Centralized management platform--saltstack
SALTSTCK as a centralized management platform for server infrastructure, with configuration management, remote execution, monitoring and other functions. Can be simply understood as a simplified version of the Puppet, the enhanced version of Func. Don't say much nonsense, just get started.
Saltstack Install and configure the components required for installation
Main control: Salt-master
Controlled End: Salt-minion
installation process
1, install the required Epel as a saltstack to deploy the Yum Source:
Yum Install-y Epel
2, Installation Salt-master/salt-minion
Yum Install-y Salt-master
Yum Install-y salt-minion
3. Set up service boot
Systemctl Enable Salt-master/systemctl Enable Salt-minion
4. Add a firewall to the main control side
Iptables-a input-p TCP--dport 4405-j ACCEPT
Iptables-a input-p TCP--dport 4406-j ACCEPT
5. Modify server-side configuration and client configuration
Modifying the master configuration (/etc/salt/master)
interface: 192.168.118.132 #绑定Master通信IPauto_accept: True #自动认证file_roots: base:- /srv/salt#指定SaltStack文件目录
Restart the main terminal saltstack:service restart Salt-master
Modifying the managed terminal configuration (/etc/salt/minion)
master:192.168.118.132 #指定Master主机IP地址id:mbb_server #被控主机端识别ID
Restart the controlled end Saltstack:service restart Salt-minion
Test installation Result: Salt ' * ' test.ping
API Invocation Example:
Import Salt.client
Client = Salt.client.LocalClient ()
Common modules and APIs
Archive Module (Support Gunzip,gzip,rar,tar,unrar,unzip)
1, function: Realize the system level of compression package call, support Gunzip,gzip,rar,tar,unrar
解压操作:salt ‘*’ archive.gunzip /tmp/mbb.txt.gz压缩操作salt ‘*’ archive.gzip /tmp/mbb.txt
2. API call
client.cmd(‘*’,’archive.gzip’,[‘/tmp/mbb.txt’])
CMD module
1. Function: Implement remote command line call execution (default root operation, need to evaluate risk when using)
模块示例:salt ‘*’ cmd.run “free -m”
3. API call
client.cmd(‘*’,’cmd.run’,[‘free -m’])
CP Module
1, function: Realize remote files, directory replication, and download URL files and other operations
将指定被控端的文件复制到主控端的本地目录:salt ‘*’ cp.cache_local_file /etc/hosts
Cron Module
1, function: Realize the crontab operation of the controlled host
查看指定被控主机salt ‘mbb_208’ cron.raw_cron root未指定的被控端、root用户添加echo 1 > mbb.txt任务作业salt ‘mbb_208’ cron.set_job root ‘*’ ‘*’ ‘*’ ‘*’ 1 “echo 1 > mbb.txt”删除指定的被控端,root用户crontab的echo 1 > mbb.txt 任务作业salt ‘mbb_208‘ cron.rm_job root "echo 1 > lsk.txt"
2. API call
client.cnd(‘mbb_208’,’cron.rm_job’,[‘root’*’,’*’,’*’,’*’,1,”echo 1 > mbb.txt”])
Iptables module
1, realize the iptables operation of the controlled host
添加iptables规则salt ‘mbb_208‘ iptables.insert filter INPUT position=1 rule="-p tcp --dport 4405 -j ACCEPT"salt ‘mbb_208‘ iptables.append filter INPUT rule="-p tcp --dport 4406 -j ACCEPT"删除iptables规则salt ‘mbb_208‘ iptables.delete filter INPUT position=1
2. API call
client.cmd(‘mbb_208‘,‘iptables.insert‘,[‘filter‘,‘INPUT‘,‘position=1‘,‘rule=\‘-p tcp --dport 21 -j ACCEPT\‘‘])
Network module
1, Function: Return the network information of the controlled end
获取dig,ping,traceroute目录域名信息salt ‘mbb_208‘ network.dig www.baidu.comsalt ‘mbb_208‘ network.ping www.baidu.comsalt ‘mbb_208‘ network.traceroute www.baidu.com获取被控端制定网卡绑定的mac地址salt ‘mbb_208‘ network.hwaddr eth0获取被控端网卡配置信息salt mbb_208‘ network.interfaces获取被控端的ip地址配置信息salt ‘mbb_208‘ network.ip_addrs获取被控的子网信息salt ‘mbb_208‘ network.subnets
3. API call
client.cmd(‘mbb_208‘,‘network.interfaces‘)
PKG Module
1, Function: Controlled host program management, such as: Yum,apt-get
安装phpsalt ‘mbb_208’ pkg.install php卸载phpsalt ‘mbb_208’ pkg.remove php升级phpsalt ‘mbb_208’ pkg.upgrade php
2. API call
client.cmd(‘mbb_208’,’pkg.install’,[‘php’])
Service Module
1, Function: Managed host Package Service management
salt ‘mbb_208‘ service.start httpdsalt ‘mbb_208‘ service.stop httpdsalt ‘mbb_208‘ service.reload httpdsalt ‘mbb_208‘ service.restart httpdsalt ‘mbb_208‘ service.status httpdsalt ‘mbb_208‘ service.enable httpdsalt ‘mbb_208‘ service.disable httpd
2. API call
client.cmd(‘mbb_208’,’service.start’,[‘nginx’])
Grains components
Grains is one of the most important components of saltstack, the role of grains is to collect the basic information of the controlled side, which is generally static class data, including CPU, kernel, operating system, virtualization, etc.
获取被控主机的所有grains信息salt ‘*’ grains.items
Controlled host-side customization of specific Granis data
登录被控主机端,在/etc/salt/minion.d/ 目录下,添加”*.conf”配置文件grains: roles: - webserver - memcache deployment: datacenter4 cabinet: 13在主控端:salt ‘mbb_208‘ grains.item roles deployment cabinet
4, Python automation operations-centralized management platform Saltstack