saltstack初步学习

1.安装软件包2.文件分发3.添加删除用户，组并将用户加入sudo4.执行系统命令

还有很多功能没有测试

一、saltstack 安装配置一般测试注意selinux和iptables，最好是关闭selinux 开启iptables但开放相应端口

1.1 环境centos 6.2 192.168.101.77 salt-mastercentos 6.2 192.168.101.88 salt-minion

1.2 Master 安装配置rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpmyum -y install salt-master

master配置文件简单[root@open-source ~]# cat /etc/salt/master |grep -v “#”|grep -v “^$”interface: 192.168.101.77 #监听地址publish_port: 4505ret_port: 4506pidfile: /var/run/salt-master.pid ?#file_roots:base:- /srv/salt/pillar_roots:base:- /srv/pillarnodegroups: ? ? #可以根据mimion不同分组管理group1: ‘L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com’group2: ‘G@os:Debian and foo.domain.com’

添加iptables[root@open-source ~]# iptables -I INPUT -p tcp –dport 4505 -j ACCEPT[root@open-source ~]# iptables -I INPUT -p tcp –dport 4506 -j ACCEPT启动mater[root@open-source ~]# /etc/init.d/salt-master restart

1.3 client 安装配置rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpmyum -y install salt-minion

[root@open2 ~]# vim /etc/salt/minionmaster: 192.168.101.77[root@open2 ~]# /etc/init.d/salt-minion start #启动Starting salt-minion daemon: ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? [ ?OK ?][root@open2 ~]# tail -f /var/log/salt/minion ?#查看日志

1.4 server 端查看连接过来的key[root@open-source ~]# salt-key listAccepted Keys:Unaccepted Keys:open2 ? ? ? ? ? ?#可以看到连接过来的客户端Rejected Keys:

1.5 接收客户端key[root@open-source ~]# salt-key -a open2The following keys are going to be accepted:Unaccepted Keys:open2Proceed? [n/Y] YKey for minion open2 accepted.

1.6 客户端key存放位置[root@open-source ~]# ls /etc/salt/pki/master/minionsopen2

1.7 下面是几个测试命令[root@open-source ~]# salt ‘*’ cmd.run “hostname”open2:open2[root@open-source ~]# salt ‘*’ test.pingopen2:True[root@open-source ~]# salt ‘*’ disk.usage

二、 salt 常用命令-E 后面正则表达式[root@open-source ~]# salt -E ‘open*’ test.pingopen2:True

不带-E 后面可以带shell正则[root@open-source ~]# salt ‘open*’ cmd.run ‘uname -a’

-L 后面可以跟多个客户端[root@open-source ~]# salt -L ‘open1,open2,open3′ cmd.run ‘uname -a’

-N 后面可以按组分

-L 列出客户端[root@open-source ~]# salt-key -LAccepted Keys:open2Unaccepted Keys:Rejected Keys:

cmd.run 一个很强大的命令，可以远程执行shell命令例如：远程简历用户[root@open-source ~]# salt -E ‘open2′ cmd.run ‘useradd testuser’

grain 责采集客户端一些基本信息minion基本信息管理salt ‘*’ grains.ls ?查看grains分类salt ‘*’ grains.items 查看grains所有信息salt ‘*’ grains.item osrelease 查看grains某个信息

pillar# mkdir /srv/pillar/[root@open-source pillar]# cat top.slsbase:‘*’:- data

[root@open-source pillar]# cat data.slsinfo: some data

[root@open-source pillar]# salt ‘*’ pillar.data

三、 salt-stack安装rpm包及文件分发例如安装LNMP并分发配置文件到各个minion3.1 目录组织结构[root@open-source salt]# tree.├── conf│?? ├── mysql.sls│?? ├── nginx.sls│?? ├── pack.sls│?? ├── php.sls│?? └── software.sls├── mysql│?? └── my.cnf├── nginx│?? └── nginx.conf├── php│?? └── php.ini├── software│?? ├── mysql-5.6.14.tar.gz│?? ├── nginx-1.5.6.tar.gz│?? └── php-5.5.5.tar.gz└── top.sls

3.2 建立所需目录，前期准备[root@open-source ~]# cd /srv/salt/[root@open-source salt]# mkdir -p {conf,nginx,php,mysql,software}

[root@open-source salt]# cp -p /usr/local/mysql/my.cnf mysql/[root@open-source salt]# cp -p /usr/local/app/nginx/conf/nginx.conf nginx/[root@open-source salt]# cp -p /usr/local/php/etc/php.ini php/

[root@open-source salt]# cd software/[root@open-source software]# cp -p /usr/src/php-5.5.5.tar.gz .[root@open-source software]# cp -p /usr/src/nginx-1.5.6.tar.gz .[root@open-source software]# cp -p /usr/src/mysql-5.6.14.tar.gz .

[root@open-source software]# cd ../conf/[root@open-source conf]# touch nginx.sls mysql.sls php.sls pack.sls software.sls

3.3 入口文件top配置在/srv/salt目录下面新建top.sls文件，该文件是Saltstack入口配置文件。Saltstack “top.sls”文件开头一般用base:书写，通配符’*’表示所有的minion，-conf.pack表示conf目录下面的pack.sls文件，在这里我定义的是RPM软件包管理。[root@open-source salt]# vim top.slsbase:‘*’:- conf.nginx- conf.mysql- conf.php- conf.pack- conf.software

3.4 安装mysql rpm包创建软件包管理的配置文件pack.sls 文件，httpd表示要安装软件包，pkg:表示Saltstack安装包管理，-name表示安装软件包名称，-installed表示安装，-removed表示卸载，service:表示Saltstack服务管理，后两行保证mysql的服务是开启的。[root@open-source conf]# cat pack.slsmysql:pkg:- name: mysql- installedservice:- running- enable: True

3.5 推送my.cnf文件创建Nginx sls配置文件nginx.sls ,第一行表示分发到minion文件路径，-managed表示Saltstack文件管理，-source:表示master端配置文件地址，是从master配置文件定义的路径/srv/salt开始查找的，下面三行表示文件的属性。[root@open-source conf]# cat mysql.sls/usr/local/mysql/conf/my.cnf:file:- managed- source: salt://mysql/my.cnf- user: mysql- group: mysql- mode: 644- backup: minion

3.6 测试结果[root@open-source conf]# salt ‘*’ state.highstateopen2:———-State: – fileName: ? ? ?/usr/local/mysql/conf/my.cnfFunction: ?managedResult: ? ?TrueComment: ? File /usr/local/mysql/conf/my.cnf updatedChanges: ? diff: New filegroup: mysqluser: mysql

———-State: – pkgName: ? ? ?mysqlFunction: ?installedResult: ? ?TrueComment: ? The following packages were installed/updated: mysql.Changes: ? openssl: { new : 1.0.1e-16.el6_5old : 1.0.0-27.el6_4.2}openssl-devel: { new : 1.0.1e-16.el6_5old : 1.0.0-27.el6_4.2}mysql-libs: { new : 5.1.71-1.el6old : 5.1.52-1.el6_0.1}mysql: { new : 5.1.71-1.el6old :}openssl-perl: { new : 1.0.1e-16.el6_5old : 1.0.0-27.el6_4.2}openssl-static: { new : 1.0.1e-16.el6_5old : 1.0.0-27.el6_4.2}

———-State: – serviceName: ? ? ?mysqlFunction: ?runningResult: ? ?FalseComment: ? The named service mysql is not availableChanges:

Summary————Succeeded: 2Failed: ? ?1————Total: ? ? 3

注：提示3个成功一个失败，mysql服务没启动成功，应该是pack.sls配置文件的错误[root@open-source conf]# cat pack.slsmysqld: ? ? ? #这儿是服务名应该是mysqld我上边写的是mysql所以报服务没起来错误pkg:- name: mysql ? ? ?#这儿是包名- installedservice:- running- enable: True

[root@open-source conf]# salt ‘*’ state.highstateopen2:———-State: – fileName: ? ? ?/usr/local/mysql/conf/my.cnfFunction: ?managedResult: ? ?TrueComment: ? File /usr/local/mysql/conf/my.cnf is in the correct stateChanges:———-State: – pkgName: ? ? ?mysqlFunction: ?installedResult: ? ?TrueComment: ? Package mysql is already installedChanges:———-State: – serviceName: ? ? ?mysqldFunction: ?runningResult: ? ?TrueComment: ? Service mysqld has been enabled, and is in the desired stateChanges: ? mysqld: True

Summary————Succeeded: 3Failed: ? ?0————Total: ? ? 3

卸载RPM软件包[root@open-source conf]# cat smb.slssmb:pkg:- name: samba- removed

运行结果：[root@open-source conf]# salt ‘*’ state.sls conf.smbopen2:———-State: – pkgName: ? ? ?sambaFunction: ?removedResult: ? ?TrueComment: ? All targeted packages were removed.Changes: ? samba: { new :old : 3.6.9-167.el6_5}

Summary————Succeeded: 1Failed: ? ?0————Total: ? ? 1

其它altstack通过cp.get_file可以将master文件分发到minion,/software/httpd-2.4.3.tar.bz2表示把文件分发到minion上的文件路径，makedirs=True表示如果目录不存在自动创建,在传输大文件的时候还支持压缩传输，在传输大文件的时候还支持压缩传输gzip。[root@salt-server ~]# salt ‘*’ cp.get_file salt://software/httpd-2.4.3.tar.bz2 /usr/src/httpd-2.4.3.tar.bz2 makedirs=Truebt-199-034.bta.net.cn:/usr/src/httpd-2.4.3.tar.bz2

cp.get_dir和cp.get_file一样，不过get_dir是用来下载整个目录的，也支持压缩传输。[root@salt-server ~]# salt ‘*’ cp.get_dir salt://software/ /usr/src/ gzip=5

四、用户管理

4.1 添加harry用户生成密码[root@open-source ~]# openssl passwd -1 -salt ‘harry’Password:$1$harry$DDLDUWLoTFUMB0biMDIv..

top.sls文件[root@open-source salt]# cat top.slsbase:‘*’:- conf.nginx- conf.mysql- conf.php- conf.pack- conf.software- user.users- user.userdel- user.addsudo- user.addgroup- user.delgroup

[root@open-source user]# cat users.slsharry:user.present:- fullname: harry D- shell: /bin/bash- password: ‘$1$harry$DDLDUWLoTFUMB0biMDIv..’- home: /home/jarry- uid: 10001- gid: 10001- groups:- root- harry- require:- group: harrygroup.present:- gid: 10001

运行结果因为有多个.sls文件，如果想单独运行某个的话salt ‘*’ state.sls xxx

[root@open-source user]# salt ‘*’ state.sls user.usersopen2:———-State: – groupName: ? ? ?harryFunction: ?presentResult: ? ?TrueComment: ? Added group harryChanges: ? passwd: xgid: 10001name: harrymembers: []

———-State: – userName: ? ? ?harryFunction: ?presentResult: ? ?TrueComment: ? New user harry createdChanges: ? shell: /bin/bashworkphone:uid: 10001passwd: xroomnumber:gid: 10001groups: [‘harry’, ‘root’]home: /home/jarryfullname: harry Dpassword: $1$harry$DDLDUWLoTFUMB0biMDIv..homephone:name: harry

Summary————Succeeded: 2Failed: ? ?0————Total: ? ? 2

4.2 删除用户[root@open-source user]# cat userdel.slsharry:user.absent:- purge: True ?#设置清除用户的文件(家目录)- force: True ?#如果用户当前已登录，则absent state会失败. 设置force选项为True时，就算用户当前处于登录状态也会删除本用户.

运行结果[root@open-source user]# salt ‘*’ state.sls user.userdelopen2:———-State: – userName: ? ? ?harryFunction: ?absentResult: ? ?TrueComment: ? Removed user harryChanges: ? harry group: removedharry: removed

Summary————Succeeded: 1Failed: ? ?0————Total: ? ? 1

4.3 添加sudo用户[root@open-source user]# cat ?addsudo.slsharry:user.present:- fullname: harry D- shell: /bin/bash- password: ‘$1$harry$DDLDUWLoTFUMB0biMDIv..’- home: /home/jarry- uid: 10001- gid: 10001- groups:- root- harry- require:- group: harrygroup.present:- gid: 10001

/etc/sudoers:file.append:- text:- “harry ALL=(ALL) NOPASSWD: ALL”

执行结果[root@open-source user]# salt ‘*’ state.sls user.addsudoopen2:———-State: – groupName: ? ? ?harryFunction: ?presentResult: ? ?TrueComment: ? Added group harryChanges: ? passwd: xgid: 10001name: harrymembers: []

———-State: – userName: ? ? ?harryFunction: ?presentResult: ? ?TrueComment: ? New user harry createdChanges: ? shell: /bin/bashworkphone:uid: 10001passwd: xroomnumber:gid: 10001groups: [‘harry’, ‘root’]home: /home/jarryfullname: harry Dpassword: $1$harry$DDLDUWLoTFUMB0biMDIv..homephone:name: harry

———-State: – fileName: ? ? ?/etc/sudoersFunction: ?appendResult: ? ?TrueComment: ? Appended 1 linesChanges: ? diff: —+++@@ -113,3 +113,4 @@

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)#includedir /etc/sudoers.d+harry ALL=(ALL) NOPASSWD: ALL

Summary————Succeeded: 3Failed: ? ?0————Total: ? ? 3

4.4 添加组：[root@open-source user]# cat addgroup.slsdevgroup:group.present:- gid: 10002

yunwei:group.present:- gid: 1003

运行结果：[root@open-source user]# salt ‘*’ state.sls user.addgroupopen2:———-State: – groupName: ? ? ?devgroupFunction: ?presentResult: ? ?TrueComment: ? No changeChanges:———-State: – groupName: ? ? ?yunweiFunction: ?presentResult: ? ?TrueComment: ? No changeChanges:

Summary————Succeeded: 2Failed: ? ?0————Total: ? ? 2

4.5 删除组[root@open-source user]# cat delgroup.slsdevgroup:group.absent

运行结果[root@open-source user]# salt ‘*’ state.sls user.delgroupopen2:———-State: – groupName: ? ? ?devgroupFunction: ?absentResult: ? ?TrueComment: ? Removed group devgroupChanges: ? devgroup:

Summary————Succeeded: 1Failed: ? ?0————Total: ? ? 1