saltstack安装 & 使用
2018-04-07 20:15
369 查看
saltstack安装
准备两台服务器:
#服务端 hostname:centos-1 IP:192.168.157.132 #客户端 Hostname:centos-2 IP:192.168.157.135
设置hostname & hosts
[root@centos-1 ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.157.132 centos-1 [root@centos-2 ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.157.135 centos-2
下载salstack yum 源
#下载yum 源 [root@centos-1 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@centos-2 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm #这些是安装saltstack yum 源所产生的rpm包 [root@centos-1 ~]# yum list |grep salt salt-repo.noarch latest-2.el7 installed PyYAML.x86_64 3.11-1.el7 salt-latest PyYAML-debuginfo.x86_64 3.11-1.el7 salt-latest cppzmq-devel.x86_64 4.1.4-6.el7 salt-latest libsodium.x86_64 1.0.16-1.el7 salt-latest libsodium-debuginfo.x86_64 1.0.16-1.el7 salt-latest libsodium-devel.x86_64 1.0.16-1.el7 salt-latest libsodium-static.x86_64 1.0.16-1.el7 salt-latest libtomcrypt-debuginfo.x86_64 1.17-23.el7 salt-latest libtommath-debuginfo.x86_64 0.42.0-4.el7 salt-latest m2crypto.x86_64 0.28.2-3.el7 salt-latest m2crypto-debuginfo.x86_64 0.28.2-3.el7 salt-latest openpgm.x86_64 5.2.122-2.el7 salt-latest openpgm-debuginfo.x86_64 5.2.122-2.el7 salt-latest openpgm-devel.x86_64 5.2.122-2.el7 salt-latest python-cherrypy.noarch 5.6.0-2.el7 salt-latest python-crypto.x86_64 2.6.1-2.el7 salt-latest python-crypto-debuginfo.x86_64 2.6.1-2.el7 salt-latest python-futures.noarch 3.0.3-1.el7 salt-latest python-ioflo.noarch 1.3.8-1.el7 salt-latest python-libnacl.noarch 1.4.3-1.el7 salt-latest python-msgpack.x86_64 0.4.6-1.el7 salt-latest python-msgpack-debuginfo.x86_64 0.4.6-1.el7 salt-latest python-psutil.x86_64 2.2.1-1.el7 salt-latest python-psutil-debuginfo.x86_64 2.2.1-1.el7 salt-latest python-pycryptodome-debuginfo.x86_64 3.4.3-2.el7 salt-latest python-raet.noarch 0.6.5-1.el7 salt-latest python-salttesting.noarch 2015.7.10-1.el6 epel python-simplejson.x86_64 3.3.3-1.el7 salt-latest python-simplejson-debuginfo.x86_64 3.3.3-1.el7 salt-latest python-timelib.noarch 0.2.4-1.el7 salt-latest python-tornado-debuginfo.x86_64 4.2.1-1.el7 salt-latest python-zmq.x86_64 15.3.0-2.el7 salt-latest python-zmq-debuginfo.x86_64 15.3.0-2.el7 salt-latest python-zmq-tests.x86_64 15.3.0-2.el7 salt-latest python2-libcloud.noarch 2.0.0-2.el7 salt-latest python2-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest python2-typing.noarch 3.5.2.2-3.el7 salt-latest python3-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest python34-typing.noarch 3.5.2.2-3.el7 salt-latest salt.noarch 2018.3.0-1.el7 salt-latest salt-api.noarch 2018.3.0-1.el7 salt-latest salt-cloud.noarch 2018.3.0-1.el7 salt-latest salt-master.noarch 2018.3.0-1.el7 salt-latest salt-minion.noarch 2018.3.0-1.el7 salt-latest salt-ssh.noarch 2018.3.0-1.el7 salt-latest salt-syndic.noarch 2018.3.0-1.el7 salt-latest zeromq.x86_64 4.1.4-6.el7 salt-latest zeromq-debuginfo.x86_64 4.1.4-6.el7 salt-latest zeromq-devel.x86_64 4.1.4-6.el7 salt-latest [root@centos-2 ~]# yum list |grep salt salt-repo.noarch latest-2.el7 installed PyYAML.x86_64 3.11-1.el7 salt-latest PyYAML-debuginfo.x86_64 3.11-1.el7 salt-latest cppzmq-devel.x86_64 4.1.4-6.el7 salt-latest libsodium.x86_64 1.0.16-1.el7 salt-latest libsodium-debuginfo.x86_64 1.0.16-1.el7 salt-latest libsodium-devel.x86_64 1.0.16-1.el7 salt-latest libsodium-static.x86_64 1.0.16-1.el7 salt-latest libtomcrypt-debuginfo.x86_64 1.17-23.el7 salt-latest libtommath-debuginfo.x86_64 0.42.0-4.el7 salt-latest m2crypto.x86_64 0.28.2-3.el7 salt-latest m2crypto-debuginfo.x86_64 0.28.2-3.el7 salt-latest openpgm.x86_64 5.2.122-2.el7 salt-latest openpgm-debuginfo.x86_64 5.2.122-2.el7 salt-latest openpgm-devel.x86_64 5.2.122-2.el7 salt-latest python-cherrypy.noarch 5.6.0-2.el7 salt-latest python-crypto.x86_64 2.6.1-2.el7 salt-latest python-crypto-debuginfo.x86_64 2.6.1-2.el7 salt-latest python-futures.noarch 3.0.3-1.el7 salt-latest python-ioflo.noarch 1.3.8-1.el7 salt-latest python-libnacl.noarch 1.4.3-1.el7 salt-latest python-msgpack.x86_64 0.4.6-1.el7 salt-latest python-msgpack-debuginfo.x86_64 0.4.6-1.el7 salt-latest python-psutil.x86_64 2.2.1-1.el7 salt-latest python-psutil-debuginfo.x86_64 2.2.1-1.el7 salt-latest python-pycryptodome-debuginfo.x86_64 3.4.3-2.el7 salt-latest python-raet.noarch 0.6.5-1.el7 salt-latest python-salttesting.noarch 2015.7.10-1.el6 epel python-simplejson.x86_64 3.3.3-1.el7 salt-latest python-simplejson-debuginfo.x86_64 3.3.3-1.el7 salt-latest python-timelib.noarch 0.2.4-1.el7 salt-latest python-tornado-debuginfo.x86_64 4.2.1-1.el7 salt-latest python-zmq.x86_64 15.3.0-2.el7 salt-latest python-zmq-debuginfo.x86_64 15.3.0-2.el7 salt-latest python-zmq-tests.x86_64 15.3.0-2.el7 salt-latest python2-libcloud.noarch 2.0.0-2.el7 salt-latest python2-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest python2-typing.noarch 3.5.2.2-3.el7 salt-latest python3-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest python34-typing.noarch 3.5.2.2-3.el7 salt-latest salt.noarch 2018.3.0-1.el7 salt-latest salt-api.noarch 2018.3.0-1.el7 salt-latest salt-cloud.noarch 2018.3.0-1.el7 salt-latest salt-master.noarch 2018.3.0-1.el7 salt-latest salt-minion.noarch 2018.3.0-1.el7 salt-latest salt-ssh.noarch 2018.3.0-1.el7 salt-latest salt-syndic.noarch 2018.3.0-1.el7 salt-latest zeromq.x86_64 4.1.4-6.el7 salt-latest zeromq-debuginfo.x86_64 4.1.4-6.el7 salt-latest zeromq-devel.x86_64 4.1.4-6.el7 salt-latest #服务端安装 [root@centos-1 ~]# yum install -y salt-master salt-minion #客户端 [root@centos-2 ~]# yum install -y salt-minion
启动salt相关服务
配置文件
[root@centos-2 ~]# vi /etc/salt/minion #找到 #master: salt #把#去掉并修改为master的主机名 master: centos-2 [root@centos-1 ~]# vi /etc/salt/minion #找到 #master: salt #把#去掉并修改为master的主机名 master: centos-2
启动服务端
说明:服务端监听4505和4506两个端口,4505为消息发布的端口,4506为和客户端通信的端口[root@centos-1 ~]# systemctl start salt-minion [root@centos-1 ~]# ps aux |grep minion root 9844 6.3 2.1 307436 21356 ? Ss 14:33 0:00 /usr/bin/python /usr/bin/salt-minion root 9847 13.2 3.8 461072 38184 ? Sl 14:33 0:01 /usr/bin/python /usr/bin/salt-minion root 9855 0.0 2.0 400548 20136 ? S 14:33 0:00 /usr/bin/python /usr/bin/salt-minion root 9871 0.0 0.0 112676 984 pts/0 S+ 14:33 0:00 grep --color=auto minion [root@centos-1 ~]# systemctl start salt-master [root@centos-1 ~]# netstat -nvlpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 970/sshd tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 11598/python tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1071/master tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 11606/python tcp6 0 0 :::22 :::* LISTEN 970/sshd tcp6 0 0 ::1:25 :::* LISTEN 1071/master
启动客户端
[root@centos-2 ~]# systemctl start salt-minion [root@centos-2 ~]# [root@centos-2 ~]# ps aux |grep minion root 2588 3.7 2.1 307436 21356 ? Ss 01:55 0:00 /usr/bin/python /usr/bin/salt-minion root 2591 103 2.4 403960 24696 ? Rl 01:55 0:13 /usr/bin/python /usr/bin/salt-minion root 2599 9.6 2.0 400548 20136 ? S 01:55 0:01 /usr/bin/python /usr/bin/salt-minion root 2601 8.3 0.0 112676 984 pts/1 R+ 01:55 0:00 grep --color=auto minion
saltstack配置认证
•master端和minion端通信需要建立一个安全通道,传输过程需要加密,所以得配置认证,也是通过密钥对来加密解密的• minion在第一次启动时会在/etc/salt/pki/minion/下生成minion.pem和minion.pub,其中.pub为公钥,它会把公钥传输给master.
master第一次启动时也会在/etc/salt/pki/master下生成密钥对,当master接收到minion传过来的公钥后,通过salt-key工具接受这个公钥,一旦接受后就会在/etc/salt/pki/master/minions/目录里存放刚刚接受的公钥,同时客户端也会接受master传过去的公钥,把它放在/etc/salt/pki/minion目录下,并命名为minion_master.pub
•以上过程需要借助salt-key工具来实现
• 执行如下命令 salt-key -a centos-2// -a后面跟主机名,可以认证指定主机
• salt-key -a centos-2
#服务端(master) [root@centos-1 ~]# ll /etc/salt/pki/master/ 总用量 8 -r--------. 1 root root 1678 4月 6 20:50 master.pem -rw-r--r--. 1 root root 450 4月 6 20:50 master.pub drwxr-xr-x. 2 root root 6 4月 6 20:50 minions drwxr-xr-x. 2 root root 6 4月 6 20:50 minions_autosign drwxr-xr-x. 2 root root 6 4月 6 20:50 minions_denied drwxr-xr-x. 2 root root 21 4月 6 20:52 minions_pre drwxr-xr-x. 2 root root 6 4月 6 20:50 minions_rejected #客户端 [root@centos-2 ~]# ll /etc/salt/pki/minion/ 总用量 8 -r--------. 1 root root 1674 3月 19 01:57 minion.pem -rw-r--r--. 1 root root 450 3月 19 01:57 minion.pub
salt-key命令用法
-a 后面跟主机名,认证指定主机 -A 认证所有主机 -r 跟主机名,拒绝指定主机 -R 拒绝所有主机 -d 跟主机名,删除指定主机认证 -D 删除全部主机认证 -y 省略掉交互,相当于直接按了y #列出被识别的机器 [root@centos-1 ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: centos-1 Rejected Keys: #允许所有机器 [root@centos-1 ~]# salt-key -A -y The following keys are going to be accepted: Unaccepted Keys: centos-1 Key for minion centos-1 accepted. [root@centos-1 ~]# salt-key Accepted Keys: centos-1 Denied Keys: Unaccepted Keys: Rejected Keys: 说明:一直都识别不了centos-2,查看了/var/log/messages [root@centos-2 ~]# less /var/log/messages Apr 7 03:39:14 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:40:04 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:40:54 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:41:44 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:42:34 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:43:24 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:44:14 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:45:04 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:45:54 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? Apr 7 03:46:44 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding? #查看防火墙 [root@centos-2 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1108 87536 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 12 2333 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 12 2333 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 12 2333 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 10 2233 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 973 packets, 112K bytes) pkts bytes target prot opt in out source destination 973 112K OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_IN_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public all -- ens33 * 0.0.0.0/0 0.0.0.0/0 [goto] 0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_OUT_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public all -- * ens33 0.0.0.0/0 0.0.0.0/0 [goto] 0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_direct (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public (2 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDI_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_log (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public (2 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_log (1 references) pkts bytes target prot opt in out source destination Chain INPUT_ZONES (1 references) pkts bytes target prot opt in out source destination 12 2333 IN_public all -- ens33 * 0.0.0.0/0 0.0.0.0/0 [goto] 0 0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain INPUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain INPUT_direct (1 references) pkts bytes target prot opt in out source destination Chain IN_public (2 references) pkts bytes target prot opt in out source destination 12 2333 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 12 2333 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 12 2333 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 1 48 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW Chain IN_public_deny (1 references) pkts bytes target prot opt in out source destination Chain IN_public_log (1 references) pkts bytes target prot opt in out source destination Chain OUTPUT_direct (1 references) pkts bytes target prot opt in out source destination #关闭防火墙 [root@centos-2 ~]# systemctl stop firewalld #重新允许就ok了 [root@centos-1 ~]# salt-key -a centos-2 The following keys are going to be accepted: Unaccepted Keys: centos-2 Proceed? [n/Y] y Key for minion centos-2 accepted.
saltstack远程执行命令
salt '*' test.ping //这里的*表示所有已经签名的minion端,也可以指定一个.所有执行命令都是master上执行的,ping是测试对方机器是否存活,显示True表示是互通的.
salt 'centos-1' test.ping
salt '*' cmd.run "hostname"
说明: 这里的*必须是在master上已经被接受过认证的客户端,可以通过salt-key查到,通常是我们已经设定的id值。关于这部分内容,它支持通配、列表以及正则。
#测试所有机器 [root@centos-1 ~]# salt '*' test.ping centos-3: True centos-2: True #测试单个机器 [root@centos-1 ~]# salt 'centos-2' test.ping centos-2: True #cmd.run 可以执行所有系统上所能执行的命令 [root@centos-1 ~]# salt '*' cmd.run "hostname" centos-2: centos-2 centos-3: centos-3 [root@centos-1 ~]# salt '*' cmd.run "ls" centos-2: anaconda-ks.cfg centos-3: anaconda-ks.cfg [root@centos-1 ~]# salt '*' cmd.run "df -h" centos-3: Filesystem Size Used Avail Use% Mounted on /dev/sda3 18G 1.8G 17G 10% / devtmpfs 478M 0 478M 0% /dev tmpfs 488M 12K 488M 1% /dev/shm tmpfs 488M 6.8M 481M 2% /run tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 1014M 153M 862M 16% /boot tmpfs 98M 0 98M 0% /run/user/0 centos-2: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 18G 1.5G 17G 9% / devtmpfs 477M 0 477M 0% /dev tmpfs 488M 12K 488M 1% /dev/shm tmpfs 488M 6.8M 481M 2% /run tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 1014M 162M 853M 16% /boot tmpfs 98M 0 98M 0% /run/user/0
saltstack-grains
grains是在minion启动时收集的一些信息,比如操作系统类型、网卡ip、内核版本、cpu架构salt 'centos-2' grains.ls 列出所有的grains项目名字
salt 'centos-2' grains.items 列出所有grains项目以及值
grains的信息并不是动态的,并不会实时变更,它是在minion启动时收集到的。
我们可以根据grains收集到的一些信息,做配置管理工作
grains支持自定义信息。
#grains.ls [root@centos-1 ~]# salt 'centos-2' grains.ls centos-2: - SSDs - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - disks - dns - domain - fqdn - fqdn_ip4 - fqdn_ip6 - gid - gpus - groupname - host - hwaddr_interfaces - id - init - ip4_gw - ip4_interfaces - ip6_gw - ip6_interfaces - ip_gw - ip_interfaces - ipv4 - ipv6 - kernel - kernelrelease - kernelversion - locale_info - localhost - lsb_distrib_codename - lsb_distrib_id - machine_id - manufacturer - master - mdadm - mem_total - nodename - num_cpus - num_gpus - os - os_family - osarch - oscodename - osfinger - osfullname - osmajorrelease - osrelease - osrelease_info - path - pid - productname - ps - pythonexecutable - pythonpath - pythonversion - saltpath - saltversion - saltversioninfo - selinux - serialnumber - server_id - shell - swap_total - systemd - uid - username - uuid - virtual - zfs_support - zmqversion #grains.items [root@centos-1 ~]# salt 'centos-2' grains.items centos-2: ---------- SSDs: biosreleasedate: 05/19/2017 biosversion: 6.00 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - mmx - fxsr - sse - sse2 - ss - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - nopl - xtopology - tsc_reliable - nonstop_tsc - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - invpcid_single - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - invpcid - mpx - rdseed - adx - smap - clflushopt - xsaveopt - xsavec - arat cpu_model: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz cpuarch: x86_64 disks: - sda - sr0 - dm-0 - dm-1 dns: ---------- domain: ip4_nameservers: - 192.168.157.2 ip6_nameservers: nameservers: - 192.168.157.2 options: search: - localdomain sortlist: domain: fqdn: centos-2 fqdn_ip4: - 192.168.157.135 fqdn_ip6: gid: 0 gpus: |_ ---------- model: SVGA II Adapter vendor: unknown groupname: root host: centos-2 hwaddr_interfaces: ---------- ens33: 00:0c:29:1c:71:04 lo: 00:00:00:00:00:00 id: centos-2 init: systemd ip4_gw: 192.168.157.2 ip4_interfaces: ---------- ens33: - 192.168.157.135 lo: - 127.0.0.1 ip6_gw: False ip6_interfaces: ---------- ens33: - fe80::c588:134d:8941:6e3c lo: - ::1 ip_gw: True ip_interfaces: ---------- ens33: - 192.168.157.135 - fe80::c588:134d:8941:6e3c lo: - 127.0.0.1 - ::1 ipv4: - 127.0.0.1 - 192.168.157.135 ipv6: - ::1 - fe80::c588:134d:8941:6e3c kernel: Linux kernelrelease: 3.10.0-693.21.1.el7.x86_64 kernelversion: #1 SMP Wed Mar 7 19:03:37 UTC 2018 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: zh_CN detectedencoding: UTF-8 localhost: centos-2 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux machine_id: c5cc98f55ea445fe93d4e301a7b25be5 manufacturer: VMware, Inc. master: centos-1 mdadm: mem_total: 975 nodename: centos-2 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.4.1708 osrelease_info: - 7 - 4 - 1708 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 1670 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 2018.3.0 saltversioninfo: - 2018 - 3 - 0 - 0 selinux: ---------- enabled: False enforced: Disabled serialnumber: VMware-56 4d 75 76 c1 c5 0e 26-13 ba d3 96 19 1c 71 04 server_id: 1706614909 shell: /bin/sh swap_total: 1023 systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 uid: 0 username: root uuid: 76754d56-c5c1-260e-13ba-d396191c7104 virtual: VMware zfs_support: False zmqversion: 4.1.4
saltstack – 自定义grains
minion上添加自定义grains在minion上添加自定义grains 之后就可以在master上获取grains
#定义grains [root@centos-2 ~]# vim /etc/salt/grains role: nginx env: test 说明:grains 文件是不存在,包括里面的内容也是自定义的. 前面是key,后面的是value #重启服务 [root@centos-2 ~]# systemctl restart salt-minion #在master上获取grains [root@centos-1 ~]# salt '*' grains.item role env centos-2: ---------- env: test role: nginx centos-3: ---------- env: role: #根据定义的grains对这台机器做一些操作,也可以说是一种匹配手段. 也可以根据定义grais对服务器分组,然后可以对某组机器做一些操作. [root@centos-1 ~]# salt -G role:nginx cmd.run 'hostname' centos-2: centos-2
saltstack-pillar
pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息。像一些比较重要的数据(密码)可以存在pillar里,还可以定义变量等。当更改完pillar配置文件后,我们可以通过刷新pillar配置来获取新的pillar状态,salt '*' saltutil.refresh_pillar
[root@centos-1 ~]# vim /etc/salt/master #pillar_roots: #base: #- /srv/pillar 说明:找到pillar roots 把#去掉以及下面的两行 #重启master服务 [root@centos-1 ~]# systemctl restart salt-master #创建pillar 定义的目录 [root@centos-1 ~]# mkdir /srv/pillar #进入目录,创建一个定义key 和value的文件 [root@centos-1 ~]# cd /srv/pillar [root@centos-1 ~]# vim test.sls conf: /etc/123.conf 说明: conf是一个key,/etc/123.conf是value #创建一个总入口文件 [root@centos-1 pillar]# vim top.sls base: 'centos-2': //指定机器 - test //表示要加载哪个配置文件 #如果要加载多个配置文件 [root@centos-1 pillar]# vim top.sls base: 'centos-2': //指定机器 - test //表示要加载哪个配置文件 - test1 #创建一个test1配置文件(可以是定义目录) [root@centos-1 pillar]# vim test1.sls dir: /data/123 #刷新pillar 配置文件 [root@centos-1 pillar]# salt '*' saltutil.refresh_pillar centos-3: True centos-2: True #验证 [root@centos-1 pillar]# salt '*' pillar.item conf dir centos-2: ---------- conf: /etc/123.conf dir: /data/123 centos-3: ---------- conf: dir: #pillar同样可以用来作为salt的匹配对象。比如 salt -I 'conf:/etc/123.conf' test.ping [root@centos-1 pillar]# salt -I 'conf:/etc/123.conf' cmd.run 'who' centos-2: root tty1 Apr 7 11:24 root pts/0 Apr 7 11:27 (192.168.157.1)
saltstack – 安装配置httpd
[root@centos-1 ~]# vim /etc/salt/master #找到file_roots,把#去掉以及下面两行 file_roots: base: - /srv/salt/ #创建定义的目录 &进入目录 [root@centos-1 ~]# mkdir /srv/salt [root@centos-1 ~]# cd /srv/salt #定义总入口文件 [root@centos-1 salt]# vim top.sls base: '*': - httpd [root@centos-1 salt]# vim httpd.sls httpd-service: pkg.installed: - names: - httpd - httpd-devel service.running: - name: httpd - enable: True 说明: httpd-service是id的名字,自定义的pkg.installed 为包安装函数,是saltstack内置的一个模块,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动 #执行过程会比较慢,因为客户端上在yum install httpd httpd-devel [root@centos-1 salt]# salt 'centos-2' state.highstate centos-2: ---------- ID: httpd-service Function: pkg.installed Name: httpd Result: True Comment: The following packages were installed/updated: httpd Started: 17:23:33.490916 Duration: 48908.134 ms Changes: ---------- apr: ---------- new: 1.4.8-3.el7_4.1 old: apr-util: ---------- new: 1.5.2-6.el7 old: httpd: ---------- new: 2.4.6-67.el7.centos.6 old: httpd-tools: ---------- new: 2.4.6-67.el7.centos.6 old: mailcap: ---------- new: 2.1.41-2.el7 old: ---------- ID: httpd-service Function: pkg.installed Name: httpd-devel Result: True Comment: The following packages were installed/updated: httpd-devel Started: 17:24:22.459399 Duration: 6797.93 ms Changes: ---------- apr-devel: ---------- new: 1.4.8-3.el7_4.1 old: apr-util-devel: ---------- new: 1.5.2-6.el7 old: cyrus-sasl: ---------- new: 2.1.26-21.el7 old: cyrus-sasl-devel: ---------- new: 2.1.26-21.el7 old: expat-devel: ---------- new: 2.1.0-10.el7_3 old: httpd-devel: ---------- new: 2.4.6-67.el7.centos.6 old: libdb-devel: ---------- new: 5.3.21-21.el7_4 old: openldap-devel: ---------- new: 2.4.44-5.el7 old: ---------- ID: httpd-service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 17:24:30.128553 Duration: 274.79 ms Changes: ---------- httpd: True Summary for centos-2 ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3 Total run time: 55.981 s #centos-2 机器上可以看到httpd服务已经起来了 [root@centos-2 ~]# ps aux |grep httpd root 3523 0.0 0.4 221948 4964 ? Ss 17:24 0:00 /usr/sbin/httpd -DFOREGROUND apache 3524 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND apache 3525 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND apache 3526 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND apache 3527 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND apache 3528 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND root 3661 0.0 0.0 112676 984 pts/0 R+ 17:27 0:00 grep --color=auto httpd #并且有httpd.service这个文件,那么有这个文件的话就可以把httpd这个服务启动起来 [root@centos-2 ~]# ls /lib/systemd/system/httpd.service /lib/systemd/system/httpd.service
saltstack – 配置管理文件
配置管理文件,就是在master端上弄一个文件或多个,也可以说作为一个模板,从这个模板分发到每个minion端。 比如在实际运维工作中,我要修改某个文件,针对某个组机器,那么就可以先把已修改好的配置文件模板放到master上,再通知minion端,要做哪些操作.说明:第一行的file_test为自定的名字,表示该配置段的名字,可以在别的配置段中引用它,source指定文件从哪里拷贝,这里的salt://test/123/1.txt相当于是/srv/salt/test/123/1.txt
在master上配置
[root@centos-1 ~]# vim /srv/salt/test.sls file_test: file.managed: - name: /tmp/www - source: salt://test/123/1.txt - user: root - group: root - mode: 600 #创建test 以及123目录 [root@centos-1 ~]# cd /srv/salt/ [root@centos-1 salt]# ls httpd.sls test.sls top.sls [root@centos-1 salt]# mkdir test [root@centos-1 salt]# mkdir test/123 #拷贝一个文件内容 [root@centos-1 salt]# cp /etc/passwd test/123/1.txt #修改总入口文件,因为引用的是test文件 [root@centos-1 salt]# vim top.sls base: '*': - test #先对centos-2做实验 [root@centos-1 salt]# salt 'centos-2' state.highstate centos-2: ---------- ID: file_test Function: file.managed Name: /tmp/www Result: True Comment: File /tmp/www updated Started: 17:54:30.430831 Duration: 187.966 ms Changes: ---------- diff: New file Summary for centos-2 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 187.966 ms #可以看到centos-2 /tmp/是有www这个文件,并且属主和属组是root & 权限是600 [root@centos-2 ~]# ls -lt /tmp/www -rw------- 1 root root 1040 4月 7 17:54 /tmp/www #内容和拷贝的是一样的 [root@centos-1 salt]# cat test/123/1.txt root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:997:995:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin [root@centos-2 ~]# cat !$ cat /tmp/www root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:997:995:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
saltstack – 配置管理目录
[root@centos-1 salt]# pwd /srv/salt [root@centos-1 salt]# vim test_dir.sls file_dir: file.recurse: - name: /tmp/testdir //目标路径 - source: salt://test/123 //源路径 - user: root - file_mode: 640 - dir_mode: 750 - mkdir: True - clean: True //加上它之后,源删除文件或目录,目标也会跟着删除,否则不会删除 #配置总入口文件 [root@centos-1 salt]# vim top.sls base: '*': - test - test_dir #执行 [root@centos-1 salt]# salt 'centos-2' state.highstate centos-2: ---------- ID: file_test Function: file.managed Name: /tmp/www Result: True Comment: File /tmp/www is in the correct state Started: 18:26:54.201975 Duration: 139.178 ms Changes: ---------- ID: file_dir Function: file.recurse Name: /tmp/testdir Result: True Comment: Recursively updated /tmp/testdir Started: 18:26:54.341386 Duration: 169.995 ms Changes: ---------- /tmp/testdir/1.txt: ---------- diff: New file mode: 0640 Summary for centos-2 ------------ Succeeded: 2 (changed=1) Failed: 0 ------------ Total states run: 2 Total run time: 309.173 ms #可以看到centos-2 tmp目录下创建了testdir目录,以及1.txt文件 [root@centos-2 ~]# ls -lt /tmp/testdir 总用量 4 -rw-r----- 1 root root 1040 4月 7 18:26 1.txt 注意:如果source对应的目录里有空目录的话,客户端上不会创建该目录
saltstack – 配置管理远程命令
在master 上#子配置文件 [root@centos-1 salt]# vi shell_test.sls shell_test: cmd.script: - source: salt://test/1.sh - user: root #创建一个脚本,脚本的作用是touch一个文件 [root@centos-1 salt]# ls httpd.sls shell_test.sls test test_dir.sls test.sls top.sls [root@centos-1 salt]# vim test/1.sh #!/bin/bash touch /tmp/111.txt if [ ! -d /tmp/1233 ] then mkdir /tmp/1233 fi #修改总入口文件,指定执行文件 [root@centos-1 salt]# vim top.sls base: '*': - shell_test #执行 [root@centos-1 salt]# salt 'centos-2' state.highstate centos-2: ---------- ID: shell_test Function: cmd.script Result: True Comment: Command 'shell_test' run Started: 18:50:48.348033 Duration: 154.499 ms Changes: ---------- pid: 4136 retcode: 0 stderr: stdout: Summary for centos-2 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 154.499 ms #可以看到centos-2 tmp目录下有111.txt 以及1233目录,所以执行脚本是成功的 [root@centos-2 ~]# ls -lt /tmp/ 总用量 4 drwxr-xr-x 2 root root 6 4月 7 18:50 1233 -rw-r--r-- 1 root root 0 4月 7 18:50 111.txt drwxr-x--- 2 root root 18 4月 7 18:26 testdir -rw------- 1 root root 1040 4月 7 17:54 www
saltstack – 配置管理任务计划
说明:*需要用单引号引起来。当然我们还可以使用file.managed模块来管理cron,因为系统的cron都是以配置文件的形式存在的。想要删除该cron,需要增加:cron.absent:
- name: /bin/touch /tmp/111.txt
两者不能共存,要想删除一个cron,那之前的present就得去掉。
#子配置文件 [root@centos-1 salt]# vim cron_test.sls cron_test: cron.present: - name: /bin/touch /tmp/111.txt - user: root - minute: '*' - hour: 20 - daymonth: '*' - month: '*' - dayweek: '*' #修改总入口文件 [root@centos-1 salt]# vim top.sls base: '*': - cron_test #执行 [root@centos-1 salt]# salt 'centos-2' state.highstate centos-2: ---------- ID: cron_test Function: cron.present Name: /bin/touch /tmp/111.txt Result: True Comment: Cron /bin/touch /tmp/111.txt added to root's crontab Started: 19:04:15.954182 Duration: 1240.856 ms Changes: ---------- root: /bin/touch /tmp/111.txt Summary for centos-2 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 1.241 s #在centos-2 可以看到crontab 有定时任务 [root@centos-2 ~]# crontab -l # Lines below here are managed by Salt, do not edit # SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt * 20 * * * /bin/touch /tmp/111.txt #删除一个crontab [root@centos-1 salt]# vim cron_test.sls cron_test: cron.absent: - name: /bin/touch /tmp/111.txt #执行 [root@centos-1 salt]# salt 'centos-2' state.highstate centos-2: ---------- ID: cron_test Function: cron.absent Name: /bin/touch /tmp/111.txt Result: True Comment: Cron /bin/touch /tmp/111.txt removed from root's crontab Started: 19:27:02.423241 Duration: 534.817 ms Changes: ---------- root: /bin/touch /tmp/111.txt Summary for centos-2 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 534.817 ms #可以看到centos-2里面就没有定时任务了 [root@centos-2 ~]# crontab -l # Lines below here are managed by Salt, do not edit
saltstack – 配置管理任务计划
cp.get_file 拷贝master上的文件到客户端[root@centos-1 salt]# salt '*' cp.get_file salt://test/1.txt /tmp/123.txt centos-2: /tmp/123.txt centos-3: /tmp/123.txt #centos-2就有刚刚拷贝的 [root@centos-2 ~]# ll /tmp/123.txt -rw-r--r-- 1 root root 1040 4月 7 19:32 /tmp/123.txt
cp.get_dir 拷贝目录
[root@centos-1 salt]# salt '*' cp.get_dir salt://test/123 /tmp/ centos-2: - /tmp//123/1.txt centos-3: - /tmp//123/1.txt #centos-2 上就有123目录 [root@centos-2 ~]# ls -ld /tmp/123 drwxr-xr-x 2 root root 18 4月 7 19:35 /tmp/123
salt-run manage.up 显示存活的minion
[root@centos-1 salt]# salt-run manage.up - centos-2 - centos-3
命令行下执行master上的shell脚本
[root@centos-1 salt]# salt '*' cmd.script salt://test/1.sh centos-3: ---------- pid: 3485 retcode: 0 stderr: stdout: centos-2: ---------- pid: 4686 retcode: 0 stderr: stdout:
salt-ssh使用
salt-ssh 不需要借助于minion,也不需要启动什么服务,就可以到对方机器上去做一些事情,前提是得公钥放到对方机器上去,类似于ssh过去#安装rpm,如果安装过就不需要安装 [root@centos-1 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm #yum 安装salt-ssh [root@centos-1 ~]# yum install -y salt-ssh
/etc/salt/roster配置文件就是salt-ssh需要的一个配置文件,这个配置文件是用来定义主机名,host ,user passwd
[root@centos-1 ~]# vim /etc/salt/roster # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2 centos-1: host: 192.168.157.132 user: root passwd: 123456 centos-2: host: 192.168.157.135 user: root passwd: 123456 centos-3: host:192.168.157.134 user:root passwd:123456 #执行 [root@centos-1 ~]# salt-ssh --key-deploy '*' -r 'w' centos-2: ---------- retcode: 254 stderr: stdout: The host key needs to be accepted, to auto accept run salt-ssh with the -i flag: The authenticity of host '192.168.157.135 (192.168.157.135)' can't be established. ECDSA key fingerprint is SHA256:SnG/YnIn6N2uaLYfpQpk8dm6NlqQ0yWLddg49wC1SjI. ECDSA key fingerprint is MD5:f8:35:a3:74:91:17:7f:00:05:06:1a:71:3a:e3:f4:4a. Are you sure you want to continue connecting (yes/no)? centos-1: ---------- retcode: 254 stderr: stdout: The host key needs to be accepted, to auto accept run salt-ssh with the -i flag: The authenticity of host '192.168.157.132 (192.168.157.132)' can't be established. ECDSA key fingerprint is SHA256:SnG/YnIn6N2uaLYfpQpk8dm6NlqQ0yWLddg49wC1SjI. ECDSA key fingerprint is MD5:f8:35:a3:74:91:17:7f:00:05:06:1a:71:3a:e3:f4:4a. Are you sure you want to continue connecting (yes/no)? centos-3: ssh: Could not resolve hostname host:192.168.157.134: Temporary failure in name resolution 说明:可以看到执行是不成功的,因为第一次登陆的时候需要输入yes,手动执行一遍就可以了 #重新执行,就可以看到w命令执行的结果 [root@centos-1 ~]# salt-ssh --key-deploy '*' -r 'w' centos-1: ---------- retcode: 0 stderr: stdout: 20:07:52 up 8:44, 3 users, load average: 0.03, 0.10, 0.19 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 11:24 8:42m 0.30s 0.30s -bash root pts/0 192.168.157.1 11:27 8.00s 0.70s 0.01s ssh centos-1 root pts/1 centos-1 20:07 8.00s 0.86s 0.09s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w centos-3: ---------- retcode: 0 stderr: stdout: root@192.168.157.134's password: 20:07:53 up 8:44, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 11:25 8:42m 0.03s 0.03s -bash root pts/0 192.168.157.1 11:27 7:51m 0.04s 0.03s bash centos-2: ---------- retcode: 0 stderr: stdout: 20:07:53 up 8:44, 2 users, load average: 0.27, 0.10, 0.07 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 11:24 8:43m 0.36s 0.36s -bash root pts/0 192.168.157.1 11:27 31:45 0.09s 0.09s -bash #把密码删除掉, 再执行也可以,说明已经把公钥推送过去了 [root@centos-1 ~]# vim /etc/salt/roster # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2 centos-1: host: 192.168.157.132 user: root centos-2: host: 192.168.157.135 user: root centos-3: host: 192.168.157.134 user: root [root@centos-1 ~]# salt-ssh --key-deploy '*' -r 'w' centos-2: ---------- retcode: 0 stderr: stdout: 20:13:10 up 8:49, 2 users, load average: 0.00, 0.04, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 11:24 8:48m 0.36s 0.36s -bash root pts/0 192.168.157.1 11:27 2:30 0.10s 0.10s -bash centos-1: ---------- retcode: 0 stderr: stdout: 20:13:10 up 8:49, 2 users, load average: 0.14, 0.09, 0.15 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 11:24 8:48m 0.30s 0.30s -bash root pts/0 192.168.157.1 11:27 6.00s 1.18s 0.01s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w centos-3: ---------- retcode: 0 stderr: stdout: 20:13:10 up 8:49, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 11:25 8:48m 0.03s 0.03s -bash root pts/0 192.168.157.1 11:27 3:18 0.10s 0.09s bash
相关文章推荐
- saltstack安装配置使用
- SaltStack 使用pillar安装配置管理zabbix
- saltstack自动化运维系列①之saltstack服务安装及简单使用
- 运维自动化之:Saltstack配置管理工具安装配置使用攻略
- 1.saltstack使用指南:saltstack的介绍和安装
- Saltstack之Salt-api安装使用
- SaltStack使用教程(一):安装并简单配置使用
- saltstack的安装使用
- saltstack自动化运维系列①之saltstack服务安装及简单使用
- saltstack安装部署与入门使用
- Salt-API安装配置及使用
- saltstack的安装部署和简单应用
- Redis简介、与memcached比较、存储方式、应用场景、生产经验教训、安全设置、key的建议、安装和常用数据类型介绍、ServiceStack.Redis使用(1)
- saltstack安装配置(syndic)
- 自动化运维神器之saltstack (一)安装部署
- 使用Docker和saltstack构建运维paas管理平台
- saltstack快速安装
- Saltstack实战之自动安装部署MooseFS
- saltstack安装和简单配置(一)
- saltstack快速安装