Shulou(Shulou.com)06/02 Report--

Saltstack Overview in a production environment, there are often more than one or two servers, usually thousands of servers. This is too difficult for operation and maintenance personnel to manage, and saltstack is a new basic platform management tool, which can manage tens of thousands of servers and complete data transfer in a few seconds. It is one of the most used automatic operation and maintenance tools. Salt is a basic platform management tool. The SaltStack adopts the SaltStack S mode, the server side is the master of salt, and the client side is the communication between minion,minion and master through ZeroMQ message queue. Master listens on ports 4505 and 4506, 4505 is the master and minion authentication communication port, and 4506 is the command execution return information that master uses to send commands or receive minion. Saltstack introduction

1. Based on python language development

2. Lightweight management tools for batch execution of commands

3. Commonly used templates

The name means pkg package, which is used to manage files by adding, deleting and updating file, including synchronizing files, setting file permissions and user groups, deleting files, etc. Cmd executes commands or scripts on minion, use management system account operations service management system service operations cron management crontab tasks

4. Saltstack data system

Grains (static data)

Three functions of pillar (dynamic data) saltstack

Remote execution

Configuration management

Cloud management

How saltstack works the SaltStack client (Minion) automatically generates a set of keys, including private and public keys, when it starts. Then the public key is sent to the server, which verifies and accepts the public key to establish a reliable and encrypted communication connection. At the same time, a message publishing connection is established between the client and the server through the message queue ZeroMQ.

Minion is a client installation component that needs to be managed by SaltStack. It will actively connect to the Master side, get resource status information from the Masterside, and synchronize resource management information.

Master, as a control center, runs on the host server and is responsible for the operation of Salt commands and the management of resource status. The execution of an instruction on Master is sent to each Minions through the queue, and the result is returned.

ZeroMQ is an open source message queuing software, which is used to build a system communication bridge between Mini and Master. Saltstack advantages and disadvantages fast, based on message queue + thread, run multiple devices, are millisecond level; very flexible, the source code is python, easy to understand and customize module (because python compared to other perl, ruby, etc.) command is simple, powerful. The disadvantage is that it is inconvenient to deploy the minion side. Grainsgrains, an important component of Saltstack, is the static information collected when minion (client) starts, such as operating system type, network card ip and so on. The information about grains is not dynamic and does not change from time to time, it is only collected when minion starts. Unlike grains, pillarpillar is defined on master and is for some information defined by minion. For example, some important data (passwords) can be stored in pillar, and variables can be defined. Statestate is the core function of saltstack Manage the controlled host through pre-specified sls files (including: packets, network configuration, system services, System users, etc.) Saltstack commonly used commands to copy files to the client salt 'client2' cp.get_file salt:#apache.sls / tmp/cp.txt copy directory to the client salt' client2' cp.get_dir salt:#test / tmp display the surviving client side script under the salt-run manage.up command to execute the server script # edit script vim / bin/shecho "> / tmp/shell.txt# execute script salt 'client2' cmd.script salt:#test/shell.shSaltstack operation example-batch deployment apache environment deployment prepares three machines All three machines turn off selinux and clear the firewall rules. Server role IP address host name master192.168.142.123master.saltstack.comminion01192.168.142.124web01.saltstack.comminion02192.168.142.166web02.saltstack.com installation saltstack# add epel source for each of the three machines Local official source yum install-y epel-release # install epel source # server install yum-y install salt-master configuration master host # installation completed modification main configuration file vim / etc/salt/master# modify the following # 15 line interface: 192.168.175.132 # listening address # 215 line auto_accept: True # avoid running salt-key to confirm certificate authentication # 416 line file_roots: Base:-/ srv/salt # saltstack file root location Directory needs to create # 710line group category nodegroups: group1: 'web01.saltstack.com' group2:' web02.saltstack.com'#552 line pillar_opts: True # enable pillar function, synchronize file function # 529line pillar_roots: base:-/ srv/pillar # pillar home directory Need to create cat / etc/salt/master | grep-v ^ $| grep-v ^ # # View the changes made to the main configuration file start the server # start the service systemctl start salt-master# set the service boot systemctl enable salt-master# view the service port monitoring status netstat-anpt | egrep '4505 | 4506' create salt and pillar file root directory mkdir / srv/saltmkdir / srv/pillar is installed by the managed side (minion) # in two services Install yum-y install salt-minion configuration Minino side # modify / etc/salt/minino main configuration file vim / etc/salt/minion# modify configuration as follows # 16 lines master: 192.168.175.132 # specify IP#78 line id: web01.saltstack.com # specify the hostname of the controlled side start the service systemctl start salt-minion of the controlled side test the communication status with the controlled side on the master side # view the communication status State salt'* 'test.ping# view mount status of all managed sides salt' * 'cmd.run' df-hacks # View client salt-key# that has been accepted on master View all values of grains on the controlled host (each time minion gets client information when startup) # static data salt 'web01.saltstack.com' grains.items# dynamic data salt' web01.saltstack.com' pillar.items configuration management installation Apache The following demonstration is to install Apache remotely through yum. The steps are as follows: # modify the main configuration file vim / etc/salt/master file_roots: base:-/ srv/salt/# Note: environment: base, dev (development environment), test (test environment), prod (production environment). # create the working directory mkdir / srv/saltvim / srv/salt/top.slsbase:'*':-apache# Note:'*', it means that the apache module is executed on all clients. Vim / srv/salt/apache.slsapache-service: pkg.installed:-names: # if there is only one service, it can be written as-name: httpd without a new line-httpd- httpd-devel service.running:-name: httpd- enable: True# Note: apache-service is a custom id name. Pkg.installed is the package installation function. Here is the name of the package to be installed. Service.running is also a function to ensure that the specified service is started, and enable means boot. # restart the service systemctl restart salt-master# execute the refresh state configuration command salt'* 'state.highstate to verify whether the httpd service is installed successfully on two minos # check the service port listening status netstst-ntap | grep 8 view the generated configuration file rpm-qc httpd thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.