Saltstack Quick Start summary and saltstack Quick Start

Source: Internet
Author: User
Tags saltstack

Saltstack Quick Start summary and saltstack Quick Start

Saltstack is an open-source automated deployment and management tool written in python. It has good scalability and excellent execution efficiency, simple configuration, and can work on multiple platforms, it is often described as Func enhanced version + Puppet Lite version.

Saltsatck advantages: first, the speed is fast. Based on the message queue + thread, it is millisecond-level after running multiple devices. Second, it is very flexible. The source code is python, which is easy to understand and customize modules; finally, the command is simple and powerful.

A long time ago, when there were only a few hosts, there was no need for automatic pasting tools. However, as the hardware cost became lower and lower, dozens of servers were randomly deployed, manual operations are not unpredictable, but repeated operations without too many technical operations will make people crazy. Therefore, it is necessary to choose an automated tool that can be deployed in batches, such as Pupet and ansible, rundeck, faric, and other tools are quite a few. Due to the limited level, saltstack is a little slide for the time being, and basic concepts and operations are briefly summarized.

Centos6.5

Installation:

Copy codeThe Code is as follows:
Rpm-Uvh http://mirror.pnl.gov/epel/6/x86_64/epel-release-6-8.noarch.rpm

The latest version seems to be 2015.8.1. If pip is used for installation

Master Installation

Copy codeThe Code is as follows:
Yum install salt-master-y
Chkconfig salt-master on
Sed-I "s/# interface: 0.0.0.0/interface: MasterIP address/"/etc/salt/master ### bind the master IP Address
Service salt-master start ### start salt-master

Install Minion

Copy codeThe Code is as follows:
Yum install salt-minion-y
Chkconfig salt-minion on
Sed-I "s/# master: salt/master: MasterIP address/"/etc/salt/minion ### input the Master IP Address
Service salt-minion start ### start salt-minion

If you enable the firewall, You need to configure the firewall, refer to the https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html#iptables

Copy codeThe Code is as follows:
# Allow Minions from these networks
-I INPUT-s 10.1.2.0/24-p tcp-m multiport -- dports 255.5, 4506-j ACCEPT
-I INPUT-s 10.1.3.0/24-p tcp-m multiport -- dports 255.5, 4506-j ACCEPT
# Allow Salt to communicate with Master on the loopback interface
-A input-I lo-p tcp-m multiport -- dports limit 5, 4506-j ACCEPT
# Reject everything else
-A input-p tcp-m multiport -- dports limit 5, 4506-j REJECT

After the master and minion are started separately, the minion client will apply for authentication from the master.

Master execution:

Copy codeThe Code is as follows:
Salt-key-L # list all authenticated clients
Accepted Keys: (Accepted)
Minion-id-1
Denied Keys: (not allowed)
Unaccepted Keys: (unacceptable)
Minion-id-2
Rejected Keys: (Rejected)
# Salt-key-A # accept all

Each minion client has a minion_id, that is, the above minion-id-1 minion-id-2 is the client's minion_id. By default, the client's host name is obtained, the minion-id cannot be repeated !!!

Note: To modify the/etc/salt/minion_id configuration file on the client, this file is generated only after salt-minion is started.

Common commands for Salt-key

Copy codeThe Code is as follows:
Salt-key-a accepts a client request
Salt-key-A accepts all client requests
Salt-key-d delete a single client
Salt-key-D delete all clients

Note: after deletion, restart the client if you need to authenticate again.

Salt configuration file

Two important configuration parameters are file_roots (the directory that defines the environment) and nodegroups (the definition group)

The main configuration file is in/etc/salt/master (master)

/Etc/salt/minion (minion end)

Note: by default, the master configuration file loads all/etc/salt/master. d/(this directory does not exist by default and needs to be created by yourself. to make it easier to read the configuration file at the end of conf, I will create a configuration file for each of the custom parameters, such as environment variables, which can be set separately for production, test, and development environments, the next step is the application-level classification of the host, which is set according to the specific environment.

Copy codeThe Code is as follows:
/Etc/salt/master. d/env. conf
File_roots:
Base:
-/Data/salt/base
-/Data/salt/base/sls
Apache:
-/Data/salt/apache
-/Data/salt/apache/confsls
Nginx:
-/Data/salt/tomcat
-/Data/salt/nginx/confsls
Mysql:
-/Data/salt/mysql

As described in the above configuration, a total of four environments are defined: base, apache, nginx, mysql, etc. The role of environment variables will be described below, mainly used with sls files

The directories of sls configuration files in different environments are placed in the corresponding directories, such as the sls files in the base environment, either/data/salt/base or/data/salt/base/sls. What is the sls file?

Next, configure the group information of all minion, and define the group names based on the classification information such as the purpose or different ip addresses.

Copy codeThe Code is as follows:
/Etc/salt/master. d/groups. conf
Nodegroups:
Redis: 'redis *'
Mysql: 'mysql *'
Apache: 'tomcat * not apache-[1] [3-4]'
Nottom: '* not tomcat *'

As mentioned above, four groups are defined.

Note: In the preceding format, almost all configuration files in salt follow two spaces as one progressive mode (that is, the two empty under file_root are their parameters, 2. the parameter is a parameter with two spaces below the parameter, and the configuration file will be described in a more comprehensive manner later), and The tab key cannot be used to complete it !!!

Common commands for Salt:

Salt syntax

Salt [Client id, that is, the target] [Module name, such as state and cmd. Actually all are salt modules] [actions]

The first salt command connecting to saltstack must be test. ping, which is mainly used to detect the survival status of the client.

Note: The two commonly used modules are state and cmd. The corresponding functions are state and cmd, the general method to use this module is cmd. run)

First, we will introduce the matching method of target, target, or client id.

Copy codeThe Code is as follows:
[Root @ master ~] # Salt \ * test. ping
Minion-1:
True
Minion-2:
True
Minion-3:
True
Minion-4:
True

True indicates that the client is not started or the client is not authenticated.

There are five methods to specify a target:

1. Global, that is, the default matching method of salt, can recognize common wildcards of terminals. For example, * represents all

For example, salt '*' test. ping

Ii. List: List, which must be specified by-L.

For example, salt-L 'foo, bar 'test. ping, where foo, bar is the complete minion_id

3. Regular Expression, which must be specified by-E.

For example, salt-E 'pre [1-7] 'test. ping matches pre1, pre2 .. pre7, and match to the left and right minion_id contains 1-7, such as pre-11, pre7 will also match, if only match 1-7 can be used as a reference below

For example, salt-E ^ pre [1-7] $ test. ping or salt pre [1-7] test. ping

4. hybrid mode, which must be specified by-C. There can be both regular expressions and lists.

Salt-C "apache * or E @ ngin *" test. ping matches

5. Group, which must be specified by-N. The group name is the configuration information configured in the/etc/salt/master. d/groups. conf file above.

For example, salt-N apache test. ping

Next we will introduce the state, cmd, and cp modules.

Note: If you want to know the functions or specific parameters of a module, you can

Salt \ * sys.doc [Module name, such as cmd]

That is, salt \ * sys.doc cmd will list related operations and examples.

Remote Command Execution

Remote Command Execution is probably the most common operation. For example, you can obtain the IP addresses of all minion terminals and view files in the same directory, add an environment variable to the/etc/profile file and refresh the environment variable.

Cmd Module

It mainly uses the run method of this module, that is, cmd. run.

The usage is as follows,

Salt \ * cmd. run 'ls/root'

As shown above, all clients are selected, and the master uses cmd. run module, distribute all the 'ls/root' commands in '', where single quotation marks can also be replaced by double quotation marks, the function of quotation marks is to pass the quoted command to salt-master, and then the master distributes the command to all minion for execution. The above command will list all files in the minion/root directory.

Note: The commands in quotation marks are no different from those on any machine. The only difference is that the commands executed by salt use sh by default, while the common shell is bash, for example, in bash, ll is the alias of ls-l, but sh does not have the alias of ll. Therefore, if you use the ll command in the quotation marks, you will be prompted that you cannot find the alias.

Cmd has several useful parameters.

Cwd defines the directory where the command is located, that is, the working directory in which the operation is performed
For example:

Copy codeThe Code is as follows:
Salt \ * cmd. run cwd =/opt 'pwd'
Minion-id-1:
/Opt

Runas, which defines the user who executes this command and the user who executes this command
For example:

Copy codeThe Code is as follows:
Salt \ * cmd. run runas = nobody 'touch/tmp/file'

Then go to the client and you will find that there is a file in the/tmp/directory, with the owner being nobody.

Then the state module is ready.

The main methods used are sls, highstate, and show_sls.

When talking about the state module, you must first understand the sls file.

Sls file. the end of sls is placed under the specified environment directory, that is, the/data/salt/base/sls or/data/salt/apache/sls directories.

Note: if there are two identical sls files under these two directories, the first environment directory configured by file_root is called

For example, environment:

Base:

Copy codeThe Code is as follows:
/Data/salt/base
/Data/salt/base/sls

Will execute the sls file in/data/salt/base, because it is in the previous line

The basic sls file format is as follows:

Example 1

Copy codeThe Code is as follows:
/Tmp/ttt20:
File. managed:
-Source: salt: // files/tst
-Mode: 700
-Backup: minion
-Makedirs: True

Example 2

Copy codeThe Code is as follows:
Testfile:
File. managed:
-Name:/tmp/ttt20
-Source: salt: // files/tst
-Mode: 700
-Backup: minion
-Makedirs: True

As shown above, Example 1 achieves the same effect as example 2, but the writing method is different.
For example 1, because there is no-name:/tmp/ttt20, it uses the ID of the first line as the name
The testfile in example 2 can be named randomly, as long as it is not the same as other identifiers in the file.

In the preceding example, the/srv/salt/files/tst file is copied to the/tmp/ttt20 position of the client, if it already exists and is the same, the prompt is "correct state", that is, the status is correct.

Then top. sls

There is only one top. sls file in each independent salt environment. This file is the entrance file for this environment, which records the sls file corresponding to the target host.
For example:

Base:

Minion-id-1:
-Test1
-Test2

Minion-id-2:
-Test1
-Test3

Take tomcat-1 as an Example

It matches

-Test1
-Test2

The preceding two sls configuration files match the test11.sls and test2.sls files in the environment.
Therefore, when the state module is executed, it will retrieve the corresponding configuration files and execute the content in the configuration file.
Note: As mentioned above, the spaces in front of these parameters cannot be supplemented by the tab key or written less. Otherwise, an error is reported. In addition, if the configuration file is xxxx. when sls calls this configuration file, it only needs to write xxxx, that is, its file name, without a suffix.

Take test1 as an Example

Copy codeThe Code is as follows:
/Tmp/testfile.txt:
File. managed:
-Source: salt: // test.txt
-Mode: 700
-User: root
-Mode: 644
-Makedirs: True

The function is to call the file module and set salt: // test.txt (where, salt: // For the file_root directory of the environment, that is,/data/salt/base) compare with the target/tmp/testfile.txt file. If not, update the file.

And the owner of this file is the root mask code 644. If the target file directory does not exist, create

Now return to the highstate, sls, show_sls Method

Run the following command:

Copy codeThe Code is as follows:
Salt \ * state. sls test
Salt \ * state. highstate
Salt \ * state. show_sls test

The above indicates that

1. Search for the test. sls file in the current environment and execute

2. match all the sls files in the top. sls file of the current environment and execute

3. view the execution content of the test. sls file in the current environment, but it is not executed on the client.

Note: As mentioned above, it is in the current environment. By default, salt only searches for sls files in the base environment and does not execute configuration files in other environments, therefore, in different environments, You need to specify the configuration environment to be executed. For example, if you only need to execute the apache sls file, you need to declare saltenv = apache, as shown below:

Copy codeThe Code is as follows:
Salt \ * state. sls test saltenv = apache
Salt \ * state. highstate saltenv = apache
Salt \ * state. show_sls test saltenv = apache

Articles you may be interested in:
  • Use saltstack in Python to generate a server asset list

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.