First, automated operation and maintenance Introduction
Compared:
Traditional low operation and maintenance efficiency, most people work completed
Traditional operation and maintenance work tedious, error-prone
Traditional daily operation and maintenance repeat the same thing
Operation and maintenance is not a traditional standardization process
Operation and maintenance of a wide range of traditional script, not easy to manage
Automated operation and maintenance is to solve all the problems above
Common automated operation and maintenance tool
Puppet (www.puppetlabs.com) based rubby Development, c / s architecture, multi-platform support, manageability, configuration files, users, cron task, package, system services and so on. Into Community Edition (free) and Enterprise Edition (surcharge), Enterprise Edition supports graphical configuration.
Saltstack (official website https://saltstack.com, document docs.saltstack.com) python-based development, c / s architecture, multi-platform support, than the puppet lightweight, when the remote command execution is very fast, easy to configure and use than a puppet You can achieve almost all the features puppet.
Parallel execution: simultaneously execute commands on many machines. Corresponding serial (one executing the second command execution). So Parallel faster.
Ansible (www.ansible.com) more concise operation and maintenance of automation tools, no need to install agent on the client, based on python development. You can realize batch operating system configuration, deployment batch program, batch run command. Compared Saltstack, Saltstack amount of support machine some more.
Two, saltstack installation
saltstack official document: https: //docs.saltstack.com/en/latest/topics/index.html
You can use salt-ssh remote execution, similar to the ansible,
Also supports c / s mode, the following describes the use of the model, it is necessary to prepare two machines
149.133 for the server, the client 149.131
Two machines set up and hosts hostname
# Vi / etc / hosts // do both machines 192.168.149.133 fuxi01 192.168.149.131 yw02
Both machines have been installed saltstack yum source
yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm Performing yum install -y salt-master salt-minion // control center 133 mounted on the salt-master, only need to install other machines salt-minion. Performing yum install -y salt-minion 131
Third, start the salt-related services
On the Edit Profiles 133
# Vi / etc / salt / minion // increase master: fuxi01 // remove the # sign, and edit the host name of the master of Start Service systemctl start salt-master; systemctl start salt-minion
Although the minion is via TCP / IP communication, but does not listen on any port.
131 edit the configuration file
# Vi / etc / salt / minion // increase master: fuxi01 Start Service systemctl start salt-minion
Server monitor 4505 and 4506 the two ports, 4505 port to the news release, 4506 and for the client communication port.
Four, saltstack Configuration certification
minion master terminal and the communication terminal needs to establish a secure channel, transmission needs to be encrypted, so you have to configure the authentication, but also by the encryption and decryption key pair.
minion generated at the first start in the / etc / salt / pki / minion / minion.pem and minion.pub, wherein .pub public key, it will transmit the public key to the master.
When the master is also generated at a first start / etc / salt / pki / master key pair, when receiving the master's public key minion pass over, accept the salt-key by the public key of the tool will once accepted in the / etc / salt / pki / master / minions / directory store just accept the public key, and the client will accept master-past public key, put it in / etc / salt / pki under / minion directory, and named minion_master.pub
The above process need to use salt-key tools to achieve
The server will execute the following command salt-key -a yw02 // -a followed by the host name, you can specify a host certification, accepted meaning.
# salt-key -a yw02 The following keys are going to be accepted: Unaccepted Keys: yw02 Proceed? [N / Y] Key for minion yw02 accepted. # Salt-key // you can see the green Accepted Keys, by representatives of; Denied, rejected; UNaccepted, default. Accepted Keys: yw02 Denied Keys: Unaccepted Keys: fuxi01 Rejected Keys: # salt-key -A # Salt-key // you can see all the Accepted.
salt-key command usage:
-a followed by the host name, specify the host authentication
-A certified all hosts
-r with the host name, refused to specify the host, reject.
-R reject all hosts
-d with the host name, delete the specified host authentication
-D Delete all Host Authentication
-y omitted interact directly corresponds press y
# salt-key -D -y # Salt-key // look at have all gone # Systemctl restart salt-minion // server and client restart minion, let the master end automatically recognize minion end. # salt-key //再来看就识别出来了,Unaccepted。 # salt-key -A -y //这样就全部都认证了。 # salt-key -r //操作的对象是在Unaccepted Keys下。拒绝后就到Rejected Keys下了。要想添加回来,先删掉,再-a加进来,识别不了就重启minion端。
五、saltstack远程执行命令
所有的操作都是在服务端
# salt '*' test.ping //这里的*表示所有已经认证的minion端,也可以指定一个,显示的True,表示存在的。 fuxi01: True yw02: True # salt 'aming-01' test.ping # salt 'aming-*' "hostname" # salt 'aming-0[23]' "hostname" # salt '*' cmd.run "hostname" //调用系统的命令,用cmd.run。后面可以跟系统里能用的所有的命令。
说明: 这里的*必须是在master上已经被接受过认证的客户端,可以通过salt-key查到,通常是我们已经设定的id值。关于这部分内容,它支持通配、列表以及正则。 比如两台客户端aming-01,aming-02, 那我们可以写成salt 'aming-*';salt 'aming-0[12]';salt -L 'aming-01,aming-02';salt -E 'aming-[0-9]+';salt -E 'aming-(01|03)'等形式,使用列表,即多个机器用逗号分隔,而且需要加-L,使用正则必须要带-E选项。 它还支持grains,加-G选项,pillar 加-I选项,后面介绍。