Saltstack Introduction
Salt is:
A configuration management system capable of maintaining a predefined state of a remote node (for example, ensuring that the specified newspaper is installed and the specified service is running);
A distributed remote execution system for executing commands and querying data on a remote node (which can be a single node or a node selected by any rule);
The purpose of development is to provide the best solution for remote execution and to make remote execution better, faster, and simpler.
Saltstack (China User group www.saltstack.cn) based on Python development, C/s architecture, support multi-platform, lighter than puppet, in the remote execution of commands very fast, configuration and use than puppet easy, can achieve puppet almost all functions.
Advantages of Saltstack:
Have the master and Minion end, the execution of information is relatively stable, not easy to lose information, or the situation of the lost host
With encapsulated Http-api, we can start the SALT-API directly and invoke it via the HTTP protocol. No need to do the second package yourself
Based on the differences between CENTOS6 and CENTOS7, installing saltstack in two different operating systems is not the same.
Reference URL:
Https://docs.saltstack.com/en/latest/topics/installation/rhel.html
CENTOS6 need to install the extension source first and then install it:
Master side
Yum install–y Salt-masteryum install–y Salt-api
Minion End:
Yum Install-y salt-minion
Saltstack secret key Installation
Master and Minion Certification:
Minion automatically generates MINION.PEM (private key) and minion.pub (public) at the first boot,/etc/salt/pki/minion/(the path is set in/etc/salt/minion) Key), and then send the minion.pub to master. Master receives the public key of Minion and accepts Minion public key through the Salt-key command, so the/etc/salt/pki/master/in master Minions will hold the public key named after the Minion ID, and master will be able to send instructions to minion.
Salt-key-l or Salt-key #显示所有的keysalt-key-d #删除所有认证主机id证书salt-key-d keys_values-ysalt-key-a# receive all ID certificate requests salt-key-a ID #接 Subject to a single ID certificate request
1.-e,--pcre, matches by regular expression:
Salt-e ' web (9|10) * ' Test.ping-t 1
2.-L,--list, the host ID is filtered:
Salt-l "*app*" Cmd.run "Df-h"
3.-G,--grain, filter according to the grains information of the controlled host
Salt-g ' Role:nginx ' Cmd.run "Ls/export"
4.-I,--pillar, filtering according to the pillar information of the controlled host
Salt-i ' Myname:xiang ' test.ping-t 5
5.-S,--IPCIDR, matching according to minion IP address
Salt-s 192.168.1.1 test.ping
Salt-s 192.168.1.0/24 test.ping
Salt-s 192.168.0.0/16 test.ping
Salt-s 192.0.0.0/8 test.ping
6. Check if the client is dead:
Salt-run Manage.status |head
Salt-run Manage.down
Saltstack configuration file Detailed
Saltstack occupies two ports of 4505 and 4506
1. Make sure the 4505 and 4506 ports on the master side are open
2. Minion key does not accept the master
3. Through the Test.ping module, both sides can ping through the
Detailed configuration file:
http://note.youdao.com/noteshare?id=ef288d8d0abb8f3e8bf6aa5b87bfabd3&sub=wcp1478526434731795
Introduction to several modules of Saltstack
There are 2 modules developed in two development, as follows (Runner, module):
Salt-run of the Runner module on the master side
module Modules are synchronized to the Minion end via master and executed at Minion
Salt-call Saltutil.sync_modulessalt-call Saltutil.sync_all
Including:
Beacons
Clouds:engines:grains:log_handlers:modules:
OUTPUT:PROXYMODULES:RENDERERS:RETURNERS:SDB:
States:utils:
The grins module records the properties of the Minion Key:value
The Pillar module records all minion Common properties and synchronizes to the Minion side
Salt-call saltutil.refresh_pillarsalt ' * ' saltutil.refresh_pillar
1. CMD module
Salt ' * ' Cmd.run "df-h"
2. Ping module
Salt ' * ' test.ping-t 5#-t time-out, seconds
3. CP Module
file_roots:base:-/export/salt/root
Salt root directory:
File_roots defined paths in master
salt://test.txt equivalent to /export/salt/root/test.txt
Usage:
Salt ' 172.17.23.11 ' cp.get_file salt://nscd.conf/tmp/xiang.txt (copy file)
4. Cron module:
Salt ' * ' Cron.raw_cron root (View timed Task) Salt ' * ' cron.set_job root ' * ' * ' * ' * ' * ' 1/export/scripts/rm_log.sh (set timed Task) Sal T ' * ' cron.rm_job root/export/scripts/rm_log.sh (delete timed task, write all No effect)
5.dnsutil Module
Salt ' * ' dnsutil.hosts_append/etc/hosts 127.0.0.1 xiang.comsalt ' * ' dnsutil.hosts_remove/etc/hosts xiang.com
6.file module:
Salt ' * ' file.chown/etc/passwd root rootsalt ' * ' file.copy/path/to/src/path/to/dstsalt ' * ' FILE.FILE_EXISTS/ETC/HOSTSS Alt ' * ' file.directory_exists/etc/salt ' * ' file.get_mod/etc/passwdsalt ' * ' file.set_mod/etc/passwd 0644salt ' * ' file.mk Dir/tmp/testsalt ' * ' file.sed/export/servers/nginx/conf/nginx.conf ' debug ' warn ' salt ' * ' file.append/tmp/test.txt ' Welcome Xiang "Salt" * file.remove/tmp/1.txt
7.network module:
Salt ' * ' network.dig www.qq.comsalt ' * ' network.ping www.qq.comsalt ' * ' Network.ip_addrs
8.PKG Package Management module:
Managing Yum, Apt-get, etc.
Salt ' * ' pkg.install PHP (install app) Salt ' * ' pkg.remove PHP (remove app) Salt ' * ' Pkg.upgrade (upgrade all packages)
9.service Module (CENTOS6)
Salt ' * ' service.enable nginxsalt ' * ' service.disable nginxsalt ' * ' Service.restart nginx
Grains
Custom Grians (defined on minion)
Is logged on the client.
Grains is to collect some information at minion startup, such as operating system type, NIC, kernel version, CPU architecture, etc.
Salt "*" grains.ls lists all grains project names salt "*app.*" grains.items lists all grains items as well as the value salt "*" Grans.item serialnumber View the SN Code of the server (its him, etc.)
Grains information is not dynamic and does not change in real time, it is only collected at minion startup
We can do some configuration management work according to some information collected by grains.
On the Minion:
Vim/etc/salt/grainsrole:nginxenv:test
Restart
Service Salt-minion Restart
Get Grians:
Salt "*" Grains.item role env
Or:
Salt-g "*" Role:nginx Cmd.run "hostname" Salt ' * ' Grains.items
(although it is very useful, but rarely used, but also use pillar)
Pillar
(Records the information on the service side)
Pillar (defined on master)
(Yaml syntax)
Find pillar file in config file path: Create a directory
Mkdir/export/salt/pillar
To define a file within a directory:
Vim top.slsbase: "*":-Test
Vim Test.slsconf:xiang
And then
Refresh pillar:
Salt ' * ' saltutil.refresh_pillar
Verify:
Salt ' * ' Pillar.items conf
Or:
Salt-i ' Conf:xiang ' test.ping
Saltstack Python Two-time development (1)