Quick Start Saltstack

Source: Internet
Author: User
Tags ssl certificate saltstack

Guide Saltstack is a set of C/S architecture configuration management tools based on Python (features not only configuration management, such as using Salt-cloud to configure AWS EC2 instances), its underlying use ZEROMQ message queue pub/sub mode of communication, Authentication is managed using SSL certificate signing. The world's fastest Message Queuing ZEROMQ allows Saltstack to quickly perform various operations on thousands of machines.

And the use of RSA key method to confirm identity, transmission using AES encryption, which makes its security is guaranteed. Saltstack is often described as the Func-enhanced version of +puppet Lite.

Why Choose Saltstack?

At present, the mainstream open source automation configuration management tools in the market are puppet, chef, Ansible, Saltstack and so on. What's the best choice? Can be considered in the following aspects:

Choice of language (Puppet/chef vs ansible/saltstack)

Puppet, chef based on Ruby Development, Ansible, saltstack based on Python

DevOps development language is passionate about Python (two development later), excluding puppet, Chef

speed selection (ansible vs Saltstack)

Ansible transmits data based on the SSH protocol, Saltstack uses Message Queuing ZEROMQ to transmit data. Judging from the online data, Saltstack is about 40 times times faster than Ansible.

The disadvantage of contrast ansible,saltstack is the need to install the client. Select Saltstack For Speed recommendations

Saltstack GitHub Address: Https://github.com/saltstack/salt

Saltstack official Website Document address: https://docs.saltstack.com

Saltstack Architecture

In the Saltsstack architecture, the server is called Master, and the client is called Minion, which is run in the daemon mode, listening to the ret_port defined in the configuration file (the Saltstack client communicates with the server, and is responsible for receiving the results sent by the client. Default 4506 Port) and Publish_port (Saltstack message publishing system, default 4505 port) port. When the Minion runtime is automatically connected to the master address defined in the configuration file, the Ret_port port is connected for authentication.

    1. Master: Control Center, salt command Run, and resource state management
    2. Minion: Client machines that need to be managed will proactively connect to the Mater side and get the resource status from the master side
    3. Information, synchronizing resource management information
    4. States: Configuration-managed instruction set
    5. Modules: The instruction module that is used in the command line and in the configuration file, can be run on the command line
    6. Grains:minion-side variables, static
    7. Pillar:minion-side variables, dynamic comparison of private variables, can be configured by the configuration file to achieve synchronization minions definition
    8. Highstate: Permanently added for the Minion end, read from the SLS profile. That is, the synchronization state configuration
    9. Salt_schedule: Client configuration is maintained automatically
saltstack Installation Configuration

The default is CentOS6 for example, with Yum installed, there are other installation methods, such as Pip, source code, Salt-bootstrap

Epel Source Configuration
RPM-IVH https://mirrors.tuna.tsinghua.edu.cn/epel/epel-release-latest-6.noarch.rpm
Install, configure the management side (master)
Yum-y Install Salt-masterservice salt-master start

Note: Requires iptables to turn on master Port 4505, 4506 Port

Install the managed side
Yum-y install salt-minionsed-i ' [email protected]#manster:. * @manster: [email protected] '/etc/salt/minion #master_ IPAddress for Management end Ipecho 10.252.137.141 >/etc/salt/minion_id #个人习惯使用IP, default hostname service salt-minion start 
Master and Minion certification

Minion automatically generates MINION.PEM (private key) and minion.pub (public) at the first boot,/etc/salt/pki/minion/(the path is set in/etc/salt/minion) Key), and then send the minion.pub to master. Master receives the public key of Minion and accepts Minion public key through the Salt-key command, so the/etc/salt/pki/master/in master Minions will hold the public key named after the Minion ID, and master will be able to send instructions to minion.
The authentication commands are as follows:

[Email protected] ~]# salt-key-l    #查看当前证书签证情况Accepted keys:unaccepted keys:10.252.137.141rejected keys:[[email Protected] ~]# salt-key-a-y   #同意签证所有没有接受的签证情况The following keys is going to be accepted:unaccepted keys:10.252.137.1 41Key for Minion 10.252.137.141 accepted. [Email protected] ~]# salt-key-laccepted keys:10.252.137.141unaccepted keys:rejected Keys:
saltstack Remote Execution
[[email protected] ~]# Salt ' * ' test.ping10.252.137.141:true[[email protected] ~]# Salt ' * ' cmd.run ' ls-al ' 10.252.137.141 : Total 40drwx------  4 root root 4096 Sep  7 15:01 drwxr-xr-x root root 4096 Sep  3 22:10. -RW-------  1 root root  501 Sep  7 14:49. bash_history-rw-r--r--  1 root root 3106 Feb  . bashrcdr WX------  2 root root 4096 Jan  . cachedrwxr-xr-x  2 root root 4096 Apr 13:57. pip-rw-r--r--  1 ro OT root  . profile-rw-r--r--  1 root root:   13:57 pydistutils.cfg-rw------- c16/>1 root root 4256 Sep  7 15:01. Viminfo

The format of the Salt Execution command is as follows:

Salt "  [arguments]

Target: The destination of the salt command, you can use regular expressions

Function: Method, provided by module

Parameters of the Arguments:function

Target can be the following:

1. Regular expressions

Salt-e ' minion* ' test.ping  #主机名以Minion开通

2. List matching

Salt-l Minion,minion1 test.ping

3. Grians Matching

Salt-g ' Os:centos ' test.ping

The Os:centos (default) is the grains key-value pair, and the data is stored in Yaml on Minion, which can be edited directly in/ETC/SALT/GRAINS,YAML format on the Minion side. Or, perform a salt ' * ' grains.setval key "{' Sub-key ': ' Val ', ' Sub-key2 ': ' Val2 '} ' in the master side, specific document (command Salt * sys.doc Grains View document)

4. Group Matching

Salt-n groups Test.ping

For example, in master new/etc/salt/master.d/nodegroups.conf, YAML format

5. Composite matching

Salt-c ' [email protected]:centos or [email protected] ' test.ping

6. Pillar Value Matching

Salt-i ' Key:value ' test.ping

/etc/salt/master setting pillar_roots, data is saved in Yaml on master

7. CIDR Matching

Salt-s ' 10.252.137.0/24 ' test.ping

10.252.137.0/24 is a specified CIDR segment

function is the method provided by the module

You can see all of the function by using the following command:
Salt ' 10.252.137.141 ' sys.doc cmd

function can accept parameters:

Salt ' 10.252.137.141 ' cmd.run ' uname-a '

and Support keyword parameters:

Switch to/directory on all minion to run the uname-a command with the salt user. Salt ' 10.252.137.141 ' cmd.run ' uname-a ' cwd=/user=salt
saltstack Configuration Management states File

The core of salt states is the SLS file, which uses YAML syntax to define some k/v data.

The SLS file Store root path is defined in the master configuration file, which defaults to/srv/salt, which does not exist on the operating system and needs to be created manually.

You can use salt://instead of root paths in salt, for example, you can access/srv/salt/top.sls through SALT://TOP.SLS.

The top file in states is also defined by the master configuration file, which defaults to Top.sls, which is the states portal file.

A simple SLS file is as follows:

apache:pkg.installed service.running   -require:     -Pkg:apache

Description: This SLS data ensures that the package called "Apache" is installed and that the "Apache" service is running.

    • The first line, called the ID description (ID Declaration). The ID description indicates the name that can be manipulated.
    • The second and fourth lines are state Declaration, which use the PKG and service states, respectively. PKG State manages its management key packages through the system's package, service state management system Services (daemon). Underneath the PKG and service columns is the method of operation. Method defines what the package and service should do. Here is the package that should be installed and the service should be running.
    • Line six uses require. This method, known as the "must-directive" (requisite Statement), indicates that the Apache service is started only when the Apache package is successfully installed.

The state and method can be connected by dots, and the SLS file above has the same meaning as the following file.

apache:pkg.installed service.running   -require:     -Pkg:apache

Save the above SLS as INIT.SLS and place it in the Sal://apache directory with the following results:

/srv/salt├──apache│   └──init.sls└──top.sls

How does Top.sls define it?

There are three environments defined in the master configuration file, each of which can define multiple directories, but avoid conflicts, as follows:

# file_roots:#   base:#     -/srv/salt/#   dev:#     -/srv/salt/dev/services#     -/srv/salt/dev/states#   prod:#     -/srv/salt/prod/services#     -/srv/salt/prod/states

TOP.SLS can be defined like this:

Base:  ' * ':   -Apache

Description

First line, declaring using the base environment

The second line, define target, here is the match for all

The third line, which declares which states directories to use, salt looks for the Init.sls file under each directory.

run states

Once you have created states and modified Top.sls, you can execute the following command on master:

[[email protected] ~]# Salt ' * ' State.highstatesk2:----------State:-Pkgname:      httpdfunction:  installedresult :    truecomment: The   following packages were installed/updated:httpd. Changes:----------httpd:----------new:2.2.15-29.el6.centosold:----------State:-ServiceName:      httpdfunction:  Runningresult:    Truecomment:   Service httpd have been enabled, and is runningchanges:----------httpd: Truesummary------------succeeded:2failed:    0------------Total:     2

The above command will trigger all minion to download the Top.sls file from master and the States in it, then compile and execute. After execution, Minion will report summary information of the execution results to master.

Originally from: http://www.linuxprobe.com/saltstack-quick.html

Quick Start Saltstack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.