Saltstack Save the results of execution to MySQL for command security audits
MySQL is responsible for storing data, Mysql-python is responsible for collecting data
Master needs to install MySQL and mysql-python,minion-side installation Mysql-python
System environment
CentOS Linux Release 7.4
Master 10.0.0.111
Minion 10.0.0.112
1, Master side operation:
Reference URL: https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html
Reference Blog: https://www.cnblogs.com/zzzhfo/p/5867771.html
1.1. Install MySQL
Wget-i-C http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpmyum-y Install Mysql57-community-release-el7-10.noarch.rpmyum-y Install mysql-server mysql-python# launch Mysqlsystemctl start Mysqld.servicesystemctl Enable MYSQLD.SERVICESYSTEMCTL status mysqld.service# modify MySQL password [[email protected] ~]# grep " Password "/var/log/mysqld.log
Set global Validate_password_policy=0;set global validate_password_length=1; ALTER USER ' root ' @ ' localhost ' identified by ' 123456 ';
#修改完密码后再依次输入以下内容:
##########################################################
DATABASE 'salt' utf8_general_ci;
##########################################################
'salt';
##########################################################
DROPTABLEIFEXISTS`Jids`;CREATETABLE`Jids`(`Jid`varchar(255)NotNull,'load' mediumtext not NULL, UNIQUE KEY 'jid' ('Jid ') ENGINE=InnoDB DEFAULT CHARSET=UTF8; CREATE INDEX jid on jids(jid) USING BTREE;
############################################################
DROPTABLEIFEXISTS`Salt_returns`;CREATETABLE`Salt_returns`(`Fun`varchar(50)NotNull,`Jid`varchar(255)NotNull,`Return`MediumtextNotNull,`Id`varchar(255)NotNull,`Success`varchar(10)NotNull,`Full_ret`MediumtextNotNull,`Alter_time`TIMESTAMPDEFAULTcurrent_timestampkey ' id ' ( ' id ' key ' jid ' (jid ' ), key ' fun< Span class= "o" > ' ( ' fun ' ) ) engine=innodb default charset=utf8
############################################################
DROPTABLEIFEXISTS`Salt_events`;CREATETABLE`Salt_events`(`Id`BIGINTNotNullAuto_increment,`Tag`varchar(255)NotNull,`Data`MediumtextNotNull,`Alter_time`TIMESTAMPDEFAULTCurrent_timestamp,`master_id`varchar (255) not null,primary key ( ' id "), key tag ' ( ' tag ' ) ) engine=innodb DEFAULT charset=utf8 #############################################################
Grant all on salt.* to [email protected] '% ' Identified by ' 123456 ';
#以下是上边操作的
1.2. Test whether MySQL is set to complete
1.3. Modify Master master configuration file
[Email protected] ~]# vim/etc/salt/minionmysql.host: ' 10.0.0.111 ' mysql.user: ' Salt ' mysql.pass: ' 123456 ' mysql.db: ' Salt ' mysql.port:3306
#重启配置文件
Systemctl Restart Salt-minion
2, the Minion side modification content as follows:
Yum-y install Mysql-python[[email protected] ~]# vim/etc/salt/minionmysql.host: ' 10.0.0.111 ' mysql.user: ' Salt ' Mysql.pass: ' 123456 ' mysql.db: ' Salt ' mysql.port:3306# restart Minion service systemctl restart Salt-minion
Total test:
[[email protected] ~]# Salt ' * ' test.ping--return MySQL
[[email protected] ~]# Salt ' * ' cmd.run ' df-h '--return MySQL
In the master MySQL Service view:
[Email protected] ~]# mysql-uroot-penter password:mysql> use salt; Reading table information for completion of table and column namesyou can turn off this feature to get a quicker startup W Ith-adatabase changedmysql> mysql> select * from Salt_returns\g;
Method 2
Master side installation Mysql-python and mysql-serverminion do not need to install the Mysql-python package
The procedure is slightly (same as the hair one) [[email protected]/]# Vim/etc/salt/master append the following master_job_cache:mysql #每次执行不加--return MySQL by the master side Writing the returned data to the database does not require Minion restart service [[email protected]/]#/etc/init.d/salt-master restart test: [[email protected]/]# Salt ' Salt-minion ' Test.pingsalt-minion:true
[[email protected]/]# Salt ' salt-minion ' cmd.run ' df-h ' salt-minion:filesystem Size used Avail use% mounted on /dev/sda3 18G 935M 16G 6%/tmpfs 495M 12K 495M 1%/dev/shm/dev/sda1 194M 27M 158M 15%/boot
[email protected]/]# mysql-u salt-p-H 192.168.161.131Enter password:mysql> use salt; Reading table information for completion of table and column namesyou can turn off this feature to get a quicker startup W Ith-adatabase changedmysql> SELECT * from salt_returns;+-----------+----------------------+--------------------- --------------------------------------------------------------------------------------------------------------- ------------------------------------------------------+-------------+---------+-------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- ---------------+---------------------+| Fun | Jid | Return | ID | Success | Full_ret | Alter_time |+-----------+----------------------+--------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- ------------+-------------+---------+-------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------+---------------- -----+| test.ping | 20160826200517605155 | True | salt-minion | 1 | {"Fun_args": [], "Jid": "20160826200517605155", "return": True, "Retcode": 0, "Success": true, "fun": "Test.ping", "id": " Salt-minion "} | 2016-08-26 20:05:17 | | test.ping | 20160826202029989457 | True | salt-minion | 1 | {"Fun_args": [], "Jid": "20160826202029989457", "return": True, "Retcode": 0, "Success": true, "cmd": "_return", "_stamp": "2016-08-26t12:20:30.138166", "Fun": "Test.ping", "id": "salt-minion"} | 2016-08-26 20:20:30 | | Cmd.run | 20160826202045948708 | "Filesystem Size used Avail use% mounted On\n/dev/sda3 18G 935M 16G 6%/\ntmpfs 495M 12K 49 5M 1%/dev/shm\n/dev/sda1 194M 27M 158M 15%/boot "| salt-minion | 1 | {"Fun_args": ["Df-h"], "Jid": "20160826202045948708", "return": "Filesystem Size used Avail use% mounted on\n/dev/s Da3 18G 935M 16G 6%/\ntmpfs 495M 12K 495M 1%/dev/shm\n/dev/sda1 194M 27M 158M 15%/boot "," Retcode ": 0," Success ": true," cmd ":" _return "," _stamp ":" 2016-08-26t12:20:45.984974 "," Fun ": "Cmd.run", "id": "Salt-minion"} | 2016-08-26 20:20:46 |+-----------+----------------------+------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------+-------------+---------+------------------------------------------------------------------ --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------+------------------ ---+3 rows in Set (0.00 sec)
saltstack-Store execution results inside the MySQL service