salt-syndic

将server4从salt-minion中分离出来，单独做一个Topmaster

[root@server1 ~]# salt-key -L
[root@server1 ~]# salt-key -d server4

这里写图片描述

[root@server4 ~]# /etc/init.d/salt-minion stop
[root@server4 ~]# chkconfig salt-minion off
[root@server4 ~]# /etc/init.d/haproxy stop
[root@server4 ~]# /etc/init.d/keepalived stop
[root@server4 ~]# yum install -y salt-master

[root@server4 ~]# cd /etc/salt/
[root@server4 salt]# vim master
 857 order_masters: True
[root@server4 salt]# /etc/init.d/salt-master start
[root@server4 salt]# salt-key -L

这里写图片描述

[root@server1 ~]# yum install -y salt-syndic
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master
 861 syndic_master: 172.25.40.4
[root@server1 salt]# /etc/init.d/salt-master restart
[root@server1 salt]# /etc/init.d/salt-syndic start

【server4】将server1的钥匙传给server4

[root@server4 salt]# salt-key -L
[root@server4 salt]# salt-key -A server1

这里写图片描述

测试：

[root@server4 salt]# salt '*' test.ping
[root@server4 salt]# salt-key -L

这里写图片描述

salt-ssh

[root@server3 ~]# /etc/init.d/salt-minion stop

[root@server1 salt]# yum install -y salt-ssh
[root@server1 salt]# vim /etc/salt/roster 
server3:
  host: 172.25.40.3
  user: root
  passwd: westos
[root@server1 salt]# vim master   #注释所有关于mysql

这里写图片描述

测试：

[root@server1 salt]# salt-ssh 'server3' test.ping
[root@server1 salt]# salt-ssh 'server3' test.ping -i

这里写图片描述

[root@server1 salt]# salt-ssh 'server3' my_disk.df

这里写图片描述

salt-api

[root@server3 ~]# /etc/init.d/salt-minion start

[root@server1 salt]# yum install -y salt-api
[root@server1 salt]# cd /etc/pki/
[root@server1 pki]# cd tls/
[root@server1 tls]# cd private/
[root@server1 private]# openssl genrsa 1024 > localhost.key

这里写图片描述

[root@server1 private]# cd ..
[root@server1 tls]# cd certs/
[root@server1 certs]# make testcert

这里写图片描述

扫描二维码关注公众号，回复： 2866531 查看本文章

[root@server1 certs]# cd /etc/salt/
[root@server1 salt]# cd master.d/
[root@server1 master.d]# vim api.conf
rest_cherrypy:
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/private/localhost.key
[root@server1 master.d]# vim auth.conf
external_auth:
  pam:
    saltapi:
      - '.*'
      - '@wheel'
      - '@runner'
      - '@jobs'
[root@server1 master.d]# useradd saltapi    #建立用户
[root@server1 master.d]# passwd saltapi     #设置密码
[root@server1 master.d]# /etc/init.d/salt-master stop
[root@server1 master.d]# /etc/init.d/salt-master start
[root@server1 master.d]# /etc/init.d/salt-api start
[root@server1 master.d]# netstat -antlp |grep :8000

这里写图片描述

获取Token

[root@server1 master.d]# curl -sSk https://localhost:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username=saltapi \
> -d password=westos \
> -d eauth=pam

这里写图片描述

[root@server1 master.d]# curl -sSk https://localhost:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 9e49a31db3465e0cd67b7eac5597d0fcd35371dd' \
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping

这里写图片描述

[root@server1 ~]# vim salt-api.py
# -*- coding: utf-8 -*-

import urllib2,urllib
import time

try:
    import json
except ImportError:
    import simplejson as json

class SaltAPI(object):
    __token_id = ''
    def __init__(self,url,username,password):
        self.__url = url.rstrip('/')
        self.__user = username
        self.__password = password

    def token_id(self):
        ''' user login and get token id '''
        params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
        encode = urllib.urlencode(params)
        obj = urllib.unquote(encode)
        content = self.postRequest(obj,prefix='/login')
    try:
            self.__token_id = content['return'][0]['token']
        except KeyError:
            raise KeyError

    def postRequest(self,obj,prefix='/'):
        url = self.__url + prefix
        headers = {'X-Auth-Token'   : self.__token_id}
        req = urllib2.Request(url, obj, headers)
        opener = urllib2.urlopen(req)
        content = json.loads(opener.read())
        return content

    def list_all_key(self):
        params = {'client': 'wheel', 'fun': 'key.list_all'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        minions = content['return'][0]['data']['return']['minions']
        minions_pre = content['return'][0]['data']['return']['minions_pre']
        return minions,minions_pre

    def delete_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0]['data']['success']
        return ret

    def accept_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0]['data']['success']
        return ret

    def remote_noarg_execution(self,tgt,fun):
        ''' Execute commands without parameters '''
        params = {'client': 'local', 'tgt': tgt, 'fun': fun}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def remote_execution(self,tgt,fun,arg):
        ''' Command execution with parameters '''        
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def target_remote_execution(self,tgt,fun,arg):
        ''' Use targeting for remote execution '''
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    def deploy(self,tgt,arg):
        ''' Module deployment '''
        params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        return content

    def async_deploy(self,tgt,arg):
        ''' Asynchronously send a command to connected minions '''
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    def target_deploy(self,tgt,arg):
        ''' Based on the node group forms deployment '''
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

def main():
    sapi = SaltAPI(url='https://172.25.40.1:8000',username='saltapi',password='westos')

    #sapi.token_id()
    #print sapi.list_all_key()
    #sapi.delete_key('test-01')
    #sapi.accept_key('test-01')
    sapi.deploy('server3','nginx.service')
    #print sapi.remote_noarg_execution('test-01','grains.items')

if __name__ == '__main__':
    main()

测试：

将【server3】上的nginx关闭

[root@server3 ~]# /etc/init.d/nginx stop

执行python脚本

[root@server1 ~]# python salt-api.py

[root@server3 ~]# ps ax   #此时nginx已经开启

这里写图片描述

自动化运维工具Saltstack扩展（salt-ssh/salt-api/salt-syndic）

salt-syndic

测试：

salt-ssh

测试：

salt-api

获取Token

测试：

猜你喜欢