SaltStack 实践
标签(空格分隔): Salt
一,安装
SaltStack 架构 为 Master-Slave 架构。
即一台master 管理N 台 Slave 节点。
1.1 安装SaltStack
Salt Master安装
yum install -y salt-master
Salt Minion安装
yum install -y salt-minion
二,配置
2.1 SaltStack配置
YAML配置格式
SLS文件的默认渲染器是YAML渲染器。书写SLS文件只有简单的三条规则。
2.1.1 常用YAML关键字说明
unless
include
require
依赖哪个state
2.1.2
require_in
哪个state依赖我
2.1.3
watch
2.2 Salt之Master端配置
[root@master01 ~]# egrep -v "^#|^$" /etc/salt/master
interface:192.168.20.134
file_roots:
base:
- /etc/salt/salt
prod:
- /etc/salt/states/prod
Salt Master常用的配置说明:
+ interface: 指定bind的地址(默认为0.0.0.0)
+ publish_port: 指定发布端口(默认为4506)
+ ret_port: 指定结果返回端口,与minion配置文件中的master_port对应(默认为4506)
+ user: 指定master进程的运行用户,如果调整,则需要调整部分目录的权限(默认为root)
+ timeout: 指定超时时间,如果minion规模庞大或网络状况不稳定,建议增大该值(默认5s)
+ keep_jobs: 默认情况下,minion会将执行结果返回给master,master会缓存到本地的cachedir目录,该参数指定缓存多长时间,以供查看之前
的执行结果,会占用磁盘空间(默认为24h)
+ file_recv: 是否允许minion传送文件到master(默认False)
+ file_roots:
+ pillar_roots: 指定pillar目录,默认为:
+ log_level: 执行日志级别,支持的日志级别有"garbage", "trace", "debug", "info", "warning", "error", "critical" (默认warning)
启动SaltMaster 加入开启启动项:
/etc/init.d/salt-master start
chkconfig salt-master on
2.3 Salt之Minion端配置
[root@minion01 ~]# egrep -v "^#|^$" /etc/salt/minion
master: master1
指定master 地址:使用ip 或者主机名
Salt Minion常用的配置说明:
+ master:指定master主机(默认为salt)
+ master_port: 指定认证和执行结果发送到master的哪个端口,与master配置文件中的ret_port对应(默认为4506)
+ id: 指定本minion的标识,salt内部使用id作为标识(默认为主机名)
+ user: 指定运行minion的用户,用于安装包、启动服务等操作需要特权用户,推荐使用root(默认root)
+ cache_jobs: minion是否
重启 salt-minion
2.4 在salt-master 节点接受 注册节点(签发证书)
root@master01 states]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion01
minion02
Rejected Keys:
接受Minion端的申请,
salt-key -A
输入 Y接受
三,SaltStack基本使用
我们日常简单的执行命令、查看安装包情况、查看服务运行状态情况等工作都是通过SaltStack的模块实现的。当我们安装完毕Master与Minion后,系统默认会安装很多模块,接下来具体看看怎么使用这些模块。
3.1 模块使用相关
查看Minion的所有模块
root@VECS00996:~# salt VECS00996 sys.list_modules
VECS00996:
- acl
- aliases
- alternatives
- apache
- archive
- artifactory
- blockdev
- bridge
- btrfs
- buildout
- cloud
- cmd
- composer
- config
- container_resource
- cp
- cron
- data
- defaults
- devmap
- disk
- django
- dnsmasq
- dnsutil
- drbd
- elasticsearch
- environ
- etcd
- event
- extfs
- file
- gem
- genesis
- git
- grains
- group
- grub
- hashutil
- hg
- hipchat
- hosts
- http
- img
- incron
- ini
- introspect
- ip
- iptables
- jboss7
- jboss7_cli
- key
- kmod
- locale
- locate
- logrotate
- lowpkg
- lvm
- match
- mine
- modjk
- mount
- network
- openstack_config
- pagerduty
- pillar
- pip
- pkg
- pkg_resource
- postfix
- publish
- pyenv
- raid
- random
- random_org
- rbenv
- ret
- rsync
- runit
- rvm
- s3
- saltutil
- schedule
- scsi
- sdb
- seed
- serverdensity_device
- service
- shadow
- slack
- smtp
- sqlite3
- ssh
- state
- status
- supervisord
- sys
- sysctl
- syslog_ng
- system
- test
- timezone
- user
- vbox_guest
- virtualenv
- webutil
- xfs
查看Minion指定模块下的函数
root@VECS00996:~# salt VECS00996 sys.list_functions cmd
VECS00996:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
查看Minion模块的使用方法
root@VECS00996:~# salt VECS00996 sys.doc cmd
'cmd.exec_code:'
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. The stdout will be returned.
CLI Example:
salt '*' cmd.exec_code ruby 'puts "cheese"'
'cmd.exec_code_all:'
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. All cmd artifacts (stdout, stderr, retcode, pid)
will be returned.
CLI Example:
salt '*' cmd.exec_code_all ruby 'puts "cheese"'
'cmd.has_exec:'
Returns true if the executable is available on the minion, false otherwise
CLI Example:
salt '*' cmd.has_exec cat
'cmd.retcode:'
Execute a shell command and return the command's return code.
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
:rtype: int
:rtype: None
:returns: Return Code as an int or None if there was an exception.
CLI Example:
salt '*' cmd.retcode "file /bin/bash"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.retcode template=jinja "file {{grains.pythonpath[0]}}/python"
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.retcode "grep f" stdin='one
two
three
four
five
'
'cmd.run:'
Execute the passed command and return the output as a string
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
Warning:
This function does not process commands through a shell
unless the python_shell flag is set to True. This means that any
shell-specific functionality such as 'echo' or the use of pipes,
redirection or &&, should either be migrated to cmd.shell or
have the python_shell=True flag set here.
The use of python_shell=True means that the shell will accept _any_ input
including potentially malicious commands such as 'good_command;rm -rf /'.
Be absolutely certain that you have sanitized your input prior to using
python_shell=True
CLI Example:
salt '*' cmd.run "ls -l | awk '/foo/{print $2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.run template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print $2}'"
Specify an alternate shell with the shell parameter:
salt '*' cmd.run "Get-ChildItem C: " shell='powershell'
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.run "grep f" stdin='one
two
three
four
five
'
If an equal sign (``=``) appears in an argument to a Salt command it is
interpreted as a keyword argument in the format ``key=val``. That
processing can be bypassed in order to pass an equal sign through to the
remote shell command by manually specifying the kwarg:
salt '*' cmd.run cmd='sed -e s/=/:/g'
'cmd.run_all:'
Execute the passed command and return a dict of return data
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
CLI Example:
salt '*' cmd.run_all "ls -l | awk '/foo/{print $2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.run_all template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print $2}'"
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.run_all "grep f" stdin='one
two
three
four
five
'
'cmd.run_chroot:'
New in version 2014.7.0
This function runs :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` wrapped
within a chroot, with dev and proc mounted in the chroot
stdin : None
Standard input to be used for the command
New in version 2014.7.1
output_loglevel : debug
Level at which to log the output from the command. Set to ``quiet`` to
suppress logging.
New in version 2014.7.1
CLI Example:
salt '*' cmd.run_chroot /var/lib/lxc/container_name/rootfs 'sh /tmp/bootstrap.sh'
'cmd.run_stderr:'
Execute a command and only return the standard error
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
CLI Example:
salt '*' cmd.run_stderr "ls -l | awk '/foo/{print $2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.run_stderr template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print $2}'"
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.run_stderr "grep f" stdin='one
two
three
four
five
'
'cmd.run_stdout:'
Execute a command, and only return the standard out
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
CLI Example:
salt '*' cmd.run_stdout "ls -l | awk '/foo/{print $2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.run_stdout template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print $2}'"
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.run_stdout "grep f" stdin='one
two
three
four
five
'
'cmd.script:'
Download a script from a remote location and execute the script locally.
The script can be located on the salt master file server or on an HTTP/FTP
server.
The script will be executed directly, so it can be written in any available
programming language.
The script can also be formatted as a template, the default is jinja.
Arguments for the script can be specified as well.
CLI Example:
salt '*' cmd.script salt://scripts/runme.sh
salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
salt '*' cmd.script salt://scripts/windows_task.ps1 args=' -Input c: mpinfile.txt' shell='powershell'
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.script salt://scripts/runme.sh stdin='one
two
three
four
five
'
'cmd.script_retcode:'
Download a script from a remote location and execute the script locally.
The script can be located on the salt master file server or on an HTTP/FTP
server.
The script will be executed directly, so it can be written in any available
programming language.
The script can also be formatted as a template, the default is jinja.
Only evaluate the script return code and do not block for terminal output
CLI Example:
salt '*' cmd.script_retcode salt://scripts/runme.sh
salt '*' cmd.script_retcode salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
salt '*' cmd.script_retcode salt://scripts/windows_task.ps1 args=' -Input c: mpinfile.txt' shell='powershell'
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.script_retcode salt://scripts/runme.sh stdin='one
two
three
four
five
'
'cmd.shell:'
Execute the passed command and return the output as a string.
New in version 2015.5.0
.. warning ::
This passes the cmd argument directly to the shell
without any further processing! Be absolutely sure that you
have properly santized the command passed to this function
and do not use untrusted inputs.
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
CLI Example:
salt '*' cmd.shell "ls -l | awk '/foo/{print $2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.shell template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print $2}'"
Specify an alternate shell with the shell parameter:
salt '*' cmd.shell "Get-ChildItem C: " shell='powershell'
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.shell "grep f" stdin='one
two
three
four
five
'
If an equal sign (``=``) appears in an argument to a Salt command it is
interpreted as a keyword argument in the format ``key=val``. That
processing can be bypassed in order to pass an equal sign through to the
remote shell command by manually specifying the kwarg:
salt '*' cmd.shell cmd='sed -e s/=/:/g'
'cmd.shells:'
Lists the valid shells on this system via the /etc/shells file
New in version 2015.5.0
CLI Example::
salt '*' cmd.shells
'cmd.tty:'
Echo a string to a specific tty
CLI Example:
salt '*' cmd.tty tty0 'This is a test'
salt '*' cmd.tty pts3 'This is a test'
'cmd.which:'
Returns the path of an executable available on the minion, None otherwise
CLI Example:
salt '*' cmd.which cat
'cmd.which_bin:'
Returns the first command found in a list of commands
CLI Example:
salt '*' cmd.which_bin '[pip2, pip, pip-python]'
查看某个模块下的某个函数的使用方法
root@VECS00996:~# salt VECS00996 sys.doc cmd.run
'cmd.run:'
Execute the passed command and return the output as a string
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
Warning:
This function does not process commands through a shell
unless the python_shell flag is set to True. This means that any
shell-specific functionality such as 'echo' or the use of pipes,
redirection or &&, should either be migrated to cmd.shell or
have the python_shell=True flag set here.
The use of python_shell=True means that the shell will accept _any_ input
including potentially malicious commands such as 'good_command;rm -rf /'.
Be absolutely certain that you have sanitized your input prior to using
python_shell=True
CLI Example:
salt '*' cmd.run "ls -l | awk '/foo/{print $2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.run template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print $2}'"
Specify an alternate shell with the shell parameter:
salt '*' cmd.run "Get-ChildItem C: " shell='powershell'
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.run "grep f" stdin='one
two
three
four
five
'
If an equal sign (``=``) appears in an argument to a Salt command it is
interpreted as a keyword argument in the format ``key=val``. That
processing can be bypassed in order to pass an equal sign through to the
remote shell command by manually specifying the kwarg:
salt '*' cmd.run cmd='sed -e s/=/:/g'
States使用相关
States是SaltStack中的配置管理语言。比如我们在日常配置管理时需要编写大量的States文件,具体要安装一个软件包,然后管理其服务配置文件,最后保证该服务正常运行。
待续...