Shulou(Shulou.com)06/01 Report--

This article is about how to get started with SaltStack quickly. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

SaltStack is a centralized management platform for server infrastructure, with configuration management, remote execution, monitoring and other functions, based on Python language, combined with lightweight message queuing (ZeroMQ) and Python third-party modules (Pyzmq, PyCrypto, Pyjinjia2, python-msgpack and PyYAML, etc.).

And the identity is confirmed by RSA Key, and the transmission is encrypted by AES, which ensures its security. SaltStack is often described as Func enhanced + Puppet Lite.

Why choose SaltStack?

At present, the mainstream open source automatic configuration management tools in the market are puppet, chef, ansible, saltstack and so on. Which one is better to choose? It can be considered from the following aspects:

Choice of language (puppet/chef vs ansible/saltstack)

Puppet and Chef are developed based on Ruby, while ansible and saltstack are developed based on python.

Operation and maintenance development language is keen on python (secondary development can be done later), excluding Puppet and Chef

Choice of speed (ansible vs saltstack)

Ansible transmits data based on the ssh protocol, and SaltStack uses message queuing zeroMQ to transmit data. Judging from online data, SaltStack is about 40 times faster than ansible.

The disadvantage compared to ansible,Saltstack is that you need to install the client. SaltStack is recommended for speed.

SaltStack github address: https://github.com/saltstack/salt

SaltStack official website document address: https://docs.saltstack.com

SaltStack architecture

In the SaltsStack architecture, the server is called Master, and the client is called Minion, which runs in daemon mode. It has been listening to the ports defined in the configuration file of ret_port (the port through which the saltstack client communicates with the server and is responsible for receiving the results sent by the client. The default port is 4506) and publish_port (saltstack's message publishing system, default port 4505). When Minion is running, it automatically connects to the Master address ret_port port defined in the configuration file for connection authentication.

Master: control center, salt command operation and resource state management Minion: client machines that need to be managed will actively connect to the material side and get resource status information from the Master side. Synchronous resource management information States: configuration management instruction set Modules: instruction module used in the command line and configuration files, you can run Grains: Minion variables on the command line, static Pillar: Minion variables Dynamic more private variables, you can synchronize the minions definition highstate through the configuration file: permanently add state to the minion side and read from the sls configuration file. That is, synchronous status configuration salt_schedule: automatically maintains the client configuration SaltStack installation configuration

By default, CentOS6 is used as an example, which is installed by yum. There are other installation methods, such as pip, source code, salt-bootstrap.

EPEL source configuration

Rpm-ivh https://mirrors.tuna.tsinghua.edu.cn/epel/epel-release-latest-6.noarch.rpm

Install and configure the management side (master)

Yum-y install salt-masterservice salt-master start

Note: iptables is required to open ports 4505 and 4506 on master.

Install the managed end

Yum-y install salt-minionsed-I 's@#manster:.*@manster: master_ipaddress@' / etc/salt/minion # master_ipaddress is the administrative side IPecho 10.252.137.141 > / etc/salt/minion_id # personal custom to use IP, default hostname service salt-minion start

Master and Minion certification

When minion starts for the first time, it automatically generates minion.pem (private key) and minion.pub (public key) under / etc/salt/pki/minion/ (the path is set in / etc/salt/minion), and then sends minion.pub to master. After receiving the public key of minion, master uses the salt-key command accept minion public key, so that the public key named minion id will be stored under / etc/salt/pki/master/minions of master, and then master can send instructions to minion. The authentication command is as follows:

[root@10.252.137.14 ~] # salt-key-L # check current certificate visa status Accepted Keys:Unaccepted Keys:10.252.137.141Rejected Keys: [root@10.252.137.14 ~] # salt-key-A-y # agree to visa The following keys are going to be accepted:Unaccepted Keys:10.252.137.141Key for minion 10.252.137.141 accepted. [root@10.252. 137.14 ~] # salt-key-LAccepted Keys:10.252.137.141Unaccepted Keys:Rejected Keys:

SaltStack remote execution

[root@10.252.137.14 ~] # salt'* 'test.ping10.252.137.141:True [root@10.252.137.14 ~] # salt' * 'cmd.run' ls-al'10.252.137.141:total 40drwx-4 root root 4096 Sep 7 15:01. Drwxr-xr-x 22 root root 4096 Sep 3 22:10.-rw- 1 root root 501 Sep 7 14:49 .bash _ history- Rw-r--r-- 1 root root 3106 Feb 20 2014 .bashrcdrwx-2 root root 4096 Jan 30 2015 .cachedrwxr-xr-x 2 root root 4096 Apr 22 13:57. Pip-rw-r--r-- 1 root root 40 Feb 20 2014 .profile-rw-r--r-- 1 root root 64 Apr 22 13:57 .pydistutils.CFG-rw- 1 root root 4256 Sep 7 15:01 .viminfo

The format of the salt command execution is as follows:

Salt'[arguments]

Target: the target of the salt command, which can use regular expressions

Function: method, provided by module

Parameters of arguments:function

A target can be the following:

\ 1. Regular expression

Salt-E 'Minion*' test.ping # hostname is activated as Minion

\ 2. List matching

Salt-L Minion,Minion1 test.ping

\ 3. Grians matching

Salt-G 'os:CentOS' test.ping

Os:CentOS (which exists by default) is the key-value pair of Grains. The data is stored on minion as yaml and can be edited directly in / etc/salt/grains,yaml format on the minion side. Or execute salt'* 'grains.setval key "{' sub-key': 'val',' sub-key2': 'val2'}" on the masterside to specify the document (command salt * sys.doc grains to view the document)

\ 4. Group matching

Salt-N groups test.ping

For example, create / etc/salt/master.d/nodegroups.conf and yaml format in master

\ 5. Compound matching

Salt-C 'G@os:CentOS or Little Minon' test.ping

\ 6. Pillar value matching

Salt-I 'key:value' test.ping

/ etc/salt/master sets pillar_roots, and data is saved in yaml on Master

\ 7. CIDR matching

Salt-S '10.252.137.0lap24' test.ping

10.252.137.0Compact 24 is a designated CIDR segment

Function is a method provided by module

You can view all the function with the following command: salt '10.252.137.141' sys.doc cmd

Function can accept parameters:

Salt '10.252.137.141' cmd.run' uname-a'

And support keyword parameters:

Change to the / directory on all minion to run the uname-a command for the salt user. Salt '10.252.137.141' cmd.run 'uname-a' cwd=/ user=saltSaltStack configuration Management

States file

At the core of salt states is the sls file, which uses YAML syntax to define some KBH data.

The root path to the sls file is defined in the master configuration file and defaults to / srv/salt. This directory does not exist on the operating system and needs to be created manually.

In salt, you can use salt:// instead of the root path, for example, you can access / srv/salt/top.sls through salt://top.sls.

In states, the top file is also defined by the master configuration file, which defaults to top.sls, which is the entry file for states.

A simple sls file is as follows:

Apache:pkg.installedservice.running-require:-pkg: apache

Note: this SLS data ensures that a software package called "apache" (package) is installed and that the "apache" service (service) is running.

The first line is called ID description (ID Declaration). The ID description indicates a name that can be manipulated. The second and fourth lines are State descriptions (State Declaration), which use pkg and service states, respectively. Pkg state manages its key packages through the system's packages, and service state manages system Services (daemon). Below the pkg and service columns are the running methods. Method defines what packages and services should do. Here the package should be installed and the service should be running. The sixth line uses require. This method is called a must instruction (Requisite Statement) and indicates that the apache service starts only when the apache package is successfully installed.

State and methods can be connected by dots, and the above sls file has the same meaning as the following file.

Apache:pkg.installedservice.running-require:-pkg: apache

Save the above sls as init.sls and place it in the sal://apache directory, and the result is as follows:

/ srv/salt ├── apache │ └── init.sls └── top.sls

How do you define top.sls?

Three environments are defined in the master configuration file, each of which can define multiple directories, but to avoid conflicts, they are as follows:

# file_roots:# base:#-/ srv/salt/# dev:#-/ srv/salt/dev/services#-/ srv/salt/dev/states# prod:#-/ srv/salt/prod/services#-/ srv/salt/prod/states

Top.sls can be defined as follows:

Base:'*':-apache

Description:

The first line declares the use of the base environment

The second line, define target, here is to match all

The third line declares which states directories to use, and salt looks for init.sls files in each directory.

Run states

Once you have created the states and modified the top.sls, you can execute the following command on the master:

[root@10.252.137.14 ~] # salt'* 'state.highstatesk2:-State:-pkgName: httpdFunction: installedResult: TrueComment: The following packages were installed/updated: httpd.Changes:-httpd:-new:2.2.15-29.el6.centosold:-State:-serviceName: httpdFunction: RunningResult: TrueComment: Service httpd has been enabled And is runningChanges:-httpd:TrueSummary-Succeeded: 2Failed: 0-Total: 2

The above command triggers all minion to download the top.sls file and one of the states files from master, and then compile and execute them. After execution, minion will report the summary information of the execution results to master.

Thank you for reading! This is the end of the article on "how to get started with SaltStack quickly". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.