Detailed introduction to automated O & M tool saltstack

Saltstack is a new infrastructure management tool. It is currently in the rapid development stage and can be seen as a combination of pssh + weakened puppet. This indirectly reflects two functions of saltstack: Remote Execution and configuration management.

Saltstack is developed using Python and is an easy-to-use and lightweight management tool. Composed of master and Minion, it communicates through zeromq.

 

The master end of saltstack listens to ports 4505 and 4506, 4505 is the message publishing system of salt, and 4506 is the port for communications between the salt client and the server. The salt client does not listen to the port. After the client starts, the master node automatically connects to the master node for registration and keeps the TCP connection. The master node uses this TCP connection to control the client. If the connection is disconnected, the master node will be powerless to the client. Of course, if the client checks that it is disconnected, it will regularly connect to the master end.

 

1. Install saltstack

Centos/redhatserverTerminal installation

# Import the epel Yum source rpm-uvh http://developer.pnl.gov/epel/5/ I #/epel-release-5-4.noarch.rpm#server master's installation Yum-y install salt-Master

Centos/RedHatClient minion Installation

# Import epel Yum source rpm-uvh http://mirror.pnl.gov/epel/5/i386/epel-release-5-4.noarch.rpmyum-y install salt-minion

Ubuntu/Debian ServerClient and Client installation

wget -q -O - "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key"| apt-key add -echo "deb http://debian.saltstack.com/debianwheezy-saltstack main" /etc/apt/sources.listecho "debhttp://debian.saltstack.com/debian wheezy-saltstack main" |tee/etc/apt/sources.listapt-get updateapt-get installsalt-master      # On the salt-masterapt-get installsalt-minion      # On each salt-minionapt-get install salt-syndic

 

2. Modify the master configuration file in the saltstacks configuration file

VI/etc/salt/masterinterface: 115.28.2.1 # This is the server listening address. Auto_accept: true # The key sent by the client is automatically accepted. This function must be enabled if there are many servers.

Start master

/Etc/salt/master-D # Start/etc/salt/master # Start the foreground to facilitate debugging

Minion configuration file modification:

# Vi/etc/salt/minionmaster: 115.28.2.1 # change it to your master server address ID: web01 # we recommend that you change it to the host name, easy to distinguish from the master end # Add the following content at the end of the configuration file and automatically synchronize the master configuration every five minutes. The effect is equivalent to executing the salt-call state on the client. highstate or execute salt '*' state on the server side. highstateschedule: highstate: function: state. highstate minutes: 5

Start minion:

/Etc/salt/minion-D # Start in the background/etc/salt/minion # Start in the foreground to facilitate debugging. Note: After Minion is started, the public key and private key are automatically generated, and send the public key to the master. Minion does not listen to the port and maintains a persistent connection with the master. You can use netstat-an | grep es to check whether the connection exists.

3. Salt-Key Certificate Management

Master certificate storage path:/etc/salt/pki/master/minions

Salt-key-L # query all received certificates salt-key-A <Certificate Name> # receive a single certificate salt-key-A # accept all certificates salt-key-D <certificate Name> # delete a single certificate salt-key-D # delete all certificates

4. Salt real-time batch operations

Syntax:

Salt [Option] '<target>' <function> [arguments]

Examples of Common commands:

Salt '*' test. ping # * to match all hosts, test. ping is a function of salt. Note: The * number is a regular expression. If there are multiple groups, it can be similar to Web * and only match the Web server salt '*' cmd. run 'df-H' # view the disk information of all hosts, cmd. run to execute a single command salt '*' cmd. script salt: // hello. sh salt '*' cmd. script salt: // scripts/runme. sh 'arg1 arg2 "Arg 3" '# cmd. script to execute a script, that is, copy the local script to the remote host for execution, hello. sh should be placed in the specified file storage path. The default value is/srv/salt '*' state. highstate # Push master configuration to the client. Salt '*' cmd. Run 'df-H'-T 5 # timeout Control

 

5. Manage salt groups

Add the following content to the configuration file/etc/salt/master:

[[Email protected] salt] # vimaster. d/group. conf nodegroups: group1: '[email protected], DG-Server-28 'group2:' [email protected] '# The Group format can be found in/etc/salt/master.

Group execution:

salt -N group1 cmd.run‘hostname‘

 

6. Automatic batch logon of remote hosts using salt-ssh

Salt-ssh batch Password Authentication login, refer to Fengyun's blog

Http://rfyiamcool.blog.51cto.com/1030776/1305710

 

7. Check the client up status by salt-run

Note: The test. Ping command is used for the state check salt. If the server disables Ping, the test. Ping Command is not allowed.

Salt-run manage. Status # view all client up/down statuses salt-run manage. up # Only clients in up status salt-run manage. Down # Only clients in down status are displayed

8. Copy files in batches Using Salt-CP

Run the following command on the master:

Syntax: salt-CP [Options] '<target> 'source DEST example: salt-CP '*'/etc/hosts # distribute the hosts files on the master to all hosts.

9. timed synchronization of saltstack

You can place the salt-call state. highstate command in the scheduled task on the minion side for automatic request synchronization.

You can also put salt '*' state. highstate in the scheduled task on the master side to automatically push it to all machines.

You can also add the following content to the/etc/salt/minion configuration file, which is synchronized every 5 minutes. The effect is the same.

          schedule:          highstate:                 function:state.highstate                 seconds:300

 

10. Automatic Distribution directory of saltstack

After the synchronization directory is specified, files will be automatically synchronized to the minion end after they are put in this directory.

[[Email protected] salt] # Cat/srv/salt/top. slsbase: "DG-server *":-ssh_key.key-zabbix. zabbix # In top. the server Load balancer file specifies which hosts access which directories [[email protected] salt] # Cat/srv/salt/zabbix. slS/usr/local/zabbix/scripts: # specify the directory file generated after the minion synchronization. recurse:-Source: salt: // zabbix/zabbix_scripts # specifies the original directory to be synchronized from the Master. In the future, you only need to place the files to be distributed in this directory, and the files will be automatically synchronized. -Dir_mode: 755-file_mode: 744 # Use dir_mode and file_mode to set file and directory permissions

 

11. Automatic Distribution of files by saltstack

As shown in the following configuration, when the file changes, the host starting with DG-server is matched, the file is synchronized to these Minion, and the corresponding File Permission is set.

[[Email protected] salt] # Cat/srv/salt/top. slsbase: "DG-server *":-ssh_key.key-zabbix. zabbix [[email protected] zabbix] # Cat/srv/salt/zabbix. slS/usr/local/zabbix/etc/zabbix_agentd.conf.d/userparameter. conf: # specify the file name generated on the minion end. managed:-Source: salt: // zabbix/userparameter. conf # specify the original file synchronized on the master-Backup: Minion # When the file changes, the original file will be backed up, backup file directory: /var/Cache/salt/minion/file_backup/-mode: 744-user: Root-group: Root

 

12. saltstack Process status management

For example, when the httpd configuration file is changed, the configuration file is automatically reloaded. (This image is taken from the Internet, as shown in the figure below)

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/E8/wKioL1QemaGxy1UEAAQB3FWJkRY467.jpg "Title =" _dk0'7njm3w_k9wxn(35w5j.jpg "alt =" wkiol1qemagxy1ueaaqb3fwjkry467.jpg "/>

 

13. saltstack custom Module

When you need to use methods not available in statstack, you can add modules by yourself.

Refer to Fengyun's article.

Http://rfyiamcool.blog.51cto.com/1030776/1262537

 

 

Common functions of saltstack are to execute commands or scripts in batches, distribute files in batches, and automatically synchronize directories and files. This is simple and practical as a whole. However, salt has a disadvantage. Although zeromq has high performance, its stability is slightly poor. frequent disconnections between minion and the master may cause some servers to fail to execute commands. Please note this.

 

This article is from the "Yang Yun" blog. For more information, contact the author!

Detailed introduction to automated O & M tool saltstack