In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-07 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Saltstack introduction
Saltstack is a new infrastructure management tool. At present, it is in the stage of rapid development, which can be regarded as a combination of strengthened Func+ and weakened Puppet. It indirectly reflects the two major functions of saltstack: remote execution and configuration management.
Saltstack uses a very easy-to-use and lightweight management tool developed by Python. It is composed of Master and Minion and communicates through ZeroMQ.
Experimental environment: (a virtual machine is required to surf the Internet, and the yum source uses 163NetEase cloud mirror CentOS6-Base-163.repo)
Three virtual machines (one master, two minion)
Master:
Yum install-y epel-release (salt source)
Yum install salt-master-y
Minion (two):
Yum install-y epel-release
Yum install salt-minion-y
Start the service:
Server startup mode: service salt-master start
Client startup method: service salt-minion start
Log view path: (if there is a problem, you can check the log for error information)
Server: / var/log/salt/master
Client: / var/log/salt/minion
Server master configuration
In the following configuration, it is important to note that each parameter colon is followed by a space
Such as:
Interface: 192.168.253.100
By default, salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0). If you want to bind a specific IP, you need to modify the "interface" option in the / etc/salt/master configuration file as follows:
Interface: 192.168.253.100
Note: 192.168.253.100 is the IP address of the native server (master)
Change the auto_accept to True, and automatically accept the client's KEY. Of course, you can accept it manually without setting it here. The method of acceptance is: salt-key-a keyname (keyname is the id ID just set by the client)
Auto_accept: True
Client minion configuration (another id: 69)
You need to modify the master option in the configuration file / etc/salt/minion of minion by doing the following:
Master: 192.168.253.100
Id: 68
Note: 192.168.253.100 is the IP address of the server.
Id: the identity of the client, which is used to connect to the client when connecting with the server, such as salt '68' cmd.run' df-h'
The ID of the second minion is changed to 69.
Restart the above services will take effect
Server startup mode: service salt-master restart
Client startup method: service salt-minion restart
Master and Minion certification
When 1.minion starts for the first time, it automatically generates minion.pem (private key) and minion.pub (public key) under / etc/salt/pki/minion/ (the path is set in / etc/salt/minion), and then sends minion.pub to master.
After receiving the public key of minion, 2.master uses the salt-key command accept minion public key, so that the public key named minion id will be stored under / etc/salt/pki/master/minions of master, and then master can send instructions to minion.
The connection between Master and Minion
When Saltstack master starts, it listens on ports 4505 and 4506 by default. 4505 (publish_port) is the message publishing system of salt, and 4506 (ret_port) is the port of communication between the salt client and the server. If you use lsof to view port 4505, you will find that all Minion remains at ESTABLISHED on port 4505
Execute the following command on the master server:
Salt-key-A (accepts the public key of the minion side)
Salt-key-L
[root@Master] # salt-key-L
Accepted Keys:
sixty-eight
sixty-nine
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@Master] # lsof-I: 4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Salt-mast 2509 root 12u IPv4 22783 0t0 TCP 192.168.253.10015 (LISTEN)
Salt-mast 2509 root 14u IPv4 27209 0t0 TCP 192.168.253.100 IPv4 4505-> 192.168.253.50 IPv4 46702 (ESTABLISHED)
Salt-mast 2509 root 15u IPv4 27468 0t0 TCP 192.168.253.100 0t0 TCP 4505-> 192.168.253.150 IPv4 45162 (ESTABLISHED)
KEY Management:
Salt uses AES encryption in the process of data exchange between master and minion. In order to ensure that the instructions sent to minion will not be tampered with, the authentication between master and minion adopts trusted acceptance (trusted, accepted) key.
Before sending a command to minion, the key of minion needs to be accepted by master (accepted). Run salt-key to list the status of the current key
[root@Master] # salt-key-L
Accepted Keys:
sixty-eight
sixty-nine
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Note:
Accepted Keys is the KEY accepted by the server (the two clients are the KEY accepted by the server. In fact, 230Magne68 is the id identification number in minion)
Unaccepted Keys: KEY that is not accepted by the server
Rejected Keys: KEY rejected by the server
The salt-key command can accept a specific single key or batch key, accept all current key using the-An option, and accept a single key using-a keyname.
The authentication command is salt-key, and the following commands are commonly used:
-an ACCEPT,-- accept=ACCEPTAccept the following key
-A,-- accept-all Accept all pending keys
-r REJECT-- reject=REJECTReject the specified public key
-R,-- reject-all Reject all pending keys
-d DELETE,-- delete=DELETEDelete the named key
-D,-- delete-all Delete all keys
Send instructions:
Between master and minion, you can determine whether it is alive by running the test.ping remote command.
[root@Master ~] # salt-E'68 | 69 'test.ping
68:
True
69:
True
Or for all minion: salt'* 'test.ping
[root@Master ~] # salt'* 'test.ping
68:
True
69:
True
Return True indicates that the test is OK and the client is alive.
Execute the command:
[root@Master ~] # salt-E'68 | 69 'cmd.run' ifconfig'
68:
Eth0 Link encap:Ethernet HWaddr 00:0C:29:71:49:53
Inet addr:192.168.253.50 Bcast:192.168.253.255 Mask:255.255.255.0
Inet6 addr: fe80::20c:29ff:fe71:4953/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24971 errors:0 dropped:0 overruns:0 frame:0
TX packets:15627 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0 txqueuelen:1000
RX bytes:31456855 (29.9 MiB) TX bytes:1213916 (1.1 MiB)
Lo Link encap:Local Loopback
Inet addr:127.0.0.1 Mask:255.0.0.0
Inet6 addr: 1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0 txqueuelen:0
RX bytes:352 (352.0 b) TX bytes:352 (352.0 b)
69:
Eth0 Link encap:Ethernet HWaddr 00:0C:29:6B:80:9D
Inet addr:192.168.253.150 Bcast:192.168.253.255 Mask:255.255.255.0
Inet6 addr: fe80::20c:29ff:fe6b:809d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25444 errors:0 dropped:0 overruns:0 frame:0
TX packets:15534 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0 txqueuelen:1000
RX bytes:31503884 (30.0 MiB) TX bytes:1206199 (1.1 MiB)
Lo Link encap:Local Loopback
Inet addr:127.0.0.1 Mask:255.0.0.0
Inet6 addr: 1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0 txqueuelen:0
RX bytes:352 (352.0 b) TX bytes:352 (352.0 b)
Salt-E'68 | 69' cmd.run'df-h'
[root@Master ~] # salt-E'68 | 69' cmd.run'df-h'
69:
Filesystem Size Used Avail Use% Mounted on
/ dev/sda3 16G 1.3G 14G 9% /
Tmpfs 495m 12K 495m 1% / dev/shm
/ dev/sda1 2.0G 56m 1.8G 3% / boot
/ dev/sr0 4.2G 4.2G 0100% / mnt/cdrom
/ dev/sr1 1.2G 1.2G 0100% / mnt/cdrom1
68:
Filesystem Size Used Avail Use% Mounted on
/ dev/sda3 16G 1.2G 14G 8% /
Tmpfs 495m 12K 495m 1% / dev/shm
/ dev/sda1 2.0G 56m 1.8G 3% / boot
/ dev/sr0 4.2G 4.2G 0100% / mnt/cdrom
/ dev/sr1 1.2G 1.2G 0100% / mnt/cdrom1
Note: enclose the client id and the commands sent in single quotation marks to form a habit to prevent errors
Salt matches minion id on the server side
When running the salt command to match, use single quotation marks (') to avoid shell parsing
Match all minion:salt'* 'test.ping
Match all minion:salt'* .example. * 'test.ping of the lower domain
Match (web1.example.net, web2.example.net.webN.example.example.net): salt 'web?.example.net' test.ping in the example.net domain
Match minion from web1 to web5: salt 'web [1-5]' test.ping
Match web-x, web-y and web-z minion: salt 'web- [XMurz]' test.ping
Regular expression
Match web-prod and web1-devel minion:
Salt-E 'web1- (prod | devel) 'test.ping
Specify list
Salt-L 'web1,web2,web3' test.ping
Specify a group:
Open the master configuration file in the server
Vim / etc/salt/master
Add the following grouping
Nodegroups:
Group1: 'Lindsay 69, 668'
Group2: '68'
Group3: 'GambiosRose centos.'
Group4: 'Gambimempurl 487'
It is worth noting that when editing master, group1 and group2 are preceded by two spaces
Test:
[root@51ou.com salt] # salt-N group2 test.ping
68:
True
[root@51ou.com salt] # salt-N group1 test.ping
230:
True
68:
True
You may wonder why there are lags in group1. What does this mean?
In fact, L refers to the list of clients, we have multiple clients in a group, so it is indicated by L in the front.
In addition to list matching, there are many matching methods, such as:
These parameters can be used directly on the command line, such as:
Salt-S '192.168.1.230' test.ping
Salt-G 'os:Centos' test.ping
Salt-L '230 686' test.ping
Management of minion basic information
Basic use:
Salt'* 'grains.ls to view grains categories
Salt'* 'grains.items to view all grains information
Salt'* 'grains.item osrelease to view some information in grains
Such as:
[root@51ou.com salt] # salt'* 'grains.item osrelease
230:
Osrelease: 6.2
68:
Osrelease: 6.2
Introduction to Salt command
Cmd.run
Saltstack can execute shell commands remotely, using cmd.run. Such as:
Salt '68' cmd.run' df-h'
Built-in execution module
Official module address: http://docs.saltstack.com/ref/modules/all/index.html
Saltstack configuration management
Salt uses State module files for configuration management, written in YAML, and ends in .sls. If configuration management first needs to specify the "file roots" option in Master's configuration file, Salt supports the configuration of environments, such as test and production environments, but base environments are required. And the Base environment must contain the entry file top.sls.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.