一、saltsatck远程执行
当我们使用salt执行一条远程命令,如:salt '*' cmd.run "df -h",命令的结构是怎样的呢?
1.1、目标(target)
文档:https://docs.saltstack.com/en/latest/topics/tutorials/modules.html#target
1)通配符匹配方式
[root@master ~]# salt '*' test.ping [root@master ~]# salt 'salt1-minion.example.com' test.ping [root@master ~]# salt 'salt1*' test.ping [root@master ~]# salt 'salt[1|2]*' test.ping [root@master ~]# salt 'salt?-minion.example.com' test.ping [root@master ~]# salt 'salt[!1|2]-minion.example.com' test.ping
2)列表匹配
[root@master ~]# salt -L 'salt-minion1-c7,salt-minion2-c7'test.ping
3)正则匹配
[root@salt0-master ~]# salt -E 'salt(1|2|3|4)*' test.ping [root@salt0-master ~]# salt -E 'salt(1|2|3|4)-minion.example.com' test.ping
4)ip匹配
[root@salt-master pillar]# salt -S '10.0.0.21' test.ping [root@salt-master pillar]# salt -S '10.0.0.0/24' test.ping
5)分组匹配
[root@salt-master ~]# vim /etc/salt/master nodegroups: webserver: 'salt-minion1-c7,salt-minion2-c7' dbserver: 'L@salt-minion3-c7,salt-minion2-c7 or salt-minion4*' ftpserver: 'G@os:centos and salt-minion1-c7' [root@salt-master ~]# systemctl restart salt-master.service [root@salt-master ~]# salt -N 'webserver' test.ping
6)grains匹配
[root@salt-master ~]# salt -G 'os:centos' test.ping [root@salt-master ~]# salt -G 'fqdn_ip4:10.0.0.21' test.ping
1.2、远程执行模块
所有的执行模块文档:https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules
1.2.1 pkg模块
根据操作系统不同,选择对应的安装方式(如CentOS系统默认会使用yum,Debian系统默认使用apt-get)
[root@salt-master ~]# salt '*' pkg.install httpd [root@salt-master ~]# salt '*' pkg.install httpd reinstall=True #重装 [root@salt-master ~]# salt '*' pkg.remove httpd [root@salt-master ~]# salt '*' pkg.latest_version httpd #查看最新版本 #查看模块帮助 salt '*' pkg
1.2.2 file模块
文档:https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html
[root@salt-master ~]# salt '*' file.stats /etc/passwd #查看文件状态 [root@salt-master ~]# salt '*' file.touch "/tmp/test" #创建文件 [root@salt-master ~]# salt '*' file.symlink /tmp/test /tmp/a #创建文件软件软连接,a==>test [root@salt-master ~]# salt '*' file.rename /path/to/src /path/to/dst #文件改名 [root@salt-master ~]# salt '*' file.chown /etc/passwd root root #授权 [root@salt-master ~]# salt '*' file.copy /path/to/src /path/to/dst [root@salt-master ~]# salt '*' file.mkdir /opt/jetty/context #创建目录 [root@salt-master ~]# salt '*' file.move /path/to/src /path/to/dst #移动文件或目录 //查看模块帮助 salt '*' file
1.2.3 service模块
salt '*' service.disabled <service name> salt '*' service.enable <service name> salt '*' service.enabled <service name> salt '*' service.missing sshd salt '*' service.reload <service name> salt '*' service.restart <service name> salt '*' service.start <service name> salt '*' service.status <service name> [service signature] salt '*' service.stop <service name>
二、返回(Return)
2.1、简介
Return组件可以理解为SaltStack系统对执行Minion返回后的数据存储或者返回给其他程序,支持多种存储方式,例如 MySQL、MongoDB 、Redis、Memcache等。通过Return可以对SaltStack每次的操作进行记录,对以后的日志审计提供了数据源。
2.2、return的配置
文档:https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html
1)配置mariadb数据库
#安装软件包并启动 [root@salt-master ~]# yum install mariadb-server mariadb MySQL-python -y #MySQL-python不可少 [root@salt-master ~]# systemctl enable mariadb [root@salt-master ~]# systemctl start mariadb #建立远程连接用户 MariaDB [(none)]> grant all on salt.* to salt@'%' identified by 'salt@Pass'; #创库创表 CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; USE `salt`; DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE INDEX jid ON jids(jid) USING BTREE; DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; DROP TABLE IF EXISTS `salt_events`; CREATE TABLE `salt_events` ( `id` BIGINT NOT NULL AUTO_INCREMENT, `tag` varchar(255) NOT NULL, `data` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, `master_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `tag` (`tag`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
2)minion端操作
[root@salt-minion1-c7 ~]# yum install MySQL-python -y [root@salt-minion1-c7 ~]# vim /etc/salt/minion #return: mysql mysql.host: '10.0.0.11' mysql.user: 'salt' mysql.pass: 'salt@Pass' mysql.db: 'salt' mysql.port: 3306 [root@salt-minion1-c7 ~]# systemctl restart salt-minion.service
3)master端测试
[root@salt-master ~]# salt 'salt-minion1-c7' test.ping --return mysql
#登录mysql查看
MariaDB [salt]> select * from salt_returnsG
*************************** 1. row ***************************
fun: test.ping
jid: 20190831143343957298
return: true
id: salt-minion1-c7
success: 1
full_ret: {"fun_args": [], "jid": "20190831143343957298", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "salt-minion1-c7"}
alter_time: 2019-08-31 14:33:44
1 row in set (0.00 sec)三、salt ssh使用
使用salt-ssh也可以远程执行命令,无需安装minion
3.1、密码方式
1)master端安装salt-ssh
[root@salt-master ~]# yum install salt-ssh -y
2)编辑rouster文件
[root@salt-master ~]# cat /etc/salt/roster # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2 salt-minion1-c7: host: 10.0.0.21 user: root passwd: 123456 port: 22 salt-minion2-c7: host: 10.0.0.22 user: root passwd: 123456 port: 22 salt-minion4-c6: host: 10.0.0.24 user: root passwd: 123456 port: 22
3)测试
[root@salt-master ~]# salt-ssh '*' test.ping -i #使用-i不询问,也可以编辑.ssh/config,加StrictHostKeyChecking no [root@salt-master ~]# salt-ssh '*' -r 'uptime'
3.2、密钥方式
[root@salt-master ~]# vim /etc/salt/roster
[root@salt-master ~]# cat /etc/salt/roster
salt-minion1-c7:
host: 10.0.0.21
user: root
priv: /etc/salt/pki/master/ssh/salt-ssh.rsa #master的密钥
port: 22
#执行测试,第一次需要将公钥放置到对应服务器上
[root@salt-master ~]# salt-ssh -H
/etc/salt/roster:
----------
salt-minion1-c7:
10.0.0.21
[root@salt-master ~]# salt-ssh '*' cmd.run 'df -h'
salt-minion1-c7:
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 48G 2.3G 46G 5% /
devtmpfs 479M 0 479M 0% /dev
tmpfs 489M 28K 489M 1% /dev/shm
tmpfs 489M 6.7M 482M 2% /run
tmpfs 489M 0 489M 0% /sys/fs/cgroup
tmpfs 98M 0 98M 0% /run/user/0