自动化运维工具SaltStack
2017-10-13 13:35
696 查看
基础介绍
1.简介
SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。通过部署SaltStack环境,我们可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。
2.特性
(1)、部署简单、方便;(2)、支持大部分UNIX/Linux及Windows环境;
(3)、主从集中化管理;
(4)、配置简单、功能强大、扩展性强;
(5)、主控端(master)和被控端(minion)基于证书认证,安全可靠;
(6)、支持API及自定义模块,可通过Python轻松扩展。
3.Master与Minion认证
(1)、minion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。(2)、master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。
4、Master与Minion的连接
(1)、SaltStack master启动后默认监听4505和4506两个端口。4505(publish_port)为saltstack的消息发布系统,4506(ret_port)为saltstack客户端与服务端通信的端口。如果使用lsof 查看4505端口,会发现所有的minion在4505端口持续保持在ESTABLISHED状态。环境redhat6.5
server1 172.25.32.1 masterserver2 172.25.32.2 minino
配置saltsatck的源
master端安装:salt-masterminion端安装:salt-minion
配置
[root@server1 salt]# vim /etc/salt/master 524 # file_roots: 525 # base: 526 # - /srv/salt/ 527 # dev: 528 # - /srv/salt/dev/services 529 # - /srv/salt/dev/states 530 # prod: 531 # - /srv/salt/prod/services 532 # - /srv/salt/prod/states 533 # 534 file_roots: 535 base: 536 - /srv/salt #自动化部署文件目录 537 # [root@server1 salt]# mkdir /srv/salt/ [root@server1 salt]# mkdir /srv/salt/httpd [root@server1 salt]# cd /srv/salt/httpd/ [root@server1 httpd]# vim web.sls #新建自动部署规则 ##远程安装软件以及设定服务 1 httpd_install: 2 pkg.installed: #包安装模块和方法 3 - pkgs: 4 - httpd 5 - php 6 7 httpd_service: #服务的模块和方法 8 service.running: 9 - name: httpd 10 - enable: true 11 - reload: true
[root@server2 pki]# vim /etc/salt/minion 14 # Set the location of the salt master server. If the master server cannot be 15 # resolved, then the minion will fail to start. 16 master: server1 #后面有一个空格,server1要有解析 [root@server2 pki]# /etc/init.d/salt-minion start [root@server1 salt]# /etc/init.d/salt-master start [root@server1 salt]# salt-key -L #查看认证 Accepted Keys: Denied Keys: Unaccepted Keys: server2 Rejected Keys: [root@server1 salt]# salt-key -a server2 #添加minion认证 The following keys are going to be accepted: Unaccepted Keys: server2 Proceed? [n/Y] y Key for minion server2 accepted. [root@server1 salt]# salt-key -L Accepted Keys: server2 Denied Keys: Unaccepted Keys: Rejected Keys: [root@server1 salt]# tree . #查看目录树状结构 . ├── cloud ├── cloud.conf.d ├── cloud.deploy.d ├── cloud.maps.d ├── cloud.profiles.d ├── cloud.providers.d ├── master ├── master.d ├── minion ├── minion.d ├── pki │ ├── master │ │ ├── master.pem │ │ ├── master.pub │ │ ├── minions │ │ │ └── server2 ##认证之后可以看到认证结果 │ │ ├── minions_autosign │ │ ├── minions_denied │ │ ├── minions_pre │ │ └── minions_rejected │ └── minion ├── proxy ├── proxy.d └── roster
[root@server1 salt]# salt server2 state.sls httpd.web test=true #测试web.sls配置是否正确 server2: ---------- ID: httpd_install Function: pkg.installed Result: True #状态为真 Comment: All specified packages are already installed Started: 13:08:24.493424 Duration: 1071.447 ms Changes: ---------- ID: httpd_service Function: service.running Name: httpd Result: True #状态为真 Comment: The service httpd is already running Started: 13:08:25.565555 Duration: 33.512 ms Changes: Summary for server2 ------------ Succeeded: 2 #成功 Failed: 0 ------------ Total states run: 2 Total run time: 1.105 s [root@server2 pki]# rpm -qa |grep php php-cli-5.3.3-26.el6.x86_64 php-common-5.3.3-26.el6.x86_64 [root@server2 pki]# rpm -qa |grep http httpd-tools-2.2.15-29.el6_4.x86_64 jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64 [root@server1 salt]# salt server2 state.sls httpd.web server2: ---------- ID: httpd_install Function: pkg.installed Result: True Comment: The following packages were installed/updated: httpd, php Started: 13:13:04.716226 Duration: 4991.532 ms Changes: ---------- httpd: ---------- new: 2.2.15-29.el6_4 old: php: ---------- new: 5.3.3-26.el6 old: ---------- ID: httpd_service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 13:13:09.719859 Duration: 347.229 ms Changes: ---------- httpd: True Summary for server2 ------------ Succeeded: 2 (changed=2) Failed: 0 ------------ Total states run: 2 Total run time: 5.339 s [root@server2 pki]# rpm -qa |grep http httpd-tools-2.2.15-29.el6_4.x86_64 httpd-2.2.15-29.el6_4.x86_64 #新安转的 jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64 [root@server2 pki]# rpm -qa |grep php php-5.3.3-26.el6.x86_64 #新安装的 php-cli-5.3.3-26.el6.x86_64 php-common-5.3.3-26.el6.x86_64
添加模块:示例添加动态的获取httpd服务的监听地址以及端口
[root@server1 httpd]# ls conf install.sls [root@server1 httpd]# vim install.sls [root@server1 httpd]# cat install.sls |grep -v '#' httpd_install: pkg.installed: - pkgs: - httpd httpd_service: service.running: - name: httpd - enable: true - reload: true conf: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://httpd/conf/httpd.conf - mode: 644 - template: jinja #添加的模块 - context: port: 8080 #以及端口 [root@server1 httpd]# cat conf/httpd.conf |grep "Listen" # Listen: Allows you to bind Apache to specific IP addresses and/or # Change this to Listen on specific IP addresses as shown below to #Listen 12.34.56.78:80 Listen {{ grains['ipv4'][1] }}:{{ port }} #动态获取监听的本机器ip [root@server1 httpd]# salt server2 grains.item ipv4 server2: ---------- ipv4: - 127.0.0.1 - 172.25.32.2 [root@server1 conf]# salt server2 state.sls httpd.install server2: ---------- ID: httpd_install Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 15:10:08.708680 Duration: 1080.319 ms Changes: ---------- ID: httpd_service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 15:10:09.789751 Duration: 30.607 ms Changes: ---------- ID: conf Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 15:10:09.823005 Duration: 59.618 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen {{ grains['ipv4'][1] }}:{{ port }} +Listen 172.25.32.2:8080 # # Dynamic Shared Object (DSO) Support Summary for server2 ------------ Succeeded: 3 (changed=1) Failed: 0 ------------ Total states run: 3 Total run time: 1.171 s
相关文章推荐
- 运维自动化之:Saltstack配置管理工具安装配置使用攻略
- 自动化运维工具SaltStack - 分组(使用记录,groups)
- ansible puppet saltstack三款自动化运维工具的对比
- 自动化运维工具之Saltstack
- saltstack:运维自动化工具
- 自动化运维工具Saltstack详细介绍 推荐
- 自动化运维工具之SaltStack-1、SaltStack介绍及安装
- 自动化运维工具Saltstack详细介绍
- 自动化运维工具之saltstack
- 自动化运维工具SaltStack - 多环境(使用记录【state.sls 与 state.highstate】)
- salt stack 运维工具——自动化(二)
- SaltStack自动化运维工具
- 自动化运维工具Saltstack使用杂记
- 自动化运维工具之Ansible vs SaltStack
- 自动化运维工具之saltstack
- 自动化运维工具之SaltStack-2、SaltStack配置管理
- 自动化运维之SaltStack
- 自动化运维工具 Ansible ,SaltStack,Salt,Puppet
- saltstack 自动化运维神器(四)salt-ssh
- saltStack运维工具的部署及master迁移实现的过程详解