saltstack 从入门到使用实战
作者:互联网
1.saltstack安装配置及测试
一.安装部署
1.Master端:
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm
yum clean expire-cache && yum update -y
yum -y install salt-master && yum -y install salt-minion
systemctl start salt-master #启动salt-master
systemctl enable salt-master
2.Minion端:
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm
yum clean expire-cache && yum update -y && yum -y install salt-minion
systemctl start salt-minion
systemctl enable salt-minion
二.初步配置
1.Master端配置:
[root@linux-master1 ~]# vim /etc/salt/master //修改下面几行 (由于这个文件内容默认全部注释的,所以可以直接情清空该文件,然后复制下面内容。但是记住配置的格式不能错!!)
interface: 192.168.1.181 //绑定主控端master的ip,冒号后必须空一格
auto_accept: True //当该项配置成True时表示自动认证,就不需要手动运行salt-key命令进行证书信任
file_roots: //指定saltstack文件根目录位置
base: //前面必须留两个空格
- /srv/salt //前面必须留四个空格
[root@linux-master1 ~]# systemctl restart salt-master
Starting salt-master daemon: [ OK ]
(如果master端也想管控自己,可以配置自己的monion)
2.Minion端配置:
[root@linux-node1 ~]# vim /etc/salt/minion //修改下面几行
master: 192.168.1.181 //指定主控端master的ip地址,冒号后必须空一格(可以是主机名)
id: minion-192-168-1-173 //唯一标识符,可以不配,不配默认就是主机名,修改被控端monion主机识别id,建议使用主机名或ip来设置,冒号后必须空一格
[root@linux-node2 ~]# systemctl start salt-minion
Starting salt-minion daemon: [ OK ]
三.测试初步配置通畅性
1.查看当前的salt key信息
[root@zabbix ~]# salt-key -L
Accepted Keys:
minion-dev12-192.168.1.173
minion-test-xktest001-192.168.1.114
minion-testcat001-192.168.1.48
Denied Keys:
Unaccepted Keys:
Rejected Keys:
2.测试被控主机的连通性
[root@zabbix ~]# salt '*' test.ping
minion-dev12-192.168.1.173:
True
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
c)远程命令执行(cmd模块),格式:salt 'client配置的id' 模块.方法 '命令参数' (其中'*'表示所有的client)
[root@linux-master1 ~]# salt '*' cmd.run 'uptime'
[root@zabbix ~]# salt '*' cmd.run 'uptime'
minion-dev12-192.168.1.173:
16:58:52 up 701 days, 2:47, 1 user, load average: 0.27, 0.25, 0.28
minion-testcat001-192.168.1.48:
16:58:52 up 189 days, 1:11, 1 user, load average: 1.58, 1.62, 1.46
minion-test-xktest001-192.168.1.114:
16:58:52 up 159 days, 43 min, 1 user, load average: 0.02, 0.16, 0.29
####.关于修改minion的id后,无法连通问题:
minion配置中有一个id配置,默认是hostname,如果id配置和hostname不一致会导致无法进行通信,那么当hostname做了修改,或者错误的时候该怎么配置呢?
①关闭salt-minion
②salt-key -d id 在master上删除minion的id
③minion上删除pki目录 rm -f /etc/salt/pki/minion/*
④minion上删除minion_id文件 [id: minion-dev12-192.168.1.173]
⑤修改完成,启动minion
#此处必须先停掉minion修改,并删除相应的文件,否则会默认地去查找原先的配置,已踩坑
#以下是刚装完查看minion_id变成了www.test123.com。进行修改成linux-node2.example.com
[root@linux-node2 salt]# cat minion_id
www.test123.com
[root@linux-node2 salt]# systemctl stop salt-minion
[root@linux-node2 salt]# rm -rf pki
[root@linux-node2 salt]# rm -rf minion_id
[root@linux-node2 salt]# systemctl start salt-minion
[root@linux-node2 salt]# cat minion_id
linux-node2.example.com
2.saltstack常见使用模块介绍
四.saltstack 常见使用方式
1.利用Saltstack远程执行命令
saltstack的一个比较突出优势就是具备执行远程命令的功能。操作方法与func相似,可以帮助运维人员完成集中化的操作平台。
命令格式: slat '<操作目标>' <方法> [参数]
salt '*' cmd.run 'df -h'
salt '*' cmd.run 'uptime'
salt '*' cmd.run 'free -m'
salt-cp命令 远程批量传输文件
1): -E
通过正则表达式进行匹配。
示例:查看被控制端minion-test*字符开头的主机id名是否连通。
[root@zabbix ~]# salt -E '^minion-test*' test.ping
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
2):-L:--list
以主机id名列表的形式进行过滤,格式与Python的列表相似,即不同主机id名称使用逗号分隔。
示例:获取主机id名为minion-testcat001-192.168.1.48,minion-test-xktest001-192.168.1.114 获取完整操作系统发行版名称。
[root@zabbix ~]# salt -L 'minion-testcat001-192.168.1.48,minion-test-xktest001-192.168.1.114' grains.item osfullname
minion-testcat001-192.168.1.48:
----------
osfullname:
CentOS Linux
minion-test-xktest001-192.168.1.114:
----------
osfullname:
CentOS Linux
3):-G:--grain 【常见重要使用模块】
根据被控主机的grains信息(grains是saltstack重要组件之一,重要作用是收集被控主机的基本系统信息)进行匹配过滤,格式为'<grain value>:<glob expression>'。
3.1):grains常见查询:
[root@zabbix ~]# salt 'minion-test*' grains.ls
minion-testcat001-192.168.1.48:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- cwd
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- fqdns
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
[root@zabbix ~]# salt 'minion-test*' grains.items
minion-testcat001-192.168.1.48:
----------
SSDs:
biosreleasedate:
04/01/2014
biosversion:
rel-1.10.2-0-g5f4c7b1-20181220_000000-szxrtosci10000
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- rep_good
- nopl
- xtopology
- nonstop_tsc
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- invpcid_single
- ssbd
- ibrs
- ibpb
- stibp
- fsgsbase
- tsc_adjust
- bmi1
- hle
- avx2
- smep
- bmi2
- erms
- invpcid
- rtm
- mpx
- avx512f
- avx512dq
- rdseed
- adx
- smap
- clflushopt
- clwb
- avx512cd
- avx512bw
- avx512vl
- xsaveopt
- xsavec
- xgetbv1
- arat
- md_clear
- spec_ctrl
- intel_stibp
- flush_l1d
cpu_model:
Intel(R) Xeon(R) Gold 6161 CPU @ 2.20GHz
cpuarch:
x86_64
cwd:
/
disks:
- vda
dns:
----------
domain:
ip4_nameservers:
- 100.125.17.29
- 100.125.135.29
ip6_nameservers:
nameservers:
- 100.125.17.29
- 100.125.135.29
options:
- single-request-reopen
search:
- openstacklocal
sortlist:
domain:
localdomain
fqdn:
localhost.localdomain
fqdn_ip4:
- 127.0.0.1
fqdn_ip6:
- ::1
fqdns:
gid:
0
gpus:
|_
----------
model:
GD 5446
vendor:
unknown
groupname:
root
host:
localhost
hwaddr_interfaces:
----------
eth0:
fa:16:3e:61:e9:24
lo:
00:00:00:00:00:00
id:
minion-testcat001-192.168.1.48
init:
systemd
ip4_gw:
192.168.1.1
ip4_interfaces:
----------
eth0:
- 192.168.1.48
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
eth0:
- fe80::f816:3eff:fe61:e924
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
eth0:
- 192.168.1.48
- fe80::f816:3eff:fe61:e924
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.1.48
ipv6:
- ::1
- fe80::f816:3eff:fe61:e924
kernel:
Linux
kernelrelease:
3.10.0-1062.12.1.el7.x86_64
kernelversion:
#1 SMP Tue Feb 4 23:02:59 UTC 2020
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
timezone:
unknown
localhost:
cat-test
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
ef219b153e8049718c374985be33c24e
manufacturer:
OpenStack Foundation
master:
192.168.1.181
mdadm:
mem_total:
7820
nodename:
cat-test
num_cpus:
4
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.8.2003
osrelease_info:
- 7
- 8
- 2003
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
13036
productname:
OpenStack Nova
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib/python2.7/site-packages/setuptools-19.6.2-py2.7.egg
- /usr/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg
- /usr/lib/python2.7/site-packages/cloud_init-0.7.9-py2.7.egg
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
3000.5
saltversioninfo:
- 3000
- 5
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
acc3aa91-3bdb-4900-90a8-4d49b7e7c136
server_id:
1515288221
shell:
/bin/sh
swap_total:
7999
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
bf942ead-97b5-439a-b625-93ffb3cf3bce
virtual:
kvm
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
[root@zabbix ~]# salt 'minion-test*' grains.item os
minion-test-xktest001-192.168.1.114:
----------
os:
CentOS
minion-testcat001-192.168.1.48:
----------
os:
CentOS
3.2):grains 正则匹配
示例:获取主机发行版本为7.2的Python版本号
[root@zabbix ~]# salt -G 'osrelease:7.2.*' cmd.run 'python -V'
minion-dev12-192.168.1.173:
Python 2.7.5
[root@zabbix ~]# salt --grain-pcre 'osrelease:7.*' cmd.run 'python -V'
minion-dev12-192.168.1.173:
Python 2.7.5
minion-testcat001-192.168.1.48:
Python 2.7.5
minion-test-xktest001-192.168.1.114:
Python 2.7.5
3.3):自定义grain
*在minion上进行配置grains ,重启systemctl restart salt-minion
grains:
roles:
- webserver
- memcache
deployment: datacenter4
cabinet: 13
cab_u: 14-15
* 在master上查询是否添加上了自定义的grains
salt 'minion-test-xktest001-192.168.1.114' grains.items
cab_u:
14-15
cabinet:
13
deployment:
datacenter4
roles:
- webserver
- memcache
4):-I:--pillar 【常见重要使用模块】
#使用场景:
a.敏感数据
b.定时执行任务
#根据被控主机的pillar(作用是定义与被控主机相关的任何数据,定义好的数据可以被其他组件使用)信息进行过滤匹配.
格式为'对象名称:对象值',比如过滤所有具备'apache:httpd' pillar值的主机。
示例:探测具有"nginx:root:/data"信息的主机连通性【我测试不通】
[root@linux-master1 ~]# salt -I 'nginx:root:/data' test.ping
minion-dev12-192.168.1.173:
True
minion-test-xktest001-192.168.1.114:
True
其中pillar属性配置文件如下(后面会讲到)
nginx:
root:/data
5):-N:--nodegroup
根据主控端master配置文件中的分组名称进行过滤。
如下配置的组信息(主机信息支持正则表达式、grain、条件运算符等),通常根据业务类型划分,不同业务具备相同的特点,包括部署环境、应用平台、配置文件等。
nodegroups:
dev: 'minion-dev12-192.168.1.173'
test: 'minion-testcat001-192.168.1.48,minion-test-xktest001-192.168.1.114'
#xk-test: ''
#uat: ''
其中:
L@ 表示后面的主机id格式为列表,即主机id以逗号隔开;
G@ 表示以grain格式描述;
S@ 表示以ip子网或地址格式描述
示例:探测web1group(或web2group)被控主机的连通性
[root@zabbix ~]# salt -N dev test.ping
minion-dev12-192.168.1.173:
True
[root@zabbix ~]# salt -N test test.ping
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
6):-C:--compound
根据条件运算符not、and、or去匹配不同规则的主机信息。
示例:探测minion-192开头并且操作系统为Centos的主机连通性。
[root@zabbix ~]# salt -C 'E@^minion-dev* and G@os:Centos' test.ping
minion-dev12-192.168.1.173:
True
[root@zabbix ~]# salt -C 'E@^minion-test* and G@os:Centos' test.ping
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
其中:
not语句不能作为第一个条件执行,不过可以通过以下方法来规避:
示例:探测非minion-prod开头的主机连通性。
[root@zabbix ~]# salt -C '* and not E@^minion-prod*' test.ping
minion-dev12-192.168.1.173:
True
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
7):-S:--ipcidr
根据被控主机的ip地址或ip子网进行匹配。
[root@zabbix ~]# salt -S 192.168.0.0/16 test.ping
minion-dev12-192.168.1.173:
True
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
[root@zabbix ~]# salt -S 192.168.1.173 test.ping
minion-dev12-192.168.1.173:
True
[root@zabbix ~]# salt -S 192.168.1.114 test.ping
minion-test-xktest001-192.168.1.114:
True
[root@zabbix ~]# salt -S 192.168.1.48 test.ping
minion-testcat001-192.168.1.48:
True
2.Saltstack常用模块及API
saltstack提供了非常丰富的功能模块,涉及操作系统的基础功能、常用工具支持等,更多模块信息请见:https://docs.saltstack.com/en/latest/ref/modules/all/index.html
当然,也可以通过sys模块列出当前版本支持的所有模块:
[root@zabbix ~]# salt '*' sys.list_modules
minion-dev12-192.168.1.173:
- acl
- aliases
- alternatives
- ansible
- apache
- archive #压缩解压
- artifactory
- beacons
- bigip
- boto_cfn
- boto_cloudwatch
- boto_dynamodb
- boto_ec2
- boto_elasticache
- boto_iam
- boto_secgroup
- boto_sns
- bridge
- btrfs
- buildout
- chroot
- cloud
- cmd
- composer
- config
- consul
- container_resource
- cp
- cron
- cryptdev
- data
- defaults
- devmap
- disk
- django
- dnsmasq
- dnsutil
- drbd
- environ
- etcd
- ethtool
- event
- extfs
- file
- firewalld
- freezer
- gem
- genesis
- git
- glassfish
- gnome
- google_chat
- grafana4
- grains
- group
- hashutil
- highstate_doc
- hosts
- http
- incron
- ini
- inspector
- introspect
- iosconfig
- ip
- ipset
- iptables
- jboss7
- jboss7_cli
- jinja
- k8s
- kernelpkg
- key
- keyboard
- kmod
- locale
- locate
- log
- logrotate
- lowpkg
- mandrill
- match
- mattermost
- mine
- minion
- modjk
- mount
- msteams
- nagios_rpc
- namecheap_domains
- namecheap_domains_dns
- namecheap_domains_ns
- namecheap_ssl
- namecheap_users
- network
- nexus
- nginx
- nova
- npm
- nspawn
- nxos_api
- openscap
- openstack_config
- opsgenie
- out
- pagerduty
- pagerduty_util
- pam
- parallels
- partition
- peeringdb
- pillar
- pip
- pkg
- pkg_resource
- postfix
- ps
- publish
- pushover
- pyenv
- qemu_img
- qemu_nbd
- rabbitmq
- random
- random_org
- rbenv
- redis
- rest_sample_utils
- restartcheck
- ret
- rsync
- rvm
- s3
- s6
- salt_proxy
- salt_version
- saltcheck
- saltutil
- schedule
- scsi
- sdb
- seed
- selinux
- serverdensity_device
- service
- shadow
- slack
- slsutil
- smbios
- smtp
- solrcloud
- sqlite3
- ssh
- state
- status
- statuspage
- supervisord
- svn
- sys
- sysctl
- sysfs
- syslog_ng
- system
- telegram
- telemetry
- temp
- test
- timezone
- tuned
- udev
- uptime
- user
- vault
- vbox_guest
- virtualenv
- vsphere
- webutil
- x509
- xfs
- xml
- zabbix
- zenoss
接下来抽取出常见的模块进行介绍,并列举模块API的用法。
API原理:通过调用master client模块,实例化一个LocalClient对象,再调用cmd()方法来实现的。
如下是API实现test.ping的示例:
import salt.client
client = salt.client.LocalClient()
ret = client.cmd('*','test.ping')
print ret
结果以一个标准的python字典形式的字符串返回码,可以通过eval()函数转换成python的字典类型,方便后续的业务逻辑处理,程序运行结果如下:
{'minion-192-168-1-102': True, 'minion-192-168-1-118': True}
截图如下:
[root@zabbix tmp]# python test002.py
{u'minion-test-xktest001-192.168.1.114': True, u'minion-testcat001-192.168.1.48': True, u'minion-dev12-192.168.1.173': True}
###注意:将字符字典转换成python的字典类型,推荐使用ast模块的literal_eval()方法,可以过滤表达式中的恶意函数。
1).Archive模块
功能:实现系统层面的压缩包调用,支持gunzip、gzip、rar、tar、unrar、unzip等。
示例1:采用tar解压被控制机的/tmp/eureka.tar.gz 包
[root@zabbix ~]# salt 'minion-dev12-192.168.1.173' archive.tar xf /tmp/eureka.tar.gz dest=/tmp
minion-dev12-192.168.1.173:
示例2:采用gzip压缩被控制机的/tmp/test.txt文件
[root@zabbix ~]# salt 'minion-dev*' archive.gzip /tmp/eureka.txt
minion-dev12-192.168.1.173:
实例3:将被控制机的/mnt/test打包到/mnt下的test.tar.gz
[root@linux-node1 ~]# salt '*' archive.tar zcf /mnt/test.tar.gz /mnt/test
##将被控制机的/mnt/nginx-1.9.7.tar.gz包解压,解压默认放到被控制机的当前用户家目录(即/root)路径下(注意:archive.tar后面的参数前不能加-)
##将被控制机的/mnt/heihei.tar.bz2包解压,解压默认放到被控制机的当前用户家目录(即/root)路径下
2)......其他的根据常用模块通过查看帮助文档
有非常详细的使用方法
salt 'minion-testcat001-192.168.1.48' sys.doc
常用的模块:
1.sys.doc
2.test [test.ping]
3.system [system.reboot/system.shutdown/system.poweroff]
4.status [cpuinfo/loadavg/meminfo/netstats/uptime/diskusage/procs]
5.service [status/available/restart/stop/status/disabled/get_all]
6.saltutl [is_running/running/kill_job/]
7.pip [install/uninstall/list/freeze/version]
8.pillar [data,ext,get,item,items,raw]
9.cmd [run/script]
10.file [修改文件的一些权限等]
3.saltstack日志转存储
五.配置通过数据库接收saltstack 回显
1.rsyslog接收salt日志
[root@zabbix ~]# salt '*' test.ping --return syslog 【master执行】
minion-dev12-192.168.1.173:
True
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
[root@design-0012 ~]# tail -10000 /var/log/messages|grep "minion" 【minon查看】
Dec 1 14:47:33 localhost salt-minion: {"fun_args": [], "jid": "20201201064732908317", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "minion-dev12-192.168.1.173"}
2.mysql接收salt日志
1):准备mysql,新建salt库,并创建表:
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
2):salt-minion端安装yum -y install MySQL-python,并配置/etc/salt/minion ,重启salt-minion
[root@cat-test ~]# cat /etc/salt/minion|grep "mysql"
#return: mysql
mysql.host: '192.168.1.100'
mysql.user: 'salt'
mysql.pass: 'Salt@123456'
mysql.db: 'salt'
mysql.port: 3306
3):测试使用
[root@Master ~]# salt '*' cmd.run 'hostname' --return mysql
minion-dev12-192.168.1.173:
design-0012
minion-testcat001-192.168.1.48:
cat-test
minion-test-xktest001-192.168.1.114:
test-xkcat001
##如果有上千上万台,对mysql的压力是非常大的,生产中我们不建议采用。
3.通过配置master来转存储
1):创建sql:https://www.unixhot.com/docs/saltstack/ref/returners/all/salt.returners.mysql.html
2):配置master节点/etc/salt/master
#return: mysql
master_job_cache: mysql
mysql.host: '119.3.56.222'
mysql.user: 'salt'
mysql.pass: 'Salt@123456'
mysql.db: 'salt'
mysql.port: 13067
3):重启
systemctl restart salt-master
4):验证
salt '*' test.ping
查看数据库
4.通过event编写python脚本来转存储
0):安装mysql,创建数据库及账号并授权,安装python的mysql模块
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
###########为了方便看数量,新增自增nid:
CREATE TABLE `salt_returns` (
`nid` int auto_increment primary key not null,
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
yum -y install MySQL-python #执行脚本的时候遇的问题,发现安装的是1.2.5的版本导致不兼容,
# ImportError: this is MySQLdb version (1, 2, 5, 'final', 1), but _mysql is version (1, 4, 6, 'final', 0)n
pip uninstall mysqlclient
pip install mysqlclient==1.4.6
1):监听脚本,master端执行salt '*' cmd.run 'hostname',会打印出一个字典。
import salt.utils.event
event=salt.utils.event.MasterEvent('/var/run/salt/master')
for eachevent in event.iter_events(full=True):
print eachevent
print "------"
2):自定义return
a.master节点安装yum -y install MySQL-python
b.编写returnner
vi salt_event_to_mysql.py
#!/bin/env python
#coding=utf8
import json
import salt.config
import salt.utils.event
import MySQLdb
_opts_=salt.config.client_config('/etc/salt/master')
conn=MySQLdb.connect(host=_opts__['mysql.host'],user=_opts_['mysql.user'],passwd=_opts_['mysql.pass'],db=_opts_[''mysql.db',port=_opts_['mysql.port'])
cursor=conn.cursor()
event=salt.utils.event.MasterEvent(_opts_['sock_dir'])
for eachevent in event.iter_events(full=True):
ret=eachevent['data']
if "salt/job/" in eachevent['tag']:
if ret.has_key('id') and ret.has_key('return'):
if ret['fun'] == "saltutil.find_job":
continue
sql='''inster into `salt_returns`(`fun`,`jid`,`return`,`id`,`success`,`full_ret`) values(%s,%s,%s,%s,%s,%s)'''
cursor.execute(sql,(ret['fun'],ret['jid'],json.dumps(ret['return']),ret['id'],ret['success'],json.dumps[ret]))
cursor.execute("COMMIT")
else:
pass
fi
c.增加master节点配置mysql /etc/salt/master
#event_return: mysql
mysql.host: '119.3.56.222'
mysql.user: 'salt'
mysql.pass: 'Salt@123456'
mysql.db: 'salt'
mysql.port: 13067
d.验证是否写入数据库
[root@zabbix tmp]# python salt_event_to_mysql.py
[root@zabbix ~]# salt '*' cmd.run 'free -m' #不用加--return ,查看mysql数据库发现已经写入!
minion-dev12-192.168.1.173:
total used free shared buff/cache available
Mem: 15886 4043 5330 533 6511 10917
Swap: 8191 4874 3317
minion-test-xktest001-192.168.1.114:
total used free shared buff/cache available
Mem: 7820 553 761 8 6505 7018
Swap: 7999 0 7999
minion-testcat001-192.168.1.48:
total used free shared buff/cache available
Mem: 7820 5538 210 87 2071 1894
Swap: 7999 194 7805
4.saltstack核心sls语法简述
1.Salt 的核心是state
state 状态系统的核心是sls,或者叫做 **S**aLt State 文件。
SLS表示系统将会是什么样的一种状态,而且是以一种很简单的格式来包含这些数据----经常也叫做配置管理。
2.sls是什么,用什么语法编写
SLS文件实际上只是一些:字典 dictionaries 列表 list 字符串 数字
sls文件主要使用的YAML语法来进行编写。
3.sls 编写 yaml 注意事项
salt缩进有2个空格组成,不要使用tabs
字典格式的,键值对以1个空格隔开。
例如 cabinet: 13
列表项,使用一个短横杠+一个空格;多个项使用同样的缩进级别作为同一列表的一部分。
例如:roles:
- webserver
- memcache
参考:
YAML 编写规则:
http://docs.saltstack.cn/topics/yaml/index.html
State 模块列表:
https://docs.saltstack.com/en/latest/ref/states/all/index.html
5.saltstack文件系统及sls模版使用
六.文件系统Demo
1.修改配置文件
vi /etc/salt/master #file_roots
file_roots:
base:
- /srv/salt
dev:
- /srv/salt/dev
systemctl restart salt-master
2.创建目录
mkdir /srv/salt -p
mkdir /srv/salt/dev -p
3.写sls文件
[root@zabbix salt]# cat top.sls
base: #哪个环境
'*': #哪些机器
- hosts #使用哪个sls文件
[root@zabbix salt]# cat hosts.sls
/tmp/hosts: #同步到远程机器的的地址
file.managed:
- source: salt://tmp/hosts #同步源
- user: root
- group: root
- mode: 600
/srv/salt/etc/hosts文件要准备好。
###目录结构如下:
../salt/
├── top.sls
│
├── etc
│ ├── hosts
│ └── script
│ └── test.sh
├── hosts
│ ├── a.sls
│ ├── h.sls
│ └── init.sls
4.如何运行
1): salt '*' state.sls hosts 或者 salt '*' state.highstate
[root@zabbix salt]# salt '*' state.sls hosts #state.sls模块,hosts.sls要在/srv/salt根目录下查找该文件
minion-dev12-192.168.1.173:
----------
ID: /tmp/hosts
Function: file.managed
Result: True
Comment: File /tmp/hosts updated
Started: 18:42:34.344385
Duration: 64.319 ms
Changes:
----------
diff:
---
+++
@@ -1,4 +1,3 @@
salt-master 192.168.1.1
salt-minion01 192.168.1.2
salt-minion02 192.168.1.3
-salt-minion03 192.168.1.4
Summary for minion-dev12-192.168.1.173
------------
Succeeded: 1 (changed=1)
Failed: 0
[root@zabbix salt]# salt '*' state.highstate
minion-dev12-192.168.1.173:
----------
ID: /tmp/hosts
Function: file.managed
Result: True
Comment: File /tmp/hosts is in the correct state
Started: 18:34:54.551044
Duration: 21.687 ms
Changes:
Summary for minion-dev12-192.168.1.173
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 21.687 ms
2):规范化的管理
mkdir /srv/salt/hosts && mv hosts.sls /srv/salt/hosts
salt '*' state.sls hosts.hosts
#hosts.hosts 表示hosts目录下的hosts.sls文件
[root@zabbix salt]# salt '*' state.sls hosts.hosts
minion-dev12-192.168.1.173:
----------
ID: /tmp/hosts
Function: file.managed
Result: True
Comment: File /tmp/hosts updated
Started: 18:47:11.725849
Duration: 64.385 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,4 @@
salt-master 192.168.1.1
salt-minion01 192.168.1.2
salt-minion02 192.168.1.3
+aaaaa
Summary for minion-dev12-192.168.1.173
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 64.385 ms
#如果需要安装软件,则改为mv hosts.sls init.sls ,给一个默认的init文件。
salt '*' state.sls hosts
#如果能找到hosts.hosts.sls就执行,如果没有则找init.sls !!!
[root@zabbix salt]# salt '*' state.sls hosts
minion-dev12-192.168.1.173:
----------
ID: /tmp/hosts
Function: file.managed
Result: True
Comment: File /tmp/hosts updated
Started: 18:51:05.357742
Duration: 39.004 ms
Changes:
----------
diff:
---
+++
@@ -2,3 +2,4 @@
salt-minion01 192.168.1.2
salt-minion02 192.168.1.3
aaaaa
+bbbbb
Summary for minion-dev12-192.168.1.173
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 39.004 ms
#vi /srv/salt/h.sls
hostname:
cmd.run
[root@zabbix hosts]# salt '*' state.sls hosts.h
minion-dev12-192.168.1.173:
----------
ID: hostname
Function: cmd.run
Result: True
Comment: Command "hostname" run
Started: 18:54:33.566382
Duration: 8.697 ms
Changes:
----------
pid:
24842
retcode:
0
stderr:
stdout:
design-0012
Summary for minion-dev12-192.168.1.173
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 8.697 ms
6.saltstack proxy代理架构
1.saltstack proxy 架构
Master
| |
proxy proxy ------------------>>>>>>也需要安装salt-master
| | | | | |
m1 m2 m2 m4 m5 m6
proxy上需要安装sync来进行同步master上的目录,一个master则不存在文件同步的问题。
Master的执行日志可以存储到Mysql上。
使用的核心组件为:salt syndic
3个重要参数:
syndic_master: 更高级别master的ip地址
syndic_log_file: syndic日志文件的路径(绝对路径或相对路径均可)
order_masters: True 【官方文档没有介绍,如果不加该参数则不进行转发】
1):proxy节点安装
安装yum install -y salt-master
安装yum install -y salt-syndic
vi /etc/salt/master
syndic_master: 192.168.1.181 #添加salt-master节点地址
syndic_log_file: /var/log/salt/syndic
order_masters: True
重启salt-master 和 salt-syndic
2):配置minion到proxy节点
vi /etc/salt/minion
master: 192.168.1.150
or
master: 192.168.1.219
3):清理salt-key认证,从master-->proxy--->minion
master:
cd /etc/salt/master
salt-key -D -y && rm -rf pki
systemctl restart salt-master
proxy:
cd /etc/salt/
salt-key -D -y && rm -rf pki
systemctl restart salt-master && systemctl restart salt-syndic
#如果proxy有2台则进行同样操作
minion:
cd /etc/salt
rm -rf pki
#最后从master节点开始接受key
master: salt-key -A -y
proxy: salt-key -A -y
#验证:
proxy:
[root@tools-skywalking-test001 salt]# salt '*' test.ping
minion-test-xktest001-192.168.1.114:
True
[root@sonarqube-jenkins02 salt]# salt '*' test.ping
minion-testcat001-192.168.1.48:
True
确认从proxy--->minion通畅
master:
[root@zabbix salt]# salt '*' test.ping
minion-test-xktest001-192.168.1.114:
True
minion-testcat001-192.168.1.48:
True
确认master--->proxy【因为proxy没有安装minion所有不会显示】---->minion通畅
2.saltstack 双主 架构
Master1 Master2
| |
m1 m2 m3 m1 m2 m3
双主是在minion上配置2个master:
vi /etc/salt/minion
master:
- m1
- m2
前提是保证minion持续运行能跟2个master持续保持连接。
7.saltstack 生产实践注意事项
1.不建议用salt 的file模块进行:目录管理,代码部署等。
建议用 "命令编排的状态管理":
压缩包,file.managed
cmd.run 执行部署
2.不建议使用salt 管理项目的配置文件。
建议用:分层管理,salt只管理服务的配置 例如Nginx Apache Tomcat
3.如果你有固定的文件服务器
可以使用source: salt:// http:// ftp://
4.SLS 版本化
1.在git上创建项目
2.找一个测试环境,编写sls进行测试,提交到仓库
3.生产环境git pull代码,测试完毕后,再全部执行
可以知道提交变更了什么配置或者文件.
5.使用Master job Cache保存Job的输出Mysql存储
cd /var/cache/salt/jobs
vi /etc/salt/master #keep_jobs: 24 默认保留24小时
生产的话,最好保留输出到Mysql中保存。
6.saltstack 二次开发
1):Master Job cache 将所有的job出输出保存在Mysql
2):如果做管理平台,可以将User id 和Jid做关联
3):使用List 做目标选择
8.saltstack 安装部署实战
1.练习:安装apache 并启动服务?
1):
[root@zabbix base]# cat apache.sls
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
- enable: True
[root@zabbix base]# salt 'minion-test-xktest001-192.168.1.114' state.sls apache
minion-test-xktest001-192.168.1.114:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 11:11:06.062511
Duration: 1255.692 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 11:11:07.319372
Duration: 221.627 ms
Changes:
----------
httpd:
True
Summary for minion-test-xktest001-192.168.1.114
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 1.477 s
注意:如果想把apache.sls放在目录里分类放,可以在base中mkdir apache或者mkdir web
[root@zabbix base]# mv apache.sls apache
[root@zabbix base]# salt 'minion-testcat001-192.168.1.48' state.sls web.apache
2):创建top.sls来执行apache.sls的高级状态
cd /sr/salt/base
vi top.sls
[root@zabbix base]# cat top.sls
base:
'minion-test-xktest001-192.168.1.114':
- web.apache
'minion-testcat001-192.168.1.48':
- web.apache
目录结构如下:执行: salt '*' state.highstate
├── top.sls
└── web
└── apache.sls
2.练习:
使用sls安装nxing,并管理Nginx的配置文件,当Nginx配置文件被修改的时,自动更新配置文件,并重启Nginx?
1.创建sls文件并准备nginx配置文件
mkdir /srv/salt/nginx
vi init.sls
-------------------------------SLS文件--------------------------------------------------
nginx:
pkg:
- installed
service:
- running
- enable: True
- reload: True
-watch: #监控下面2个文件有变化重启
- pkg: nginx
- file: /etc/nginx/nginx.conf
- file: /etc/nginx/conf.d/default.conf
/etc/nginx/nginx.conf:
file.managed:
- source: salt://etc/nginx/nginx.conf
- user: root
- group: root
- mode: 644
/etc/nginx/conf.d/default.conf:
file.managed:
- source: salt://etc/nginx/conf.d/default.conf
- user: root
- group: root
- mode: 644
-----------------------------------------------------------------------------------------
cp /etc/nginx/nginx.conf /srv/salt/etc/nginx/
cp /etc/nginx/conf.d/default.conf.rpmsave /srv/salt/etc/nginx/conf.d/default.conf
2.执行salt 安装
cd /srv/salt/nginx
[root@zabbix nginx]# salt 'minion-test*' state.sls nginx
minion-testcat001-192.168.1.48:
----------
ID: nginx
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: nginx
Started: 15:57:16.394723
Duration: 30605.935 ms
Changes:
----------
centos-indexhtml:
----------
new:
7-9.el7.centos
old:
dejavu-fonts-common:
----------
new:
2.33-6.el7
old:
dejavu-sans-fonts:
----------
new:
2.33-6.el7
old:
fontconfig:
----------
new:
2.13.0-4.3.el7
old:
fontpackages-filesystem:
----------
new:
1.44-8.el7
old:
gd:
----------
new:
2.0.35-26.el7
old:
gperftools-libs:
----------
new:
2.6.1-1.el7
old:
libX11:
----------
new:
1.6.7-3.el7_9
old:
libX11-common:
----------
new:
1.6.7-3.el7_9
old:
libXau:
----------
new:
1.0.8-2.1.el7
old:
libXpm:
----------
new:
3.5.12-1.el7
old:
libjpeg-turbo:
----------
new:
1.2.90-8.el7
old:
libxcb:
----------
new:
1.13-1.el7
old:
libxslt:
----------
new:
1.1.28-6.el7
old:
nginx:
----------
new:
1:1.16.1-3.el7
old:
nginx-all-modules:
----------
new:
1:1.16.1-3.el7
old:
nginx-filesystem:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-http-image-filter:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-http-perl:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-http-xslt-filter:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-mail:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-stream:
----------
new:
1:1.16.1-3.el7
old:
openssl11-libs:
----------
new:
1:1.1.1g-1.el7
old:
----------
ID: /etc/nginx/nginx.conf
Function: file.managed
Result: True
Comment: File /etc/nginx/nginx.conf is in the correct state
Started: 15:57:47.020842
Duration: 57.542 ms
Changes:
----------
ID: /etc/nginx/conf.d/default.conf
Function: file.managed
Result: True
Comment: File /etc/nginx/conf.d/default.conf updated
Started: 15:57:47.078554
Duration: 21.527 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: nginx
Function: service.running
Result: True
Comment: Service nginx has been enabled, and is running
Started: 15:57:47.100388
Duration: 265.845 ms
Changes:
----------
nginx:
True
Summary for minion-testcat001-192.168.1.48
------------
Succeeded: 4 (changed=3)
Failed: 0
------------
Total states run: 4
Total run time: 30.951 s
minion-test-xktest001-192.168.1.114:
----------
ID: nginx
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: nginx
Started: 15:57:14.591576
Duration: 113224.327 ms
Changes:
----------
centos-indexhtml:
----------
new:
7-9.el7.centos
old:
dejavu-fonts-common:
----------
new:
2.33-6.el7
old:
dejavu-sans-fonts:
----------
new:
2.33-6.el7
old:
fontconfig:
----------
new:
2.13.0-4.3.el7
old:
fontpackages-filesystem:
----------
new:
1.44-8.el7
old:
gd:
----------
new:
2.0.35-26.el7
old:
gperftools-libs:
----------
new:
2.6.1-1.el7
old:
libX11:
----------
new:
1.6.7-3.el7_9
old:
libX11-common:
----------
new:
1.6.7-3.el7_9
old:
libXau:
----------
new:
1.0.8-2.1.el7
old:
libXpm:
----------
new:
3.5.12-1.el7
old:
libjpeg-turbo:
----------
new:
1.2.90-8.el7
old:
libxcb:
----------
new:
1.13-1.el7
old:
libxslt:
----------
new:
1.1.28-6.el7
old:
nginx:
----------
new:
1:1.16.1-3.el7
old:
nginx-all-modules:
----------
new:
1:1.16.1-3.el7
old:
nginx-filesystem:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-http-image-filter:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-http-perl:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-http-xslt-filter:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-mail:
----------
new:
1:1.16.1-3.el7
old:
nginx-mod-stream:
----------
new:
1:1.16.1-3.el7
old:
openssl11-libs:
----------
new:
1:1.1.1g-1.el7
old:
----------
ID: /etc/nginx/nginx.conf
Function: file.managed
Result: True
Comment: File /etc/nginx/nginx.conf is in the correct state
Started: 15:59:07.833296
Duration: 37.33 ms
Changes:
----------
ID: /etc/nginx/conf.d/default.conf
Function: file.managed
Result: True
Comment: File /etc/nginx/conf.d/default.conf updated
Started: 15:59:07.870829
Duration: 19.161 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: nginx
Function: service.running
Result: True
Comment: Service nginx has been enabled, and is running
Started: 15:59:07.890284
Duration: 313.406 ms
Changes:
----------
nginx:
True
Summary for minion-test-xktest001-192.168.1.114
------------
Succeeded: 4 (changed=3)
Failed: 0
------------
Total states run: 4
Total run time: 113.594 s
3.检测是否安装nginx包
[root@zabbix nginx]# salt 'minion-test*' cmd.run 'rpm -qa|grep nginx'
minion-testcat001-192.168.1.48:
nginx-mod-mail-1.16.1-3.el7.x86_64
nginx-1.16.1-3.el7.x86_64
nginx-filesystem-1.16.1-3.el7.noarch
nginx-mod-http-perl-1.16.1-3.el7.x86_64
nginx-mod-stream-1.16.1-3.el7.x86_64
nginx-mod-http-image-filter-1.16.1-3.el7.x86_64
nginx-mod-http-xslt-filter-1.16.1-3.el7.x86_64
nginx-all-modules-1.16.1-3.el7.noarch
minion-test-xktest001-192.168.1.114:
nginx-mod-stream-1.16.1-3.el7.x86_64
nginx-mod-mail-1.16.1-3.el7.x86_64
nginx-mod-http-xslt-filter-1.16.1-3.el7.x86_64
nginx-1.16.1-3.el7.x86_64
nginx-all-modules-1.16.1-3.el7.noarch
nginx-filesystem-1.16.1-3.el7.noarch
nginx-mod-http-perl-1.16.1-3.el7.x86_64
nginx-mod-http-image-filter-1.16.1-3.el7.x86_64
4.修改配置文件,让Minion端更新重启【定时更新重启】
1):master:
cd /srv/salt/etc/nginx/conf.d
vi default.conf
listen 8080 #8091改为8080
2):minion端执行命令,更新master端修改后的配置,并重启nginx,去master查找nginx.sls文件,如果没有则执行init.sls文件:
[root@test-xkcat001 ~]# salt-call state.sls nginx
local:
----------
ID: nginx
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 10:16:01.410080
Duration: 1256.837 ms
Changes:
----------
ID: /etc/nginx/nginx.conf
Function: file.managed
Result: True
Comment: File /etc/nginx/nginx.conf is in the correct state
Started: 10:16:02.670970
Duration: 29.205 ms
Changes:
----------
ID: /etc/nginx/conf.d/default.conf
Function: file.managed
Result: True
Comment: File /etc/nginx/conf.d/default.conf updated
Started: 10:16:02.700376
Duration: 26.272 ms
Changes:
----------
diff:
---
+++
@@ -4,7 +4,7 @@
server {
- listen 8091;
+ listen 8080;
server_name disconf.com;
#charset koi8-r;
----------
ID: nginx
Function: service.running
Result: True
Comment: Service reloaded
Started: 10:16:02.835062
Duration: 80.04 ms
Changes:
----------
nginx:
True
Summary for local
------------
Succeeded: 4 (changed=2)
Failed: 0
------------
Total states run: 4
Total run time: 1.392 s
3):如果想要定时更新
a.将salt-call state.sls nginx 写入crontab中定时执行。
b.pillar的schedule
schedule:
highstate:
function:state.highstate
minutes:1
salt '*' saltutil.refresh_pillar
官方文档:http://docs.saltstack.cn/topics/jobs/index.html
官方示例1:
schedule:
log-loadavg:
function: cmd.run #函数运行一个命令
seconds: 3660
args: #传参数
- 'logger -t salt < /proc/loadavg'
kwargs: #传字典
stateful: False
shell: /bin/sh
#要是用pillar需要释放该模块vi /etc/salt/master 找到pillar_roots
mkdir /srv/pillar
#pillar模块必须添加top.sls
vi top.sls
---------------------------
base: #匹配环境
'*': #匹配主机范围
- nginx #执行nginx这个动作,是pillar下nginx目录
-----------------------------
也可以,这种匹配方式有点问题:
base:
test: #匹配master文件中nodegroups的test分组
- match: nodegroups
- nginx
-------------------------------
创建nginx.sls或者init.sls文件
mkdir /srv/pillar/nginx
vi init.sls
schedule:
nginx:
function: state.sls
minutes: 1
args:
- 'nginx'
#因为我们在/srv/pillar/nginx/init.sls ,所以直接写nginx会默认找init.sls文件,如果没有init.sls则需要写nginx.nginx来找nginx.sls文件。
[root@zabbix pillar]# salt '*' pillar.data
minion-testcat001-192.168.1.48:
----------
schedule:
----------
nginx:
----------
args:
- nginx
function:
state.sls
minutes:
1
minion-test-xktest001-192.168.1.114:
----------
schedule:
----------
nginx:
----------
args:
- nginx
function:
state.sls
minutes:
1
#如果没有执行,则执行刷新操作!
[root@zabbix nginx]# salt '*' saltutil.refresh_pillar
minion-dev12-192.168.1.173:
True
minion-testcat001-192.168.1.48:
True
minion-test-xktest001-192.168.1.114:
True
#再次验证:修改master:vi /srv/salt/etc/nginx/conf.d/default.conf 中端口号8080-->>>>8091
[root@cat-test ~]# netstat -tunpl|grep 8080
[root@cat-test ~]# netstat -tunpl|grep 8080
[root@cat-test ~]# netstat -tunpl|grep 8081
[root@cat-test ~]# netstat -tunpl|grep 8091
tcp 0 0 0.0.0.0:8091 0.0.0.0:* LISTEN 23899/nginx: master
右上图看出,8080端口号消失了,出现了8091端口的nginx进程。
3.安装LAMP(Apache,Mysql,PHP)环境?
上述安装后,LAMP您会了麽,动手做一做。
标签:实战,入门,minion,192.168,nginx,test,----------,saltstack,salt 来源: https://blog.csdn.net/meijinmeng/article/details/116721687