著作権表示:この記事はShaonPuppetによるオリジナル記事です。転載の元のアドレスを教えてください。ありがとうございます。 https://blog.csdn.net/wh211212/article/details/53168968
# install from EPEL
[ root@linuxprobe~]# yum --enablerepo=epel -y install salt-master
[ root@linuxprobe~]# systemctl start salt-master
[ root@linuxprobe~]# systemctl enable salt-master
Created symlink from/etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[ root@linuxprobe~]# firewall-cmd --add-port={4505/tcp,4506/tcp}--permanent
success
[ root@linuxprobe~]# firewall-cmd --reload
success
# install from EPEL
[ root@vdevops~]# yum --enablerepo=epel -y install salt-minion
[ root@vdevops~]# sed -i 's/\#master: salt/master: linuxprobe.org/'/etc/salt/minion
[ root@vdevops~]# systemctl start salt-minion
[ root@vdevops~]# systemctl enable salt-minion
Created symlink from/etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
Salt Clinetクライアントが起動すると、認証のために公開鍵がSalt Masterに送信されます。SaltMasterは、クライアントから認証要求を受信できます。
# show the list of keys
[ root@linuxprobe master]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
vdevops.org
Rejected Keys:
# permit all keys with"A" option
[ root@linuxprobe master]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
vdevops.org
Proceed?[n/Y] y #確認
Key for minion vdevops.org accepted.[root@linuxprobe master]# salt-key -L
Accepted Keys:
vdevops.org
Denied Keys:
Unaccepted Keys:
Rejected Keys:
# 接続のテスト
[ root@linuxprobe ~]# salt '*' test.ping
vdevops.org:
True
Saltstackの基本的な使用法は、マスターからクライアントにコマンドを同期することです
salt [option] [target] [function] [arguments]
参考資料:[https://docs.saltstack.com/en/latest/ref/modules/all/index.html](https://docs.saltstack.com/en/latest/ref/modules/all/index.html)
[ root@linuxprobe ~]# salt '*' sys.doc | less
' acl.delfacl:'
Remove specific FACL from the specified file(s)
CLI Examples:
salt '*' acl.delfacl user myuser /tmp/house/kitchen
salt '*' acl.delfacl default:group mygroup /tmp/house/kitchen
salt '*' acl.delfacl d:u myuser /tmp/house/kitchen
salt '*' acl.delfacl g myuser /tmp/house/kitchen /tmp/house/livingroom
salt '*' acl.delfacl user myuser /tmp/house/kitchen recursive=True
' acl.getfacl:'Return(extremely verbose) map of FACLs on specified file(s)
CLI Examples:
salt '*' acl.getfacl /tmp/house/kitchen
salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom
salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom recursive=True
...
# specify all Minions
# test.ping means that make sure Minions are acitive
[ root@linuxprobe ~]# salt '*' test.ping
vdevops.org:
True
linuxprobe.org:
True
# specify a Minion "vdevops.org"
# disk.usage means that make sure current disk usag
[ root@linuxprobe ~]# salt 'vdevops.org' disk.usage
vdevops.org:----------/:----------
1 K-blocks:18307072
available:16866300
capacity:8%
filesystem:/dev/mapper/centos-root
used:1440772
# specify some Minions withList(comma separated)
# status.loadavg means that make sure load averages
[ root@linuxprobe ~]# salt -L 'vdevops.org,linuxprobe.org' status.loadavg
vdevops.org:----------1-min:0.015-min:0.055-min:0.01
linuxprobe.org:----------1-min:0.0215-min:0.065-min:0.08
# specify Minions withexpression(example means "node00-99.srv.world")
# selinux.getenforce means that make sure SELinux operating mode
[ root@dlp ~]# salt -E 'node[0-9][0-9].srv.world' selinux.getenforce
node02.srv.world:
Enforcing
node01.srv.world:
Enforcing
# specify Minions which OS is CentOS with Grains Data
# grains.item kernelrelease means that make sure Kernel version from grains.item data
# Grains is the word used in Salt and which keeps Minions' OS data and others
[ root@linuxprobe ~]# salt -G 'os:CentOS' grains.item kernelrelease
vdevops.org:----------
kernelrelease:3.10.0-327.36.2.el7.x86_64
linuxprobe.org:----------
kernelrelease:3.10.0-327.el7.x86_64
[ root@linuxprobe ~]# vi /etc/salt/master
# line 12: uncomment
default_include: master.d/*.conf
[ root@linuxprobe ~]# mkdir /etc/salt/master.d
[ root@linuxprobe ~]# vi /etc/salt/master.d/nodegroups.conf
# create new
# group_org :
# group_os : specify OS is CentOS
nodegroups:
group_org: '[email protected],vdevops.org'
group_os: 'G@os:CentOS'
[ root@linuxprobe ~]# systemctl restart salt-master
# run to a target group_os
[ root@linuxprobe master.d]# salt -N 'group_os' cmd.run 'hostname'
vdevops.org:
vdevops.org
linuxprobe.org:
linuxprobe.org
Saltstackを学習し、Saltを使用するには、Salt状態ファイルの構成方法を学ぶことが非常に重要です。状態ファイルはyaml形式で記述されています。
[ root@linuxprobe ~]# vi /etc/salt/master
# line 417: uncomment and define root directory
file_roots:
base:-/srv/salt
[ root@linuxprobe ~]# mkdir /srv/salt
状態ファイルをルートディレクトリに配置するには、saltコマンドを使用して構成をMinionsに適用します。次の例では、wgetパッケージをMinionsにインストールします。
# ( any file name).sls
[ root@linuxprobe ~]# vi /srv/salt/default.sls
# create newinstall_wget:
pkg.installed:- name: wget
[ root@linuxprobe ~]# salt "vdevops.org" state.sls default
vdevops.org:----------
ID: install_wget
Function: pkg.installed
Name: wget
Result: True
Comment: The following packages were installed/updated: wget
Started:18:54:59.514712
Duration:14193.327 ms
Changes:----------
wget:----------new:1.14-10.el7_0.1
old:
Summary
------------
Succeeded:1(changed=1)
Failed:0------------
Total states run:1
# 確認
[ root@linuxprobe ~]# salt "vdevops.org" cmd.run 'rpm -q wget'
vdevops.org:
wget-1.14-10.el7_0.1.x86_64
状態ツリーの構成例
root@linuxprobe ~]# vi /srv/salt/top.sls
base:
# define target Minions
'*':
# define the name of State file
- default
# create State file defined in Top File
[ root@linuxprobe ~]# vi /srv/salt/default.sls
# for example, Install and start httpd and MariaDB and also install PHP
webserver:
pkg.installed:- pkgs:- httpd
- php
- php-mbstring
- php-pear
- mariadb-server
/var/www/html/index.php:
file:- managed
- source: salt://httpd/index.php
- require:- pkg: webserver
# initial setup script
/tmp/setup.sql:
file:- managed
- source: salt://httpd/setup.sql
enable_httpd:
service.running:- name: httpd
- enable: True
- require:- pkg: webserver
enable_mariadb:
service.running:- name: mariadb
- enable: True
- require:- pkg: webserver
setup_mariadb:
cmd.run:- name:'/bin/mysql -u root < /tmp/setup.sql'- require:- service: enable_mariadb
# if Firewalld is running, configure services
{ %set fw_status = salt['service.status']('firewalld')%}{%if fw_status %}
setup_fw:
cmd.run:- names:-'/bin/firewall-cmd --add-service={http,https,mysql}'-'/bin/firewall-cmd --add-service={http,https,mysql} --permanent'{% endif %}
# create index.php template
[ root@linuxprobe ~]# mkdir /srv/salt/httpd
[ root@linuxprobe ~]# vi /srv/salt/httpd/index.php
<? php
print "Salt State Test Page\n";?>
# create MariaDB initial setup script
[ root@linuxprobe ~]# vi /srv/salt/httpd/setup.sql
set password for root@localhost=password('password');set password for root@'127.0.0.1'=password('password');deletefrom mysql.user where user='';deletefrom mysql.user where password='';
drop database test;
[ root@linuxprobe ~]# salt "*" state.apply test=True
vdevops.org:----------
cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql}--permanent_|-run:----------
__ run_num__:7
changes:----------
comment:
Command "/bin/firewall-cmd --add-service={http,https,mysql} --permanent" would have been executed
duration:0.198
name:/bin/firewall-cmd --add-service={http,https,mysql}--permanent
result:
None
start_time:19:09:39.481991
cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql}_|-run:----------
__ run_num__:6
changes:----------
comment:
Command "/bin/firewall-cmd --add-service={http,https,mysql}" would have been executed
duration:0.328
name:/bin/firewall-cmd --add-service={http,https,mysql}
result:
None
start_time:19:09:39.481608
cmd_|-setup_mariadb_|-/bin/mysql -u root </tmp/setup.sql_|-run:...
# エラー実行なし
[ root@linuxprobe ~]# salt "*" state.apply
[ root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status httpd'
vdevops.org:* httpd.service - The Apache HTTP Server
Loaded:loaded(/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active:active(running) since Tue 2016-11-1519:11:41 CST; 20min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID:3261(httpd)
Status:"Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup:/system.slice/httpd.service
|- 3261 /usr/sbin/httpd -DFOREGROUND
|- 3262 /usr/sbin/httpd -DFOREGROUND
|- 3263 /usr/sbin/httpd -DFOREGROUND
|- 3264 /usr/sbin/httpd -DFOREGROUND
|- 3265 /usr/sbin/httpd -DFOREGROUND
`- 3266 /usr/sbin/httpd -DFOREGROUND
Nov 15 19:11:41 vdevops.org systemd[1]: Starting The Apache HTTP Server...
Nov 15 19:11:41 vdevops.org httpd[3261]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using vdevops.org. Set the 'ServerName' directive globally to suppress this message
Nov 15 19:11:41 vdevops.org systemd[1]: Started The Apache HTTP Server.
[ root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status mariadb'
vdevops.org:
* mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2016-11-15 19:11:45 CST; 21min ago
Main PID: 3397 (mysqld_safe)
CGroup: /system.slice/mariadb.service
|- 3397 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
`- 3554 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: The latest information about MariaDB is available at http://mariadb.org/.
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: You can find additional information about the MySQL part at:
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://dev.mysql.com
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Support MariaDB development by buying support/newfeaturesfrom MariaDB
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Corporation Ab. You can contact us about this at [email protected].
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Alternatively consider joining our community based development effort:
Nov 1519:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/
Nov 1519:11:42 vdevops.org mysqld_safe[3397]:16111519:11:42 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Nov 1519:11:42 vdevops.org mysqld_safe[3397]:16111519:11:42 mysqld_safe Starting mysqld daemon with databases from/var/lib/mysql
Nov 1519:11:45 vdevops.org systemd[1]: Started MariaDB database server.
# phpページをテストする
[ root@linuxprobe ~]# curl http://vdevops.org/index.php
Salt State Test Page
[ root@linuxprobe ~]# salt-cp '*' anaconda-ks.cfg /tmp/{'vdevops.org':{'/tmp/anaconda-ks.cfg': True}}
Recommended Posts