Shulou(Shulou.com)06/02 Report--

Saltstack introduction

Saltstack is a new infrastructure management tool. At present, it is in the stage of rapid development, which can be regarded as a combination of strengthened Func+ and weakened Puppet. It indirectly reflects the two major functions of saltstack: remote execution and configuration management.

Saltstack uses a very easy-to-use and lightweight management tool developed by Python. It is composed of Master and Minion and communicates through ZeroMQ.

Experimental environment: (a virtual machine is required to surf the Internet, and the yum source uses 163NetEase cloud mirror CentOS6-Base-163.repo)

Three virtual machines (one master, two minion)

Master:

Yum install-y epel-release (salt source)

Yum install salt-master-y

Minion (two):

Yum install-y epel-release

Yum install salt-minion-y

Start the service:

Server startup mode: service salt-master start

Client startup method: service salt-minion start

Log view path: (if there is a problem, you can check the log for error information)

Server: / var/log/salt/master

Client: / var/log/salt/minion

Server master configuration

In the following configuration, it is important to note that each parameter colon is followed by a space

Such as:

Interface: 192.168.253.100

By default, salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0). If you want to bind a specific IP, you need to modify the "interface" option in the / etc/salt/master configuration file as follows:

Interface: 192.168.253.100

Note: 192.168.253.100 is the IP address of the native server (master)

Change the auto_accept to True, and automatically accept the client's KEY. Of course, you can accept it manually without setting it here. The method of acceptance is: salt-key-a keyname (keyname is the id ID just set by the client)

Auto_accept: True

Client minion configuration (another id: 69)

You need to modify the master option in the configuration file / etc/salt/minion of minion by doing the following:

Master: 192.168.253.100

Id: 68

Note: 192.168.253.100 is the IP address of the server.

Id: the identity of the client, which is used to connect to the client when connecting with the server, such as salt '68' cmd.run' df-h'

The ID of the second minion is changed to 69.

Restart the above services will take effect

Server startup mode: service salt-master restart

Client startup method: service salt-minion restart

Master and Minion certification

When 1.minion starts for the first time, it automatically generates minion.pem (private key) and minion.pub (public key) under / etc/salt/pki/minion/ (the path is set in / etc/salt/minion), and then sends minion.pub to master.

After receiving the public key of minion, 2.master uses the salt-key command accept minion public key, so that the public key named minion id will be stored under / etc/salt/pki/master/minions of master, and then master can send instructions to minion.

The connection between Master and Minion

When Saltstack master starts, it listens on ports 4505 and 4506 by default. 4505 (publish_port) is the message publishing system of salt, and 4506 (ret_port) is the port of communication between the salt client and the server. If you use lsof to view port 4505, you will find that all Minion remains at ESTABLISHED on port 4505

Execute the following command on the master server:

Salt-key-A (accepts the public key of the minion side)

Salt-key-L

[root@Master] # salt-key-L

Accepted Keys:

sixty-eight

sixty-nine

Denied Keys:

Unaccepted Keys:

Rejected Keys:

[root@Master] # lsof-I: 4505

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

Salt-mast 2509 root 12u IPv4 22783 0t0 TCP 192.168.253.10015 (LISTEN)

Salt-mast 2509 root 14u IPv4 27209 0t0 TCP 192.168.253.100 IPv4 4505-> 192.168.253.50 IPv4 46702 (ESTABLISHED)

Salt-mast 2509 root 15u IPv4 27468 0t0 TCP 192.168.253.100 0t0 TCP 4505-> 192.168.253.150 IPv4 45162 (ESTABLISHED)

KEY Management:

Salt uses AES encryption in the process of data exchange between master and minion. In order to ensure that the instructions sent to minion will not be tampered with, the authentication between master and minion adopts trusted acceptance (trusted, accepted) key.

Before sending a command to minion, the key of minion needs to be accepted by master (accepted). Run salt-key to list the status of the current key

[root@Master] # salt-key-L

Accepted Keys:

sixty-eight

sixty-nine

Denied Keys:

Unaccepted Keys:

Rejected Keys:

Note:

Accepted Keys is the KEY accepted by the server (the two clients are the KEY accepted by the server. In fact, 230Magne68 is the id identification number in minion)

Unaccepted Keys: KEY that is not accepted by the server

Rejected Keys: KEY rejected by the server

The salt-key command can accept a specific single key or batch key, accept all current key using the-An option, and accept a single key using-a keyname.

The authentication command is salt-key, and the following commands are commonly used:

-an ACCEPT,-- accept=ACCEPTAccept the following key

-A,-- accept-all Accept all pending keys

-r REJECT-- reject=REJECTReject the specified public key

-R,-- reject-all Reject all pending keys

-d DELETE,-- delete=DELETEDelete the named key

-D,-- delete-all Delete all keys

Send instructions:

Between master and minion, you can determine whether it is alive by running the test.ping remote command.

[root@Master ~] # salt-E'68 | 69 'test.ping

68:

True

69:

True

Or for all minion: salt'* 'test.ping

[root@Master ~] # salt'* 'test.ping

68:

True

69:

True

Return True indicates that the test is OK and the client is alive.

Execute the command:

[root@Master ~] # salt-E'68 | 69 'cmd.run' ifconfig'

68:

Eth0 Link encap:Ethernet HWaddr 00:0C:29:71:49:53

Inet addr:192.168.253.50 Bcast:192.168.253.255 Mask:255.255.255.0

Inet6 addr: fe80::20c:29ff:fe71:4953/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:24971 errors:0 dropped:0 overruns:0 frame:0

TX packets:15627 errors:0 dropped:0 overruns:0 carrier:0

Collisions:0 txqueuelen:1000

RX bytes:31456855 (29.9 MiB) TX bytes:1213916 (1.1 MiB)

Lo Link encap:Local Loopback

Inet addr:127.0.0.1 Mask:255.0.0.0

Inet6 addr: 1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:4 errors:0 dropped:0 overruns:0 frame:0

TX packets:4 errors:0 dropped:0 overruns:0 carrier:0

Collisions:0 txqueuelen:0

RX bytes:352 (352.0 b) TX bytes:352 (352.0 b)

69:

Eth0 Link encap:Ethernet HWaddr 00:0C:29:6B:80:9D

Inet addr:192.168.253.150 Bcast:192.168.253.255 Mask:255.255.255.0

Inet6 addr: fe80::20c:29ff:fe6b:809d/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:25444 errors:0 dropped:0 overruns:0 frame:0

TX packets:15534 errors:0 dropped:0 overruns:0 carrier:0

Collisions:0 txqueuelen:1000

RX bytes:31503884 (30.0 MiB) TX bytes:1206199 (1.1 MiB)

Lo Link encap:Local Loopback

Inet addr:127.0.0.1 Mask:255.0.0.0

Inet6 addr: 1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:4 errors:0 dropped:0 overruns:0 frame:0

TX packets:4 errors:0 dropped:0 overruns:0 carrier:0

Collisions:0 txqueuelen:0

RX bytes:352 (352.0 b) TX bytes:352 (352.0 b)

Salt-E'68 | 69' cmd.run'df-h'

[root@Master ~] # salt-E'68 | 69' cmd.run'df-h'

69:

Filesystem Size Used Avail Use% Mounted on

/ dev/sda3 16G 1.3G 14G 9% /

Tmpfs 495m 12K 495m 1% / dev/shm

/ dev/sda1 2.0G 56m 1.8G 3% / boot

/ dev/sr0 4.2G 4.2G 0100% / mnt/cdrom

/ dev/sr1 1.2G 1.2G 0100% / mnt/cdrom1

68:

Filesystem Size Used Avail Use% Mounted on

/ dev/sda3 16G 1.2G 14G 8% /

Tmpfs 495m 12K 495m 1% / dev/shm

/ dev/sda1 2.0G 56m 1.8G 3% / boot

/ dev/sr0 4.2G 4.2G 0100% / mnt/cdrom

/ dev/sr1 1.2G 1.2G 0100% / mnt/cdrom1

Note: enclose the client id and the commands sent in single quotation marks to form a habit to prevent errors

Salt matches minion id on the server side

When running the salt command to match, use single quotation marks (') to avoid shell parsing

Match all minion:salt'* 'test.ping

Match all minion:salt'* .example. * 'test.ping of the lower domain

Match (web1.example.net, web2.example.net.webN.example.example.net): salt 'web?.example.net' test.ping in the example.net domain

Match minion from web1 to web5: salt 'web [1-5]' test.ping

Match web-x, web-y and web-z minion: salt 'web- [XMurz]' test.ping

Regular expression

Match web-prod and web1-devel minion:

Salt-E 'web1- (prod | devel) 'test.ping

Specify list

Salt-L 'web1,web2,web3' test.ping

Specify a group:

Open the master configuration file in the server

Vim / etc/salt/master

Add the following grouping

Nodegroups:

Group1: 'Lindsay 69, 668'

Group2: '68'

Group3: 'GambiosRose centos.'

Group4: 'Gambimempurl 487'

It is worth noting that when editing master, group1 and group2 are preceded by two spaces

Test:

[root@51ou.com salt] # salt-N group2 test.ping

68:

True

[root@51ou.com salt] # salt-N group1 test.ping

230:

True

68:

True

You may wonder why there are lags in group1. What does this mean?

In fact, L refers to the list of clients, we have multiple clients in a group, so it is indicated by L in the front.

In addition to list matching, there are many matching methods, such as:

These parameters can be used directly on the command line, such as:

Salt-S '192.168.1.230' test.ping

Salt-G 'os:Centos' test.ping

Salt-L '230 686' test.ping

Management of minion basic information

Basic use:

Salt'* 'grains.ls to view grains categories

Salt'* 'grains.items to view all grains information

Salt'* 'grains.item osrelease to view some information in grains

Such as:

[root@51ou.com salt] # salt'* 'grains.item osrelease

230:

Osrelease: 6.2

68:

Osrelease: 6.2

Introduction to Salt command

Cmd.run

Saltstack can execute shell commands remotely, using cmd.run. Such as:

Salt '68' cmd.run' df-h'

Built-in execution module

Official module address: http://docs.saltstack.com/ref/modules/all/index.html

Saltstack configuration management

Salt uses State module files for configuration management, written in YAML, and ends in .sls. If configuration management first needs to specify the "file roots" option in Master's configuration file, Salt supports the configuration of environments, such as test and production environments, but base environments are required. And the Base environment must contain the entry file top.sls.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.