Saltstack is an open source automation deployment and management tool written in Python with good extensibility and excellent execution efficiency, simple configuration, can work on multiple platforms, and is often described as a Func-enhanced version of +puppet Lite.
SALTSATCK Advantages: First, fast, based on the message queue + thread, run a number of devices, are millisecond level; second, very flexible, the source code is python, easy to understand and customize the module; Finally, the command is simple and powerful.
Foreword: In a long time ago, only a few hosts of course do not need any automatic paste tools, but with the cost of hardware more and more inexpensive today, casually good dozens of servers, by hand is not uncertain, but repeated repeatedly not too much technology operation will be crazy, So it is necessary to choose a batch operation of the deployment of automation tools, such as pupet,ansible,rundeck,faric tools, such as a few, due to the level of limited, temporarily saltstack a little bit, a simple summary of basic concepts, operations and so on.
Reference Environment centos6.5
Installation:
Copy the Code code as follows:
RPM-UVH http://mirror.pnl.gov/epel/6/x86_64/epel-release-6-8.noarch.rpm
The latest seems to be 2015.8.1, if you install with PIP.
master installation
Copy the Code code as follows:
Yum Install Salt-master-y
Chkconfig Salt-master on
Sed-i "s/# Interface:0.0.0.0/interface:masterip address/"/etc/salt/master # # #绑定master端IP地址
Service Salt-master Start # # #启动salt-master
Minion installation
Copy the Code code as follows:
Yum Install Salt-minion–y
Chkconfig salt-minion on
Sed-i "s/#master: Salt/master:masterip address/"/etc/salt/minion # # #传入Master端IP地址
Service salt-minion Start # # #启动salt-minion
If you turn on the firewall, you need to configure the firewall, refer to Https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html#iptables
Copy the Code code as follows:
# Allow Minions from these networks
-I input-s 10.1.2.0/24-p tcp-m multiport--dports 4505,4506-j ACCEPT
-I input-s 10.1.3.0/24-p tcp-m multiport--dports 4505,4506-j ACCEPT
# allow Salt to communicate with Master on the loopback interface
-A input-i lo-p tcp-m multiport--dports 4505,4506-j ACCEPT
# Reject everything Else
-A input-p tcp-m multiport--dports 4505,4506-j REJECT
After the master,minion is started, the Minion end will go to master here to apply for certification
Master execution:
Copy the Code code as follows:
Salt-key–l # #列出所有认证的客户端
Accepted Keys: (accepted)
Minion-id-1
Denied Keys: (not allowed)
unaccepted Keys: (not accepted)
Minion-id-2
Rejected Keys: (rejected)
# salt-key–a # #接受所有
Each minion client has a minion_id that is the above minion-id-1 Minion-id-2 is the client's minion_id by default is to obtain the host name of the client, and Minion-id is not repeatable!!!
Note: If changes are required to modify the/ETC/SALT/MINION_ID profile on the client, this file will only be generated after Salt-minion is started
Salt-key Common Commands
Copy the Code code as follows:
Salt-key–a Accept a client request
Salt-key–a Accept all client requests
Salt-key–d Deleting a single client
Salt-key–d Delete all clients
Note: After deletion, if re-authentication is required, restart the client
Salt configuration file
Two important configuration parameters are File_roots (the directory that defines the environment), Nodegroups (defining the Group)
Main profile on/etc/salt/master (master side)
/etc/salt/minion (Minion End)
Note: The master-side profile defaults to loading all/etc/salt/master.d/(this directory does not exist by default, You need to create your own) in the directory of all the configuration files ending in. conf, in order to be easier to read, I will all the custom parameters of each single create a configuration file, such as environment variables, can be set up separately production, testing, development environment, in the next is the host application level classification, according to the specific environment, specific settings.
Copy the Code code as follows:
/etc/salt/master.d/env.conf
File_roots:
Base
-/data/salt/base
-/data/salt/base/sls
Apache:
-/data/salt/apache
-/data/salt/apache/confsls
Nginx:
-/data/salt/tomcat
-/data/salt/nginx/confsls
Mysql:
-/data/salt/mysql
As described in the above configuration, a total of four environments are defined, namely Base,apache,nginx,mysql, etc., the role of environmental variables in the following will be said, mainly with the SLS file use
Different environments of the SLS configuration files are placed in the corresponding directory, such as the base environment SLS files can be placed in the/data/salt/base can also be placed in the/data/salt/base/sls, where the SLS file is what will be said in the back
Next, configure all Minion grouping information, define the group name according to the usage or different IP classification information
Copy the Code code as follows:
/etc/salt/master.d/groups.conf
Nodegroups:
Redis: ' redis* '
MySQL: ' mysql* '
Apache: ' tomcat* not apache-[1][3-4] '
Nottom: ' * not tomcat* '
A total of four groups are defined above
Note: Note that the above format, salt almost all of the configuration file followed by two spaces for a progressive way (that is, the file_root below the empty two is its parameter, two of its parameters below the null and void the parameters of its parameters, the following write configuration file will be more comprehensive introduction), and can not use the TAB key to complete the!!!
Salt Common commands:
Salt syntax
Salt [client ID, or target] [module name, such as State,cmd. Actually all salt modules] [action]
The first salt command that touches the saltstack must be test.ping, which is used primarily to detect the client's surviving state
Note: Commonly used two modules are mainly state,cmd two modules, the corresponding function is the state (status, in the following will be described in detail, what is the state), as well as cmd (remote execution, and the method used in this module is generally cmd.run)
First introduce target, target, or client ID matching method.
Copy the Code code as follows:
[root@master~]# Salt \* test.ping
Minion-1:
True
Minion-2:
True
Minion-3:
True
Minion-4:
True
True indicates normal, no response of course means that the client does not start or no authentication is successful.
There are five main ways to specify goals
One: Global, the salt default matching method, can identify the common wildcard characters of the terminal, such as * on behalf of all
For example, salt ' * ' test.ping
Second: Lists, list, need-L specify.
For example, Salt-l ' Foo,bar ' test.ping where Foo,bar is complete minion_id
Three: Regular expression, need-e specified.
For example, Salt-e ' pre[1-7] ' test.ping will match pre1,pre2. Pre7, and matching to the left and right minion_id inside contains 1-7, such as Pre-11,pre7 will also match to, if only match 1-7 can use the reference below
For example, salt-e ^pre[1-7]$ test.ping or salt pre[1-7] test.ping
Four: Mixed mode, need-C specified. It can have both regular expressions and lists, etc.
Salt-c "apache* or e@ngin*" test.ping matches all Tomcat starts, or Mon
Five: Group, need-N to specify, where the group name is the configuration information configured in the above/etc/salt/master.d/groups.conf file.
For example, Salt-n Apache test.ping
Then the module, mainly introduces the STATE,CMD,CP module
Note: To understand the function of a module or specific parameters can be
Salt \* sys.doc [module name, such as CMD]
That is, the salt \* sys.doc cmd lists the relevant actions and examples.
remote command execution
Remote command execution is probably the most common operation, such as getting all Minion IP addresses, viewing files in the same directory, adding an environment variable to the/etc/profile file, and refreshing environment variables, and so on.
CMD module
The main use of this module of the Run method, namely Cmd.run
Use the following method,
Salt \* cmd.run ' ls/root '
As shown above, select all the client, Master End with the Cmd.run module, the "Inside of the ' ls/root ' command is all distributed, where the single quotation mark" can also be used in double quotation marks "" Instead, the function of the quotation marks is to pass the quoted command to Salt-master, The master is then distributed to all minion execution, and the above command lists all files in the Minion-side/root Directory
Note: The command inside the quotation marks is no different from the command on any machine, the only difference is that the salt executes the command by default SH, and our usual shell is bash, for example, LL is ls–l alias in bash, and SH is not a ll alias, So the command inside the quotation marks will prompt you to find the life if you use the LL command.
CMD has several useful parameters that can be highlighted in the
CWD defines the directory in which the command resides, that is, the working directory, in which directory the operation is performed
Such as:
Copy the Code code as follows:
Salt \* cmd.run cwd=/opt ' pwd '
Minion-id-1:
/opt
runas, which defines the user who executes this command, and which user to use to execute the command
Such as:
Copy the Code code as follows:
Salt \* cmd.run runas=nobody ' Touch/tmp/file '
Then go to the client will find that in the/tmp/directory has a file, the owner is nobody
And then it's the state module.
A few of the main methods used are SLS,HIGHSTATE,SHOW_SLS
The first thing you need to know about the state module is the SLS file.
SLS file ends with a. SLS, placed under the specified environment directory, that is referred to as/DATA/SALT/BASE/DATA/SALT/BASE/SLS or/DATA/SALT/APACHE/SLS directories
Note: If there are two identical SLS files under these two directories, then the first environment directory will be file_root configured, i.e.
such as the environment:
Base
Copy the Code code as follows:
/data/salt/base
/data/salt/base/sls
Will execute the SLS file in/data/salt/base as it is in the previous line
The SLS file has the following basic format:
Example One
Copy the Code code as follows:
/TMP/TTT20:
File.managed:
-SOURCE:SALT://FILES/TST
-mode:700
-Backup:minion
-Makedirs:true
Example Two
Copy the Code code as follows:
Testfile:
File.managed:
-Name:/tmp/ttt20
-SOURCE:SALT://FILES/TST
-mode:700
-Backup:minion
-Makedirs:true
As shown above, in fact, example one and example two is achieved the same effect, but the wording is not the same
Like example one, because there is no-name:/tmp/ttt20 So, it will go to the first line of the identity as name
, and the testfile of example two can be named arbitrarily, as long as it is not the same as other identifiers in the file.
The above example achieves the function of copying the/SRV/SALT/FILES/TST file to the client's/tmp/ttt20 location, replacing it if it exists, and if it is already present and the same as prompting the is correct state, that is already the correct status.
And then there's Top.sls.
In each separate salt environment there is only one Top.sls file, which is the entry file for the environment, which records the SLS file corresponding to the target host.
Such as:
Base
Minion-id-1:
-Test1
-Test2
Minion-id-2:
-Test1
-Test3
Taking Tomcat-1 as an example
It matches the
-Test1
-Test2
It's a total of 2 SLS profiles that match the Test11.sls,test2.sls file in that environment
So when executing the state module, it retrieves the corresponding configuration files and executes the contents of the configuration file.
Note: In the preceding mentioned, these parameters in front of the space can not be filled with the TAB key or less write, otherwise it will be error, and if the configuration file is Xxxx.sls in the call this configuration file when only write xxxx, that is, its file name, no suffix
Taking Test1 as an example
Copy the Code code as follows:
/tmp/testfile.txt:
File.managed:
-Source:salt://test.txt
-mode:700
-User:root
-mode:644
-Makedirs:true
The function is to call the file module, Salt://test.txt (where salt://for the environment's File_root directory, that is/data/salt/base) with the target/tmp/testfile.txt file, such as inconsistencies are updated.
And the owner of this file is the root mask code of 644, if the target file directory does not exist, create
Now go back to the Highstate,sls,show_sls method
Do the following
Copy the Code code as follows:
Salt \* STATE.SLS Test
Salt \* state.highstate
Salt \* STATE.SHOW_SLS Test
The above meaning is in turn
1. Find the Test.sls file and execute it in the current environment
2. Match the current environment of the Top.sls file with all SLS files and execute
3. View the execution content of the current environment Test.sls file, but not on the client.
Note: In particular, the above mentioned is in the current environment, by default, salt will only find the implementation of the base environment of the SLS files, do not perform other environment configuration files, so in different environments, you need to specify the configuration environment to perform, such as Apache environment, Just execute the Apache SLS file, you need to declare Saltenv=apache, as follows
Copy the Code code as follows:
Salt \* STATE.SLS Test Saltenv=apache
Salt \* state.highstate Saltenv=apache
Salt \* STATE.SHOW_SLS Test Saltenv=apache