全部博文(61)
分类: 系统运维
2014-06-26 11:52:40
Salt安装与日常使用
安装
在ubuntu系统安装
注: 本部分内容出标题外,其他内容来自于 ,与转载原文不同
sudo add-apt-repository ppa:saltstack/salt
sudo apt-get install salt-master
sudo apt-get install salt-minion
redhat或者centos的话,安装使用需要安装第三个源
如果你是5版本
wget && rpm -vih epel-release-5-4.noarch.rpm
如果是6版本,使用
wget
安装
yum install salt-master
yum install salt-minion
The Salt master communicates with the minions using an AES-encrypted ZeroMQ connection. These communications are done over ports 4505 and 4506, which need to be accessible on the master only. This document outlines suggested firewall rules for allowing these incoming connections to the master.
Note
No firewall configuration needs to be done on Salt minions. These changes refer to the master only.
配置
在master端配置
vim /etc/salt/master
interface: 192.168.56.102
写成你本机的ip
在slave端配置
vim /etc/salt/minion
master: 192.168.56.102
写你服务端的ip
id: localhost
是注明自己的标示。
客户端/etc/init.d/salt-minion start 日志文件默认是这个/var/log/salt/minion
服务端/etc/init.d/salt-master start 日志文件默认是这个/var/log/salt/master
[root@centos salt]# salt-key -L
Accepted Keys:
server.hadoop.com
Unaccepted Keys:
localhost
Rejected Keys:
查看你的key情况
同意加入localhost
[root@centos salt]# salt-key -L
Accepted Keys:
server.hadoop.com
Unaccepted Keys:
localhost
Rejected Keys:
[root@centos salt]# salt-key -a localhost
Key for minion localhost accepted.
[root@centos salt]# salt-key -L
Accepted Keys:
localhost
server.hadoop.com
Unaccepted Keys:
Rejected Keys:
查看一下网络连接情况(也就是看看能否连接客户端)
[root@centos salt]# salt '*' test.ping
localhost:
True
server.hadoop.com:
True
先前使用*代表所有机器,如果想单独的话,可以使用
[root@centos salt]# salt 'localhost' cmd.run hostname
localhost:
centos
如果想运行多个的话,可以使用-L
[root@centos salt]# salt -L 'server.hadoop.com,localhost' cmd.run hostname
server.hadoop.com:
server.hadoop.com
localhost:
centos
还可以使用正则
[root@centos salt]# salt -E 'server*' cmd.run hostname
server.hadoop.com:
server.hadoop.com
-G 这个参数很强大会根据默认的grain的结果来指定最新 grain这个东西就像puppet里面的facter这个东西
[root@centos salt]# salt -G 'os:Centos' test.ping
localhost:
True
[root@centos salt]# salt -G 'os:Ubuntu' test.ping
server.hadoop.com:
True
如果想查看哪个项的话
[root@centos test]# salt '*' grains.item os
server.hadoop.com:
os: Ubuntu
localhost:
os: CentOS
执行python代码
[root@centos salt]# salt '*' cmd.exec_code python 'import sys;print sys.version'
localhost:
2.6.6 (r266:84292, Feb 22 2013, 00:00:18)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-3)]
server.hadoop.com:
2.7.3 (default, Aug 1 2012, 05:14:39)
[GCC 4.6.3]
分组操作
在master里配置
nodegroups:
group1: 'localhost'
group2: 'server.hadoop.com'
可以把localhost分给group1,server.hadoop.com分给group2
然后重启salt-master
[root@centos salt]# salt -N group1 test.ping
localhost:
True
[root@centos salt]# salt -N group2 test.ping
server.hadoop.com:
True
查看网卡ip
[root@centos /]# salt 'localhost' network.interfaces
localhost:
----------
eth0:
----------
hwaddr:
08:00:27:59:bb:1f
inet:
----------
- address:
192.168.56.102
- broadcast:
192.168.56.255
- label:
eth0
- netmask:
255.255.255.0
inet6:
----------
- address:
fe80::a00:27ff:fe59:bb1f
- prefixlen:
64
up:
True
eth1:
----------
hwaddr:
08:00:27:ba:ad:23
inet:
----------
- address:
192.168.14.182
- broadcast:
192.168.14.255
- label:
eth1
- netmask:
255.255.255.0
inet6:
----------
- address:
fe80::a00:27ff:feba:ad23
- prefixlen:
64
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
----------
- address:
127.0.0.1
- broadcast:
None
- label:
lo
- netmask:
255.0.0.0
inet6:
----------
- address:
::1
- prefixlen:
128
up:
True
下面是我的测试
[root@centos salt]# salt -C 'G@os:ubuntu' test.ping
server.hadoop.com:
True
[root@centos salt]# salt -C 'E@server.\w+' test.ping
server.hadoop.com:
True
[root@centos salt]# salt -C 'P@os:(centos)' test.ping
localhost:
True
[root@centos salt]# salt -C 'P@os:(centos|ubuntu)' test.ping
server.hadoop.com:
True
localhost:
True
[root@centos salt]# salt -C 'L@localhost,server.hadoop.com' test.ping
server.hadoop.com:
True
localhost:
True
[root@centos salt]# salt -C 'S@192.168.56.0/24' test.ping
server.hadoop.com:
True
localhost:
True
查看磁盘空间
[root@centos tmp]# salt 'localhost' disk.usage
localhost:
----------
/:
----------
1K-blocks:
28423176
available:
21572708
capacity:
21%
filesystem:
/dev/mapper/vg_centos-lv_root
used:
5406628
/boot:
----------
1K-blocks:
495844
available:
438658
capacity:
7%
filesystem:
/dev/sda1
used:
31586
/dev/shm:
----------
1K-blocks:
510204
available:
510204
capacity:
0%
filesystem:
tmpfs
used:
0
[root@centos tmp]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_centos-lv_root
28G 5.2G 21G 21% /
tmpfs 499M 0 499M 0% /dev/shm
/dev/sda1 485M 31M 429M 7% /boot
如果想查看所有minion的连接情况,可以使用salt-run manage.status
[root@centos apache]# salt '*' test.ping
server.hadoop.com:
True
localhost:
True
[root@centos apache]#
[root@centos apache]#
[root@centos apache]# salt-run manage.status
down:
- 230
up:
- localhost
- server.hadoop.com
如果想安装软件可以使用pkg.install
[root@centos echoping]# salt 'localhost' pkg.install dos2unix
Loaded plugins: fastestmirror
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.esocc.com
* epel: mirrors.vinahost.vn
* extras: mirror.esocc.com
* rpmforge: mirror1.hs-esslingen.de
* updates: centosc6.centos.org
Running rpm_check_debug
Loaded plugins: fastestmirror
localhost:
----------
dos2unix:
----------
new:
3.1-37.el6
old:
[root@centos echoping]# rpm -qa|grep dos2unix
dos2unix-3.1-37.el6.x86_64
查看你已经安装的包
salt 'localhost' pkg.list_pkgs
删除包
bc. [root@centos tmp]# salt 'localhost' pkg.remove echoping
Loaded plugins: fastestmirror
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.esocc.com
* epel: mirror.neu.edu.cn
* extras: mirror.esocc.com
* rpmforge: mirrors.neusoft.edu.cn
* updates: mirror.esocc.com
Running rpm_check_debug
Loaded plugins: fastestmirror
localhost:
- echoping
[root@centos tmp]# rpm -qa|grep echoping
查看你repos(由于内容过多,我就只列出命令了)
salt 'localhost' pkg.list_repos
配置类似puppet操作
由于我的master上的存放信息目录是在/var/salt上
file_roots:
base:
- /var/salt/
所以进入换个目录
下面是我的配置
[root@centos salt]# cat top.sls
base:
'*': #对象名,我使用*代表所有
- vim #资源文件名
如果你的资源文件存放在一个目录里,比如在/var/salt/apache/vim.sls,
那么可以写为
-apache.vim
代表apache目录下的vim.sls
下面测试
Top里内容为
[root@centos salt]# cat top.sls
base:
'localhost':
- echoping.echoping#代表echoping目录下的echoping.sls文件
[root@centos echoping]# pwd
/var/salt/echoping
[root@centos echoping]# cat echoping.sls
echoping: #id宣告
pkg: #安装包管理
- name: echoping #安装哪个软件
- installed #要求是安装
service: #服务管理
- name: httpd #指定服务
- running #服务运行状态
- reload: True #是否重启
- watch: #如果下面文件发生变化,就重启
- file: /tmp/test_echoping.conf #监控的文件地址
/tmp/test_echoping.conf: #宣告
file.managed: #文件管理
- source: salt://echoping/test_echoping.conf #源数据在哪里
- user: root #用户
- group: root #组
- mode: 644 #权限
- backup: minion #备份一份
运行的话,可以使用salt 'localhost'
state.highstate
注意,如果需要把服务设置为开机启动可以使用- enable:True
由于我设置的是有变化就重启http,所以先查看http的状态
[root@centos salt]# ps -ef|grep httpd
root 1430 1 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1436 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1469 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1470 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1471 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1472 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1473 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1474 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1475 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
apache 1476 1430 0 17:03 ? 00:00:00 /usr/sbin/httpd
root 1886 1782 0 17:04 pts/0 00:00:00 grep httpd
[root@centos salt]# date
Fri Aug 9 17:04:54 CST 2013
在17:04启动,然后在运行salt 'localhost' state.highstate
[root@centos salt]# salt 'localhost' state.highstate
Info: Running a benchmark to measure system clock frequency...
Info: Finished RDTSC test. To prevent the startup delay from this benchmark, set the environment variable RDTSC_FREQUENCY to 2495 on this system. This value is dependent upon the CPU clock speed and architecture and should be determined separately for each server.
localhost:
----------
State: - file
Name: /tmp/test_echoping.conf
Function: managed
Result: True
Comment: File /tmp/test_echoping.conf updated
Changes: diff: New file
----------
State: - pkg
Name: echoping
Function: installed
Result: True
Comment: The following packages were installed/updated: echoping.
Changes: echoping: { new : 5.2.0-1.2.el6.rf
old :
}
----------
State: - service
Name: httpd
Function: running
Result: True
Comment: Service restarted
Changes: httpd: True
可以看到已经安装了echoping,并且更新了/tmp/test_echoping.conf
在查看一下httpd情况
[root@centos salt]# ps -ef|grep httpd
root 2025 1 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2028 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2031 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2032 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2033 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2034 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2035 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2036 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2037 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
apache 2038 2025 0 17:06 ? 00:00:00 /usr/sbin/httpd
root 2043 1782 3 17:06 pts/0 00:00:00 grep httpd
[root@centos salt]# date
Fri Aug 9 17:06:57 CST 2013
可以看到已经重启了。
在查看一下文件传输情况
源文件
[root@centos salt]# cat /var/salt/echoping/test_echoping.conf
this is test echoping
this twice test
生成的文件
[root@centos salt]# cat /tmp/test_echoping.conf
this is test echoping
this twice test
查看echoping是否安装
[root@centos salt]# rpm -qa|grep echoping
echoping-5.2.0-1.2.el6.rf.x86_64
已经安装了
在看看下面的用户与权限
[root@centos salt]# ll /tmp/test_echoping.conf
-rw-r--r-- 1 root root 38 Aug 9 17:05 /tmp/test_echoping.conf
也是我们定义的
如果在给/var/salt/echoping/test_echoping.conf修改了,在运行
[root@centos echoping]# salt 'localhost' state.highstate
localhost:
----------
State: - file
Name: /tmp/test_echoping.conf
Function: managed
Result: True
Comment: File /tmp/test_echoping.conf updated
Changes: diff: ---
+++
@@ -1,2 +1,3 @@
this is test echoping
this twice test
+this is 3
----------
State: - service
Name: httpd
Function: running
Result: True
Comment: Service restarted
Changes: httpd: True
然后服务也重启了
[root@centos echoping]# ps -ef|grep httpd
root 2352 1 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2354 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2355 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2356 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2357 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2358 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2359 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2360 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2361 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
apache 2362 2352 0 17:21 ? 00:00:00 /usr/sbin/httpd
root 2372 2183 0 17:22 pts/1 00:00:00 grep httpd
[root@centos echoping]# date
Fri Aug 9 17:23:01 CST 2013
如果想让salt能想puppet那样定时自动的获取配置,可以在/etc/salt/minion里配置
schedule:
highstate:
function: state.highstate
minutes: 60
然后重启salt-minion
请注意,在服务端可以使用salt 'localhost' state.highstate,在客户端的话,使用salt-callstate.highstate
如果使用grains来区分不同的系统安装不同的东东,可以使用下面(比如安装apache,在centos里安装httpd,在ubuntu里安装apache2)
[root@centos apache]# cat apache.sls
apache:
pkg:
{% if grains['os'] == 'CentOS'%}
- name: httpd
{% elif grains['os'] == 'Ubuntu'%}
- name: apache2
{% endif %}
- installed
service:
{% if grains['os'] == 'CentOS'%}
- name: httpd
{% elif grains['os'] == 'Ubuntu'%}
- name: apache2
{% endif %}
- running
- reload: True
- watch:
- pkg: apache
- file: /tmp/test.conf
/tmp/test.conf:
file.managed:
- source: salt://apache/test.conf
- user: root
- group: root
- mode: 644
[root@centos apache]# cat test.conf
this is test apache
this is 2
然后运行更新
[root@centos apache]# salt 'server.hadoop.com' state.highstate
server.hadoop.com:
----------
State: - file
Name: /tmp/test.conf
Function: managed
Result: True
Comment: File /tmp/test.conf updated
Changes: diff: New file
----------
State: - pkg
Name: apache2
Function: installed
Result: True
Comment: Package apache2 is already installed
Changes:
----------
State: - service
Name: apache2
Function: running
Result: True
Comment: Service restarted
Changes: apache2: True
注意,如果你想使用命令的话,可以使用cmd.wait
echo-msg:
cmd.wait:
- name: echo 'this is test' >/tmp/echo-msg
- user: root
- watch:
- pkg: apache
自定义模块
查看你master上的file_root路径,比如我的为
file_roots:
base:
- /var/salt/
所以在/var/salt里创建个_modules
mkdir /var/salt/_modules
然后进入目录编写模块
cd /var/salt/_modules
[root@centos _modules]# cat dl.py
def msg():
msg='this is test message'
return msg
def time():
import time
a=time.asctime()
return a
必须以.py结尾
然后同步到minion里(使用saltutil.sync_all)
[root@centos _modules]# salt '*' saltutil.sync_all
server.hadoop.com:
|_
- modules.dl
|_
|_
|_
|_
|_
localhost:
|_
- modules.dl
|_
|_
|_
|_
|_
下面测试
[root@centos _modules]# salt '*' dl.msg
localhost:
this is test message
server.hadoop.com:
this is test message
[root@centos _modules]# salt '*' dl.time
server.hadoop.com:
Tue Aug 13 15:25:32 2013
localhost:
Tue Aug 13 15:25:29 2013
当然还可以直接调用salt的模块
调用先有的module来显现自定义module中需要的功能saltsalt内置的一个字典,包含了所有的salt的moudle
def cmd(cmd):
return __salt__['cmd.run'](cmd)
同步
之后测试
[root@centos _modules]# salt '*' saltutil.sync_all
server.hadoop.com:
|_
|_
|_
|_
|_
|_
localhost:
|_
- modules.dl
|_
|_
|_
|_
|_
[root@centos _modules]# salt 'localhost' dl.cmd ls
localhost:
1.log
1.py
111.py
1111.log
2.log
3.log
anaconda-ks.cfg
install.log
install.log.syslog
install_openstack.sh
install_zabbix_agent.sh
svn_install.sh
test
test5
test7.py
zatree
[root@centos _modules]# salt 'localhost' dl.cmd hostname
localhost:
centos
下面是一些关于client的描述
Python client API
Salt is written to be completely API centric, Salt minions and master can be built directly into third party applications as a communication layer. The Salt client API is very straightforward.
运行单个命令
>>> import salt.client
>>> a=salt.client.LocalClient()
>>> a
>>> a.cmd("localhost","test.ping")
{'localhost': True}
>>> a.cmd("*","test.ping")
{'server.hadoop.com': True, 'localhost': True}
>>> a.cmd("*","dl.time")
{'server.hadoop.com': 'Wed Aug 14 09:53:22 2013', 'localhost': 'Wed Aug 14 09:53:22 2013'}
运行多个命令
>>> a.cmd('*',['cmd.run','test.ping','dl.time'],[['hostname'],[],[]])
{'server.hadoop.com': {'test.ping': True, 'dl.time': 'Wed Aug 14 10:01:35 2013', 'cmd.run': 'server.hadoop.com'}, 'localhost': {'test.ping': True, 'dl.time': 'Wed Aug 14 10:01:35 2013', 'cmd.run': 'centos'}}
具体参考