master server1
minion server1 2 3
salt server2 grains.item
[root@server1 salt]# salt server2 grains.item fqdn
server2:
----------
fqdn:
server2
server2
vim /etc/salt/minion
grains:
roles:
- httpd
systemctl restart salt-minion
[root@server1 salt]# salt server2 grains.item roles
server2:
----------
roles:
- httpd
mkdir _grains
cd _grains/
vim my_grains.py
#!/usr/bin/env python
def my_grains():
grains ={}
grains['roles']='nginx'
grains['df']='df'
return grains
[root@server1 _grains]# salt server3 saltutil.sync_grains
server3:
- grains.my_grains
salt server[2-3]
使用匹配之值
vim salt/top.sls
base:
'roles:httpd':
- match: grain
- httpd.service
'roles:nginx':
- match: grain
- nginx.service
salt server[2-3] state.highstate
mkdir /srv/pillar/ -p
vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar
systemctl restart salt-master
cd /srv/pillar
vim web.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% endif %}
vim top.sls
base:
'*':
- web
salt '*' pillar.items
[root@server1 pillar]# salt '*' pillar.items
server1:
----------
server3:
----------
webserver:
nginx
server2:
----------
webserver:
httpd
salt -G 'roles:nginx' test.ping
[root@server1 httpd]# salt -G 'roles:nginx' test.ping
server3:
True
[root@server1 httpd]# salt -I 'webserver:nginx' test.ping
server3:
True
[root@server1 httpd]# salt -S 172.25.11.0/24 test.ping
server3:
True
server2:
True
server1:
True
vim salt/httpd/service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- template: jinja
port: 80
host: {{ pillar['IP'] }}
httpd-service:
service.running:
- name: httpd
- enable: False
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
vim files/httpd.conf
Listen {{ pillar['IP'] }}:{{ port }}
vim install.sls
httpd:
pkg.installed
httpd-service:
service.running:
- name: httpd
- enable: False
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
vim pillar/web.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
IP: 172.25.11.2
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
IP: 172.25.11.3
{% endif %}
也可以
vim install.sls
{% set nginx_ver = '1.15.8' %}
调用变量使用 {{ nginx_ver }}
pillar中
vim salt/httpd/files/httpd.conf
加入首行
{% from 'httpd/lib.sls' import host %}
vim salt/httpd/lib.sls
{% set host = '172.25.11.2' %}
通过文件读取host 值
[root@server1 pillar]# salt server[2-3] pillar.data
server3:
----------
IP:
172.25.11.3
webserver:
nginx
server2:
----------
IP:
172.25.11.2
webserver:
httpd
server4
加入keepalive
salt server4 test.ping
server2 3 web
server4 1 haproxy
yum list haproxy 自带的安装
server1 cd/srv/salt/
mkdir haproxy
cd haproxy
vim install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- watch:
- file: haproxy-install
mkdir files/
拷贝安装好的配置文件放入该目录,然后修改如下
vim /etc/haproxy/haproxy.cfg
stats uri /status
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
default_backend app
backend app
balance roundrobin
server app1 172.25.11.2:80 check
server app2 172.25.11.3:80 check
salt server4 state.sls haproxy.install
vim /srv/salt/top.sls
base:
'server1':
- haproxy.install
'server4':
- haproxy.install
'server2':
- httpd.service
'server3':
- nginx.service
salt '*' state.highstate
mkdir salt/keepalived
vim install.sls
kp-install:
pkg.installed:
- pkgs:
- keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- template: jinja
{% if grains['fqdn'] == 'server1' %}
STATE: MASTER
VRID: 51
PRIORITY: 100
{% elif grains['fqdn'] == 'server4' %}
STATE: BACKUP
VRID: 51
PRIORITY: 50
{% endif %}
service.running:
- name: keepalived
- reload: True
- watch:
- file: kp-install
mkdir files
vim files/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.11.100
}
}
最后可以一次推
vim top.sls
base:
'server1':
- haproxy.install
- keepalived.install
'server4':
- haproxy.install
- keepalived.install
'server2':
- httpd.service
'server3':
- nginx.service
salt '*' state.highstate
之前设置的虚拟ip 172.25.11.100
通过job cache获取是成功推送
通过数据库记录
/var/salt/master/jobs
server1
yum install mariadb-server -y
systemctl start mysql
grant all on salt.* to salt@'%' identified by'salt' ;
grant all on salt.* to salt@'localhost' identified by'salt' ;
vim test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
mysql salt < test.sql
yum install MySQL-python -y
salt server4 cmd.run hostname --return mysql
mysql
use salt;
show tables;
select * from salt_returns;
server4 ############可以采用下面的方法省略该步骤
vim /etc/saltstack/minion
return: mysql
mysql.host: '172.25.11.1'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
systemctl restart salt-minion
server1 ####用来替换server4的步骤
vim /etc/salt/master
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
master_job_cache: mysql
systemctl restart salt-master 这样就不用minion端修改了,可以删掉
salt server3 cmd.run df
mysql -usalt -psalt salt
select * from salt_returns;
mkdir /srv/salt/_modules
vim my_disk.py
def df(bar):
cmd = 'df -h'
return __salt__['cmd.run'](cmd)
[root@server1 _modules]# salt server4 saltutil.sync_modules
server4:
- modules.my_disk
[root@server1 _modules]# salt server4 my_disk.df df
server4:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 17G 1.2G 16G 7% /
devtmpfs 486M 0 486M 0% /dev
tmpfs 497M 12K 497M 1% /dev/shm
tmpfs 497M 57M 441M 12% /run
tmpfs 497M 0 497M 0% /sys/fs/cgroup
/dev/sda1 1014M 121M 894M 12% /boot
tmpfs 100M 0 100M 0% /run/user/0
salt-api
server1
yum install salt-api -y
制作通行证
cd /etc/pki/tls/private
openssl genrsa 1024 >localhost.key
cd /etc/pki/tls/certs/
make testcert
[root@server1 master.d]# pwd
/etc/salt/master.d
[root@server1 master.d]# cat api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
[root@server1 master.d]# cat auth.conf
external_auth:
pam:
saltapi:
- .*
[root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi
Changing password for user saltapi.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server1 master.d]# systemctl start salt-api
[root@server1 master.d]# yum install net-tools -y &>/dev/null
[root@server1 master.d]# netstat -tnapl
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 5911/python
setfacl -m u:saltapi:r /etc/shadow
systemctl restart salt-master
curl -sSk https://localhost:8000/login -d username=saltapi -d password=westos -d eauth=pam
curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml' -H 'X-Auth-Token: '6ab788efa7f70cc7343fb8370f63966849fc0751' -d client=local -d tgt='server3' -d fun=state.sls -d arg='nginx.service'
[root@server1 ~]# curl -sSk https://localhost:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-token:8e68381607916ef6885a2c18e35598da695af4c9' -d client=local -d tgt='server3' -d fun=state.sls -d arg='nginx.service'
return:
- server3:
? cmd_|-nginx-install_|-cd /mnt && tar zxf nginx-1.15.8.tar.gz && cd nginx-1.15.8
&& sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc &&./configure
--prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install
&> /dev/null && cd .. && rm -fr nginx-1.15.8_|-run
: __id__: nginx-install
__run_num__: 2
__sls__: nginx.install
changes: {}
comment: /usr/local/nginx exists
duration: 1.267
name: cd /mnt && tar zxf nginx-1.15.8.tar.gz && cd nginx-1.15.8 && sed -i 's/CFLAGS="$CFLAGS
-g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc &&./configure --prefix=/usr/local/nginx
&> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. &&
rm -fr nginx-1.15.8
result: true
start_time: '17:38:06.090115'
file_|-/usr/local/nginx/conf/nginx.conf_|-/usr/local/nginx/conf/nginx.conf_|-managed:
__id__: /usr/local/nginx/conf/nginx.conf
__run_num__: 3
__sls__: nginx.service
changes: {}
comment: File /usr/local/nginx/conf/nginx.conf is in the correct state
duration: 24.825
name: /usr/local/nginx/conf/nginx.conf
pchanges: {}
result: true
start_time: '17:38:06.091675'
file_|-nginx-install_|-/mnt/nginx-1.15.8.tar.gz_|-managed:
__id__: nginx-install
__run_num__: 1
__sls__: nginx.install
changes: {}
comment: File /mnt/nginx-1.15.8.tar.gz is in the correct state
duration: 64.629
name: /mnt/nginx-1.15.8.tar.gz
pchanges: {}
result: true
start_time: '17:38:06.023497'
file_|-nginx-service_|-/etc/systemd/system/nginx.service_|-managed:
__id__: nginx-service
__run_num__: 4
__sls__: nginx.service
changes: {}
comment: File /etc/systemd/system/nginx.service is in the correct state
duration: 23.826
name: /etc/systemd/system/nginx.service
pchanges: {}
result: true
start_time: '17:38:06.116903'
pkg_|-nginx-install_|-nginx-install_|-installed:
__id__: nginx-install
__run_num__: 0
__sls__: nginx.install
changes: {}
comment: All specified packages are already installed
duration: 793.265
name: make
result: true
start_time: '17:38:05.226830'
service_|-nginx-service_|-nginx_|-running:
__id__: nginx-service
__run_num__: 5
__sls__: nginx.service
changes: {}
comment: The service nginx is already running
duration: 46.938
name: nginx
result: true
start_time: '17:38:06.142824'
vim saltapi.py
###########下面
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://localhost:8000',username='saltapi',password='westos')
sapi.token_id()
print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
#sapi.deploy('test-01','nginx')
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
python saltapi.py