一.Mysql存储saltstack推送消息

minion端控制：
salt ‘*’ test.ping --return mysql

1.python和mysql交互需要一个模块–mysql-python

[root@server2 ~]# yum install -y MySQL-python.x86_64

[root@server2 ~]# vim /etc/salt/minion
873 mysql.host: '172.25.17.1'
874 mysql.user: 'salt'
875 mysql.pass: 'westos'
876 mysql.db: 'salt'
87 mysql.port: 3306
[root@server2 ~]# systemctl restart salt-minion.service

2.master：

[root@server1 ~]# yum install -y mariadb-server MySQL-python.x86_64
[root@server1 ~]# systemctl start mariadb
[root@server1 ~]# mysql
MariaDB [(none)]> grant all on salt.* to salt@'%' identified by 'westos';

3.创建数据库

[root@server1 ~]# vim add.sql
CREATE DATABASE  `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;

USE `salt`;

--
-- Table structure for table `jids`
--

DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;

--
-- Table structure for table `salt_returns`
--

DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Table structure for table `salt_events`
--

DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

4.导入数据库

[root@server1 ~]# mysql < add.sql

如果导入数据库出错：MariaDB [(none)]> drop database salt;

5.测试：

[root@server1 ~]# salt '*' test.ping --return mysql
server2:
True
server3:
True

MariaDB [salt]> select * from salt_returns;

#可以看到server2执行命令的信息

6.job cache
master端有缓存24小时，把缓存放在数据库中

[root@server1 ~]# vim /etc/salt/master
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'westos'
mysql.db: 'salt'
mysql.port: 3306

[root@server1 ~]# systemctl restart salt-master

在数据库中：

[root@server1 ~]# mysql
MariaDB [(none)]> grant all on salt.* to salt@'localhost' identified by 'westos';

[root@server1 ~]# mysql -u salt -p salt

[root@server1 ~]# salt '*' cmd.run 'hostname'
server3:
server3
server2:
server2

二.远程执行模块

1.编写文件

[root@server1 ~]# mkdir /srv/salt/_modules
[root@server1 ~]# cd /srv/salt/_modules
[root@server1 _modules]# vim my_disk.py
#!/usr/bin/env python
def df():
return __salt__['cmd.run']('df -h')

2.刷新：

[root@server1 _modules]# salt '*' saltutil.sync_modules

3.调用函数

[root@server1 _modules]# salt server2 my_disk.df

4.server2查看：

[root@server2 minion]# cd /var/cache/salt/minion
[root@server2 minion]# tree  #pyc编译后的文件

三.syndic

topmsater通过sy 和master通信，syndic是master上的一个服务，没有配置文件
syndic必须和master在同一主机上，master把任务布置给minion，minion反馈给master的syndic，

1.打开一个新的虚拟机，配置好yum源，安装并开启salt-master

[root@server4 ~]# vim /etc/yum.repos.d/salt.repo
[salt]
name=salt
baseurl=http://172.25.17.250/saltstack/rhel7/2018/
gpgcheck=0

2.打开服务并设置自启

[root@server4 ~]# systemctl start salt-master.service
[root@server4 ~]# systemctl enable salt-master.service

[root@server4 ~]# vim /etc/salt/master

1054 order_masters: true
674 file_roots:
675   base:
676     - /srv/salt

[root@server4 ~]# systemctl restart salt-master.service

3.安装并开启syndic服务

[root@server1 ~]# yum install -y salt-syndic
[root@server1 ~]# systemctl start salt-syndic

4.编辑主配置文件

[root@server1 ~]# vim /etc/salt/master
1058 syndic_master: 172.25.17.4
[root@server1 ~]# systemctl restart salt-master.service

[root@server4 ~]# salt-key -L

[root@server4 ~]# salt-key -A

[root@server4 ~]# salt '*' test.ping
server2:
True
server3:
True

四.salt ssh

1.关闭server2和server3的minion

[root@server2 minion]# systemctl stop salt-minion.service
[root@server3 minion]# systemctl stop salt-minion.service

2.安装salt-ssh

[root@server1 ~]# yum install -y salt-ssh
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim roster #添加以下代码
server2:
host: 172.25.17.2
user: root
passwd: redhat

server3:
host: 172.25.17.3
user: root
passwd: redhat

3.注释mysql

[root@server1 salt]# vim master

[root@server1 salt]# salt-ssh '*' test.ping

[root@server1 salt]# salt-ssh '*' cmd.run df

五.API

1.加密
[root@server1 ~]# yum install -y salt-api
[root@server1 ~]# cd /etc/pki/tls/
[root@server1 private]# openssl genrsa 1024 > localhost.key

[root@server1 private]# cd ../certs/
[root@server1 certs]# ls
ca-bundle.crt  ca-bundle.trust.crt  make-dummy-cert  Makefile  renew-dummy-cert

2.认证

[root@server1 certs]# make testcert

[root@server1 certs]# cd /etc/salt/master.d/
[root@server1 master.d]# ls
[root@server1 master.d]# vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key

[root@server1 master.d]# vim auto.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'   # to allow access to all wheel modules
- '@runner'  # to allow access to all runner modules
- '@jobs'

添加用户

[

root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi

3.打开api，重启master，并查看是否监听8000端口

[root@server1 master.d]# systemctl restart salt-master
[root@server1 master.d]# systemctl start salt-api
[root@server1 master.d]# netstat -atnlp

真机：

4.验证服务并获得token

[root@foundation17 ~]# curl -sSk https://172.25.17.1:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=westos -d eauth=pam

5.利用token号测试minion是否通

[root@foundation17 ~]# curl -sSk https://172.25.17.1:8000 -H 'Accept: application/x-yaml'  -H 'X-Auth-Token:589b261a7fc4c76245f8a5e3862da4188c80afe3' -d client=local -d tgt='*' -d fun=test.ping

[root@foundation17 ~]# vim saltapi.py

# -*- coding: utf-8 -*-

import urllib2,urllib
import time

try:
import json
except ImportError:
import simplejson as json

class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password

def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError

def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token'   : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(
1b5d8
req)
content = json.loads(opener.read())
return content

def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre

def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret

def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret

def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret

def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret

def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid

def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content

def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid

def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid

def main():
sapi = SaltAPI(url="https://172.25.36.1:8000",username="saltapi",password="westos")
#sapi.token_id()
#print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
#sapi.deploy('test-01','nginx')
#print sapi.remote_noarg_execution('test-01','grains.items')

if __name__ == '__main__':
main()

[root@foundation17 ~]# python saltapi.py
([u'server2', u'server3'], [])

6.开启nginx：

[root@foundation17 ~]# vim saltapi.py
sapi.deploy('server3','nginx.service')

[root@foundation17 ~]# python saltapi.py

7.关闭server3上的nginx，执行python脚本，server3上的nginx会自动开启