程执行详解

●目标(Targeting)
●模块(Module)
●返回(Returnners)
混合模式-C 选项
技术分享
主机名设置参照:
redis-node1-redis03-idc04-soa.example.com(电商)
1.1模块介绍
[[email protected] salt]# salt ‘*‘ service.available sshd
linux-node1.zhurui.com:
    True
linux-node2.zhurui.com:
    True
技术分享
服务重载:
  1. [[email protected]-node1 salt]# salt ‘*‘ service.reload httpd
  2. linux-node2.zhurui.com:
  3. True
  4. linux-node1.zhurui.com:
  5. True
技术分享
服务状态:
  1. [[email protected]-node1 salt]# salt ‘*‘ service.status httpd
  2. linux-node1.zhurui.com:
  3. True
  4. linux-node2.zhurui.com:
  5. True
  6. [[email protected]-node1 salt]#
技术分享
1.2network模块介绍
1.2.1返回tcp状态
  1. [[email protected]-node1 salt]# salt ‘*‘ network.active_tcp
  2. linux-node2.zhurui.com:
  3. ----------
  4. 0:
  5. ----------
  6. local_addr:
  7. 0.0.0.0
  8. local_port:
  9. 2049
  10. remote_addr:
  11. 0.0.0.0
  12. remote_port:
  13. 0
  14. 1:
  15. ----------
  16. local_addr:
  17. 0.0.0.0
  18. local_port:
  19. 35682
  20. remote_addr:
  21. 0.0.0.0
  22. remote_port:
  23. 0
  24. 10:
  25. ----------
  26. local_addr:
  27. 192.168.0.16
  28. local_port:
  29. 48670
  30. remote_addr:
  31. 192.168.0.15
  32. remote_port:
  33. 4506
  34. 2:
  35. ----------
  36. local_addr:
  37. 0.0.0.0
  38. local_port:
  39. 875
  40. remote_addr:
  41. 0.0.0.0
  42. remote_port:
  43. 0
  44. 3:
  45. ----------
  46. local_addr:
  47. 0.0.0.0
  48. local_port:
  49. 111
  50. remote_addr:
  51. 0.0.0.0
  52. remote_port:
  53. 0
  54. 4:
  55. ----------
  56. local_addr:
  57. 0.0.0.0
  58. local_port:
  59. 51349
  60. remote_addr:
  61. 0.0.0.0
  62. remote_port:
  63. 0
  64. 5:
  65. ----------
  66. local_addr:
  67. 0.0.0.0
  68. local_port:
  69. 22
  70. remote_addr:
  71. 0.0.0.0
  72. remote_port:
  73. 0
  74. 6:
  75. ----------
  76. local_addr:
  77. 0.0.0.0
  78. local_port:
  79. 55993
  80. remote_addr:
  81. 0.0.0.0
  82. remote_port:
  83. 0
  84. 7:
  85. ----------
  86. local_addr:
  87. 0.0.0.0
  88. local_port:
  89. 58267
  90. remote_addr:
  91. 0.0.0.0
  92. remote_port:
  93. 0
  94. 8:
  95. ----------
  96. local_addr:
  97. 192.168.0.16
  98. local_port:
  99. 22
  100. remote_addr:
  101. 192.168.0.101
  102. remote_port:
  103. 49285
  104. 9:
  105. ----------
  106. local_addr:
  107. 192.168.0.16
  108. local_port:
  109. 59181
  110. remote_addr:
  111. 192.168.0.15
  112. remote_port:
  113. 4505
  114. linux-node1.zhurui.com:
  115. ----------
  116. 0:
  117. ----------
  118. local_addr:
  119. 0.0.0.0
  120. local_port:
  121. 58975
  122. remote_addr:
  123. 0.0.0.0
  124. remote_port:
  125. 0
  126. 1:
  127. ----------
  128. local_addr:
  129. 0.0.0.0
  130. local_port:
  131. 49856
  132. remote_addr:
  133. 0.0.0.0
  134. remote_port:
  135. 0
  136. 10:
  137. ----------
  138. local_addr:
  139. 0.0.0.0
  140. local_port:
  141. 4505
  142. remote_addr:
  143. 0.0.0.0
  144. remote_port:
  145. 0
  146. 11:
  147. ----------
  148. local_addr:
  149. 0.0.0.0
  150. local_port:
  151. 4506
  152. remote_addr:
  153. 0.0.0.0
  154. remote_port:
  155. 0
  156. 12:
  157. ----------
  158. local_addr:
  159. 192.168.0.15
  160. local_port:
  161. 4505
  162. remote_addr:
  163. 192.168.0.15
  164. remote_port:
  165. 51071
  166. 13:
  167. ----------
  168. local_addr:
  169. 192.168.0.15
  170. local_port:
  171. 4506
  172. remote_addr:
  173. 192.168.0.16
  174. remote_port:
  175. 48670
  176. 14:
  177. ----------
  178. local_addr:
  179. 192.168.0.15
  180. local_port:
  181. 4506
  182. remote_addr:
  183. 192.168.0.15
  184. remote_port:
  185. 33972
  186. 15:
  187. ----------
  188. local_addr:
  189. 192.168.0.15
  190. local_port:
  191. 22
  192. remote_addr:
  193. 192.168.0.101
  194. remote_port:
  195. 49268
  196. 16:
  197. ----------
  198. local_addr:
  199. 192.168.0.15
  200. local_port:
  201. 33972
  202. remote_addr:
  203. 192.168.0.15
  204. remote_port:
  205. 4506
  206. 17:
  207. ----------
  208. local_addr:
  209. 192.168.0.15
  210. local_port:
  211. 4505
  212. remote_addr:
  213. 192.168.0.16
  214. remote_port:
  215. 59181
  216. 18:
  217. ----------
  218. local_addr:
  219. 127.0.0.1
  220. local_port:
  221. 45016
  222. remote_addr:
  223. 127.0.0.1
  224. remote_port:
  225. 4506
  226. 19:
  227. ----------
  228. local_addr:
  229. 192.168.0.15
  230. local_port:
  231. 51071
  232. remote_addr:
  233. 192.168.0.15
  234. remote_port:
  235. 4505
  236. 2:
  237. ----------
  238. local_addr:
  239. 0.0.0.0
  240. local_port:
  241. 2049
  242. remote_addr:
  243. 0.0.0.0
  244. remote_port:
  245. 0
  246. 3:
  247. ----------
  248. local_addr:
  249. 0.0.0.0
  250. local_port:
  251. 44356
  252. remote_addr:
  253. 0.0.0.0
  254. remote_port:
  255. 0
  256. 4:
  257. ----------
  258. local_addr:
  259. 0.0.0.0
  260. local_port:
  261. 40808
  262. remote_addr:
  263. 0.0.0.0
  264. remote_port:
  265. 0
  266. 5:
  267. ----------
  268. local_addr:
  269. 0.0.0.0
  270. local_port:
  271. 11211
  272. remote_addr:
  273. 0.0.0.0
  274. remote_port:
  275. 0
1.2.1在master设置规则允许特定用户,可使用的特定方法
  1. [[email protected]-node1 salt]# vim /etc/salt/master
245 client_acl:
246   zhurui1:
247     - test.ping
248     - network.
技术分享
[[email protected] salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                                 [  OK  ]
[[email protected] salt]# useradd  zhurui1  ##创建用户,并且设置密码
[[email protected] salt]# echo ‘123456‘|passwd --stdin zhurui1
Changing password for user zhurui.
passwd: all authentication tokens updated successfully.
[[email protected] home]# chmod 777 /var/log/salt/master
[[email protected] home]# su - zhurui1
[[email protected] ~]$ salt ‘*‘ test.ping
linux-node2.zhurui.com:
    True
linux-node1.zhurui.com:
    True
截图如下:
技术分享
运行其他模块跟方法会报错,没有权限
技术分享
1.2.2 指定特定主机,在特定用户下允许的操作
  1. client_acl:
  2. zhurui1:
  3. - test.ping
  4. - network.*
  5. user01:
  6. - linux-node1*:
  7. - test.ping
技术分享
[[email protected] home]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]
[[email protected] home]# su - user01
[[email protected] ~]$ salt ‘*‘ test.ping           
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
[[email protected] ~]$ salt ‘linux-node1*‘ test.ping 
linux-node1.zhurui.com:
    True
技术分享
1.2.3 指定黑名单,禁止特定用户的操作
开启如下行:
技术分享
 
 









以上是关于2自动化运维之SaltStack远程执行详解的主要内容,如果未能解决你的问题,请参考以下文章

自动化运维之saltstack初体验

自动化运维之SaltStack(概述及简单配置实例)

自动化运维之SaltStack

自动化运维之SaltStack

自动化运维之SaltStack

自动化运维之paramiko详解