您的位置:首页 > 运维架构

自动化运维工具SaltStack

2017-10-13 13:35 696 查看

基础介绍

1.简介

SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。

通过部署SaltStack环境,我们可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。

2.特性

(1)、部署简单、方便;

(2)、支持大部分UNIX/Linux及Windows环境;

(3)、主从集中化管理;

(4)、配置简单、功能强大、扩展性强;

(5)、主控端(master)和被控端(minion)基于证书认证,安全可靠;

(6)、支持API及自定义模块,可通过Python轻松扩展。

3.Master与Minion认证

(1)、minion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。

(2)、master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。

4、Master与Minion的连接

(1)、SaltStack master启动后默认监听4505和4506两个端口。4505(publish_port)为saltstack的消息发布系统,4506(ret_port)为saltstack客户端与服务端通信的端口。如果使用lsof 查看4505端口,会发现所有的minion在4505端口持续保持在ESTABLISHED状态。

环境redhat6.5

server1 172.25.32.1 master

server2 172.25.32.2 minino

配置saltsatck的源

master端安装:salt-master

minion端安装:salt-minion

配置

[root@server1 salt]# vim /etc/salt/master
524 # file_roots:
525 #   base:
526 #     - /srv/salt/
527 #   dev:
528 #     - /srv/salt/dev/services
529 #     - /srv/salt/dev/states
530 #   prod:
531 #     - /srv/salt/prod/services
532 #     - /srv/salt/prod/states
533 #
534 file_roots:
535   base:
536     - /srv/salt #自动化部署文件目录
537 #
[root@server1 salt]# mkdir /srv/salt/
[root@server1 salt]# mkdir /srv/salt/httpd
[root@server1 salt]# cd /srv/salt/httpd/
[root@server1 httpd]# vim web.sls #新建自动部署规则

##远程安装软件以及设定服务
1 httpd_install:
2   pkg.installed:  #包安装模块和方法
3     - pkgs:
4       - httpd
5       - php
6
7 httpd_service:  #服务的模块和方法
8   service.running:
9     - name: httpd
10     - enable: true
11     - reload: true


[root@server2 pki]# vim /etc/salt/minion
14 # Set the location of the salt master server. If the master server cannot be
15 # resolved, then the minion will fail to start.
16 master: server1  #后面有一个空格,server1要有解析
[root@server2 pki]# /etc/init.d/salt-minion start
[root@server1 salt]# /etc/init.d/salt-master start
[root@server1 salt]# salt-key -L  #查看认证
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
Rejected Keys:
[root@server1 salt]# salt-key -a server2 #添加minion认证
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] y
Key for minion server2 accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server1 salt]# tree . #查看目录树状结构
.
├── cloud
├── cloud.conf.d
├── cloud.deploy.d
├── cloud.maps.d
├── cloud.profiles.d
├── cloud.providers.d
├── master
├── master.d
├── minion
├── minion.d
├── pki
│   ├── master
│   │   ├── master.pem
│   │   ├── master.pub
│   │   ├── minions
│   │   │   └── server2   ##认证之后可以看到认证结果
│   │   ├── minions_autosign
│   │   ├── minions_denied
│   │   ├── minions_pre
│   │   └── minions_rejected
│   └── minion
├── proxy
├── proxy.d
└── roster


[root@server1 salt]# salt server2 state.sls httpd.web test=true #测试web.sls配置是否正确
server2:
----------
ID: httpd_install
Function: pkg.installed
Result: True #状态为真
Comment: All specified packages are already installed
Started: 13:08:24.493424
Duration: 1071.447 ms
Changes:
----------
ID: httpd_service
Function: service.running
Name: httpd
Result: True  #状态为真
Comment: The service httpd is already running
Started: 13:08:25.565555
Duration: 33.512 ms
Changes:

Summary for server2
------------
Succeeded: 2  #成功
Failed:    0
------------
Total states run:     2
Total run time:   1.105 s
[root@server2 pki]# rpm -qa |grep php
php-cli-5.3.3-26.el6.x86_64
php-common-5.3.3-26.el6.x86_64
[root@server2 pki]# rpm -qa |grep http
httpd-tools-2.2.15-29.el6_4.x86_64
jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64
[root@server1 salt]# salt server2 state.sls httpd.web
server2:
----------
ID: httpd_install
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: httpd, php
Started: 13:13:04.716226
Duration: 4991.532 ms
Changes:
----------
httpd:
----------
new:
2.2.15-29.el6_4
old:
php:
----------
new:
5.3.3-26.el6
old:
----------
ID: httpd_service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 13:13:09.719859
Duration: 347.229 ms
Changes:
----------
httpd:
True

Summary for server2
------------
Succeeded: 2 (changed=2)
Failed:    0
------------
Total states run:     2
Total run time:   5.339 s
[root@server2 pki]# rpm -qa |grep http
httpd-tools-2.2.15-29.el6_4.x86_64
httpd-2.2.15-29.el6_4.x86_64 #新安转的
jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64
[root@server2 pki]# rpm -qa |grep php
php-5.3.3-26.el6.x86_64  #新安装的
php-cli-5.3.3-26.el6.x86_64
php-common-5.3.3-26.el6.x86_64


添加模块:示例添加动态的获取httpd服务的监听地址以及端口

[root@server1 httpd]# ls
conf  install.sls
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# cat install.sls |grep -v '#'
httpd_install:
pkg.installed:
- pkgs:
- httpd

httpd_service:
service.running:
- name: httpd
- enable: true
- reload: true

conf:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/conf/httpd.conf
- mode: 644
- template: jinja    #添加的模块
- context:
port: 8080       #以及端口
[root@server1 httpd]# cat conf/httpd.conf |grep "Listen"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen {{ grains['ipv4'][1] }}:{{ port }}  #动态获取监听的本机器ip
[root@server1 httpd]# salt server2 grains.item ipv4
server2:
----------
ipv4:
- 127.0.0.1
- 172.25.32.2

[root@server1 conf]# salt server2 state.sls httpd.install
server2:
----------
ID: httpd_install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 15:10:08.708680
Duration: 1080.319 ms
Changes:
----------
ID: httpd_service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 15:10:09.789751
Duration: 30.607 ms
Changes:
----------
ID: conf
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 15:10:09.823005
Duration: 59.618 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen {{ grains['ipv4'][1] }}:{{ port }}
+Listen 172.25.32.2:8080

#
# Dynamic Shared Object (DSO) Support

Summary for server2
------------
Succeeded: 3 (changed=1)
Failed:    0
------------
Total states run:     3
Total run time:   1.171 s
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: