Ansible and Saltstack simple to use

Summed up are some of their own use of relatively simple knowledge, about State.sls and playbooks and other knowledge is still learning ... 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0059.gif "alt=" J_0059.gif "/>

Ansible

Lightweight, automated operations tools, SSH-based, no client-side

Installation and Configuration

1, the main control end loaded ansible (yum install-y ansible)

2. Import the main console's public key to the managed side

3, the host terminal/etc/ansible/hosts file written to the controlled side ip/domain name (plus-i parameter can specify the Hosts file)

4. Note that the port number and private key file path in the/etc/ansible/ansible.cfg configuration file are consistent with the actual environment, that is, remote_port= and private_key_file=

If the key is encrypted, it prompts: private keyfile is encrypted. Plus-K parameter

Error: Error reading SSH Protocol banner is the controlled side refused to connect. View iptables or/etc/hosts.allow files.

Ansible all-i ip.txt-m ping-k test connectivity

Ansible all-i ip.txt-m shell-a "W"-K execute command at the controlled end

Ansible all-i ip.txt-m copy-a "src=/tmp/test.sh dest=/tmp/test.sh"-Copy Local files to each node

Ansible all-i ip.txt-m service-a "name=vsftpd state=restarted" Restart a server on each node (example VSFTPD)

Saltstack

C/S architecture

Installation and Configuration

1, the main control end installed Salt-master, controlled end-loaded salt-minion

2, Minion end Modify/etc/salt/minion configuration file, write to master and ID

3, open Salt-master. Salt-key-l can view the current minion-side authentication of this master

4, on the master side Salt-key-a-y Accept all configured this master machine or salt-key-a IP accept a single

5, salt "*" test.ping test connectivity

Authentication is equivalent to exchanging public keys, because master and Minion verify identity by Rsakey, the master end multiplicity has salt-master or a controlled end multiplicity installed salt-minion, both sides cannot connect Minion did not Return and the Minion end of the salt-minion program seconds hang.

Workaround: (Reload Master) Delete the Minion end of the/etc/salt/pki/minion/minion_master.pub

(reload Minion) can cause Minion end to be added to master's minions_denied directory, delete/etc/salt/pki/master/minions and/etc/salt/pki/master/ This node IP in the minions_denied directory

/var/log/salt/minion logs to see the cause of the error

The-n parameter specifies a set of IPs, which need to be configured with the group name and the included ip:nodegroups in the/etc/salt/master file

Salt "*" Cmd.run "W" executes commands on the node

The Salt "*" Cmd.script salt://test.sh executes the test.sh script on the node. SALT://'s home directory is configured in the master configuration file, typically the/srv/salt/directory

Ansible and Saltstack simple to use