Contents:
(a) introduce automated operation and maintenance
(b) to set permissions on NFS
(iii) remote execution
(four) Configuration Management
(A) introduce automated operation and maintenance
(1.1) when we operate on a single machine, such as installing a system, and then install the relevant software packages, configuration-related services, due to the small number of machines to manage so we are very simple. But in our daily work we managed server sometimes not a single machine, the amount may be hundreds of thousands, then how we should simply efficient management of our servers do, we may use conventional way, remotely log in to each server is configured, but this way will be very complicated and inefficient, this time we should use up the corresponding automated management tools we already have the skills to help us manage our servers, so that later we only need to manage servers in a cluster, when on a particular terminal operation, all operations are automatically configured automatically performed on the corresponding server, with the operation and maintenance of automation tools can help greatly improve the efficiency of operation and maintenance work. One of our common automated operation and maintenance of tools: Ansible, SaltStack, Puppet ![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/9dc8cf81fc30fb2f932dd096311908ec.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(1.2) SaltStack is a basic set of heterogeneous platform management tools, we usually are on Linux, using lightweight communicator ZMQ, Ctrip in Python bulk management tools, fully open source, comply with Apache2 agreement with Puppet, Chef similar function, there is a powerful remote command execution engine, also has a powerful configuration management system, often called Salt State system. Saltstack using C / S mode, the master server end is salt, the queue is ZeroMQ communicate messages between Minion, Minion and master client terminal.![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/298956e564b2e35eabb6d4a203da6b92.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(二)安装saltstack
(2.1)一般我们会通过官方网站https://repo.saltstack.com/ 的方式去安装SaltStack,不过操作系统通常会包含epel源,此时我们直接使用epel源去安装SaltStack也是非常方便的。![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/630c9dedce198acc84922f2c852af7fb.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.2)现在我们的环境一共是有3台机器,使用的系统都是CentOS 7.4,其中master的主机名是vms11.rhce.cc,IP地址为192.168.26.11;其中一台minion的主机名是vms12.rhce.cc,IP地址为192.168.26.12;另一台minion的主机名是vms13.rhce.cc,IP地址为192.168.26.13。![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/7dc66fb9b6b57ea7c6e869af589a841c.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.3)我们首先进入系统中将屏幕保护设置一下,然后编辑vms11主机的IP地址为192.168.26.11,并将网络的子网掩码、网关、DNS都设置一下,然后将系统的网络network重启即可。接着我们将vms12主机的IP地址设置为192.168.26.12,vms13主机设置为192.168.26.13,并配置好其他的设置。![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/1dc85036aa58fc10a795121af6213c1b.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/5b6764e2668b56b7f8c6d7a73b8c5419.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.4)同时我们还要将三台主机的SELinux设置为Disabled,并重启计算机后生效,并将防火墙设置为trusted,即允许所有的数据包通过,并设置好正确得主机名信息。同时在三台主机的/etc/hosts文件中设置好所需的IP地址、长主机名、短主机名信息,以此替代本地域名解析的作用。![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/b107802a01ca093ca7f65d31ad530edb.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/42038f548632b49608016e15e9825c1f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/926c16035f19df894ce9036980d71758.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.5)我们先将光盘的挂载信息配置好,然后在/etc/yum.repos.d/目录中创建一个aa.repo的仓库信息,接着我们开始安装epel源(图2-9)。![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/4f11f5453519135ab0b582979fe5f1d1.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/bc0769db3746f27bf7ead33af6db0ea3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/69be76b8bf4f78612c8732c09a35db62.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.6)接着我们开始在vms11机器上安装salt-master,在vms12和vms13机器上安装salt-minion,同时在vms11主机上将salt-master服务开启并设置开机自动启动。
# systemctl list-unit-files | grep salt
# systemctl start salt-master
# systemctl enable salt-master
# yum install salt-minion -y![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/d5de7ec7be674c5a1652138b2deeef58.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/74c5d898502126cc52c6e17c4d0ed60c.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/1c2790fa67dc60496ddb488119791838.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/a51e8f2cdbdb177e4b8ba9cd22674ec2.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.7)接着我们需要在客户端配置可以接收哪台服务器的管理,所以我们首先在vms12主机上操作,进入/etc/salt目录,并编辑minion文件中的master的值为vms11,同时我们将vms12的minion文件拷贝到vms13主机上。![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/53d8c5f371b78d5fa4efd1bddc391a91.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/c84cf58a7474e129980bd1cbfbe9f8da.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/d141437f90165aa93ccbf9eaacf5590b.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.8)接着我们在两台minion主机vms12和vms13上将salt-minion主机服务启动起来并设置开机自动启动。此时当我们在minion主机上重启salt-minion服务的时候,minion主机就会主动向master去注册。
# systemctl list-unit-files | grep salt
# systemctl start salt-minion.service
# systemctl enable salt-minion.service![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/cf60fbee0cb535504991d27e6453c152.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.9)但是master主机在接收到请求后也是处于不知可否的状态,我们通过如下salt-key命令就可以查看到vms11主机上已经有了vms12和vms13两台主机请求信息,同时在/etc/salt/pki/master/minions_pre/目录下也是可以看到vms11主机接收到的vms12和vms13主机的pki密钥信息(图2-18)。同时我们在minion主机上也是可以看到相关的密钥信息的,例如在vms12主机上,我们在/etc/salt/pki/minion/目录下便可以看到已经产生了两个密钥文件minion.pem和minion.pub,并且会将证书文件发送给master(图2-19)
# salt-key -L
# ls /etc/salt/pki/master/minions_pre/
# ls /etc/salt/pki/minion/![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/cba6e08b3ae05d1571e25460b723fe70.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/acf8b9ccb145284fa472ac07bff2c3ce.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(2.10)如果我们想放行某个节点,则可以使用指定节点的方式,这样master节点就可以管理放行过来的minion节点了(图2-20)。如果我们想放行所有来申请的节点,那么可以直接使用“-A”参数即可(图2-21)。如果我们想删除不需要的节点,则可以使用“-d”参数(图2-22),如果想一次性删除所有的节点则可以通过“-D”参数。当我们在minion节点重启服务后,节点的加入master的请求便会再次生效了(图2-23),这样我们便可以通过master主机对节点进行日常的管理操作了。
# salt-key -a vms12.rhce.cc---允许指定的单个节点通过
# salt-key -A---允许所有的节点都通过
# salt-key -d vms12.rhce.cc---删除指定单个的节点
# salt-key -D---统一将所有的节点都删除
# systemctl restart salt-minion.service---在minion节点将服务重启一下![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/da3e8b8ba381505dd2e37a4a0abfeb31.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/c64863380aadf5a373f9a0f305a932be.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/5dea7577c711e92632907580a45540d3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/0f290db776dd863d50addee0fd6410e7.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(三)远程执行
(3.1)所谓远程执行就是指我们可以在master上定义一个操作,然后便可以自动在对应的minion节点上执行相关的命令,这样就不需要我们一个一个的登录节点去执行。
格式:salt ‘*’ 模块.命令
# salt ‘*’ test.ping---在所有的机器上执行(图2-24)
# salt vms12.rhce.cc test.ping---在单台机器上执行(图2-24)
# salt ‘*’ cmd.run ‘ls’---在所有机器上执行
# salt vms12.rhce.cc cmd.run ‘ls’---在单台机器上执行(图2-25)
# salt 'vms13.rhce.cc' cmd.run 'hostname'---查询vms13主机的主机名(图2-25)
# salt '*' cmd.run 'ifconfig ens32'---查询所有主机的网络信息(图2-26)
# salt '*' cmd.run 'yum install vsftpd -y ; systemctl start vsftpd ; systemctl enable vsftpd'---所有机器上安装软件包(图2-27和图2-28)![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/e03bad58507a1ed0debb99195a2b463c.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/bffe1a39ab4e3ad1eb63dd9153303007.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/78f79a969736b51093a3a36b77e84a1d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/1fb7949e6b35f6454f4d8594587f7e63.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/389f977a50a4368eb004d4ffeda3a904.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(四)配置管理
(4.1)我们也可以通过配置管理来进行软件包的安装,此时通过配置管理安装时我们需要写一个以sls为后缀名的配置文件,例如创建了一个aa.sls的配置文件,那么这个名字就是后面要执行的名字。Sls这种文件并非是可以在任何目录里写的,必须得在指定的目录里写,我们进入到/etc/salt目录下可以看到一个master文件,我们在master文件中找到“file_roots”这一行信息,然后可以定义一个目录/srv/salt,此时我们sls文件必须要往/srv/salt目录或者子目录中写才会生效![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/88bbc2c585c84c0ce7dab93baa79e38a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/5b9bb83538cb0522805ef7a75506c087.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(4.2)接着我们还需要在master上创建/srv/salt目录,并将salt-master服务重启一下,然后再进入到/srv/salt目录中创建一个aa.sls的文件,在sls文件中我们需要定义名称、模块名、命令名、以及需要安装的软件包名(图4-3),然后让这个YAML文件指定对应的minion自己去按照系统的特性进行安装(图4-4)
# mkdir /srv/salt
# systemctl restart salt-master.service![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/d74662f1178c42b6d696307096dde328.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/e414110db49259cdc493a01bd2af8f4a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(4.3)然后我们在vms11主机上将aa.sls配置文件的内容运行起来(图4-5),此时可以发现vms13主机上的httpd的相关服务已经正确的安装起来了(图4-6)
# salt '*' state.sls aa
# rpm -qa | grep httpd![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/22f80a1e710f6565792d1a867f182c88.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/c09fda24d6ccd72605165178559645d0.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(4.4)这个aa.sls文件,我们并没有指定在哪个机器上执行,如果安装很多台机器,安装不同的包,我们需要很多个不同的sls文件。此时我们应该使用top.sls文件来进行处理,top.sls的目的就是为了每台minion设置好要执行哪个sls文件。我们首先在minion主机上将httpd和vsftpd服务停止下来,接着将httpd和vsftpd安装的内容卸载掉(图4-8)。然后在vms11主机上/srv/salt目录中创建一个top.sls的文件,并且创建一个xx目录,在xx目录中创建一个bb.sls的文件,我们可以使用tree命令查看到当前目录下的目录树的状态(图4-9)。我们在bb.sls文件中安装并设置vsftpd服务的相关配置,现在我们的需求是在vms12主机上安装httpd服务,在vms13主机上安装vsftpd服务,可以在top.sls文件中进行设置(图4-10和图4-11)。
# rpm -qa httpd
# systemctl stop httpd vsftpd.service
# rpm -e httpd vsftpd httpd-devel![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/e9978914c3944dd3ca85186c6237bd38.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/81bc3286160e5a50ff122ab74d342020.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/5bdd7552bdf37cf7e4ec8e6cd9526222.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/1c2e13434975393843e975d4b13dae65.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/3d647f3bc7a1855e17a6655d7621ba3d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(4.5)接着我们开始在master主机上直接执行安装命令即可,此时我们发现在vms12主机上已经安装完成了httpd服务,没有安装vsftpd服务,而vms13主机已经安装了完成了vsftpd服务,没有安装httpd服务。
# salt '*' state.highstate![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/0ceea041b615f3d3f0ac07445eb0b481.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/3401816465f22eb95069eebe62c7b4ec.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/c24e33de39cd56be80523601c685156d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(五)模块管理
(5.1)我们想要知道系统中具体有多少个模块可以执行,此时可以通过sys.list_modules来查看(图5-1),例如我们前面有使用的“test.ping”、“cmd.run”、“pkg.installed”、“service.running”。如果我们想要了解某个模块的所有的命令,我们可以通过连续两次Tab键,就可以得到pkg模块中所有的命令(图5-2)
# salt 'vms12.rhce.cc' sys.list_modules
# salt 'vms12.rhce.cc' pkg.![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/29c68705e9571e06026de2294059dfec.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/b4fd235b3710beb2805a6ac448dabf16.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(5.2)当然我们也可以通过sys.list_functions的方式得到命令的相关模块的信息(图5-3),如果我们想查看模块子命令的相关用法,则可以使用sys.doc得到模块的使用信息(图5-4)
# salt 'vms12.rhce.cc' sys.list_functions pkg
# salt 'vms12.rhce.cc' sys.doc pkg
# salt 'vms12.rhce.cc' sys.list_functions service![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/25849e8f7d863a4182a749adeb8a613a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/3d60345612ec2d75c37859a6d0aca567.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/44c1ec8243099c947db6881bc1e8a462.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(六)grains
(6.1)grains的主要作用是能够获取系统中所能用到的所有的信息,这些信息主要是以变量的方式进行存储。如果我们可以先查看一下grains中的子命令的情况
# salt 'vms12.rhce.cc' sys.list_functions grains
# salt 'vms12.rhce.cc' grains.items---获取所有能用到的变量及值(图6-2至图6-4)
# salt 'vms12.rhce.cc' grains.ls---获取所有能用到的变量,不包括值(图6-5)![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/6433c0f1c6bb1edc10dd0bfe081b0854.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/e7aad6017511ea3dcbd167fe54d9715f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/6d7d6cae99bae31c5bda78ca9e62d931.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/dc99ea67b097c59b863110f48e0b1723.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/1707f515383f13b6b4cc84fc7d27cb58.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(6.2)如果我们想单独的获取某个变量的值,则可以使用grains.get命令(图6-6),我们获取这些变量的目的是,可以在写脚本的时候能够通过获取系统系统的信息,从而进行相关的判断,在不同的机器上执行不同的东西,比如在redhat上执行一种操作,而在debian上执行另外一种操作(图6-7)。具体的语法信息我们可以参阅官方文档https://docs.saltstack.com/en/latest/contents.html
# salt 'vms12.rhce.cc' grains.get os---单独获取某个变量的值![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/b8291d8e05c48930d730d65952af01c3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/cca1da68b248b1e0721b29f624b142ca.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/02e28514c5dd24ceaf1e1a6dd1e858ec.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(七)pillar
(7.1)pillar主要是进行一些系统操作命令的函数,当我们查询pillar.items的时候是获取不到相关的数值的,因为默认情况下pillar的相关模块是没有开启的。
# salt 'vms12.rhce.cc' sys.list_functions pillar
# salt 'vms12.rhce.cc' pillar.items![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/f3b3ccd63c44059a72e5c65338a834d6.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/08538589de2094c14b312de8c0a15861.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(7.2)如果需要把pillar相关的模块开启,那么需要进入到/etc/salt/目录下,编辑master文件,将pillar_opts的值修改为True即可,同时还要开启pillar_roots的路径信息,并在系统中创建对应的/srv/pillar目录,最后将salt-master服务重启一下,此时我们便可以得到pillar.items的相关信息了(图7-7)。
# mkdir /srv/pillar
# systemctl restart salt-master.service
# salt '*' pillar.items
# salt 'vms12.rhce.cc' sys.doc pillar---我们通过这个命令可以获取到相关的帮助信息![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/d8fb6ded5d851d3bd5dada45dc0507fd.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/e2b906d5539dd15ef878ee7568f969ea.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/1e0ea9ec7f3a5acd268a12e373efee6f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/effdd1b85e37416ad8df90759676e1b8.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/72e82d0c59a01481829f82b7070cad90.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/acb785b6464a5f26c8642a0f39a32ba7.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(八)salt-ssh
(8.1)我们在前面由master连接到minion进行管理的时候并没有让我们输入任何的密码信息,就可以直接的远程连接过去,其实这是由于master和minion直接通过证书进行通信的,在vms12主机上我们发现/etc/salt/pki目录下是有两个证书文件pem和pub的,在vms11主机上我们也可以发现在/etc/salt/pki目录下也是有两个证书文件master.pem和master.pub的。![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/0144afcd064bc39862fb2c7cb7c394a5.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/23b04bb8ab2b5f748b73a06395d74d9e.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(8.2)如果现在我们不想通过证书方式来进行master和minion之间的通信连接,而希望通过ssh的方式来建立连接,此时我们就应该使用salt-ssh的方式来满足这个需求,我们重新生成三台主机vms11、vms12、vms13,然后安装相关的软件包,我们先将epel源安装起来。
环境搭建、环境配置步骤:①首先进入到/etc/sysconfig/network-scripts/目录下配置IP地址、网关、子网掩码、DNS等信息;②将/etc/cdrom镜像挂载到/mnt目录下;③在/etc/fstab文件中配置开机自动挂载光盘镜像的设置;④进入到/etc/yum.repos.d/目录中创建aa.repo的仓库文件;⑤进入到/etc/hosts文件中编辑IP地址、长主机名、短主机名等信息;⑥将主机的屏保功能去除。
# yum install epel* -y![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/3072dd96a4cfdbb9d00db090ba9db7ca.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(8.3)在epel源安装完成后,接着我们安装salt-ssh,并编辑/etc/salt/目录下的roster文件,在配置文件中我们在master主机上编辑连接到vms12和vms13两台主机的IP地址、用户名、密码、端口等信息。
# yum install salt-ssh -y
Vim # / etc / Salt / roster ![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/4cea3156a521a38c72bc03a3b989cf8d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/775428a6d8c6269ca51a8d1412f7c9e3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
(8.4) When we use ssh landing, the system will always ask us yes / no login information, this is due to the known_hosts file in the root / .ssh / directory holds Related login information. At this point we can enter the / etc / ssh value / ssh_config in the configuration file to no StrictHostKeyChecking modified and saved, then we test the connectivity can be found in connection minion normal vms11 connection on the host.
# Salt-ssh '*' test.ping ![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/990ed17d79777ab5be27166d9e716ea6.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/737d5289006ac1014e6b350af3b38ae3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/f4591552152046cba466ba209ba4cb6e.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
rear (8.5) At this point we can also perform the associated commands on the master host, for example, salt-ssh we perform remote host name acquisition operation, wherein "-r" parameter The system can now command; "- i" parameter indicates the password if asked, to help direct you to confirm. Of course, we know saltstack use ssh way will be lower than the performance of the connection management uses a number of certificates, but security will be correspondingly improved.
Salt-SSH # '*' -R & lt 'hostname'
# Salt-SSH '*' -R & lt 'DF -ht'![[My Linux, I call the shots! ] Automated operation and Willy is --SaltStack](https://s1.51cto.com/images/blog/201912/14/f536b9e27b4aead0966fbee8405cf7d7.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
------ This concludes the article, thanks for reading ------