Saltstack Quick Start # Personal sorting
Getting started using pip
Because Salt has already entered PyPI, pip can be used for installation, although most users prefer RPMs (which can be installed from EPEL ). Installing from pip is simple:
pip install salt
Warning if you install from pip (or use Setup. pyinstallFrom the source code), pay attention Yum-utilsIt is depended on by Salt and used to manage software packages. Similarly, if Python dependencies are not installed, you need to install additional libraries/tools to build some dependencies. More information
Here. Install from EPEL
Starting from version 0.9.4, Salt is available in EPEL. Use yum to install it. Salt can be used in all mainstream RHEL-based releases, including CentOS, Scientific Linux, Oracle Linux, and Amazon Linux. Report any bugs or issues in issue tracker.
On RHEL6, The Jinja package 'python-jinja2' is moved from EPEL to "RHEL Server Option Channel". When installing salt on RHEL6, make sure that the repository is in the enabled state.
1. Enable EPEL in RHEL
In your system, if the current EPEL is not in the enabled status, you can use the following command to enable it.
For RHEL 5:
rpm -Uvh http://mirror.pnl.gov/epel/5/i386/epel-release-5-4.noarch.rpm
For RHEL 6:
rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm
2. Install stable Edition
The master and minion packages of Salt are separated. The machine only needs to install the corresponding package to run. Generally, there will be one master and multiple minions.
On salt-master, run:
yum install salt-master
On salt-minion, run:
yum install salt-minion
3. Slave Epel-testingInstall
When a new version of Salt is packagedEpel-testingRepository, which will be moved to stable repo in the future.
ToEpel-testingInstall and use yumEnablerepoParameters:
yum --enablerepo=epel-testing install salt-minion
Simple configuration
Master
Configure Automatic master startup:
chkconfig salt-master on
Start Master:
service salt-master start
Minion
Configure Minion to automatically start upon startup:
chkconfig salt-minion on
Start Minion:
service salt-minion start
==========
Salt Minion only needs to know one piece of information to run. The Master's network location
By default, minion will look for DNS resolutionSaltAs a master, the simplest way is to build an internal DNSSaltResolved to the Salt Master IP address.
Otherwise, you must edit the minion configuration file.MasterOption pointing to the DNS name or IP address of the Salt Master:
The default configuration file path of the annotation is located in/etc/salt. Most platforms follow this Convention, but platforms like FreeBSD and Microsoft Windows place this file in different paths.
/Etc/salt/minion:
master: saltmaster.example.com
Now you can find the master, and start minion in the same way as the master; Use the init system of the platform or directly use the command line.
Run in daemon mode
salt-minion -d
Run in debug mode on the foreground
salt-minion -l debug
When minion is started, it will generateIdValue, unless it has been generated during the previous running process and cached in the configuration path, the default value is/Etc/salt. Minion uses this value as the name to try to go to the master for verification. Try the following steps to findLocalhostValue:
Run the Python function "socket. getfqdn () "check"/etc/hostname "(for non-Windows systems only)"/etc/hosts "(" % WINDIR % system32driversetchosts "on Windows hosts ") all host names, including "127.0.0.0/8.
If no id except "localhost" is generated, the IP address list on minion is checked in sequence (excluding "127.0.0.0/8 ). If yes, the first public IP address is used. Otherwise, the first private IP address is used.
If all of these failures occur, "localhost" will be used as an alternative.
Annotation
Overwrite the "id" Value
The minion id can also be manually specified through the conf_minion: 'id' option in the minion configuration file. If this configuration value is specified, it overwrites the "id" value of all other sources.
Now that minion is running, it will generate a key pair and try to connect to the master. The next step is to fold back the master server to accept the new minion public key.
Use salt-key
Salt encrypts and authenticates minions through the public key. To allow minion to receive commands from the master, the minions key must be accepted by the master.
Salt-keyIt is used to manage all the keys on the master. List keys on the master:
salt-key -L
The keys that have been rejected, accepted, and pending acceptance are listed. The easiest way to accept the minion key is to accept all pending keys:
salt-key -A
Annotation
Keys shoshould be verified! The secure thing to do before accepting a key isto runSalt-key-f minion-idTo print the fingerprint of the minion 'spublic key. This fingerprint can then be compared against the fingerprintgenerated on the minion.
On the master:
# salt-key -f foo.domain.comUnaccepted Keys:foo.domain.com: 39:f9:e4:8a:aa:74:8d:52:1a:ec:92:03:82:09:c8:f9
On the minion:
# salt-call key.finger --locallocal: 39:f9:e4:8a:aa:74:8d:52:1a:ec:92:03:82:09:c8:f9
If they match, approve the key Salt-key-a foo.domain.com.
Test
Now minion has been connected to the master and has passed authentication. The master can send commands to minion.
The Salt command allows you to execute a large number of function libraries, and can be executed for special minions and minions groups.
SaltCommands include Command Options, target descriptions, functions to be executed, and function parameters.
A simple entry-level command looks like this:
salt '*' test.ping
*Is the target of all minions.
Test. pingTell minon to runTest. pingFunction.
In the caseTest. ping,TestRefers toExecution module.PingRefers toPingFunction contained in the aforementionedTestModule.
Annotation Execution modules are the workhorses of Salt. They do the work on thesystem to perform varous tasks, such as manipulating files and restartingservices.
The result of running this command is that the master instructs all minions to execute in parallel.Test. pingAnd return results.
This is not a real ICMP ping, but a simple function to returnTrue. UseTest. pingIs a good way to confirm whether a minion connection is normal.
Note that each minion registers itself with a unique minion ID, but you can also use IdOptions.
Of course, there are hundreds of other modules that can be called justTest. pingCan. For example, the following wocould return disk usage on alltargeted minions:
salt '*' disk.usage
Function
Http://docs.saltstack.cn/zh_CN/latest/topics/tutorials/walkthrough.html
Function Overview
Salt has a huge function library for execution, and the Salt function is described in the documentation. RunSys.docFunctions can be used to view which functions are available:
salt '*' sys.doc
This will display a very large list of available functions and function documentation.
The annotation module document can also be
OnlineView.
These functions cover everything from shell commands to package management to database server operations. They contain powerful System Management APIs, which are the core of Salt configuration management and many others.
Note Salt has many plug-in systems. These functions are available through the "salt" command of 'execution module. Understand some helpful Functions
The 'cmd' module contains functions that execute shell commands on minions, such as the 'COMMAND. run 'module. 'And module' cmd. run_all ':
salt '*' cmd.run 'ls -l /etc'
PkgThe function automatically maps the local system Package Manager to the same salt function. This meansPkg. installOn the Red Hat-based systemYumIn DebianAptAnd so on.
salt '*' pkg.install vim
Note that some custom Linux and derivative versions of other releases may not be correctly detected by Salt. If the preceding command returns Pkg. installIs not available error message, you may need to override pkg provider. This process is
HereFor details.
Module function 'network. interfaces 'All interfaces on minion, as well as their IP addresses, subnet masks, and MAC addresses are listed:
salt '*' network.interfaces
Changing the Output Format
The default output format used for most Salt commands is calledNestedOutputter, but there are several other outputters that can be used to changethe way the output is displayed. For instance,PprintOutputter can beused to display the return data using Python'sPprintModule:
root@saltmaster:~# salt myminion grains.item pythonpath --out=pprint{'myminion': {'pythonpath': ['/usr/lib64/python2.7', '/usr/lib/python2.7/plat-linux2', '/usr/lib64/python2.7/lib-tk', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/site-packages', '/usr/lib/python2.7/site-packages/gst-0.10', '/usr/lib/python2.7/site-packages/gtk-2.0']}}
The full list of Salt outputters, as well as example output, can be foundHere.
Salt-call
The examples so far have described running commands from the Master usingSaltCommand, but when troubleshooting it can be more beneficial to loginto the minion directly and useSalt-call.
Doing so allows you to see the minion log messages specific to the command youare running (which areNotPart of the return data you see when running thecommand from the Master usingSalt), Making it unnecessary to tail theminion log. More information onSalt-callAnd how to use it can be foundHere.
Grains are loaded when minion is started and will not change during running, so it is static data. Grains contains information such as the running kernel version and operating system.
Salt uses a system called: doc: 'grains <../targeting/Grains> 'to create static data about minions. This data contains information about the operating system status and CPU architecture. The grains system runs through Salt to send platform data to many components and users.
Grains can also be statically set, this makes it easy to assign values tominions for grouping and managing.
A common practice is to assign grains to minions to specify what the role orroles a minion might be. These static grains can be set in the minionconfiguration file or viaGrains. setvalFunction.
Targeting
Salt allows for minions to be targeted based on a wide range of criteria. Thedefault targeting system uses globular expressions to match minions, hence ifthere are minions namedLarry1,Larry2,Curly1, AndCurly2, AglobLarry *Will matchLarry1AndLarry2, And a glob* 1Will matchLarry1AndCurly1.
In addition to wildcards, many other target systems are available:
Regular Expression
-
Target of the regular expression using the PCRE Engine
-
Grains are loaded when minion is started and will not change during running, so it is static data. Grains contains information such as the running kernel version and operating system.
-
Target Based on grains data:Targeting with Grains
-
Pilar
-
Goals based on pilar data:Targeting with Pillar
-
IP
-
Target Based on IP Address/subnet/range
-
Miscellaneous
-
Create a logical target rule based on multiple targets:Targeting with Compound
-
Node group
-
Node group objectives:Targeting with Nodegroup
The concept of a target can be used not only on the Salt command line, but also in many other regions, including the state system and the system for ACLs and user permissions.
PASS Parameters
Many functions can receive parameters through the command line:
salt '*' pkg.install vim
In this example, parameters are passed.VimTo the pkg. install function. Because many functions can only accept more complex input through a string, the passed parameters are parsed through YAML, allowing more complex data to be sent through the command line:
salt '*' test.echo 'foo: bar'
Generally, Salt translates the string 'foo: bar' into a dictionary "{'foo': 'bar '}"
Annotation
Any line that contains a linefeed will not be parsed using YAML.
-
-
Expand node Group Management
A node group is a standard statement that uses a composite object. The document of the compound object can be found here: doc:Here .
Nodegroups 'master configuration file parameters are used to define a node group. Here there is a pass'An example of configuring a node group in the/etc/salt/master ''configuration file:
nodegroups: group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com' group2: 'G@os:Debian and foo.domain.com'
Annotation
TheLWithin group1 is matching a list of minions, whileGIngroup2 is matching specific grains. SeeCompound matchersDocumentation for more details.
Pass-NThe parameter specifies the node group to run on the command line:
salt -N group1 test.ping
To match a nodegroup in your top file, make sure to put-Match: nodegroupOn the line directly following the nodegroup name.
base: group1: - match: nodegroup - webserver
Annotation
When adding or modifying nodegroups to a master configuration file, the master must be restartedfor those changes to be fully recognized.
A limited amount of functionality, such as targeting with-N from the command-line may beavailable without a restart.
Group syntax
The syntax keywords that can be used in nodegroup grouping are G, E, P, L, I, S, R, and D. the meanings and usage of the operators are shown in the following table:
-
-
In addition, boolean operations such as and, or, and not can be used for matching. Example:
To match all minion hostnames (minion id) Starting with webserv and running on Debian systems or minion hostnames (minion id) match the regular expression web-dc1-srv. *, you can use the following table: www.111cn.net
The Code is as follows: |
Copy code |
Salt-C 'webserv * and G @ OS: Debian or E @ web-dc1-srv. * 'test. ping |
Of course, you can also write this configuration in the grouping rules when grouping in advance. Top. sls can be used as follows:
The Code is as follows: |
Copy code |
Base: 'Webserv * and G @ OS: Debian or E @ web-dc1-srv .*': -Match: compound -Webserver |
-
-
Batch Size
The-B(Or-- Batch-size) Option allows commands to be executed on onlya specified number of minions at a time. Both percentages and finite numbers aresupported.
salt '*' -b 10 test.pingsalt -G 'os:RedHat' --batch-size 25% apache.signal restart
This will only run test. ping on 10 of the targeted minions at a time and thenrestart apache on 25% of the minions matchingOS: RedHatAt a time and workthrough them all until the task is complete. This makes jobs like rolling webserver restarts behind a load balancer or doing maintenance on BSD firewallsusing carp much easier with salt.
The batch system maintains a window of running minions, so, if there are atotal of 150 minions targeted and the batch size is 10, then the command issent to 10 minions, when one minion returns then the command is sent to oneadditional minion, so that the job is constantly running on 10 minions.
The default transmission root directory/srv/salt for file transfer. If the file does not exist, you need to manually wear it.
Cp. get_file is used to download files from the master to the client. Several parameters can be added, such as no folder, makedirs = True for creating the folder, and the compressed gzip parameter.
Syntax:
|
salt '*'cp.get_file salt://rr/etc/rr |
Get_url
Cp. get_url can be used to download files from a URL. The URL can be the path on msater (salt: //) or http URL.
|
salt '*'cp.get_url salt://my/file /tmp/mine salt '*'cp.get_url http://xiaorui.cc/good.txt /tmp/good.txt |
Distribute files through master
[root@cbs1 salt]# cd /srv/salt/[root@cbs1 salt]# mkdir test001[root@cbs1 salt]# cd test001/[root@cbs1 test001]# echo `date` > time.txt[root@cbs1 test001]# lstime.txt[root@cbs1 test001]# salt -N 'group2' cp.get_file salt://test001/time.txt /tmp/time.txtcbs2.test.com: /tmp/time.txtcbs3.test.com: /tmp/time.txt[root@cbs1 test001]# salt -N 'group2' cmd.run 'cat /tmp/time.txt'cbs3.test.com: Mon Apr 27 19:04:10 CST 2015cbs2.test.com: Mon Apr 27 19:04:10 CST 2015[root@cbs1 test001]# [root@cbs1 test001]#
-
-
-
Use minion to pull files
[root@cbs1 test001]# cat /etc/salt/master | grep file_recfile_recv: Ture#file_recv_max_size: 100[root@cbs1 test001]# /etc/init.d/salt-master restartStopping salt-master daemon: [ OK ]Starting salt-master daemon: [ OK ][root@cbs1 test001]# salt -N 'group2' cp.push /tmp/push.txtcbs3.test.com: Falsecbs2.test.com: True[root@cbs1 test001]# cat /var/cache/salt/master/minions/cbs2.test.com/files/tmp/push.txt test push[root@cbs1 test001]#