Saltstack is an open-source automated deployment and management tool written in python. It has good scalability and excellent execution efficiency, simple configuration, and can work on multiple platforms, often described as Func enhanced version + Puppet Lite version saltstack is an open-source automated deployment and management tool written in python. It has good scalability, excellent execution efficiency, and simple configuration, it can work on multiple platforms and is often described as Func enhanced version + Puppet Lite version.
Saltsatck advantages: first, the speed is fast. Based on the message queue + thread, it is millisecond-level after running multiple devices. Second, it is very flexible. The source code is python, which is easy to understand and customize modules; finally, the command is simple and powerful.
A long time ago, when there were only a few hosts, there was no need for automatic pasting tools. However, as the hardware cost became lower and lower, dozens of servers were randomly deployed, manual operations are not unpredictable, but repeated operations without too many technical operations will make people crazy. Therefore, it is necessary to choose an automated tool that can be deployed in batches, such as Pupet and ansible, rundeck, faric, and other tools are quite a few. Due to the limited level, saltstack is a little slide for the time being, and basic concepts and operations are briefly summarized.
Centos6.5
Installation:
The Code is as follows:
Rpm-Uvh http://mirror.pnl.gov/epel/6/x86_64/epel-release-6-8.noarch.rpm
The latest version seems to be 2015.8.1. If pip is used for installation
Master Installation
The Code is as follows:
Yum install salt-master-y
Chkconfig salt-master on
Sed-I "s/# interface: 0.0.0.0/interface: MasterIP address/"/etc/salt/master ### bind the master IP Address
Service salt-master start ### start salt-master
Install Minion
The Code is as follows:
Yum install salt-minion-y
Chkconfig salt-minion on
Sed-I "s/# master: salt/master: MasterIP address/"/etc/salt/minion ### input the Master IP Address
Service salt-minion start ### start salt-minion
If you enable the firewall, You need to configure the firewall, refer to the https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html#iptables
The Code is as follows:
# Allow Minions from these networks
-I INPUT-s 10.1.2.0/24-p tcp-m multiport -- dports 255.5, 4506-j ACCEPT
-I INPUT-s 10.1.3.0/24-p tcp-m multiport -- dports 255.5, 4506-j ACCEPT
# Allow Salt to communicate with Master on the loopback interface
-A input-I lo-p tcp-m multiport -- dports limit 5, 4506-j ACCEPT
# Reject everything else
-A input-p tcp-m multiport -- dports limit 5, 4506-j REJECT
After the master and minion are started separately, the minion client will apply for authentication from the master.
Master execution:
The Code is as follows:
Salt-key-L # list all authenticated clients
Accepted Keys: (Accepted)
Minion-id-1
Denied Keys: (not allowed)
Unaccepted Keys: (unacceptable)
Minion-id-2
Rejected Keys: (Rejected)
# Salt-key-A # accept all
Each minion client has a minion_id, that is, the above minion-id-1 minion-id-2 is the client's minion_id. By default, the client's host name is obtained, the minion-id cannot be repeated !!!
Note: To modify the/etc/salt/minion_id configuration file on the client, this file is generated only after salt-minion is started.
Common commands for Salt-key
The Code is as follows:
Salt-key-a accepts a client request
Salt-key-A accepts all client requests
Salt-key-d delete a single client
Salt-key-D delete all clients
Note: after deletion, restart the client if you need to authenticate again.
Salt configuration file
Two important configuration parameters are file_roots (the directory that defines the environment) and nodegroups (the definition group)
The main configuration file is in/etc/salt/master (master)
/Etc/salt/minion (minion end)
Note: by default, the master configuration file loads all/etc/salt/master. d/(this directory does not exist by default and needs to be created by yourself. to make it easier to read the configuration file at the end of conf, I will create a configuration file for each of the custom parameters, such as environment variables, which can be set separately for production, test, and development environments, the next step is the application-level classification of the host, which is set according to the specific environment.
The Code is as follows:
/Etc/salt/master. d/env. conf
File_roots:
Base:
-/Data/salt/base
-/Data/salt/base/sls
Apache:
-/Data/salt/apache
-/Data/salt/apache/confsls
Nginx:
-/Data/salt/tomcat
-/Data/salt/nginx/confsls
Mysql:
-/Data/salt/mysql
As described in the above configuration, a total of four environments are defined: base, apache, nginx, mysql, etc. The role of environment variables will be described below, mainly used with sls files
The directories of sls configuration files in different environments are placed in the corresponding directories, such as the sls files in the base environment, either/data/salt/base or/data/salt/base/sls. What is the sls file?
Next, configure the group information of all minion, and define the group names based on the classification information such as the purpose or different ip addresses.
The Code is as follows:
/Etc/salt/master. d/groups. conf
Nodegroups:
Redis: 'redis *'
Mysql: 'mysql *'
Apache: 'tomcat * not apache-[1] [3-4]'
Nottom: '* not tomcat *'
As mentioned above, four groups are defined.
Note: In the preceding format, almost all configuration files in salt follow two spaces as one progressive mode (that is, the two empty under file_root are their parameters, 2. the parameter is a parameter with two spaces below the parameter, and the configuration file will be described in a more comprehensive manner later), and The tab key cannot be used to complete it !!!
Common commands for Salt:
Salt syntax
Salt [Client id, that is, the target] [Module name, such as state and cmd. Actually all are salt modules] [actions]
The first salt command connecting to saltstack must be test. ping, which is mainly used to detect the survival status of the client.
Note: The two commonly used modules are state and cmd. The corresponding functions are state and cmd, the general method to use this module is cmd. run)
First, we will introduce the matching method of target, target, or client id.
The Code is as follows:
[Root @ master ~] # Salt \ * test. ping
Minion-1:
True
Minion-2:
True
Minion-3:
True
Minion-4:
True
True indicates that the client is not started or the client is not authenticated.
There are five methods to specify a target:
1. Global, that is, the default matching method of salt, can recognize common wildcards of terminals. For example, * represents all
For example, salt '*' test. ping
Ii. List: List, which must be specified by-L.
For example, salt-L 'foo, bar 'test. ping, where foo, bar is the complete minion_id
3. Regular Expression, which must be specified by-E.
For example, salt-E 'pre [1-7] 'test. ping matches pre1, pre2 .. pre7, and match to the left and right minion_id contains 1-7, such as pre-11, pre7 will also match, if only match 1-7 can be used as a reference below
For example, salt-E ^ pre [1-7] $ test. ping or salt pre [1-7] test. ping
4. hybrid mode, which must be specified by-C. There can be both regular expressions and lists.
Salt-C "apache * or E @ ngin *" test. ping matches
5. Group, which must be specified by-N. The group name is the configuration information configured in the/etc/salt/master. d/groups. conf file above.
For example, salt-N apache test. ping
Next we will introduce the state, cmd, and cp modules.
Note: If you want to know the functions or specific parameters of a module, you can
Salt \ * sys.doc [Module name, such as cmd]
That is, salt \ * sys.doc cmd will list related operations and examples.
Remote Command Execution
Remote Command Execution is probably the most common operation. For example, you can obtain the IP addresses of all minion terminals and view files in the same directory, add an environment variable to the/etc/profile file and refresh the environment variable.
Cmd Module
It mainly uses the run method of this module, that is, cmd. run.
The usage is as follows,
Salt \ * cmd. run 'ls/root'
As shown above, all clients are selected, and the master uses cmd. run module, distribute all the 'ls/root' commands in '', where single quotation marks can also be replaced by double quotation marks, the function of quotation marks is to pass the quoted command to salt-master, and then the master distributes the command to all minion for execution. The above command will list all files in the minion/root directory.
Note: The commands in quotation marks are no different from those on any machine. The only difference is that the commands executed by salt use sh by default, while the common shell is bash, for example, in bash, ll is the alias of ls-l, but sh does not have the alias of ll. Therefore, if you use the ll command in the quotation marks, you will be prompted that you cannot find the alias.
Cmd has several useful parameters.
Cwd defines the directory where the command is located, that is, the working directory in which the operation is performed
For example:
The Code is as follows:
Salt \ * cmd. run cwd =/opt 'pwd'
Minion-id-1:
/Opt
Runas, which defines the user who executes this command and the user who executes this command
For example:
The Code is as follows:
Salt \ * cmd. run runas = nobody 'touch/tmp/file'
Then go to the client and you will find that there is a file in the/tmp/directory, with the owner being nobody.
Then the state module is ready.
The main methods used are sls, highstate, and show_sls.
When talking about the state module, you must first understand the sls file.
Sls file. the end of sls is placed under the specified environment directory, that is, the/data/salt/base/sls or/data/salt/apache/sls directories.
Note: if there are two identical sls files under these two directories, the first environment directory configured by file_root is called
For example, environment:
Base:
The Code is as follows:
/Data/salt/base
/Data/salt/base/sls
Will execute the sls file in/data/salt/base, because it is in the previous line
The basic sls file format is as follows:
Example 1
The Code is as follows:
/Tmp/ttt20:
File. managed:
-Source: salt: // files/tst
-Mode: 700
-Backup: minion
-Makedirs: True
Example 2
The Code is as follows:
Testfile:
File. managed:
-Name:/tmp/ttt20
-Source: salt: // files/tst
-Mode: 700
-Backup: minion
-Makedirs: True
As shown above, Example 1 achieves the same effect as example 2, but the writing method is different.
For example 1, because there is no-name:/tmp/ttt20, it uses the ID of the first line as the name
The testfile in example 2 can be named randomly, as long as it is not the same as other identifiers in the file.
In the preceding example, the/srv/salt/files/tst file is copied to the/tmp/ttt20 position of the client, if it already exists and is the same, the prompt is "correct state", that is, the status is correct.
Then top. sls
There is only one top. sls file in each independent salt environment. This file is the entrance file for this environment, which records the sls file corresponding to the target host.
For example:
Base:
Minion-id-1:
-Test1
-Test2
Minion-id-2:
-Test1
-Test3
Take tomcat-1 as an Example
It matches
-Test1
-Test2
The preceding two sls configuration files match the test11.sls and test2.sls files in the environment.
Therefore, when the state module is executed, it will retrieve the corresponding configuration files and execute the content in the configuration file.
Note: As mentioned above, the spaces in front of these parameters cannot be supplemented by the tab key or written less. Otherwise, an error is reported. In addition, if the configuration file is xxxx. when sls calls this configuration file, it only needs to write xxxx, that is, its file name, without a suffix.
Take test1 as an Example
The Code is as follows:
/Tmp/testfile.txt:
File. managed:
-Source: salt: // test.txt
-Mode: 700
-User: root
-Mode: 644
-Makedirs: True
The function is to call the file module and set salt: // test.txt (where, salt: // For the file_root directory of the environment, that is,/data/salt/base) compare with the target/tmp/testfile.txt file. If not, update the file.
And the owner of this file is the root mask code 644. If the target file directory does not exist, create
Now return to the highstate, sls, show_sls Method
Run the following command:
The Code is as follows:
Salt \ * state. sls test
Salt \ * state. highstate
Salt \ * state. show_sls test
The above indicates that
1. Search for the test. sls file in the current environment and execute
2. match all the sls files in the top. sls file of the current environment and execute
3. view the execution content of the test. sls file in the current environment, but it is not executed on the client.
Note: As mentioned above, it is in the current environment. By default, salt only searches for sls files in the base environment and does not execute configuration files in other environments, therefore, in different environments, You need to specify the configuration environment to be executed. For example, if you only need to execute the apache sls file, you need to declare saltenv = apache, as shown below:
The Code is as follows:
Salt \ * state. sls test saltenv = apache
Salt \ * state. highstate saltenv = apache
Salt \ * state. show_sls test saltenv = apache