Shulou(Shulou.com)06/03 Report--

Saltstack introduction

1. Saltstack is developed in Python language

2. Lightweight management tools for batch execution of commands

3. Common modules: pkg (package), file (file), cmd (execute command or script), user, service, cron

4. Saltstack data system

Grains (static data)

Pillar (dynamic data)

Saltstack three major functions, remote execution, configuration management, cloud management SaltStack is a server infrastructure centralized management platform, with configuration management, remote execution, monitoring and other functions, based on Python language, combined with lightweight message queuing (ZeroMQ) and Python third-party modules (Pyzmq, PyCrypto, Pyjinjia2, python-msgpack and PyYAML, etc.). Through the deployment of SaltStack, we can execute commands in batches on tens of millions of servers, configure centralized management, distribute files, collect server data, operating system foundation and software package management according to different businesses. SaltStack is a sharp weapon for operators to improve work efficiency and standardize business configuration and operation. The basic principle of saltstack is SaltStack S mode, the server side is the master of salt, and the client side is the communication between minion,minion and master through ZeroMQ message queue. After minion is online, the client first contacts the master side and sends its own pub key. At this time, the master side will see the key of minion through the salt-key-L command. After accepting the minion-key, that is, master and minion have mutual trust that master can send any instructions for minion to execute. Salt has many executable modules. Cmd modules, for example, are included when you install minion. They are usually located in your python library. Locate salt | grep / usr/ can see everything that comes with salt. These modules are files written by python, and there will be many functions, such as cmd.run. When we execute salt'* 'cmd.run' uptime', master sends the matching task to the minion, and minion executes the module function and returns the result. Master listens on ports 4505 and 4506, 4505 corresponds to the PUB system of ZMQ to send messages, and 4506 corresponds to REP system to receive messages. The specific steps are as follows: message transmission is carried out between Master of Salt stack and Minion through ZeroMq, using the publish-subscribe mode of ZeroMq. The connection mode includes tcp,ipcsalt command. The cmd.run ls command is published from salt.client.LocalClient.cmd_cli to master, and a Jodid is obtained. The execution result of the command is obtained according to jobid. After master receives the command, the command to be executed is sent to the client minion. Minion receives the command to be processed from the message bus and gives it to minion._handle_aes processing minion._handle_aes to initiate a local thread to call cmdmod to execute the ls command. After executing the ls, the thread calls the minion._return_pub method, returns the execution result to the mastermaster through the message bus to receive the result returned by the client, calls the master._handle_aes method, and obtains the Job execution result in the file written by the result through polling, and outputs the result to the terminal.

Advantages:

First of all, it is fast, based on message queue + thread, running multiple devices, all millisecond level

Secondly, it is very flexible, the source code is python, and it is easy to understand and customize the module (python language is easy to understand compared to other perl, ruby, etc.)

The command is simple and powerful.

Disadvantages: it is inconvenient to deploy the minion side

Several important components of saltstack

Grainsgrains is the static information collected when minion (client) starts, such as operating system type, network card ip and so on.

The information of grains is not dynamic and does not change from time to time. It is only collected when minion is started.

Unlike grains, pillarpillar is defined on master and is for some information defined by minion. For example, some important data (passwords) can be stored in pillar, and variables can be defined.

State

It is the core function of saltstack, which manages the controlled host through pre-specified sls files: package / file / network configuration / system service / system user, etc.

Saltstack batch deployment of apache

Experimental environment:

Master:192.168.136.167

Web01:192.168.136.168

Web02:192.168.136.185

# add hostname, add all three machines And if the host is to be changed to the corresponding name [root@master ~] # vim / etc/hosts192.168.136.167 master.saltstack.com192.168.136.168 web01.saltstack.com192.168.136.185 web02.saltstack.com#, each needs to turn off the firewall [root@master ~] # vim / etc/hostname master.saltstack.com [root@web01 ~] # vim / etc/hostname web01.saltstack.com [root@web02 ~] # vim / etc/hostname web02.saltstack.com# Install epel source (all three should be installed) [root@master ~] # yum install-y epel-release [root@master ~] # yum-y install salt-master [root@master ~] # vim / etc/salt/master 15 lines interface: 192.168.175.132 / / listening address 215line auto_accept: True / / avoid running salt-key to confirm the root location of file_roots:base:- / srv/salt / / saltstack files on line 416 of certificate authentication The directory needs to create a 710 line group category: nodegroups:group1: 'web01.saltstack.com'group2:' web02.saltstack.com'552 line pillar_opts: True / / enable the pillar function, and synchronize the file function 529th line pillar_roots:base:- / srv/pillar / / pillar home directory Need to create salt and pillar file root directories: mkdir / srv/saltmkdir / srv/pillar start server: systemctl start salt-mastersystemctl enable salt-masternetstat-anpt | egrep '4505 | 4506' create salt and pillar file root directories: mkdir / srv/saltmkdir / srv/pillar- operate on the controlled side-on the two machines, respectively Configuration: yum-y install salt-minionvi / etc/salt/minion modify the configuration as follows: 16 lines master: 192.168.175.132 / / specify the IP78 line id: web01.saltstack.com / / specify the hostname of the controlled side to start the service systemctl start salt-minion of the controlled side to test the communication status between the host side and the controlled side! Salt'* 'test.pingweb01.saltstack.com:Trueweb02.saltstack.com:Truesalt' * 'cmd.run' df-h' / / remote execution command salt-key / / View the clients that have been accepted on master to view all the values of grains on the controlled host: (every time minion gets client information when starting) salt 'web01.saltstack.com' grains.items (static data) salt' web01.saltstack.com' pillar.items (dynamic data) configuration Management installation Apache the demonstration below is to install Apache remotely through yum. The steps are as follows: modify the configuration file vi / etc/salt/master / / Open the comments file_roots:base:- / srv/salt/ of the following: environment: base, dev (development environment), test (test environment), prod (production environment). Mkdir / srv/saltvi / srv/salt/top.slsbase:'*':- apache Note:'* 'means that the apache module is executed on all clients. Vi / srv/salt/apache.slsapache-service:pkg.installed:- names: / / if there is only one service, it can be written as-name: httpd without a new line-httpd- httpd-develservice.running:- name: httpd- enable: True Note: apache-service is a custom id name. Pkg.installed is the package installation function. Here is the name of the package to be installed. Service.running is also a function to ensure that the specified service is started, and enable means boot. Restart service # systemctl restart salt-master execute command # salt'* 'state.highstate

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.