Copyright statement: This article is an original article by Shaon Puppet. Please indicate the original address for reprinting. Thank you very much. https://blog.csdn.net/wh211212/article/details/53168968
# install from EPEL
[ root@linuxprobe~]# yum --enablerepo=epel -y install salt-master
[ root@linuxprobe~]# systemctl start salt-master
[ root@linuxprobe~]# systemctl enable salt-master
Created symlink from/etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[ root@linuxprobe~]# firewall-cmd --add-port={4505/tcp,4506/tcp}--permanent
success
[ root@linuxprobe~]# firewall-cmd --reload
success
# install from EPEL
[ root@vdevops~]# yum --enablerepo=epel -y install salt-minion
[ root@vdevops~]# sed -i 's/\#master: salt/master: linuxprobe.org/'/etc/salt/minion
[ root@vdevops~]# systemctl start salt-minion
[ root@vdevops~]# systemctl enable salt-minion
Created symlink from/etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
After the Salt Clinet client is started, it will send the public-key to the Salt Master for authentication. The Salt Master can receive authentication requests from the client.
# show the list of keys
[ root@linuxprobe master]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
vdevops.org
Rejected Keys:
# permit all keys with"A" option
[ root@linuxprobe master]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
vdevops.org
Proceed?[n/Y] y #confirm
Key for minion vdevops.org accepted.[root@linuxprobe master]# salt-key -L
Accepted Keys:
vdevops.org
Denied Keys:
Unaccepted Keys:
Rejected Keys:
# Test connection
[ root@linuxprobe ~]# salt '*' test.ping
vdevops.org:
True
The basic usage of Saltstack is to execute command synchronization from the master to the client
salt [option] [target] [function] [arguments]
Reference document: https://docs.saltstack.com/en/latest/ref/modules/all/index.html
[ root@linuxprobe ~]# salt '*' sys.doc | less
' acl.delfacl:'
Remove specific FACL from the specified file(s)
CLI Examples:
salt '*' acl.delfacl user myuser /tmp/house/kitchen
salt '*' acl.delfacl default:group mygroup /tmp/house/kitchen
salt '*' acl.delfacl d:u myuser /tmp/house/kitchen
salt '*' acl.delfacl g myuser /tmp/house/kitchen /tmp/house/livingroom
salt '*' acl.delfacl user myuser /tmp/house/kitchen recursive=True
' acl.getfacl:'Return(extremely verbose) map of FACLs on specified file(s)
CLI Examples:
salt '*' acl.getfacl /tmp/house/kitchen
salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom
salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom recursive=True
...
# specify all Minions
# test.ping means that make sure Minions are acitive
[ root@linuxprobe ~]# salt '*' test.ping
vdevops.org:
True
linuxprobe.org:
True
# specify a Minion "vdevops.org"
# disk.usage means that make sure current disk usag
[ root@linuxprobe ~]# salt 'vdevops.org' disk.usage
vdevops.org:----------/:----------
1 K-blocks:18307072
available:16866300
capacity:8%
filesystem:/dev/mapper/centos-root
used:1440772
# specify some Minions withList(comma separated)
# status.loadavg means that make sure load averages
[ root@linuxprobe ~]# salt -L 'vdevops.org,linuxprobe.org' status.loadavg
vdevops.org:----------1-min:0.015-min:0.055-min:0.01
linuxprobe.org:----------1-min:0.0215-min:0.065-min:0.08
# specify Minions withexpression(example means "node00-99.srv.world")
# selinux.getenforce means that make sure SELinux operating mode
[ root@dlp ~]# salt -E 'node[0-9][0-9].srv.world' selinux.getenforce
node02.srv.world:
Enforcing
node01.srv.world:
Enforcing
# specify Minions which OS is CentOS with Grains Data
# grains.item kernelrelease means that make sure Kernel version from grains.item data
# Grains is the word used in Salt and which keeps Minions' OS data and others
[ root@linuxprobe ~]# salt -G 'os:CentOS' grains.item kernelrelease
vdevops.org:----------
kernelrelease:3.10.0-327.36.2.el7.x86_64
linuxprobe.org:----------
kernelrelease:3.10.0-327.el7.x86_64
[ root@linuxprobe ~]# vi /etc/salt/master
# line 12: uncomment
default_include: master.d/*.conf
[ root@linuxprobe ~]# mkdir /etc/salt/master.d
[ root@linuxprobe ~]# vi /etc/salt/master.d/nodegroups.conf
# create new
# group_org :
# group_os : specify OS is CentOS
nodegroups:
group_org: '[email protected],vdevops.org'
group_os: 'G@os:CentOS'
[ root@linuxprobe ~]# systemctl restart salt-master
# run to a target group_os
[ root@linuxprobe master.d]# salt -N 'group_os' cmd.run 'hostname'
vdevops.org:
vdevops.org
linuxprobe.org:
linuxprobe.org
Learning how to configure the Salt State file is important for learning Saltstack and using Salt. The state file is written in yaml format
[ root@linuxprobe ~]# vi /etc/salt/master
# line 417: uncomment and define root directory
file_roots:
base:-/srv/salt
[ root@linuxprobe ~]# mkdir /srv/salt
To place the state file in the root directory, you can use the salt command to apply the configuration to Minions. The following example installs the wget package to Minions
# ( any file name).sls
[ root@linuxprobe ~]# vi /srv/salt/default.sls
# create newinstall_wget:
pkg.installed:- name: wget
[ root@linuxprobe ~]# salt "vdevops.org" state.sls default
vdevops.org:----------
ID: install_wget
Function: pkg.installed
Name: wget
Result: True
Comment: The following packages were installed/updated: wget
Started:18:54:59.514712
Duration:14193.327 ms
Changes:----------
wget:----------new:1.14-10.el7_0.1
old:
Summary
------------
Succeeded:1(changed=1)
Failed:0------------
Total states run:1
# confirm
[ root@linuxprobe ~]# salt "vdevops.org" cmd.run 'rpm -q wget'
vdevops.org:
wget-1.14-10.el7_0.1.x86_64
Example of configuring the state tree
root@linuxprobe ~]# vi /srv/salt/top.sls
base:
# define target Minions
'*':
# define the name of State file
- default
# create State file defined in Top File
[ root@linuxprobe ~]# vi /srv/salt/default.sls
# for example, Install and start httpd and MariaDB and also install PHP
webserver:
pkg.installed:- pkgs:- httpd
- php
- php-mbstring
- php-pear
- mariadb-server
/var/www/html/index.php:
file:- managed
- source: salt://httpd/index.php
- require:- pkg: webserver
# initial setup script
/tmp/setup.sql:
file:- managed
- source: salt://httpd/setup.sql
enable_httpd:
service.running:- name: httpd
- enable: True
- require:- pkg: webserver
enable_mariadb:
service.running:- name: mariadb
- enable: True
- require:- pkg: webserver
setup_mariadb:
cmd.run:- name:'/bin/mysql -u root < /tmp/setup.sql'- require:- service: enable_mariadb
# if Firewalld is running, configure services
{ %set fw_status = salt['service.status']('firewalld')%}{%if fw_status %}
setup_fw:
cmd.run:- names:-'/bin/firewall-cmd --add-service={http,https,mysql}'-'/bin/firewall-cmd --add-service={http,https,mysql} --permanent'{% endif %}
# create index.php template
[ root@linuxprobe ~]# mkdir /srv/salt/httpd
[ root@linuxprobe ~]# vi /srv/salt/httpd/index.php
<? php
print "Salt State Test Page\n";?>
# create MariaDB initial setup script
[ root@linuxprobe ~]# vi /srv/salt/httpd/setup.sql
set password for root@localhost=password('password');set password for root@'127.0.0.1'=password('password');deletefrom mysql.user where user='';deletefrom mysql.user where password='';
drop database test;
[ root@linuxprobe ~]# salt "*" state.apply test=True
vdevops.org:----------
cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql}--permanent_|-run:----------
__ run_num__:7
changes:----------
comment:
Command "/bin/firewall-cmd --add-service={http,https,mysql} --permanent" would have been executed
duration:0.198
name:/bin/firewall-cmd --add-service={http,https,mysql}--permanent
result:
None
start_time:19:09:39.481991
cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql}_|-run:----------
__ run_num__:6
changes:----------
comment:
Command "/bin/firewall-cmd --add-service={http,https,mysql}" would have been executed
duration:0.328
name:/bin/firewall-cmd --add-service={http,https,mysql}
result:
None
start_time:19:09:39.481608
cmd_|-setup_mariadb_|-/bin/mysql -u root </tmp/setup.sql_|-run:...
# No error execution
[ root@linuxprobe ~]# salt "*" state.apply
[ root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status httpd'
vdevops.org:* httpd.service - The Apache HTTP Server
Loaded:loaded(/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active:active(running) since Tue 2016-11-1519:11:41 CST; 20min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID:3261(httpd)
Status:"Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup:/system.slice/httpd.service
|- 3261 /usr/sbin/httpd -DFOREGROUND
|- 3262 /usr/sbin/httpd -DFOREGROUND
|- 3263 /usr/sbin/httpd -DFOREGROUND
|- 3264 /usr/sbin/httpd -DFOREGROUND
|- 3265 /usr/sbin/httpd -DFOREGROUND
`- 3266 /usr/sbin/httpd -DFOREGROUND
Nov 15 19:11:41 vdevops.org systemd[1]: Starting The Apache HTTP Server...
Nov 15 19:11:41 vdevops.org httpd[3261]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using vdevops.org. Set the 'ServerName' directive globally to suppress this message
Nov 15 19:11:41 vdevops.org systemd[1]: Started The Apache HTTP Server.
[ root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status mariadb'
vdevops.org:
* mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2016-11-15 19:11:45 CST; 21min ago
Main PID: 3397 (mysqld_safe)
CGroup: /system.slice/mariadb.service
|- 3397 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
`- 3554 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: The latest information about MariaDB is available at http://mariadb.org/.
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: You can find additional information about the MySQL part at:
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://dev.mysql.com
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Support MariaDB development by buying support/newfeaturesfrom MariaDB
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Corporation Ab. You can contact us about this at [email protected].
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Alternatively consider joining our community based development effort:
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/
Nov 1519:11:42 vdevops.org mysqld_safe[3397]:16111519:11:42 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Nov 1519:11:42 vdevops.org mysqld_safe[3397]:16111519:11:42 mysqld_safe Starting mysqld daemon with databases from/var/lib/mysql
Nov 1519:11:45 vdevops.org systemd[1]: Started MariaDB database server.
# Test php page
[ root@linuxprobe ~]# curl http://vdevops.org/index.php
Salt State Test Page
[ root@linuxprobe ~]# salt-cp '*' anaconda-ks.cfg /tmp/{'vdevops.org':{'/tmp/anaconda-ks.cfg': True}}
Recommended Posts