本文共 17328 字,大约阅读时间需要 57 分钟。
现在分享一下我对0.16版本salt的学习笔记
一、安装
1、在ubuntu系统安装
添加源
debhttp://debian.saltstack.com/debian wheezy-saltstack main
把这个源放到/etc/apt/sources.list
更新源
apt-get update
安装服务端或者客户端
apt-get installsalt-master
apt-get installsalt-minion
2、redhat或者centos的话,安装使用需要安装第三个源
如果你是5版本
wget http://dl.cpis-opt.com/huanw/shencan/epel-release-5-4.noarch.rpm && rpm -vih epel-release-5-4.noarch.rpm
如果是6版本,使用
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpmyum install salt-masteryum install salt-minion
The Salt master communicates with the minions using an AES-encrypted ZeroMQ connection. These communications are done over ports 4505 and 4506, which need to be accessible on the master only. This document outlines suggested firewall rules for allowing these incoming connections to the master.NoteNo firewall configuration needs to be done on Salt minions. These changes refer to the master only.
二、配置
在master端配置
vim /etc/salt/masterinterface: 192.168.56.102
写成你本机的ip
在slave端配置
vim /etc/salt/minionmaster: 192.168.56.102
写你服务端的ip
id: localhost
是注明自己的标示。
客户端/etc/init.d/salt-minion start 日志文件默认是这个/var/log/salt/minion
服务端/etc/init.d/salt-master start 日志文件默认是这个/var/log/salt/master
[root@centos salt]# salt-key -LAccepted Keys:server.hadoop.comUnaccepted Keys:localhostRejected Keys:
查看你的key情况
同意加入localhost
[root@centos salt]# salt-key -LAccepted Keys:server.hadoop.comUnaccepted Keys:localhostRejected Keys:[root@centos salt]# salt-key -a localhostKey for minion localhost accepted.[root@centos salt]# salt-key -LAccepted Keys:localhostserver.hadoop.comUnaccepted Keys:Rejected Keys:
查看一下网络连接情况(也就是看看能否连接客户端)
[root@centos salt]# salt '*' test.pinglocalhost: Trueserver.hadoop.com: True
先前使用*代表所有机器,如果想单独的话,可以使用
[root@centos salt]# salt 'localhost' cmd.run hostnamelocalhost:centos
如果想运行多个的话,可以使用-L
[root@centos salt]# salt -L 'server.hadoop.com,localhost' cmd.run hostnameserver.hadoop.com: server.hadoop.comlocalhost:centos
还可以使用正则
[root@centos salt]# salt -E 'server*' cmd.run hostnameserver.hadoop.com: server.hadoop.com
-G 这个参数很强大会根据默认的grain的结果来指定最新 grain这个东西就像puppet里面的facter这个东西
[root@centos salt]# salt -G 'os:Centos' test.pinglocalhost: True[root@centos salt]# salt -G 'os:Ubuntu' test.pingserver.hadoop.com:True
如果想查看哪个项的话
[root@centos test]# salt '*' grains.item osserver.hadoop.com: os: Ubuntulocalhost: os: CentOS
执行python代码
[root@centos salt]# salt '*' cmd.exec_code python 'import sys;print sys.version'localhost: 2.6.6 (r266:84292, Feb 22 2013, 00:00:18) [GCC 4.4.7 20120313 (Red Hat 4.4.7-3)]server.hadoop.com: 2.7.3 (default, Aug 1 2012, 05:14:39) [GCC 4.6.3]
分组操作
在master里配置
nodegroups: group1: 'localhost' group2: 'server.hadoop.com'
可以把localhost分给group1,server.hadoop.com分给group2
然后重启salt-master
[root@centos salt]# salt -N group1 test.pinglocalhost:True[root@centos salt]# salt -N group2 test.pingserver.hadoop.com:True
查看网卡ip
[root@centos /]# salt 'localhost' network.interfaceslocalhost: ---------- eth0: ---------- hwaddr: 08:00:27:59:bb:1f inet: ---------- - address: 192.168.56.102 - broadcast: 192.168.56.255 - label: eth0 - netmask: 255.255.255.0 inet6: ---------- - address: fe80::a00:27ff:fe59:bb1f - prefixlen: 64 up: True eth1: ---------- hwaddr: 08:00:27:ba:ad:23 inet: ---------- - address: 192.168.14.182 - broadcast: 192.168.14.255 - label: eth1 - netmask: 255.255.255.0 inet6: ---------- - address: fe80::a00:27ff:feba:ad23 - prefixlen: 64 up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: ---------- - address: 127.0.0.1 - broadcast: None - label: lo - netmask: 255.0.0.0 inet6: ---------- - address: ::1 - prefixlen: 128 up: True
下面是我的测试
[root@centos salt]# salt -C 'G@os:ubuntu' test.pingserver.hadoop.com:True[root@centos salt]# salt -C 'E@server.\w+' test.pingserver.hadoop.com:True[root@centos salt]# salt -C 'P@os:(centos)' test.pinglocalhost: True[root@centos salt]# salt -C 'P@os:(centos|ubuntu)' test.pingserver.hadoop.com: Truelocalhost:True[root@centos salt]# salt -C 'L@localhost,server.hadoop.com' test.pingserver.hadoop.com: Truelocalhost:True[root@centos salt]# salt -C 'S@192.168.56.0/24' test.pingserver.hadoop.com: Truelocalhost:True
查看磁盘空间
[root@centos tmp]# salt 'localhost' disk.usagelocalhost: ---------- /: ---------- 1K-blocks: 28423176 available: 21572708 capacity: 21% filesystem: /dev/mapper/vg_centos-lv_root used: 5406628 /boot: ---------- 1K-blocks: 495844 available: 438658 capacity: 7% filesystem: /dev/sda1 used: 31586 /dev/shm: ---------- 1K-blocks: 510204 available: 510204 capacity: 0% filesystem: tmpfs used: 0[root@centos tmp]# df -hFilesystem Size Used Avail Use% Mounted on/dev/mapper/vg_centos-lv_root 28G 5.2G 21G 21% /tmpfs 499M 0 499M 0% /dev/shm/dev/sda1 485M 31M 429M 7% /boot
如果想查看所有minion的连接情况,可以使用salt-run manage.status
[root@centos apache]# salt '*' test.pingserver.hadoop.com: Truelocalhost: True[root@centos apache]#[root@centos apache]#[root@centos apache]# salt-run manage.statusdown: - 230up: - localhost - server.hadoop.com
如果想安装软件可以使用pkg.install
[root@centos echoping]# salt 'localhost' pkg.install dos2unixLoaded plugins: fastestmirrorLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * base: mirror.esocc.com * epel: mirrors.vinahost.vn * extras: mirror.esocc.com * rpmforge: mirror1.hs-esslingen.de * updates: centosc6.centos.orgRunning rpm_check_debugLoaded plugins: fastestmirrorlocalhost: ---------- dos2unix: ---------- new: 3.1-37.el6 old: [root@centos echoping]# rpm -qa|grep dos2unixdos2unix-3.1-37.el6.x86_64
查看你已经安装的包
salt 'localhost' pkg.list_pkgs
删除包
[root@centos tmp]# salt 'localhost' pkg.remove echopingLoaded plugins: fastestmirrorLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * base: mirror.esocc.com * epel: mirror.neu.edu.cn * extras: mirror.esocc.com * rpmforge: mirrors.neusoft.edu.cn * updates: mirror.esocc.comRunning rpm_check_debugLoaded plugins: fastestmirrorlocalhost: - echoping[root@centos tmp]# rpm -qa|grep echoping
查看你repos(由于内容过多,我就只列出命令了)
salt 'localhost' pkg.list_repos
三、配置类似puppet操作
由于我的master上的存放信息目录是在/var/salt上
file_roots: base:- /var/salt/
所以进入换个目录
下面是我的配置
[root@centos salt]# cat top.slsbase: '*': #对象名,我使用*代表所有 - vim #资源文件名
如果你的资源文件存放在一个目录里,比如在/var/salt/apache/vim.sls,
那么可以写为
-apache.vim
代表apache目录下的vim.sls
下面测试
Top里内容为
[root@centos salt]# cat top.slsbase: 'localhost': - echoping.echoping#代表echoping目录下的echoping.sls文件[root@centos echoping]# pwd/var/salt/echoping[root@centos echoping]# cat echoping.slsechoping: #id宣告 pkg: #安装包管理 - name: echoping #安装哪个软件 - installed #要求是安装 service: #服务管理 - name: httpd #指定服务 - running #服务运行状态 - reload: True #是否重启 - watch: #如果下面文件发生变化,就重启 - file: /tmp/test_echoping.conf #监控的文件地址/tmp/test_echoping.conf: #宣告 file.managed: #文件管理 - source: salt://echoping/test_echoping.conf #源数据在哪里 - user: root #用户 - group: root #组 - mode: 644 #权限 - backup: minion #备份一份
运行的话,可以使用salt 'localhost' state.highstate
注意,如果需要把服务设置为开机启动可以使用- enable:True
由于我设置的是有变化就重启http,所以先查看http的状态
[root@centos salt]# ps -ef|grep httpdroot 1430 1 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1436 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1469 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1470 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1471 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1472 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1473 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1474 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1475 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdapache 1476 1430 0 17:03 ? 00:00:00 /usr/sbin/httpdroot 1886 1782 0 17:04 pts/0 00:00:00 grep httpd[root@centos salt]# dateFri Aug 9 17:04:54 CST 2013
在17:04启动,然后在运行salt 'localhost' state.highstate
[root@centos salt]# salt 'localhost' state.highstateInfo: Running a benchmark to measure system clock frequency...Info: Finished RDTSC test. To prevent the startup delay from this benchmark, set the environment variable RDTSC_FREQUENCY to 2495 on this system. This value is dependent upon the CPU clock speed and architecture and should be determined separately for each server.localhost:---------- State: - file Name: /tmp/test_echoping.conf Function: managed Result: True Comment: File /tmp/test_echoping.conf updated Changes: diff: New file ---------- State: - pkg Name: echoping Function: installed Result: True Comment: The following packages were installed/updated: echoping. Changes: echoping: { new : 5.2.0-1.2.el6.rfold :} ---------- State: - service Name: httpd Function: running Result: True Comment: Service restarted Changes: httpd: True 可以看到已经安装了echoping,并且更新了/tmp/test_echoping.conf
在查看一下httpd情况
[root@centos salt]# ps -ef|grep httpdroot 2025 1 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2028 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2031 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2032 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2033 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2034 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2035 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2036 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2037 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdapache 2038 2025 0 17:06 ? 00:00:00 /usr/sbin/httpdroot 2043 1782 3 17:06 pts/0 00:00:00 grep httpd[root@centos salt]# dateFri Aug 9 17:06:57 CST 2013
可以看到已经重启了。
在查看一下文件传输情况
源文件
[root@centos salt]# cat /var/salt/echoping/test_echoping.confthis is test echopingthis twice test
生成的文件
[root@centos salt]# cat /tmp/test_echoping.confthis is test echopingthis twice test
查看echoping是否安装
[root@centos salt]# rpm -qa|grep echopingechoping-5.2.0-1.2.el6.rf.x86_64
已经安装了
在看看下面的用户与权限
[root@centos salt]# ll /tmp/test_echoping.conf-rw-r--r-- 1 root root 38 Aug 9 17:05 /tmp/test_echoping.conf
也是我们定义的
如果在给/var/salt/echoping/test_echoping.conf修改了,在运行
[root@centos echoping]# salt 'localhost' state.highstatelocalhost:---------- State: - file Name: /tmp/test_echoping.conf Function: managed Result: True Comment: File /tmp/test_echoping.conf updated Changes: diff: --- +++ @@ -1,2 +1,3 @@ this is test echoping this twice test+this is 3---------- State: - service Name: httpd Function: running Result: True Comment: Service restarted Changes: httpd: True
然后服务也重启了
[root@centos echoping]# ps -ef|grep httpdroot 2352 1 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2354 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2355 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2356 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2357 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2358 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2359 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2360 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2361 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdapache 2362 2352 0 17:21 ? 00:00:00 /usr/sbin/httpdroot 2372 2183 0 17:22 pts/1 00:00:00 grep httpd[root@centos echoping]# dateFri Aug 9 17:23:01 CST 2013
如果想让salt能想puppet那样定时自动的获取配置,可以在/etc/salt/minion里配置
schedule: highstate: function: state.highstateminutes: 60
然后重启salt-minion
请注意,在服务端可以使用salt 'localhost' state.highstate,在客户端的话,使用salt-callstate.highstate
如果使用grains来区分不同的系统安装不同的东东,可以使用下面(比如安装apache,在centos里安装httpd,在ubuntu里安装apache2)
[root@centos apache]# cat apache.slsapache: pkg: {% if grains['os'] == 'CentOS'%} - name: httpd {% elif grains['os'] == 'Ubuntu'%} - name: apache2 {% endif %} - installed service: {% if grains['os'] == 'CentOS'%} - name: httpd {% elif grains['os'] == 'Ubuntu'%} - name: apache2 {% endif %} - running - reload: True - watch: - pkg: apache - file: /tmp/test.conf/tmp/test.conf: file.managed: - source: salt://apache/test.conf - user: root - group: root- mode: 644[root@centos apache]# cat test.confthis is test apachethis is 2 然后运行更新
[root@centos apache]# salt 'server.hadoop.com' state.highstateserver.hadoop.com:---------- State: - file Name: /tmp/test.conf Function: managed Result: True Comment: File /tmp/test.conf updated Changes: diff: New file ---------- State: - pkg Name: apache2 Function: installed Result: True Comment: Package apache2 is already installed Changes: ---------- State: - service Name: apache2 Function: running Result: True Comment: Service restarted Changes: apache2: True
注意,如果你想使用命令的话,可以使用cmd.wait
echo-msg: cmd.wait: - name: echo 'this is test' >/tmp/echo-msg - user: root - watch: - pkg: apache
自定义模块
查看你master上的file_root路径,比如我的为
file_roots: base:- /var/salt/
所以在/var/salt里创建个_modules
mkdir /var/salt/_modules
然后进入目录编写模块
cd /var/salt/_modules[root@centos _modules]# cat dl.pydef msg(): msg='this is test message' return msgdef time(): import time a=time.asctime()return a
必须以.py结尾
然后同步到minion里(使用saltutil.sync_all)
[root@centos _modules]# salt '*' saltutil.sync_allserver.hadoop.com: |_ - modules.dl |_ |_ |_ |_ |_localhost: |_ - modules.dl |_ |_ |_ |_|_
下面测试
[root@centos _modules]# salt '*' dl.msglocalhost: this is test messageserver.hadoop.com:this is test message[root@centos _modules]# salt '*' dl.timeserver.hadoop.com: Tue Aug 13 15:25:32 2013localhost:Tue Aug 13 15:25:29 2013
当然还可以直接调用salt的模块
调用先有的module来显现自定义module中需要的功能saltsalt内置的一个字典,包含了所有的salt的moudle
def cmd(cmd):return __salt__['cmd.run'](cmd)
同步
之后测试
[root@centos _modules]# salt '*' saltutil.sync_allserver.hadoop.com: |_ |_ |_ |_ |_ |_localhost: |_ - modules.dl |_ |_ |_ |_ |_[root@centos _modules]# salt 'localhost' dl.cmd lslocalhost: 1.log 1.py 111.py 1111.log 2.log 3.log anaconda-ks.cfg install.log install.log.syslog install_openstack.sh install_zabbix_agent.sh svn_install.sh test test5 test7.py zatree[root@centos _modules]# salt 'localhost' dl.cmd hostnamelocalhost: centos
下面是一些关于client的描述
Python client APISalt is written to be completely API centric, Salt minions and master can be built directly into third party applications as a communication layer. The Salt client API is very straightforward.
运行单个命令
>>> import salt.client>>> a=salt.client.LocalClient()>>> a>>> a.cmd("localhost","test.ping"){'localhost': True}>>> a.cmd("*","test.ping"){'server.hadoop.com': True, 'localhost': True}>>> a.cmd("*","dl.time"){'server.hadoop.com': 'Wed Aug 14 09:53:22 2013', 'localhost': 'Wed Aug 14 09:53:22 2013'}
运行多个命令
>>> a.cmd('*',['cmd.run','test.ping','dl.time'],[['hostname'],[],[]]){'server.hadoop.com': {'test.ping': True, 'dl.time': 'Wed Aug 14 10:01:35 2013', 'cmd.run': 'server.hadoop.com'}, 'localhost': {'test.ping': True, 'dl.time': 'Wed Aug 14 10:01:35 2013', 'cmd.run': 'centos'}} 具体参考
转载地址:http://vgqzx.baihongyu.com/