Shulou(Shulou.com)06/02 Report--

Saltstack introduction

Saltstack official document: dock.saltstack.com

Saltstack Project: github.com/saltstack

Saltstack Chinese website: wiki.saltstack.cn

Salt is the basic platform management tool. It only takes a few minutes to run, scalable enough to manage tens of thousands of servers and complete data transfer in seconds.

What can Salt do:

1. Configuration management

two。 Remote command

3. Package management

Apply install application steps:

This environment is assumed to be offline, and this service needs to be installed using an offline package.

Reference documentation

Https://blog.csdn.net/u014703013/article/details/81288969

1. First use the installation package of the wget download website to prepare for later offline installation.

Here is an example of which version to choose based on what your distribution is:

Wget-r-c-np-P c:\ satl https://repo.saltstack.com/yum/redhat/6.0/x86_64/2016.11/

Description:

-r means recursive download

-np does not download sideline connections

-C breakpoint continuation

-nd recursive download does not create a layer-by-layer directory, but downloads all files to the current directory (it is not advisable, so that the next level of the directory will not be downloaded together. )

-P means to download that directory

two。 Import the downloaded files into the server as a local installation source

4. Edit the repo file (here, for convenience, add the local path directly to the repo of media)

5. Install salt directly here

Server:

Yum install salt

Yum install salt-master-y

/ etc/init.d/salt-master start

Chkconfig salt-master on

Client:

Yum install-y salt-minion

Vi / etc/salt/minion-Edit the configuration file

Master: 192.168.24.32-master end address

Cachedir: / etc/salt/modules-Module directory

Log file: / var/log/salt/minion.log-Log path

Log level: warning-log level

Master: 192.168.24.4

Cachedir: / etc/salt/modules

Log file: / var/log/salt/minion.log

Log level: warning

/ etc/init.d/salt-minion start

Chkconfig salt-minion on

Allow these clients after the service and clients are installed

Salt-key list

Salt-key-A

Test connectivity

[root@localhost ~] # salt'* 'test.ping

Lnmp02:

True

Nfs-server:

True

Lnmp01:

True

Some simple real-time management, execute commands to the client on the server side, can not execute some real-time commands such as top.

The configuration grouping management editor / etc/salt/master file divides members into groups. Different servers can be divided according to system version, business, etc.

Vi / etc/salt/master

Nodegroups:

Group1: 'Lindlnmp01 Lnmp02'

Group2: 'E@lnmp0 [0-9]'

The above is written in two ways. "group1" can be customized.

Execute the command to check.

Define the environment and define the path under which the templates for the environment are stored

Environment configuration:

Environment example test: the configuration template is implemented using the salt server as the jumper password-free login client

Edit / etc/salt/master environment configuration:

File_roots:

Base

-/ srv/salt

Create directory, create mi.py script [root@lnmp01 _ modules] # ls

Mi.py

[root@lnmp01 _ modules] # pwd

/ srv/salt/_modules

Create ssh public and private keys

Ssh password-free login principle:

[root@lnmp01 ~] # ssh-keygen this operation can be done all the way to enter.

The public key file is located at:

[root@lnmp01] # cat ~ / .ssh/id_rsa

Id_rsa id_rsa.pub

The resulting string is written to the mi.py

#! / usr/bin/env python

# Import Python Lib

Import os

Def sshkey ():

''

Append salt manage machine public ssh-key

CLI Example:

Salt'* 'ssh.sshkey

''

Local_hostname = 'backup'

Manage_pubkey = 'ssh-rsa /. . Omit. = = root@backup\ n'

If not os.path.isfile ('/ root/.ssh/authorized_keys'):

If not os.path.isdir ('/ root/.ssh/'):

Os.mkdir ('/ root/.ssh/')

File = open ('/ root/.ssh/authorized_keys','w')

File.write (manage_pubkey)

File.flush ()

File.close ()

Os.chmod ('/ root/.ssh/authorized_keys',0600)

Return True

Else:

File = open ('/ root/.ssh/authorized_key','r')

If local_hostname not in file.read ():

F = open ('/ root/.ssh/authorized_key','a')

F.write (manage_pubkey)

F.flush ()

F.close ()

Return True

Push the module to the client salt'* 'saltutil.sync_all (this command means to push all modules to the client)

Execute salt'* 'mi.sshkey

View public key

Ssh lnmp01 tests whether to log in without a password

Deploy the environment with one click

Basic principles 1.top.sls defines the environment, the hosts to be matched, and what modules (services) are configured.

two。 There is an init.sls under each service directory, which defines what behavior the module performs (push configuration files, determine actions, execute commands, etc.)

3. After these preparations are completed, execute the salt command to push it to the specified client to achieve one-click mass send configuration.

Create directories, files now create yum, sysctl, httpd directories in the / srv/salt directory, and create top.sls files

Edit the top.sls file as follows

Base:

'lnmp0 [1-2], nfs-server':

-yum

-sysctl

-httpd

-httpd.oldboy

First edit the yum module

Create an init.sls file in the yum directory

Push the server / srv/salt/yum/file/CentOS-Base.repo to the client / etc/yum.repos.d/CentOS-Base.repo.

"/ etc/yum.repos.d/2408c7.repo":

File.managed:

-source: salt://yum/file/2408c7.repo

-mode: 644

-owner: root

-group: root

Cmd.wait:-the file MD5 value will be compared when pushing the file to the client. If it is inconsistent, the following command will be executed (clean the cache, re-establish the cache)

-name: "yum.clean all;yum makecache"

-onlyif: "test-f / etc/yum.repos.d/2408c7.repo"-Test whether the file exists

-watch:-determine if this file has been changed

-file: / etc/yum.repos.d/2408c7.repo

-

"/ etc/yum.repos.d/2408c6.repo":

File.managed:

-source: salt://yum/file/2408c6.repo

-mode: 644

-owner: root

-group: root

Cmd.wait:

-name: "yum.clean all;yum makecache"

-onlyif: "test-f / etc/yum.repos.d/2408c6.repo"

-watch:

-file: / etc/yum.repos.d/2408c6.repo

There should be a 2408c6.repo file in the server / srv/salt/yum/file directory

Salt-N 'all' state.sls yum synchronizes the specified module

Salt-N 'all' state.highstate synchronizes all modules

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.