Centralized management platform Saltstack

Centralized management platformSaltstack

Saltstack is a centralized server infrastructure management platform, started in 2011 a project, with configuration management, remote execution, monitoring and other functions, generally can be understood as a simplified version of the puppet and enhanced Func. Slatstack is based on the Python language implementation and is built with a lightweight Message Queuing (ZeroMQ) and Python third-party modules (PYZMQ, Pycrypto, PYJINJA2, Python-msgpack, and Pyyaml, etc.).

For what is a salt, please refer to the official note: http://docs.saltstack.cn/topics/index.html

Fundamentals

The saltstack uses the C/s mode, and the server side is the master,client end of the salt, which communicates between Minion,minion and master through ZEROMQ Message Queuing.

Minion on-line after the first contact with the master, their pub key sent past, then the master side through the SALT-KEY-L command will see Minion key, accept the Minion-key, that is, master and Minion have mutual trust.

Master can send any instruction for Minion to execute, and salt has many executable modules, such as the CMD module, which are already self-contained when installing Minion, and they are usually located in your Python library. These modules are written in Python, there will be a lot of functions, such as Cmd.run, when we execute the salt ' * ' cmd.run ' uptime ', the master issued a task to match the Minion up, Minion execute the module function, and return the results.

Master listens on 4505 and 4506 ports, 4505 corresponds to ZMQ's pub system, which is used to send messages, and 4506 corresponds to the rep system to accept messages.

We can understand this:

The ZEROMQ is used for message passing between the master and minion of the Salt stack, using the ZEROMQ publish-subscribe mode, which includes TCP,IPC.

1. Send a message:

Salt command, publish the Cmd.run ls command from SALT.CLIENT.LOCALCLIENTNAND_CLI to master, get a jobid, and get the command execution results based on Jobid. After master receives the command, the command to be executed is sent to the client minion.

2. Execute the command:

The minion receives the command to be processed from the message bus and gives it to minion._handle_aes for processing. Minion._handle_aes initiates a local thread call Cmdmod executes the LS command.

3. Execution result Processing:

After the thread executes the LS, the Minion._return_pub method is called, and the execution results are returned to master via the message bus. Master receives the results returned by the client, calls the Master._handle_aes method, and writes the results to the file.

4. Return to the execution result:

The SALT.CLIENT.LOCALCLIENTNAND_CLI obtains the job execution result by polling and outputs the result to the terminal.

Next, let's deploy Saltstack's platform:

One, Environment configuration description1.IPAddress Assignment

Hostname IP Address Node

Saltstack01 10.62.83.211 Salt-master

Ctest01 10.62.83.11 salt-minion

2.protocols and Ports

node                   services Span style= "font-size:14px;line-height:115%;" >                 port number               function

salt-master python2.6 4505 ZeroMQ of the Pubsystem , send a message

Python2.6 4506 Repsystem to accept the message.

salt-minion python2.6 4505 ZMQ of the Pubsystem , send a message

3.software version

Software Version number

OS centosrelease 6.7 (Final)

Python python2.6.6

saltstack 2015.8.10 (beryllium)                   

Two,Yum Source Configuration

We use the Yum installation method

# RPM--import Https://repo.saltstack.com/yum/redhat/6/x86_64/latest/SALTSTACK-GPG-KEY.pub#yum source Authentication File # vim/etc/ Yum.repos.d/saltstack.repo #yum源配置文件 [saltstack-repo]name=saltstack repo for Rhel/centos $releaseverbaseurl =https:// repo.saltstack.com/yum/redhat/$releasever/$basearch/latestenabled=1gpgcheck=1gpgkey=# yumrepolist #yum列表更新

Three, install the configuration of the main control endMaster1.installationSalt-master

# Yuminstall Salt-master

Is the installation of a dependent package:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/EE/wKioL1dFF6zwU3zhAABLalIP8jI619.png "title=" s1.png "alt=" Wkiol1dff6zwu3zhaablalip8ji619.png "/>

2.Master -side Master file configuration

# vim/etc/salt/masterinterface:10.62.83.211 # #绑定Master通信IP. Auto_accept:true # #自动认证, avoid manually running Salt-key to confirm certificate trust. #pillar_opts: False # # whether to turn on pillar#pillar_roots: # #这里3行是定义pillar的主目录 # base:#-/srv/pillarfile_roots: # #指定saltstack文件 Root directory location base:-/srv/salt

3.Start the host Terminal Service

#service Salt-master Start

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/80/EE/wKioL1dFGB-je9l1AAANTObEts8347.png "title=" s2.png "alt=" Wkiol1dfgb-je9l1aaantobets8347.png "/>

#chkconfig Salt-master on #配置为开机服务自启动

4.Host side firewall configuration

In the host side to add the TCP 4505,tcp4506 firewall rules, and at the end of the controller does not need to configure the firewall, the principle is the control side directly with the main terminal zeromq establish long link, receive broadcast to the task information and execution.

# vim/etc/sysconfig/iptables-iinput-m State--state new-m tcp-p TCP--dport 4505-j accept-iinput-m State--state New -M tcp-p TCP--dport 4506-j ACCEPT

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/F0/wKiom1dFF3GBl6dqAAA_Ri7JH30789.png "title=" s3.png "alt=" Wkiom1dff3gbl6dqaaa_ri7jh30789.png "/>

Four, install the controlled endMinion1.installationsalt-minion

# Yuminstall Salt-minion–y

2.Master file configuration for the host side

# vim/etc/salt/minionmaster:10.62.83.211id:ctest01 # #修改被控端主机识别id, we recommend using the operating system hostname to configure

Attention:

If there is no domain name resolution service in the environment, we can configure The /etc/hosts file implements the self-resolving domain name.

3.start the managed Terminal Service

#service salt-minion Start

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/80/EE/wKioL1dFGOWgUojDAAAMarjZoWQ008.png "title=" s4.png "alt=" Wkiol1dfgowguojdaaamarjzowq008.png "/>

#chkconfig salt-minion on # #配置为开机服务自启动

4.Open Controlled-end firewall port

# vim/etc/sysconfig/iptables-iinput-m State--state new-m tcp-p TCP--dport 4505-j ACCEPT

Five, results test verificationTest Results

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/F0/wKiom1dFGETwHssiAAANAlLNu6k008.png "title=" s5.png "alt=" Wkiom1dfgetwhssiaaanallnu6k008.png "/>

thinking:    

in the production environment, thousands of units host, how do we deploy the controlled side in bulk? Haha, salt-ssh can be solved.

References: http://docs.saltstack.cn/topics/installation/index.html

Reference Blog: http://www.cnblogs.com/wjoyxt/p/5083319.html

reference book: " python automated operation and maintenance technology and best practices

This article is from the JESSEN6 blog, so be sure to keep this source http://zkhylt.blog.51cto.com/3638719/1782917

Centralized management platform Saltstack