Saltstack from simple to introductory (i.)

First,saltstack Introduction

Saltstack is an open source automation deployment and management tool written in Python with good extensibility and excellent execution efficiency, simple configuration, can work on multiple platforms, and is often described as Func Plus + Puppet Lite version.

SALTSATCK Advantages: First, fast, based on the message queue + thread, run a number of devices, are millisecond level; second, very flexible, the source code is python, easy to understand and customize the module; Finally, the command is simple and powerful. For more information about Saltstack, please refer to the official website http://saltstack.com/.

Second,saltstack Installation

configuration Epel yum source, direct installation

#yum Install salt-master # Server

#yum Install salt-minion # Client

Third,Saltstack Configuration

Master Common configuration of the end:vim/etc/salt/master

interface:0.0.0.0 # bind IP address

publish_port:4505 #master and minion certified communication ports

user:root # user to start Master

ret_port:4506 #master used to send commands or receive Minions command to execute return information

auto_accept:true #master automatically receives key on the Minion side and verifies

File_recv : false # prohibit minion push files to master

file_roots: # Set The working environment of Master

pillar_roots: # set the directory where the pillar data is stored

peer: # defines permissions for minion execution functions

Start the service: Service Salt-master Start

Minion End-use configuration:vim/etc/salt/minion

master:master.test.com # defines the master side, which can be used with host name or IP address

User : Root #minion The running user

ID : identification of the #minion

Start the service: Service salt-minion Start

Four,salt master and minion end authentication:

Minion will automatically generate Minion.pem (private key), minion.pub (public key) at the first boot ,/etc/salt/pki/minion/, the minion.pub is then sent to master, and master receives the public key of minion by Salt-key Command acceptminion public key, so the/etc/salt/pki/master/minions in master Will hold the PublicKey named after the Minion ID, and Master will be able to send instructions to minion.

Master side:

#salt-key-l

It can be found that it is normal to receive the Minion end (minion.test.com) key; The automatic reception here originates from the auto_accept:true mentioned above . This parameter, which is opened, indicates that the server side of the salt is automatically received by the Minion .

basic commands for Salt-key:

salt-key–l # shows the status of all Minion -side keys on the current server side

salt-key-a hostname # Specifies the key to receive a minion

salt-key-a # receive all the minion under Unacceptedkeys

salt-key-d hostname # Remove the specified machine from the received machine Minionkey

salt-key-d # Delete all machines that have been received (Acceptedkeys:)

Verifying The communication between the server and minion

#salt "*" test.ping

where minion.test.com is the host name of the Minion side, if the ID is set,can be replaced with an ID ,test.ping is the Saltstack Authentication Communication command. At this point, theSalt Master side and the Minion end installation configuration is complete

v. Matching minion and custom user groups Nodegroup

The operation is performed on The master side, with a unique identifier for the minionid:minion. By default the Minion ID is the hostname (FQDN) of the Minion, you can specify the name of the Minion by ID and now describes how to match Minion, because only the correct match Minion, is the future batch management machine premise.

1, configure all the current minion

#salt "*" test.ping

which ' * ' is a match to the current Saltmaster received by all Minion clients

2.match The host starting with Minion

#salt "minion*" test.ping

3, matching the host in the range, such as Minion1 to minion24 host

#salt "minion[1-24]" test.ping

4.you can match the host by regular expression , you need to use the option -E

# salt-e "^m.*com$" test.ping

represents all minions that match start with M and end with com

5, specify a discrete host match, you need to use the option -L, separated by commas minions

#salt-L "master.test.com,minion.test.com" test.ping

6. Custom groups to match

To use a custom group for matching, you must define information about the group on the master side, and you must open the option on the master profile/etc/salt/master on the master side

Default_include:master.d/*.conf

To Edit a custom group configuration file /etc/salt/master.d/nodegroups.conf

The basic syntax is as follows

Nodegroups:

Custom group name:"[Email protected],minion2,minion3" #[email protected] represents the list of discrete hosts

......

View information about custom group Minion

#salt-N " Custom group Name "Test.ping

This article is from the "gushing" blog, please be sure to keep this source http://zxt19880421.blog.51cto.com/8743763/1626805

Saltstack from simple to introductory (i.)