Saltstack Python Two-time development (1)

Saltstack Introduction

Salt is:

A configuration management system capable of maintaining a predefined state of a remote node (for example, ensuring that the specified newspaper is installed and the specified service is running);

A distributed remote execution system for executing commands and querying data on a remote node (which can be a single node or a node selected by any rule);

The purpose of development is to provide the best solution for remote execution and to make remote execution better, faster, and simpler.

Saltstack (China User group www.saltstack.cn) based on Python development, C/s architecture, support multi-platform, lighter than puppet, in the remote execution of commands very fast, configuration and use than puppet easy, can achieve puppet almost all functions.

Advantages of Saltstack:

Have the master and Minion end, the execution of information is relatively stable, not easy to lose information, or the situation of the lost host

With encapsulated Http-api, we can start the SALT-API directly and invoke it via the HTTP protocol. No need to do the second package yourself

Based on the differences between CENTOS6 and CENTOS7, installing saltstack in two different operating systems is not the same.

Reference URL:

Https://docs.saltstack.com/en/latest/topics/installation/rhel.html

CENTOS6 need to install the extension source first and then install it:

Master side

Yum install–y Salt-masteryum install–y Salt-api

Minion End:

Yum Install-y salt-minion

Saltstack secret key Installation

Master and Minion Certification:

Minion automatically generates MINION.PEM (private key) and minion.pub (public) at the first boot,/etc/salt/pki/minion/(the path is set in/etc/salt/minion) Key), and then send the minion.pub to master. Master receives the public key of Minion and accepts Minion public key through the Salt-key command, so the/etc/salt/pki/master/in master Minions will hold the public key named after the Minion ID, and master will be able to send instructions to minion.

Salt-key-l or Salt-key #显示所有的keysalt-key-d #删除所有认证主机id证书salt-key-d keys_values-ysalt-key-a# receive all ID certificate requests salt-key-a ID #接 Subject to a single ID certificate request

1.-e,--pcre, matches by regular expression:

Salt-e ' web (9|10) * ' Test.ping-t 1

2.-L,--list, the host ID is filtered:

Salt-l "*app*" Cmd.run "Df-h"

3.-G,--grain, filter according to the grains information of the controlled host

Salt-g ' Role:nginx ' Cmd.run "Ls/export"

4.-I,--pillar, filtering according to the pillar information of the controlled host

Salt-i ' Myname:xiang ' test.ping-t 5

5.-S,--IPCIDR, matching according to minion IP address

Salt-s 192.168.1.1 test.ping

Salt-s 192.168.1.0/24 test.ping

Salt-s 192.168.0.0/16 test.ping

Salt-s 192.0.0.0/8 test.ping

6. Check if the client is dead:

Salt-run Manage.status |head

Salt-run Manage.down

Saltstack configuration file Detailed

Saltstack occupies two ports of 4505 and 4506

1. Make sure the 4505 and 4506 ports on the master side are open

2. Minion key does not accept the master

3. Through the Test.ping module, both sides can ping through the

Detailed configuration file:

http://note.youdao.com/noteshare?id=ef288d8d0abb8f3e8bf6aa5b87bfabd3&sub=wcp1478526434731795

Introduction to several modules of Saltstack

There are 2 modules developed in two development, as follows (Runner, module):

Salt-run of the Runner module on the master side

module Modules are synchronized to the Minion end via master and executed at Minion

Salt-call Saltutil.sync_modulessalt-call Saltutil.sync_all

Including:

Beacons

Clouds:engines:grains:log_handlers:modules:

OUTPUT:PROXYMODULES:RENDERERS:RETURNERS:SDB:

States:utils:

The grins module records the properties of the Minion Key:value

The Pillar module records all minion Common properties and synchronizes to the Minion side

Salt-call saltutil.refresh_pillarsalt ' * ' saltutil.refresh_pillar

1. CMD module

Salt ' * ' Cmd.run "df-h"

2. Ping module

Salt ' * ' test.ping-t 5#-t time-out, seconds

3. CP Module

file_roots:base:-/export/salt/root

Salt root directory:

File_roots defined paths in master

salt://test.txt equivalent to /export/salt/root/test.txt

Usage:

Salt ' 172.17.23.11 ' cp.get_file salt://nscd.conf/tmp/xiang.txt (copy file)

4. Cron module:

Salt ' * ' Cron.raw_cron root (View timed Task) Salt ' * ' cron.set_job root ' * ' * ' * ' * ' * ' 1/export/scripts/rm_log.sh (set timed Task) Sal T ' * ' cron.rm_job root/export/scripts/rm_log.sh (delete timed task, write all No effect)

5.dnsutil Module

Salt ' * ' dnsutil.hosts_append/etc/hosts 127.0.0.1 xiang.comsalt ' * ' dnsutil.hosts_remove/etc/hosts xiang.com

6.file module:

Salt ' * ' file.chown/etc/passwd root rootsalt ' * ' file.copy/path/to/src/path/to/dstsalt ' * ' FILE.FILE_EXISTS/ETC/HOSTSS Alt ' * ' file.directory_exists/etc/salt ' * ' file.get_mod/etc/passwdsalt ' * ' file.set_mod/etc/passwd 0644salt ' * ' file.mk Dir/tmp/testsalt ' * ' file.sed/export/servers/nginx/conf/nginx.conf ' debug ' warn ' salt ' * ' file.append/tmp/test.txt ' Welcome Xiang "Salt" * file.remove/tmp/1.txt

7.network module:

Salt ' * ' network.dig www.qq.comsalt ' * ' network.ping www.qq.comsalt ' * ' Network.ip_addrs

8.PKG Package Management module:

Managing Yum, Apt-get, etc.

Salt ' * ' pkg.install PHP (install app) Salt ' * ' pkg.remove PHP (remove app) Salt ' * ' Pkg.upgrade (upgrade all packages)

9.service Module (CENTOS6)

Salt ' * ' service.enable nginxsalt ' * ' service.disable nginxsalt ' * ' Service.restart nginx

Grains

Custom Grians (defined on minion)

Is logged on the client.

Grains is to collect some information at minion startup, such as operating system type, NIC, kernel version, CPU architecture, etc.

Salt "*" grains.ls lists all grains project names salt "*app.*" grains.items lists all grains items as well as the value salt "*" Grans.item serialnumber View the SN Code of the server (its him, etc.)

Grains information is not dynamic and does not change in real time, it is only collected at minion startup

We can do some configuration management work according to some information collected by grains.

On the Minion:

Vim/etc/salt/grainsrole:nginxenv:test

Restart

Service Salt-minion Restart

Get Grians:

Salt "*" Grains.item role env

Or:

Salt-g "*" Role:nginx Cmd.run "hostname" Salt ' * ' Grains.items

(although it is very useful, but rarely used, but also use pillar)

Pillar

(Records the information on the service side)

Pillar (defined on master)

(Yaml syntax)

Find pillar file in config file path: Create a directory

Mkdir/export/salt/pillar

To define a file within a directory:

Vim top.slsbase: "*":-Test

Vim Test.slsconf:xiang

And then

Refresh pillar:

Salt ' * ' saltutil.refresh_pillar

Verify:

Salt ' * ' Pillar.items conf

Or:

Salt-i ' Conf:xiang ' test.ping

Saltstack Python Two-time development (1)