Shulou(Shulou.com)06/02 Report--

Brief introduction

Salt is a basic platform management tool developed based on the python language. The SaltStack adopts the SaltStack S mode, the server side is the master of salt, and the client side is the communication between minion,minion and master through ZeroMQ message queue. Master listens on ports 4505 and 4506, 4505 is the master and minion authentication communication port, and 4506 is the command execution return information that master uses to send commands or receive minion.

Saltstack introduction:

1. Lightweight management tools for batch execution of commands

2. Commonly used templates:

Pkg: package with additions, deletions and updates

File: used to manage files, including synchronizing files, setting file permissions and user groups, deleting files, etc.

Cmd: execute commands or scripts on minion

User: manage system account operations

Service: manage system service operations

Cron: managing crontab tasks

3. Saltstack data system:

Grains (static data)

Pillar (dynamic data)

4. Three major functions:

(1) remote execution

(2) configuration management

(3) Cloud Management

Important components:

(1) grains:

Grains is the static information collected when minion (client) starts, such as operating system type, network card ip and so on.

The information about grains is not dynamic and does not change from time to time, it is only collected when minion starts.

(2) pillar:

Unlike grains, pillar is defined on master and is for some information defined by minion. For example, some important data (passwords) can be stored in pillar, and variables can be defined.

(3) state:

Is the core function of saltstack, through the pre-specified sls files to manage the controlled host (including: packets, network configuration, system services, system users, etc.)

How it works:

When the SaltStack client (Minion) starts, it automatically generates a set of keys, including private and public keys. Then the public key is sent to the server, which verifies and accepts the public key to establish a reliable and encrypted communication connection. At the same time, a message publishing connection is established between the client and the server through the message queue ZeroMQ.

1. Minion is a client installation component that needs to be managed by SaltStack. It will actively connect to the Master side, get resource status information from the Master side, and synchronize resource management information.

2. Master, as a control center, runs on the host server and is responsible for the operation of Salt commands and the management of resource status. The execution of an instruction on Master is sent to each Minions through the queue, and the result is returned.

3. ZeroMQ is an open source message queuing software, which is used to build a system communication bridge between Minion and Master.

Different from ansible:

1. The management configuration is faster and more stable.

Ansible transmits data based on the SSH protocol; Saltstack transmits data using message queuing zeroMQ, which is 40 times faster than ssh.

2. The process of ansible installation and deployment is very simple, and it is inconvenient for saltstack to deploy minion.

Practice-- batch installation of Apache services

1. Modify the host name

Modify the hostname: [root@localhost ~] # hostnamectl set-hostname master.saltstack.com [root@localhost ~] # hostnamectl set-hostname web01.saltstack.com [root@localhost ~] # hostnamectl set-hostname web02.saltstack.com modify / etc/hosts file (copy remotely with scp All three hosts are the same): vim / etc/hosts192.168.220.131 master.saltstack.com192.168.220.140 web01.saltstack.com192.168.220.136 web02.saltstack.com turn off firewall: systemctl stop firewalld.servicesetenforce 0 add Epel source for three hosts: yum install-y epel-release

2. Install saltstack:

1. Install: yum install-y salt-master2 on master and yum install-y salt-minion on the managed side (minion)

3. Configure the master host:

Vim / etc/salt/master interface: 192.168.220.131 / / modify the listening address (address of master) auto_accept: True / / change it to true to avoid running salt-key to determine the root location of the certificate authentication file_roots: / / open saltstack file This directory needs to be created by base:-/ srv/saltnodegroups: / / open, set group category group1: 'web01.saltstack.com' group2:' web02.saltstack.com'pillar_opts: True / / enable pillar function, synchronize file function pillar_roots: / / open pillar home directory, and create base:-/ srv/pillar by yourself

4. Enable the service:

[root@master ~] # systemctl start salt-master.service [root@master ~] # netstat-napt | egrep '4506 | 4505'tcp 0 0 192.168.220.131 root@master 0192.168.220.131 root@master * LISTEN 68112/python tcp 0 192.168.220.131 Vera 4506 0.0.0.0 * LISTEN 68136/python

(5) configure minino:

Vim / etc/salt/minino first: master: 192.168.220.131 / / Line 16, specify the IP address of the main control terminal id: web01.saltstack.com / / Line 78, specify the hostname of the controlled side second: master: 192.168.220.131 id: web02.saltstack.com systemctl start salt-minion.service / / enable the service

(6) Test the communication status between the main control terminal and the controlled terminal.

[root@master ~] # salt'* 'test.ping / / View communication status web01.saltstack.com: True [root@master ~] # salt' * 'test.pingweb01.saltstack.com: Trueweb02.saltstack.com: Truesalt' * 'cmd.run' df-h' / / View the mount status of all managed segments [root@master ~] # salt-key / / View customers that have been accepted on master Side Accepted Keys:web01.saltstack.comweb02.saltstack.comDenied Keys:Unaccepted Keys:Rejected Keys: view all the values of grains on the monitored host (each time minino gets client information when it starts): salt 'web01.saltstack.com' grains.items (static data) salt' web01.saltstack.com' pillar.items (dynamic data)

(7) start bulk installation of Apache service:

The following is a demonstration of remote installation of Apache via yum:

Mkdir / srv/saltvim / srv/salt/top.slsbase:'*':-apache// Note:'* 'means that the apache module is executed on all clients. Vim / srv/salt/apache.slsapache-service: pkg.installed:-names: / / if there is only one service, you can write-name: httpd without changing the line-httpd- httpd-devel service.running:-name: httpd- enable: True// Note: apache-service is a custom id name. Pkg.installed is the package installation function. Here is the name of the package to be installed. Service.running is also a function to ensure that the specified service is started, and enable means boot.

Systemctl restart salt-master / / restart service salt'* 'state.highstate / / execute refresh state configuration command

Next, go to the two minino to verify that httpd is installed successfully:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.