SaltStack实战
#安装
安装注意几点
python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64
yum install python-libs解决
yum的版本太低的话是会出现问题的
http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm
rpm –Uvh yum-3.2.29-69.el6.centos.noarch.rpm
Error:
|
问题: file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64 |
|
解决: [root@client ~]# yum install python-lib* -y [root@client ~]# yum install salt-minion -y |
|
问题: Error: Package: yum-utils-1.1.30-30.el6.noarch (saltstack-repo) Requires: yum >= 3.2.29-56 Installed: yum-3.2.29-40.el6.centos.noarch (@anaconda-CentOS-201303020151.x86_64/6.4) yum = 3.2.29-40.el6.centos |
|
解决: [root@python ~]# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm [root@python ~]# rpm -Uvh yum-3.2.29-69.el6.centos.noarch.rpm warning: yum-3.2.29-69.el6.centos.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Preparing... ########################################### [100%] 1:yum ########################################### [100%] |
|
问题: Error Downloading Packages: python-ordereddict-1.1-2.el6.noarch: failure: python-ordereddict-1.1-2.el6.noarch.rpm from epel: [Errno 256] No more mirrors to try. python-msgpack-0.4.6-1.el6.x86_64: failure: python-msgpack-0.4.6-1.el6.x86_64.rpm from epel: [Errno 256] No more mirrors to try. |
|
解决:估计要使用黄灯FQ或者使用国内的源 [root@python yum.repos.d]# yum install python-ordereddict* -y |
yum install python-ordereddict* -y
|
[root@master ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:C7:F1:FD inet addr:10.0.0.7 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fec7:f1fd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10368 errors:0 dropped:0 overruns:0 frame:0 TX packets:6210 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9829001 (9.3 MiB) TX bytes:478004 (466.8 KiB) [root@master ~]# hostname master [root@master ~]# uname -a Linux master 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [root@master ~]# yum install salt-master -y |
|
Server |
Client |
|
#开启服务 [root@master ~]# service salt-master start Starting salt-master daemon: [确定] [root@master ~]# netstat –lanput tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2682/python2.6 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 2691/python2.6 [root@master salt]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2682 root 13u IPv4 24479 0t0 TCP *:4505 (LISTEN) [root@master salt]# lsof -i:4506 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2691 root 21u IPv4 24490 0t0 TCP *:4506 (LISTEN) [root@master salt]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.10.7 drbd01 master.saltstack.com master 10.0.10.8 drbd02 minion.saltstack.com minion [root@master salt]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: client minion.saltstack.com Rejected Keys: |
[root@ client ~]# cd /etc/salt/ [root@ client salt]# pwd /etc/salt [root@ client salt]# ls cloud cloud.maps.d master minion.d cloud.conf.d cloud.profiles.d master.d cloud.deploy.d cloud.providers.d minion [root@minion salt]# grep master: 10.0.0.7 id: minion.saltstack.com [root@minion salt]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 ::1 localhost localhost.localdomain 10.0.10.8 drbd02 minion.saltstack.com minion 10.0.10.7 drbd01 master.saltstack.com master [root@client ~]# /etc/init.d/salt-minion restart Starting salt-minion daemon: [确定] |
|
#完成认证欢迎客户端的加入 [root@master salt]# salt-key -a The following keys are going to be Unaccepted Keys: minion.saltstack.com Proceed? [n/Y] Y Key for minion minion.saltstack.com [root@master salt]# salt-key Accepted Keys: minion.saltstack.com Denied Keys: Unaccepted Keys: client Rejected Keys: #测试ping #泛型 [root@master ~]# salt '*' test.ping minion.saltstack.com: True #针对性 [root@master ~]# salt minion.saltstack.com: True [root@master ~]# salt '*' cmd.run 'df -h' minion.saltstack.com: Filesystem Size Used Avail Use% Mounted on /dev/sda3 12G 1.7G tmpfs 935M 12K /dev/sda1 194M 26M /dev/sr1 1.4G 1.4G /dev/sr0 4.1G 4.1G [root@master ~]# salt '*' cmd.run minion.saltstack.com: 21:21:34 up 3:37, 4 users, |
|
|
在增加一台: |
|
|
[root@master ~]# mkdir -p [root@master ~]# grep "^#\|^$" default_include: master.d/*.conf interface: 0.0.0.0 file_roots: base: - /etc/salt/states prod: - [root@master ~]# /etc/init.d/salt-master Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定] [root@master ~]# tail -f |
|
|
[root@master states]# grep default_include: master.d/*.conf interface: 0.0.0.0 state_top: top.sls file_roots: base: - /etc/salt/states prod: - /etc/salt/states/prod [root@master states]# cat ./init/pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap [root@master states]# cat ./prod/top.sls base: 'minion.saltstack.com' - init.pkg [root@master states]# salt '*' state.sls init.pkg minion.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: The following Started: 22:28:11.931751 Duration: 22421.578 ms Changes: ---------- mtr: ---------- new: 2:0.75-5.el6 old: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: The following Started: 22:28:34.362114 Duration: 22710.914 ms Changes: ---------- libpcap: ---------- new: 14:1.0.0-6.20091201git117cb5.el6 old: nmap: ---------- new: 2:5.51-2.el6 old: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: The following Started: 22:28:57.082576 Duration: 8267.01 ms Changes: ---------- lrzsz: ---------- new: 0.12.20-27.1.el6 old: Summary for minion.saltstack.com ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3 |
|
|
[root@minion ~]# which rz /usr/bin/rz |
|
|
[root@master states]# tree ./ ./ ├── init │ ├── files │ │ └── limits.conf │ ├── limit.sls │ └── pkg.sls ├── prod └── top.sls 3 directories, 4 files [root@master states]# cat limit-conf-config: file.managed: - name: /etc/security/limits.conf - source: salt://init/files/limits.conf - user: root - group: root - mode: 644 [root@master states]# cat ./init/pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap [root@master states]# cat ./top.sls base: 'minion.saltstack.com': - init.pkg - init.limit [root@master states]# salt '*' state.highstate minion.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed Started: 23:05:41.185346 Duration: 817.998 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed Started: 23:05:42.003701 Duration: 0.914 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed Started: 23:05:42.004743 Duration: 0.587 ms Changes: ---------- ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf updated Started: 23:05:42.009035 Duration: 34.642 ms Changes: ---------- diff: --- +++ @@ -39,8 +39,8 @@ #<domain> <type> <item> <value> # -#* soft core 0 -#* hard rss 10000 +* soft core 0 +* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 Summary for minion.saltstack.com ------------ Succeeded: 4 (changed=1) Failed: ------------ Total states run: 4 |
|
|
[root@minion ~]# cat * soft core * hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - |
|
|
[root@master salt]# tree /etc/salt/pki/ /etc/salt/pki/ ├── master │ ├── master.pem │ ├── master.pub │ ├── minions │ │ └── minion.saltstack.com │ ├── │ ├── minions_denied │ ├── minions_pre │ │ └── client │ └── └── minion |
|
|
[root@master ~]# salt-key Accepted Keys: 10.0.0.9 正则表达式: [root@master ~]# salt -E 10.0.0.9: True [root@master ~]# cat /etc/salt/states/top.sls base: '((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))': - match: pcre - init.pkg - init.limit [root@master ~]# salt ‘*’ state.highstate minion.saltstack.com: ID: states Function: Result: False Comment: No Top file or external nodes data matches found. Started: Duration: Changes: Summary for Succeeded: 0 Failed: 1 Total states run: 1 10.0.0.9: ID: pkg.init Function: Name: mtr Result: True Comment: Package mtr is already installed Started: 08:59:28.505182 Duration: Changes: ID: pkg.init Function: Name: nmap Result: True Comment: Package nmap is already installed Started: 08:59:29.226111 Duration: Changes: ID: pkg.init Function: Name: lrzsz Result: True Comment: Package lrzsz is already installed Started: 08:59:29.227087 Duration: Changes: ID: limit-conf-config Function: Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf is in the correct state Started: 08:59:29.231194 Duration: Changes: Summary for Succeeded: 4 Failed: 0 Total states run: 4 ERROR: Minions returned with non-zero |
|
-E 正则 -L list -S IP |
|
Salt into MySQL |
|
mysql.host: '10.0.0.7' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 mysql_job_cache: mysql【主master插入】 |
附件:
|
Iso.repo: |
|
# CentOS-Media.repo # # # # # # To use this repo, put in your DVD and # # # or for ONLY the media repo, do this: # # [c6-media] name=CentOS-$releasever - Media baseurl=file:///iso/ file:///iso1/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 |
|
saltstack.repo |
|
[saltstack-repo] name=SaltStack repo for RHEL/CentOS baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest enabled=1 gpgcheck=0 gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-EL5-GPG-KEY.pub |
数据系统:
|
Grains-静态数据 |
|
自定义grains [root@drbd02 ~]# tail -n 3 grains: roles: nginx env: prod [root@master ~]# salt -G 'env:prod' test.ping minion.saltstack.com: True [root@master ~]# salt -G 'roles:nginx' minion.saltstack.com: True [root@drbd02 ~]# cat /etc/salt/grains cloud: openstack [root@master ~]# salt -G minion.saltstack.com: True [root@master ~]# salt -G 'test:salt' No minions matched the target. No command ERROR: No return received #不用重启刷新 [root@master ~]# salt minion.saltstack.com: 10.0.0.9: [root@master ~]# salt -G 'test:salt' minion.saltstack.com: True Top.sls: 'roles:nginx': - match: grain - init.pkg |
|
Pillar:敏感数据 master指定Pillar 结合grains处理平台差异性 |
|
[root@master ~]# salt '*' pillar.ls minion.saltstack.com: 10.0.0.9: "/etc/salt/master" 840L, 32677C 586 pillar_roots: 587 base: 588 - /etc/salt/pillar 589 [root@master pillar]# cat top.sls base: '*': - init.rsyslog [root@master pillar]# mkdir init [root@master pillar]# cd init/ [root@master init]# pwd /etc/salt/pillar/init [root@master init]# cat rsyslog.sls {% if grains['osfinger'] == 'CentOS-6' %} syslog: rsyslog {% elif %} syslog: syslog {% endif %} [root@master init]# pwd /etc/salt/pillar/init [root@master init]# salt '*' 10.0.0.9: True minion.saltstack.com: True |