SaltStack实战
Posted similarface
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SaltStack实战相关的知识,希望对你有一定的参考价值。
SaltStack实战
#安装
安装注意几点
python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64
yum install python-libs解决
yum的版本太低的话是会出现问题的
http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm
rpm –Uvh yum-3.2.29-69.el6.centos.noarch.rpm
Error:
|
问题: file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64 |
|
解决: [[email protected] ~]# yum install python-lib* -y [[email protected] ~]# yum install salt-minion -y |
|
问题: Error: Package: yum-utils-1.1.30-30.el6.noarch (saltstack-repo) Requires: yum >= 3.2.29-56 Installed: yum-3.2.29-40.el6.centos.noarch (@anaconda-CentOS-201303020151.x86_64/6.4) yum = 3.2.29-40.el6.centos |
|
解决: [[email protected] ~]# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm [[email protected] ~]# rpm -Uvh yum-3.2.29-69.el6.centos.noarch.rpm warning: yum-3.2.29-69.el6.centos.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Preparing... ########################################### [100%] 1:yum ########################################### [100%]
|
|
问题: Error Downloading Packages: python-ordereddict-1.1-2.el6.noarch: failure: python-ordereddict-1.1-2.el6.noarch.rpm from epel: [Errno 256] No more mirrors to try. python-msgpack-0.4.6-1.el6.x86_64: failure: python-msgpack-0.4.6-1.el6.x86_64.rpm from epel: [Errno 256] No more mirrors to try. |
|
解决:估计要使用黄灯FQ或者使用国内的源 [[email protected] yum.repos.d]# yum install python-ordereddict* -y |
yum install python-ordereddict* -y
|
[[email protected] ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:C7:F1:FD inet addr:10.0.0.7 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fec7:f1fd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10368 errors:0 dropped:0 overruns:0 frame:0 TX packets:6210 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9829001 (9.3 MiB) TX bytes:478004 (466.8 KiB)
[[email protected] ~]# hostname master [[email protected] ~]# uname -a Linux master 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [[email protected] ~]# yum install salt-master -y
|
|
Server |
Client |
|
#开启服务 [[email protected] ~]# service salt-master start Starting salt-master daemon: [确定] [[email protected] ~]# netstat –lanput tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2682/python2.6 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 2691/python2.6
[[email protected] salt]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2682 root 13u IPv4 24479 0t0 TCP *:4505 (LISTEN) [[email protected] salt]# lsof -i:4506 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2691 root 21u IPv4 24490 0t0 TCP *:4506 (LISTEN) [[email protected] salt]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.10.7 drbd01 master.saltstack.com master 10.0.10.8 drbd02 minion.saltstack.com minion [[email protected] salt]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: client minion.saltstack.com Rejected Keys:
|
[[email protected] client ~]# cd /etc/salt/ [[email protected] client salt]# pwd /etc/salt [[email protected] client salt]# ls cloud cloud.maps.d master minion.d roster cloud.conf.d cloud.profiles.d master.d pki cloud.deploy.d cloud.providers.d minion proxy
[[email protected] salt]# grep "^#\|^$" minion -v master: 10.0.0.7 id: minion.saltstack.com [[email protected] salt]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.10.8 drbd02 minion.saltstack.com minion 10.0.10.7 drbd01 master.saltstack.com master
[[email protected] ~]# /etc/init.d/salt-minion restart Starting salt-minion daemon: [确定]
|
|
#完成认证欢迎客户端的加入 [[email protected] salt]# salt-key -a minion.saltstack.com The following keys are going to be accepted: Unaccepted Keys: minion.saltstack.com Proceed? [n/Y] Y Key for minion minion.saltstack.com accepted. [[email protected] salt]# salt-key Accepted Keys: minion.saltstack.com Denied Keys: Unaccepted Keys: client Rejected Keys: #测试ping #泛型 [[email protected] ~]# salt ‘*‘ test.ping minion.saltstack.com: True #针对性 [[email protected] ~]# salt ‘minion.saltstack.com‘ test.ping minion.saltstack.com: True [[email protected] ~]# salt ‘*‘ cmd.run ‘df -h‘ minion.saltstack.com: Filesystem Size Used Avail Use% Mounted on /dev/sda3 12G 1.7G 9.5G 15% / tmpfs 935M 12K 935M 1% /dev/shm /dev/sda1 194M 26M 159M 14% /boot /dev/sr1 1.4G 1.4G 0 100% /iso1 /dev/sr0 4.1G 4.1G 0 100% /iso [[email protected] ~]# salt ‘*‘ cmd.run ‘uptime‘ minion.saltstack.com: 21:21:34 up 3:37, 4 users, load average: 0.10, 0.03, 0.00 |
|
|
|
在增加一台:
|
|
[[email protected] ~]# mkdir -p /etc/salt/states/prod [[email protected] ~]# grep "^#\|^$" /etc/salt/master -v default_include: master.d/*.conf interface: 0.0.0.0 file_roots: base: - /etc/salt/states prod: - /etc/salt/states/prod [[email protected] ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定] [[email protected] ~]# tail -f /var/log/salt/master |
|
|
[[email protected] states]# grep "^#\|^$" -v /etc/salt/master default_include: master.d/*.conf interface: 0.0.0.0 state_top: top.sls file_roots: base: - /etc/salt/states prod: - /etc/salt/states/prod [[email protected] states]# cat ./init/pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap [[email protected] states]# cat ./prod/top.sls base: ‘minion.saltstack.com‘ - init.pkg [[email protected] states]# salt ‘*‘ state.sls init.pkg minion.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: The following packages were installed/updated: mtr Started: 22:28:11.931751 Duration: 22421.578 ms Changes: ---------- mtr: ---------- new: 2:0.75-5.el6 old: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: The following packages were installed/updated: nmap Started: 22:28:34.362114 Duration: 22710.914 ms Changes: ---------- libpcap: ---------- new: 14:1.0.0-6.20091201git117cb5.el6 old: nmap: ---------- new: 2:5.51-2.el6 old: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: The following packages were installed/updated: lrzsz Started: 22:28:57.082576 Duration: 8267.01 ms Changes: ---------- lrzsz: ---------- new: 0.12.20-27.1.el6 old:
Summary for minion.saltstack.com ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3 |
|
|
|
[[email protected] ~]# which rz /usr/bin/rz |
|
[[email protected] states]# tree ./ ./ ├── init │ ├── files │ │ └── limits.conf │ ├── limit.sls │ └── pkg.sls ├── prod └── top.sls
3 directories, 4 files [[email protected] states]# cat ./init/limit.sls limit-conf-config: file.managed: - name: /etc/security/limits.conf - source: salt://init/files/limits.conf - user: root - group: root - mode: 644 [[email protected] states]# cat ./init/pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap [[email protected] states]# cat ./top.sls base: ‘minion.saltstack.com‘: - init.pkg - init.limit [[email protected] states]# salt ‘*‘ state.highstate minion.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed Started: 23:05:41.185346 Duration: 817.998 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed Started: 23:05:42.003701 Duration: 0.914 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed Started: 23:05:42.004743 Duration: 0.587 ms Changes: ---------- ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf updated Started: 23:05:42.009035 Duration: 34.642 ms Changes: ---------- diff: --- +++ @@ -39,8 +39,8 @@ #<domain> <type> <item> <value> #
-#* soft core 0 -#* hard rss 10000 +* soft core 0 +* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50
Summary for minion.saltstack.com ------------ Succeeded: 4 (changed=1) Failed: 0 ------------ Total states run: 4 |
|
|
|
[[email protected] ~]# cat /etc/security/limits.conf * soft core 0 * hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 |
|
[[email protected] salt]# tree /etc/salt/pki/ /etc/salt/pki/ ├── master │ ├── master.pem │ ├── master.pub │ ├── minions │ │ └── minion.saltstack.com │ ├── minions_autosign │ ├── minions_denied │ ├── minions_pre │ │ └── client │ └── minions_rejected └── minion |
|
|
|
|
|
|
|
|
[[email protected] ~]# salt-key Accepted Keys: 10.0.0.9 正则表达式: [[email protected] ~]# salt -E ‘((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))‘ test.ping 10.0.0.9: True
[[email protected] ~]# cat /etc/salt/states/top.sls base: ‘((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))‘: - match: pcre - init.pkg - init.limit [[email protected] ~]# salt ‘*’ state.highstate minion.saltstack.com: ID: states Function: no.None Result: False Comment: No Top file or external nodes data matches found. Started: Duration: Changes:
Summary for minion.saltstack.com Succeeded: 0 Failed: 1 Total states run: 1 10.0.0.9: ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed Started: 08:59:28.505182 Duration: 720.628 ms Changes: ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed Started: 08:59:29.226111 Duration: 0.839 ms Changes: ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed Started: 08:59:29.227087 Duration: 0.607 ms Changes: ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf is in the correct state Started: 08:59:29.231194 Duration: 27.495 ms Changes:
Summary for 10.0.0.9 Succeeded: 4 Failed: 0 Total states run: 4 ERROR: Minions returned with non-zero exit code
|
|
-E 正则 -L list -S IP |
|
Salt into mysql |
|
mysql.host: ‘10.0.0.7‘ mysql.user: ‘salt‘ mysql.pass: ‘salt‘ mysql.db: ‘salt‘ mysql.port: 3306 mysql_job_cache: mysql【主master插入】 |
附件:
|
Iso.repo: |
|
# CentOS-Media.repo # # This repo can be used with mounted DVD media, verify the mount point for # CentOS-6. You can use this repo and yum to install items directly off the # DVD ISO that we release. # # To use this repo, put in your DVD and use it with the other repos too: # yum --enablerepo=c6-media [command] # # or for ONLY the media repo, do this: # # yum --disablerepo=\* --enablerepo=c6-media [command]
[c6-media] name=CentOS-$releasever - Media baseurl=file:///iso/ file:///iso1/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 |
|
saltstack.repo |
|
[saltstack-repo] name=SaltStack repo for RHEL/CentOS $releasever baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest enabled=1 gpgcheck=0 gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-EL5-GPG-KEY.pub |
|
|
|
|
数据系统:
|
Grains-静态数据 |
|
自定义grains [[email protected] ~]# tail -n 3 /etc/salt/minion grains: roles: nginx env: prod [[email protected] ~]# salt -G ‘env:prod‘ test.ping minion.saltstack.com: True [[email protected] ~]# salt -G ‘roles:nginx‘ test.ping minion.saltstack.com: True
[[email protected] ~]# cat /etc/salt/grains cloud: openstack [[email protected] ~]# salt -G ‘cloud:openstack‘ test.ping minion.saltstack.com: True [[email protected] ~]# salt -G ‘test:salt‘ test.ping No minions matched the target. No command was sent, no jid was assigned. ERROR: No return received #不用重启刷新 [[email protected] ~]# salt ‘*‘ saltutil.sync_grains minion.saltstack.com: 10.0.0.9: [[email protected] ~]# salt -G ‘test:salt‘ test.ping minion.saltstack.com: True
Top.sls: ‘roles:nginx‘: - match: grain - init.pkg |
|
Pillar:敏感数据 master指定Pillar 结合grains处理平台差异性 |
|
[[email protected] ~]# salt ‘*‘ pillar.ls minion.saltstack.com: 10.0.0.9: "/etc/salt/master" 840L, 32677C written 586 pillar_roots: 587 base: 588 - /etc/salt/pillar 589 [[email protected] pillar]# cat top.sls base: ‘*‘: - init.rsyslog [[email protected] pillar]# mkdir init [[email protected] pillar]# cd init/ [[email protected] init]# pwd /etc/salt/pillar/init [[email protected] init]# cat rsyslog.sls {% if grains[‘osfinger‘] == ‘CentOS-6‘ %} syslog: rsyslog {% elif %} syslog: syslog {% endif %} [[email protected] init]# pwd /etc/salt/pillar/init [[email protected] init]# salt ‘*‘ saltutil.refresh_pillar 10.0.0.9: True minion.saltstack.com: True |
以上是关于SaltStack实战的主要内容,如果未能解决你的问题,请参考以下文章