Linux企业运维篇——saltstack中的Myaql存储,API接口以及常用模块sydic和ssh
一.Mysql存储saltstack推送消息
minion端控制:
salt ‘*’ test.ping --return mysql
1.python和mysql交互需要一个模块–mysql-python
[root@server2 ~]# yum install -y MySQL-python.x86_64
[root@server2 ~]# vim /etc/salt/minion 873 mysql.host: '172.25.17.1' 874 mysql.user: 'salt' 875 mysql.pass: 'westos' 876 mysql.db: 'salt' 87 mysql.port: 3306 [root@server2 ~]# systemctl restart salt-minion.service
2.master:
[root@server1 ~]# yum install -y mariadb-server MySQL-python.x86_64 [root@server1 ~]# systemctl start mariadb [root@server1 ~]# mysql MariaDB [(none)]> grant all on salt.* to salt@'%' identified by 'westos';
3.创建数据库
[root@server1 ~]# vim add.sql CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; USE `salt`; -- -- Table structure for table `jids` -- DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; #CREATE INDEX jid ON jids(jid) USING BTREE; -- -- Table structure for table `salt_returns` -- DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- -- Table structure for table `salt_events` -- DROP TABLE IF EXISTS `salt_events`; CREATE TABLE `salt_events` ( `id` BIGINT NOT NULL AUTO_INCREMENT, `tag` varchar(255) NOT NULL, `data` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, `master_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `tag` (`tag`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
4.导入数据库
[root@server1 ~]# mysql < add.sql
如果导入数据库出错:MariaDB [(none)]> drop database salt;
5.测试:
[root@server1 ~]# salt '*' test.ping --return mysql server2: True server3: True
MariaDB [salt]> select * from salt_returns;
#可以看到server2执行命令的信息
6.job cache
master端有缓存24小时,把缓存放在数据库中
[root@server1 ~]# vim /etc/salt/master master_job_cache: mysql mysql.host: 'localhost' mysql.user: 'salt' mysql.pass: 'westos' mysql.db: 'salt' mysql.port: 3306 [root@server1 ~]# systemctl restart salt-master
在数据库中:
[root@server1 ~]# mysql MariaDB [(none)]> grant all on salt.* to salt@'localhost' identified by 'westos';
[root@server1 ~]# mysql -u salt -p salt [root@server1 ~]# salt '*' cmd.run 'hostname' server3: server3 server2: server2
二.远程执行模块
1.编写文件
[root@server1 ~]# mkdir /srv/salt/_modules [root@server1 ~]# cd /srv/salt/_modules [root@server1 _modules]# vim my_disk.py #!/usr/bin/env python def df(): return __salt__['cmd.run']('df -h')
2.刷新:
[root@server1 _modules]# salt '*' saltutil.sync_modules
3.调用函数
[root@server1 _modules]# salt server2 my_disk.df
4.server2查看:
[root@server2 minion]# cd /var/cache/salt/minion [root@server2 minion]# tree #pyc编译后的文件
三.syndic
topmsater通过sy 和master通信,syndic是master上的一个服务,没有配置文件
syndic必须和master在同一主机上,master把任务布置给minion,minion反馈给master的syndic,
1.打开一个新的虚拟机,配置好yum源,安装并开启salt-master
[root@server4 ~]# vim /etc/yum.repos.d/salt.repo [salt] name=salt baseurl=http://172.25.17.250/saltstack/rhel7/2018/ gpgcheck=0
2.打开服务并设置自启
[root@server4 ~]# systemctl start salt-master.service [root@server4 ~]# systemctl enable salt-master.service
[root@server4 ~]# vim /etc/salt/master
1054 order_masters: true 674 file_roots: 675 base: 676 - /srv/salt
[root@server4 ~]# systemctl restart salt-master.service
3.安装并开启syndic服务
[root@server1 ~]# yum install -y salt-syndic [root@server1 ~]# systemctl start salt-syndic
4.编辑主配置文件
[root@server1 ~]# vim /etc/salt/master 1058 syndic_master: 172.25.17.4 [root@server1 ~]# systemctl restart salt-master.service
[root@server4 ~]# salt-key -L
[root@server4 ~]# salt-key -A
[root@server4 ~]# salt '*' test.ping server2: True server3: True
四.salt ssh
1.关闭server2和server3的minion
[root@server2 minion]# systemctl stop salt-minion.service [root@server3 minion]# systemctl stop salt-minion.service
2.安装salt-ssh
[root@server1 ~]# yum install -y salt-ssh [root@server1 ~]# cd /etc/salt/ [root@server1 salt]# vim roster #添加以下代码 server2: host: 172.25.17.2 user: root passwd: redhat server3: host: 172.25.17.3 user: root passwd: redhat
3.注释mysql
[root@server1 salt]# vim master
[root@server1 salt]# salt-ssh '*' test.ping
[root@server1 salt]# salt-ssh '*' cmd.run df
五.API
1.加密
[root@server1 ~]# yum install -y salt-api
[root@server1 ~]# cd /etc/pki/tls/
[root@server1 private]# openssl genrsa 1024 > localhost.key
[root@server1 private]# cd ../certs/ [root@server1 certs]# ls ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
2.认证
[root@server1 certs]# make testcert
[root@server1 certs]# cd /etc/salt/master.d/ [root@server1 master.d]# ls [root@server1 master.d]# vim api.conf rest_cherrypy: port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/localhost.key
[root@server1 master.d]# vim auto.conf external_auth: pam: saltapi: - .* - '@wheel' # to allow access to all wheel modules - '@runner' # to allow access to all runner modules - '@jobs'
添加用户
[
root@server1 master.d]# useradd saltapi [root@server1 master.d]# passwd saltapi
3.打开api,重启master,并查看是否监听8000端口
[root@server1 master.d]# systemctl restart salt-master [root@server1 master.d]# systemctl start salt-api [root@server1 master.d]# netstat -atnlp
真机:
4.验证服务并获得token
[root@foundation17 ~]# curl -sSk https://172.25.17.1:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=westos -d eauth=pam
5.利用token号测试minion是否通
[root@foundation17 ~]# curl -sSk https://172.25.17.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token:589b261a7fc4c76245f8a5e3862da4188c80afe3' -d client=local -d tgt='*' -d fun=test.ping
[root@foundation17 ~]# vim saltapi.py # -*- coding: utf-8 -*- import urllib2,urllib import time try: import json except ImportError: import simplejson as json class SaltAPI(object): __token_id = '' def __init__(self,url,username,password): self.__url = url.rstrip('/') self.__user = username self.__password = password def token_id(self): ''' user login and get token id ''' params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password} encode = urllib.urlencode(params) obj = urllib.unquote(encode) content = self.postRequest(obj,prefix='/login') try: self.__token_id = content['return'][0]['token'] except KeyError: raise KeyError def postRequest(self,obj,prefix='/'): url = self.__url + prefix headers = {'X-Auth-Token' : self.__token_id} req = urllib2.Request(url, obj, headers) opener = urllib2.urlopen( 1b5d8 req) content = json.loads(opener.read()) return content def list_all_key(self): params = {'client': 'wheel', 'fun': 'key.list_all'} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) minions = content['return'][0]['data']['return']['minions'] minions_pre = content['return'][0]['data']['return']['minions_pre'] return minions,minions_pre def delete_key(self,node_name): params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0]['data']['success'] return ret def accept_key(self,node_name): params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0]['data']['success'] return ret def remote_noarg_execution(self,tgt,fun): ''' Execute commands without parameters ''' params = {'client': 'local', 'tgt': tgt, 'fun': fun} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0][tgt] return ret def remote_execution(self,tgt,fun,arg): ''' Command execution with parameters ''' params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0][tgt] return ret def target_remote_execution(self,tgt,fun,arg): ''' Use targeting for remote execution ''' params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) jid = content['return'][0]['jid'] return jid def deploy(self,tgt,arg): ''' Module deployment ''' params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) return content def async_deploy(self,tgt,arg): ''' Asynchronously send a command to connected minions ''' params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) jid = content['return'][0]['jid'] return jid def target_deploy(self,tgt,arg): ''' Based on the node group forms deployment ''' params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) jid = content['return'][0]['jid'] return jid def main(): sapi = SaltAPI(url="https://172.25.36.1:8000",username="saltapi",password="westos") #sapi.token_id() #print sapi.list_all_key() #sapi.delete_key('test-01') #sapi.accept_key('test-01') #sapi.deploy('test-01','nginx') #print sapi.remote_noarg_execution('test-01','grains.items') if __name__ == '__main__': main()
[root@foundation17 ~]# python saltapi.py ([u'server2', u'server3'], [])
6.开启nginx:
[root@foundation17 ~]# vim saltapi.py sapi.deploy('server3','nginx.service')
[root@foundation17 ~]# python saltapi.py
7.关闭server3上的nginx,执行python脚本,server3上的nginx会自动开启
- SaltStack中的API接口和常用模块
- linux常用的服务--SSH以及ssh公钥认证
- Linux 常用命令, SSH, 以及简单操作
- Rhyme/ Linux 文件系统常用命令—mount挂载命令以及-o特殊选项查询表
- linux系统:输入输出管理以及vim常用功能的学习
- linux c/c++ 后台开发常用组件之:c++日志模块
- linux-1 history 历史命令调用以及常用快捷键
- python os模块 以及 os.path模块 常用命令
- linux的rsync工具的常用选项及ssh同步介绍
- linux与 windows环境的Subversion版本控制企业架构搭建之svn+ssh
- Linux下磁盘常用命令以及磁盘分区
- linux 运行 appimage 文件 以及linux常用的win的软件
- linux vim .bashrc 配置以及一些常用的linux 命令解析
- 【整理】Linux下中文检索引擎coreseek4安装,以及PHP使用sphinx的三种方式(sphinxapi,sphinx的php扩展,SphinxSe作为mysql存储引擎)
- 02_01 linux操作系统以及常用命令
- linux下查看日志的常用的文本编辑命令以及vim的使用
- linux 模块常用命令
- Linux常用命令以及服务器常用操作
- Linux学习日志day2 Part1——搭建freeIPA服务器实现用户管理以及SSH服务远程登录
- Linux企业运维人员最常用150个命令汇总