Saltstack帮助说明 SaltStack@Master: salt-key -hActions:-l ARG, --list=ARG 显示指定状态的key(支持正则表-L, --list-all 显示所有public keys-a ACCEPT, --accept=ACCEPT 接受指定等待认证的key(-A, --accept-all 接受所有等待认证的key-r REJECT, --reject=REJECT 拒绝指定等待认证的key(-R, --reject-all 拒绝所有等待认证的key--include-all 显示所有状态的key(包含-p PRINT, --print=PRINT 打印指定的public key(-P, --print-all 打印所有的public key-d DELETE, --delete=DELETE 删除指定key-D, --delete-all 删除所有的key-f FINGER, --finger=FINGER 显示指定key的指纹信息-F, --finger-all 显示所有key的指纹信息Options:--version 查看SaltStack程序的版本号--versions-report 查看SaltStack程序以及依赖包的版本号-h, --help 查看帮助信息-c CONFIG_DIR, --config-dir=CONFIG_DIR 指定配置文件目录-t TIMEOUT, --timeout=TIMEOUT 指定Timeout时间(默认是5s)--hard-crash 捕捉到original异常不退出(默认关闭-s, --static 以组的形式返回所有Minion的数据--async 异步执行-v, --verbose verbose模式--show-timeout 显示minion timeout状态--show-jid 显示任务jid-b BATCH, --batch=BATCH 按照百分比执行任务-a EAUTH, --auth=EAUTH, --eauth=EAUTH, --external-auth=指定外部认证方式-T, --make-token 生成Master token--return=RETURNER 指定SaltStack return-d, --doc 查看指定模块或者所有模块文档--args-separator=ARGS_SEPARATOR 设置多个传参直接分隔符--summary 显示汇总信息--username=USERNAME 指定外部认证用户名--password=PASSWORD 指定外部认证密码所有日志相关参数：Logging Options:-l LOG_LEVEL, --log-level=LOG_LEVEL 指定日志级别--log-file=LOG_FILE 指定日志记录文件所有操作目标参数：Target Options:-E, --pcre 正则匹配-L, --list 列表匹配-G, --grain grains匹配--grain-pcre grains加正则匹配-N, --nodegroup 组匹配-R, --range 范围匹配-C, --compound 综合匹配(指定多个匹配)-I, --pillar pillar值匹配-S, --ipcidr minions网段地址匹配所有输出参数：Output Options:--out=OUTPUT, --output=OUTPUT 指定输出格式--out-file=OUTPUT_FILE 指定输出文件--no-color, --no-colour 关闭所有颜色显示--force-color, --force-colour 强制输出颜色显示--state-output=STATE_OUTPUT 指定states输出格式SaltStack@Minion: rpm -ql salt-minion/etc/rc.d/init.d/salt-minion #salt minion服务启动脚本/etc/salt/minion #salt minion配置文件/usr/bin/salt-call #salt call拉取命令/usr/bin/salt-minion #salt minion 服务命令salt命令的output与log的相关参数。SaltStack@Minion: salt-call -hOptions:--version 查看SaltStack程序的版本号--versions-report 查看SaltStack程序以及依赖包的版本号-h, --help 查看帮助信息-c CONFIG_DIR, --config-dir=CONFIG_DIR 指定配置文件目录--hard-crash 扑捉到original异常不退出(默认关闭-g, --grains 返回的信息生成grains-m MODULE_DIRS, --module-dirs=MODULE_DIRS 指定自定义模块目-d, --doc, --documentation 查看指定模块或者所有模块文档--master=MASTER 指定SaltStack Master--return=RETURNER 指定SaltStack return--local 运行masterless模式--file-root=FILE_ROOT 指定file-root目录--pillar-root=PILLAR_ROOT 指定pillar-root目录--retcode-passthrough 显示salt-call命令返回状态--metadata 打印metadata信息--id=ID 指定一个minion ID--skip-grains 不加载grains信息--refresh-grains-cache 强制刷新grains信息·max_open_files——可以根据Master将Minion数量进行适当的调整。·timeout——可以根据Master和Minion的网络状况适当调整。·auto_accept和autosign_file——在大规模部署Minion的时候可以设置自动签证。.max_open_files——可以根据Master将Minion数量进行适当的调整。·timeout——可以根据Master和Minion的网络状况适当调整。·auto_accept和autosign_file——在大规模部署Minion的时候可以设置自动签证。

saltstack配置文件的模块简单写法 配置文件的模块写法[root@master init]# cat zabbix_agent.sls zabbix_agent: pkg.installed: - names: - zabbix22-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - user: root - group: root - mode: 644 service.running: - name: zabbix-agentd - enable: True - reload: True - watch: - file: zabbix_agent 如上！比如我们修改的是zabbix_agentd.conf中的Server=10.0.0.22则，只需要将zabbix_agentd.conf的server端定义变量即可Server={{Zabbix_Server}} 如下：template: zabbixjinjiadefaults: Zabbix_Server: {{ pillar'zabbix-agent' }}如下：[root@master init]# pwd /etc/salt/status/init [root@master init]# [root@master init]# vim zabbix_agent.sls zabbix_agent: pkg.installed: - names: - zabbix22-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - user: root - group: root - mode: 644 - template: jinja - defaults: Zabbix_Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} service.running: - name: zabbix-agentd - enable: True - reload: True - watch: - file: zabbix_agent 而后创建在pillar下zabbix_agent.sls[root@master init]# pwd /etc/salt/pillar/init [root@master init]# [root@master init]# cat zabbix_agent.sls zabbix-agent: Zabbix_Server: 10.0.0.222 注意：Zabbix_Server: 10.0.0.222 ------>对应status/init下的zabbix_agent中的Zabbix_Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}的'Zabbix_Server'而后在pillar下的top.sls中添加- init.zabbix_agent[root@master pillar]# vim top.sls [root@master pillar]# pwd /etc/salt/pillar [root@master pillar]# cat top.sls base: '*': - init.rsyslog - init.zabbix_agent [root@master pillar]# 执行结果如下：[root@master init]# salt '*' state.highstate minion.23.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 08:19:01.343078 Duration: 677.19 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nginx Result: True Comment: Package nginx is already installed. Started: 08:19:02.020432 Duration: 0.443 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 08:19:02.020936 Duration: 0.248 ms Changes: ---------- ID: zabbix_agent Function: pkg.installed Name: zabbix22-agent Result: True Comment: Package zabbix22-agent is already installed. Started: 08:19:02.021242 Duration: 0.248 ms Changes: ---------- ID: zabbix_agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: True Comment: File /etc/zabbix_agentd.conf updated Started: 08:19:02.023524 Duration: 12.842 ms Changes: ---------- diff: --- +++ @@ -84,7 +84,7 @@ # Server= #Server=127.0.0.1 -Server=10.0.0.22 +Server=10.0.0.222 ### Option: ListenPort # Agent will listen on this port for connections from the server. ---------- ID: zabbix_agent Function: service.running Name: zabbix-agentd Result: True Comment: Service reloaded Started: 08:19:02.065563 Duration: 178.509 ms Changes: ---------- zabbix-agentd: True Summary ------------ Succeeded: 6 (changed=2) Failed: 0 ------------ Total states run: 6 第二种修改方式： - template: jinja - defaults: Zabbix_Server: {{ pillar['Zabbix_Server'] }} 如下：[root@master init]# pwd /etc/salt/status/init [root@master init]# [root@master init]# vim zabbix_agent.sls zabbix_agent: pkg.installed: - names: - zabbix22-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - user: root - group: root - mode: 644 - template: jinja - defaults: Zabbix_Server: {{ pillar['Zabbix_Server'] }} service.running: - name: zabbix-agentd - enable: True - reload: True - watch: - file: zabbix_agent [root@master init]# pwd /etc/salt/status/init [root@master init]# 注释掉#zabbix-agent:，修改下ip以示区别[root@master init]# vim ../../pillar/init/zabbix_agent.sls #zabbix-agent: Zabbix_Server: 10.0.0.111------------------>key是和zabbix_agentd中的一样 跑一边查看！已经OK[root@master init]# salt '*' state.highstate minion.23.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 08:23:42.171235 Duration: 686.816 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nginx Result: True Comment: Package nginx is already installed. Started: 08:23:42.858330 Duration: 0.674 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 08:23:42.859121 Duration: 0.274 ms Changes: ---------- ID: zabbix_agent Function: pkg.installed Name: zabbix22-agent Result: True Comment: Package zabbix22-agent is already installed. Started: 08:23:42.859455 Duration: 0.267 ms Changes: ---------- ID: zabbix_agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: True Comment: File /etc/zabbix_agentd.conf updated Started: 08:23:42.862150 Duration: 9.588 ms Changes: ---------- diff: --- +++ @@ -84,7 +84,7 @@ # Server= #Server=127.0.0.1 -Server=10.0.0.222 +Server=10.0.0.111 ### Option: ListenPort # Agent will listen on this port for connections from the server. ---------- ID: zabbix_agent Function: service.running Name: zabbix-agentd Result: True Comment: Service reloaded Started: 08:23:42.898476 Duration: 170.457 ms Changes: ---------- zabbix-agentd: True Summary ------------ Succeeded: 6 (changed=2) Failed: 0 ------------ Total states run: 6 第三种方法！Zabbix_Server:直接填写IP即可！zabbix_agent: pkg.installed: - names: - zabbix22-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - user: root - group: root - mode: 644 - template: jinja - defaults: Zabbix_Server: 10.0.0.33 service.running: - name: zabbix-agentd - enable: True - reload: True - watch: - file: zabbix_agent 目录结构如下：[root@master salt]# tree . ├── master ├── minion ├── minion.d │   └── _schedule.conf ├── pillar │   ├── init │   │   ├── rsyslog.sls │   │   └── zabbix_agent.sls │   └── top.sls ├── pki │   ├── master │   │   ├── master.pem │   │   ├── master.pub │   │   ├── minions │   │   │   ├── master.22.com │   │   │   ├── minion.21.com │   │   │   └── minion.23.com │   │   ├── minions_autosign │   │   ├── minions_denied │   │   ├── minions_pre │   │   └── minions_rejected │   └── minion │   ├── minion_master.pub │   ├── minion.pem │   └── minion.pub ├── services │   └── dev └── status ├── init │   ├── files │   │   └── zabbix_agentd.conf │   ├── pkg.sls │   └── zabbix_agent.sls └── top.sls

saltstack配置管理（1） 配置管理！安装zabbix-agent如：zabbix-agent: pkg.installed: - name: zabbix-agent 上面安装的zabbix-agent也可以这样来写zabbix-agent: pkg.installed 例：安装zabbix-agenthttp://docs.saltstack.cn/zh_CN/latest/ref/states/all/salt.states.file.html#module-salt.states.file安装包zabbix_agent: pkg.installed: - name: zabbix22-agent 配置文件file.managed: - name: /etc/zabbix_agent.conf--------------------------->minion端文件 - source: salt://init/files/zabbix_agentd.conf----------->master端文件位置 - user: root - group: root - mode: 644 启动服务 service.running: - name: zabbix_agentd - enable: True------------------------------------------>开机启动 - reload: True------------------------------------------>配置更新后reload， 注意：”不添加reload有可能自己进行restart 如下：[root@master init]# cat zabbix_agent.sls zabbix_agent: pkg.installed: - name: zabbix22-agent file.managed: - name: /etc/zabbix_agent.conf - source: salt://init/files/zabbix_agentd.conf - user: root - group: root - mode: 644 service.running: - name: zabbix_agentd - enable: True - reload: True [root@master init]# [root@master init]# mkdir -p /etc/salt/status/init/files [root@master files]# pwd /etc/salt/status/init/files 复制一个zabbix_agent配置文件[root@master files]# scp 10.0.0.23:/etc/zabbix_agent.conf ./ [root@master files]# pwd /etc/salt/status/init/files [root@master files]# [root@master files]# vim zabbix_agent.conf Server=192.168.233.130 将zabbix_agent.sls定义到top.sls中，top执行完不需要重启[root@master files]# vim /etc/salt/status/top.sls base: 'm*.*.com': - match: pcre - init.pkg - init.zabbix_agent 添加完毕后，测试'minion.23.com'上[root@master init]# salt 'minion.23.com' state.highstate test=True minion.23.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 06:41:07.461557 Duration: 659.368 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nginx Result: True Comment: Package nginx is already installed. Started: 06:41:08.121087 Duration: 0.394 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 06:41:08.121537 Duration: 0.236 ms Changes: ---------- ID: zabbix_agent Function: pkg.installed Name: zabbix22-agent Result: True Comment: Package zabbix22-agent is already installed. Started: 06:41:08.121869 Duration: 0.249 ms Changes: ---------- ID: zabbix_agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: None Comment: The file /etc/zabbix_agentd.conf is set to be changed Started: 06:41:08.124101 Duration: 7.601 ms Changes: ---------- diff: --- +++ @@ -78,7 +78,8 @@ # Default: # Server= -Server=127.0.0.1 +#Server=127.0.0.1 +Server=10.0.0.22 ### Option: ListenPort # Agent will listen on this port for connections from the server. ---------- ID: zabbix_agent Function: service.running Name: zabbix_agentd Result: False Comment: The named service zabbix_agentd is not available Started: 06:41:08.132359 Duration: 6.232 ms Changes: Summary ------------ Succeeded: 5 (unchanged=1, changed=1) Failed: 1 ------------ Total states run: 6 [root@master init]# 正式的执行：[root@master init]# salt '*' state.highstate minion.23.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 07:04:32.096445 Duration: 674.256 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nginx Result: True Comment: Package nginx is already installed. Started: 07:04:32.770899 Duration: 0.407 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 07:04:32.771405 Duration: 0.236 ms Changes: ---------- ID: zabbix_agent Function: pkg.installed Name: zabbix22-agent Result: True Comment: Package zabbix22-agent is already installed. Started: 07:04:32.771696 Duration: 0.303 ms Changes: ---------- ID: zabbix_agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: True Comment: File /etc/zabbix_agentd.conf updated Started: 07:04:32.774071 Duration: 6.959 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: zabbix_agent Function: service.running Name: zabbix-agentd Result: True Comment: Service zabbix-agentd has been enabled, and is running Started: 07:04:32.781431 Duration: 114.562 ms Changes: ---------- zabbix-agentd: True Summary ------------ Succeeded: 6 (changed=2) Failed: 0 [root@master init]# 使用service查看[root@master init]# salt '*' service.status zabbix-agent minion.21.com: True minion.23.com: True master.22.com: True [root@master init]# 3台机器已经全部安装并且允许当文件有变动则进行reload需要添加watch- watch: - file: zabbix_agent 如下：[root@master init]# cat zabbix_agent.sls zabbix_agent: pkg.installed: - names: - zabbix22-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - user: root - group: root - mode: 644 service.running: - name: zabbix-agentd - enable: True - reload: True - watch: - file: zabbix_agent 而后修改/init/files/zabbix_agentd.conf中任意的文件，以示区分注意：这里的reload是手动修改reload成restart才可以reload的！[root@master init]# salt '*' state.highstate minion.23.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 07:23:39.333600 Duration: 829.029 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nginx Result: True Comment: Package nginx is already installed. Started: 07:23:40.162791 Duration: 0.433 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 07:23:40.163276 Duration: 0.252 ms Changes: ---------- ID: zabbix_agent Function: pkg.installed Name: zabbix22-agent Result: True Comment: Package zabbix22-agent is already installed. Started: 07:23:40.163586 Duration: 0.217 ms Changes: ---------- ID: zabbix_agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: True Comment: File /etc/zabbix_agentd.conf updated Started: 07:23:40.165805 Duration: 12.912 ms Changes: ---------- diff: --- +++ @@ -77,12 +77,12 @@ # Mandatory: no # Default: # Server= - -#Server=127.0.0.1 -#Server=127.0.0.1 -#Server=127.0.0.1 -#Server=127.0.0.1 -#Server=127.0.0.1 +# Server= +# Server= +# Server= +# Server= +# Server= + #Server=127.0.0.1 Server=10.0.0.22 ---------- ID: zabbix_agent Function: service.running Name: zabbix-agentd Result: True Comment: Service reloaded Started: 07:23:40.206135 Duration: 191.221 ms Changes: ---------- zabbix-agentd: True Summary ------------ Succeeded: 6 (changed=2) Failed: 0 ------------ Total states run: 6

saltstack自定义Grains 自定义Grains:定义到配置文件！[root@minion1 ~]# vim /etc/salt/minion grains: roles: nginx env: prod [root@minion1 ~]# /etc/init.d/salt-minion restart Stopping salt-minion daemon: [FAILED] Starting salt-minion daemon: master[root@master ~]# salt -G 'env:prod' test.ping minion.23.com: True [root@master ~]# salt -G 'roles:nginx' test.ping minion.23.com: True [root@master ~]# 定义到/etc/salt/grains,在/etc/salt/grains键入cloud: saltstackminion [root@minion1 ~]# cat /etc/salt/grains cloud: saltstack [root@minion1 ~]# /etc/init.d/salt-minion restart Stopping salt-minion daemon: [ OK ] Starting salt-minion daemon: [ OK ] [root@minion1 ~]# master端在可以找到有值的服务器执行相关的操作[root@master ~]# salt -G 'cloud:saltstack' test.ping minion.23.com: True [root@master ~]# 如：远程启动所有安装了nginx的机器，这里的环境只在minion.23.com安装[root@minion1 ~]# vim /etc/salt/grains cloud: saltstack cloud: nginx [root@minion1 ~]# /etc/init.d/salt-minion restart Stopping salt-minion daemon: [ OK ] Starting salt-minion daemon: [ OK ] master端[root@master ~]# salt -G 'roles:nginx' service.start nginx minion.23.com: True [root@master ~]# minion端：[root@minion1 ~]# service nginx status nginx (pid 2459) is running... [root@minion1 ~]# 同步：saltutil.sync_grains例如：在minion上添加一条cloud: httpd（事实上这里没有安装）。不重启服务，使用saltutil.sync_grains刷新即可，如下：[root@minion1 ~]# vim /etc/salt/grains cloud: nginx cloud: httpd master端第一次执行[root@master ~]# salt -G 'cloud:httpd' test.ping No minions matched the target. No command was sent, no jid was assigned. ERROR: No return received 同步后执行正常[root@master ~]# salt '*' saltutil.sync_grains master.22.com: minion.23.com: minion.21.com: [root@master ~]# salt -G 'cloud:httpd' test.ping minion.23.com: True [root@master ~]# -G：目标里面使用grains在top中的使用！在master的top.sls中添加： 'roles:nginx': - match: grain - init.pkg 在所有的定义过grains ，并且grains中有nginx的机器上，执行init.pkg的动作！添加如下：[root@master ~]# vim /etc/salt/status/top.sls base: 'm*.*.com': - match: pcre - init.pkg 'roles:nginx': - match: grain - init.pkg

Saltstack数据系统初探 Saltstack数据系统Grains:静态数据当minion启动，收集服务器所有信息保存，在后面进行调用，如果需要设备变动则需要重启进行收集信息Pillargrains.items可查看服务器的详细信息，也可以分别刷选[root@master ~]# salt 'minion.23.com' grains.items minion.23.com: ---------- SSDs: biosreleasedate: 05/20/2014 biosversion: 6.00 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce cpu_model: Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz cpuarch: x86_64 domain: fqdn: minion1 fqdn_ip4: - 180.168.41.175 fqdn_ip6: gpus: |_ ---------- model: SVGA II Adapter vendor: unknown host: minion1 hwaddr_interfaces: ---------- eth1: 00:0c:29:77:21:16 lo: 00:00:00:00:00:00 id: minion.23.com init: upstart ip4_interfaces: ---------- eth1: - 10.0.0.23 lo: - 127.0.0.1 ip6_interfaces: ---------- eth1: - fe80::20c:29ff:fe77:2116 lo: - ::1 ip_interfaces: ---------- eth1: - 10.0.0.23 - fe80::20c:29ff:fe77:2116 lo: - 127.0.0.1 - ::1 ipv4: - 10.0.0.23 - 127.0.0.1 ipv6: - ::1 - fe80::20c:29ff:fe77:2116 kernel: Linux kernelrelease: 2.6.32-504.el6.x86_64 locale_info: ---------- defaultencoding: UTF8 defaultlanguage: en_US detectedencoding: UTF-8 localhost: minion1 lsb_distrib_codename: Final lsb_distrib_id: CentOS lsb_distrib_release: 6.6 machine_id: 2ed4a92704e1ebf06cf1c9f80000000b manufacturer: VMware, Inc. master: 10.0.0.22 mdadm: mem_total: 980 nodename: minion1 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: Final osfinger: CentOS-6 osfullname: CentOS osmajorrelease: 6 osrelease: 6.6 osrelease_info: - 6 - 6 path: /sbin:/usr/sbin:/bin:/usr/bin productname: VMware Virtual Platform ps: ps -efH pythonexecutable: /usr/bin/python2.6 pythonpath: - /usr/bin - /usr/lib64/python26.zip - /usr/lib64/python2.6 - /usr/lib64/python2.6/plat-linux2 - /usr/lib64/python2.6/lib-tk - /usr/lib64/python2.6/lib-old - /usr/lib64/python2.6/lib-dynload - /usr/lib64/python2.6/site-packages - /usr/lib64/python2.6/site-packages/gst-0.10 - /usr/lib64/python2.6/site-packages/gtk-2.0 - /usr/lib64/python2.6/site-packages/webkit-1.0 - /usr/lib/python2.6/site-packages pythonversion: - 2 - 6 - 6 - final - 0 saltpath: /usr/lib/python2.6/site-packages/salt saltversion: 2015.5.5 saltversioninfo: - 2015 - 5 - 5 - 0 selinux: ---------- enabled: False enforced: Disabled serialnumber: VMware-56 4d 67 7b b3 c5 57 53-89 4d 88 a7 38 77 21 16 server_id: 1982461425 shell: /bin/sh virtual: VMware zmqversion: 3.2.5 [root@master ~]# 分别刷选[root@master ~]# salt 'minion.23.com' grains.item os minion.23.com: ---------- os: CentOS [root@master ~]# 键值显示[root@master ~]# salt 'minion.23.com' grains.ls minion.23.com: - SSDs - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - domain - fqdn [root@master ~]# get取值[root@master ~]# salt 'minion.23.com' grains.get os minion.23.com: CentOS [root@master ~]# salt 'minion.23.com' grains.item os minion.23.com: ---------- os: CentOS [root@master ~]# -G过滤os为centos的机器[root@master ~]# salt -G 'os:CentOS' test.ping master.22.com: True minion.21.com: True minion.23.com: True [root@master ~]# minion1是minion.23.com的主机名，一般情况下主机名和id一致[root@master ~]# salt 'minion.23.com' grains.get fqdn minion.23.com: minion1 [root@master ~]# salt -G 'fqdn:minion1' test.ping minion.23.com: True [root@master ~]#

saltstack的master_job_cache特性 master_job_cache特性当结果返回，master可以将结果缓存至数据库，并不需要另外安装MySQL-pythonmysql数据库的一个库和三张表需要创建在配置文件添加master_job_cache: mysql后，清空表测试！[root@master ~]# vim /etc/salt/master mysql.host: '10.0.0.7' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 master_job_cache: mysql 清空表！mysql> truncate table salt_returns; Query OK, 0 rows affected (0.02 sec) mysql> select * from salt_returns\G Empty set (0.00 sec) 重启master[root@master ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定] [root@master ~]# 再次执行一条任何命令，数据库将会出现数据[root@master ~]# salt '*' cmd.run 'df -h' minios.10.0.0.8.com: Filesystem Size Used Avail Use% Mounted on /dev/sda2 18G 2.6G 14G 16% / tmpfs 491M 12K 491M 1% /dev/shm /dev/sda1 283M 28M 240M 11% /boot minion-node20.10.0.0.20.com: Filesystem Size Used Avail Use% Mounted on /dev/sda2 18G 2.6G 14G 16% / tmpfs 238M 12K 238M 1% /dev/shm /dev/sda1 283M 28M 240M 11% /boot [root@master ~]# 如下:mysql> select * from salt_returns\G *************************** 1. row *************************** fun: cmd.run jid: 20151212005049266326 return: "Filesystem Size Used Avail Use% Mounted on\n/dev/sda2 18G 2.6G 14G 16% /\ntmpfs 491M 12K 491M 1% /dev/shm\n/dev/sda1 283M 28M 240M 11% /boot" id: minios.10.0.0.8.com success: 1 full_ret: {"fun_args": ["df -h"], "jid": "20151212005049266326", "return": "Filesystem Size Used Avail Use% Mounted on\n/dev/sda2 18G 2.6G 14G 16% /\ntmpfs 491M 12K 491M 1% /dev/shm\n/dev/sda1 283M 28M 240M 11% /boot", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2015-12-12T08:50:49.487996", "fun": "cmd.run", "id": "minios.10.0.0.8.com"} alter_time: 2015-12-12 00:50:49 *************************** 2. row *************************** fun: cmd.run jid: 20151212005049266326 return: "Filesystem Size Used Avail Use% Mounted on\n/dev/sda2 18G 2.6G 14G 16% /\ntmpfs 238M 12K 238M 1% /dev/shm\n/dev/sda1 283M 28M 240M 11% /boot" id: minion-node20.10.0.0.20.com success: 1 full_ret: {"fun_args": ["df -h"], "jid": "20151212005049266326", "return": "Filesystem Size Used Avail Use% Mounted on\n/dev/sda2 18G 2.6G 14G 16% /\ntmpfs 238M 12K 238M 1% /dev/shm\n/dev/sda1 283M 28M 240M 11% /boot", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2015-12-12T08:50:49.497892", "fun": "cmd.run", "id": "minion-node20.10.0.0.20.com"} alter_time: 2015-12-12 00:50:49 2 rows in set (0.00 sec)

saltstack返回信息写入数据库 返回将返回结果写入到mysql中master端需要安装MySQL-python和mysql-servermysql-server用来存储minion数据，MySQL-python用来收集数据master端：1.安装mysql-server和MySQL-pythonyum install MySQL-python mysql-server 2.创建表结构service mysqld start CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci； 如下：创建salt，在salt下添加jids和salt_returnsmysql> CREATE DATABASE `salt` -> DEFAULT CHARACTER SET utf8 -> DEFAULT COLLATE utf8_general_ci; Query OK, 1 row affected (0.00 sec) mysql> 3，在USE salt下创建js表USE salt;CREATE TABLE jids ( jid varchar(255) NOT NULL, load mediumtext NOT NULL, UNIQUE KEY jid (jid)) ENGINE=InnoDB DEFAULT CHARSET=utf8;如下：mysql> use salt; Database changed mysql> CREATE TABLE `jids` ( -> `jid` varchar(255) NOT NULL, -> `load` mediumtext NOT NULL, -> UNIQUE KEY `jid` (`jid`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.03 sec) mysql> 在USE salt下创建salt_returns表salt_events表CREATE TABLE salt_returns ( fun varchar(50) NOT NULL, jid varchar(255) NOT NULL, return mediumtext NOT NULL, id varchar(255) NOT NULL, success varchar(10) NOT NULL, full_ret mediumtext NOT NULL, alter_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY id (id), KEY jid (jid), KEY fun (fun)) ENGINE=InnoDB DEFAULT CHARSET=utf8;如下：mysql> CREATE TABLE `salt_returns` ( -> `fun` varchar(50) NOT NULL, -> `jid` varchar(255) NOT NULL, -> `return` mediumtext NOT NULL, -> `id` varchar(255) NOT NULL, -> `success` varchar(10) NOT NULL, -> `full_ret` mediumtext NOT NULL, -> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, -> KEY `id` (`id`), -> KEY `jid` (`jid`), -> KEY `fun` (`fun`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.02 sec) 创建salt_eventsmysql> CREATE TABLE `salt_events` ( -> `id` BIGINT NOT NULL AUTO_INCREMENT, -> `tag` varchar(255) NOT NULL, -> `data` varchar(1024) NOT NULL, -> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, -> PRIMARY KEY (`id`), -> KEY `tag` (`tag`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.03 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) 授权mysql> grant all on slat.* to salt@'%' identified by 'salt'; Query OK, 0 rows affected (0.00 sec) 测试，这里没有授权localhost，使用-h主机ip登录测试，查看[root@master ~]# mysql -u salt -p -h 10.0.0.7 Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | salt | | test | +--------------------+ 3 rows in set (0.00 sec) mysql> use salt; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +----------------+ | Tables_in_salt | +----------------+ | jids | | salt_events | | salt_returns | +----------------+ 3 rows in set (0.00 sec) minion端：yum -y install MySQL-python 修改minion配置文件[root@master ~]# vim /etc/salt/minion mysql.host: '10.0.0.7' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 [root@master ~]# /etc/init.d/salt-minion restart 测试：在master执行：salt '*' test.ping --return mysql 查看数据库是否写入值如下所示：mysql> select * from salt_returns\G *************************** 1. row *************************** fun: test.ping jid: 20151212003833932291 return: true id: minion-node11.10.0.0.11.com success: 1 full_ret: {"fun_args": [], "jid": "20151212003833932291", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "minion-node11.10.0.0.11.com"} alter_time: 2015-12-12 00:38:34 *************************** 2. row *************************** fun: test.ping jid: 20151212004045681725 return: true id: minion-node20.10.0.0.20.com success: 1 full_ret: {"fun_args": [], "jid": "20151212004045681725", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "minion-node20.10.0.0.20.com"} alter_time: 2015-12-12 00:40:45 *************************** 3. row *************************** fun: test.ping jid: 20151212004045681725 return: true id: minios.10.0.0.8.com

saltstack之service/cp/get/file模块初探 模块salt -d 所有的模块参数disk.usage 磁盘模块[root@master ~]# salt '*' disk.usage minion-node07.10.0.0.07.com: ---------- /: ---------- 1K-blocks: 18208184 available: 14663688 capacity: 16% filesystem: /dev/sda2 used: 2612912 /boot: ---------- 1K-blocks: 289293 available: 245456 capacity: 11% filesystem: /dev/sda1 used: 28477 /dev/shm: ---------- 1K-blocks: 502176 available: 502160 capacity: 1% filesystem: tmpfs used: 16 minios.10.0.0.8.com: ---------- /: ---------- 1K-blocks: 18208184 available: 14605476 capacity: 16% filesystem: /dev/sda2 used: 2671124 /boot: ---------- 1K-blocks: 289293 available: 245456 capacity: 11% filesystem: /dev/sda1 used: 28477 /dev/shm: ---------- 1K-blocks: 502176 available: 502164 capacity: 1% filesystem: tmpfs used: 12 minion-node11.10.0.0.11.com: ---------- /: ---------- 1K-blocks: 18208184 available: 14665968 capacity: 16% filesystem: /dev/sda2 used: 2610632 /boot: ---------- 1K-blocks: 289293 available: 245456 capacity: 11% filesystem: /dev/sda1 used: 28477 /dev/shm: ---------- 1K-blocks: 243112 available: 243100 capacity: 1% filesystem: tmpfs used: 12 [root@master ~]# hosts，需要主机名能够ping通[root@master ~]# salt '*' hosts.get_ip master.com minion-node07.10.0.0.07.com: minios.10.0.0.8.com: minion-node11.10.0.0.11.com: [root@master ~]# service模块，远程查看服务[root@master ~]# salt '*' service.get_all minios.10.0.0.8.com: - NetworkManager - abrt-ccpp - abrt-oops - abrtd - acpid - atd - auditd - blk-availability - bluetooth - control-alt-delete - cpuspeed -省略一千字 minion-node11.10.0.0.11.com: - NetworkManager - abrt-ccpp - abrt-oops - abrtd - acpid - atd - auditd - blk-availability - bluetooth - control-alt-delete - cpuspeed - crond -省略一千字 minion-node07.10.0.0.07.com: - NetworkManager - abrt-ccpp - abrt-oops - abrtd - acpid - atd - auditd -省略一千字 [root@master ~]# service.restart重启某服务1,查看状态 [root@master ~]# salt '*' service.status nginx minios.10.0.0.8.com: False minion-node07.10.0.0.07.com: False minion-node11.10.0.0.11.com: False 2，启动服务 [root@master ~]# salt '*' service.start nginx minios.10.0.0.8.com: True minion-node07.10.0.0.07.com: True minion-node11.10.0.0.11.com: True 3，停止服务 [root@master ~]# salt '*' service.stop nginx minios.10.0.0.8.com: True minion-node07.10.0.0.07.com: True minion-node11.10.0.0.11.com: True 4，再来查看已经被停止 [root@master ~]# salt '*' service.status nginx minios.10.0.0.8.com: False minion-node11.10.0.0.11.com: False minion-node07.10.0.0.07.com: False [root@master ~]# file模块hash对比，salt '*' file.check_hash /etc/issue.net md5：对比值如，我随便输入，则false[root@master ~]# salt '*' file.check_hash /etc/issue.net md5:111 minion-node07.10.0.0.07.com: False minion-node11.10.0.0.11.com: False minios.10.0.0.8.com: False [root@master ~]# 判断/etc/passwd文件是否存在[root@master ~]# salt '*' file.file_exists /etc/passwd minios.10.0.0.8.com: True minion-node07.10.0.0.07.com: True minion-node11.10.0.0.11.com: True [root@master ~]# salt-cp复制，把master的文件cp到客户端例如：1,将/etc/hosts文件复制到/etc/hosts[root@master ~]# salt-cp '*' /etc/hosts /etc/hosts {'minion-node07.10.0.0.07.com': {'/etc/hosts': True}, 'minion-node11.10.0.0.11.com': {'/etc/hosts': True}, 'minios.10.0.0.8.com': {'/etc/hosts': True}} 2,将/etc/hosts文件复制到/tmp/hosts[root@master ~]# salt-cp '*' /etc/hosts /tmp/hosts {'minion-node07.10.0.0.07.com': {'/tmp/hosts': True}, 'minion-node11.10.0.0.11.com': {'/tmp/hosts': True}, 'minios.10.0.0.8.com': {'/tmp/hosts': True}} 3,查看[root@master ~]# ll /tmp/hosts -rw-r--r-- 1 root root 198 12月 11 09:17 /tmp/hosts [root@master ~]#

saltstack正则简单匹配 远程执行第三功能，输出！可以写入到数据库里，文件里！匹配ID：正则表达式：不同的匹配方式需要加不同参数！-E：正则 -L：列出，多个用逗号分隔， -G: grain -N: 节点组 -R: 范围 -C：混合 -I：pillar -S: ipv4 子网掩码的形式 salt ‘*.doam.net’ test.ping--------匹配以*.doam.net的 salt ‘*.doam.*’ test.ping----------匹配中间为doam的 salt ‘web?.doam.*’ test.ping-------一个问号表示统配一个，多个表示通赔多个 salt ‘web[1-5]’ test.ping----------1-5,通赔以web开头的1-5的id salt ‘web[1，3]’ test.ping---------统配以web开头，1和3的id salt ‘web[x-z]’ test.ping----------统配以web开头，x到z结尾的id 如下：[root@master ~]# salt '*' test.ping minios.10.0.0.8.com: True [root@master ~]# salt '*.10.0.0.8.*' test.ping minios.10.0.0.8.com: True [root@master ~]# salt 'minios.10.0.0.8.*' test.ping minios.10.0.0.8.com: True 我们添加一台新的测试：[root@master ~]# salt-key Accepted Keys: minios.10.0.0.8.com Denied Keys: Unaccepted Keys: minion-node11.10.0.0.11.com Rejected Keys: [root@master ~]# salt-key -a minion-node11.10.0.0.11.com The following keys are going to be accepted: Unaccepted Keys: minion-node11.10.0.0.11.com Proceed? [n/Y] y Key for minion minion-node11.10.0.0.11.com accepted. [root@master ~]# salt-key Accepted Keys: minion-node11.10.0.0.11.com minios.10.0.0.8.com Denied Keys: Unaccepted Keys: Rejected Keys: [root@master ~]# salt '*' test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]# 匹配上面两个主机名：-E测试[root@master ~]# salt -E '(minios|minion-node11)'.10.0.0.*.com test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]# 修改top.sls下发测试[root@master ~]# vim /etc/salt/status/top.sls base: '(minios|minion-node11).10.0.0.*.com': ------->匹配以minios主机和minion-node11主机.10.0.0.*.com - match: pcre ------------------------------>正则表达式必选项 - init.pkg - init.conf ~ 执行前几章的安装包和配置文件[root@master ~]# salt '*' state.highstate minion-node11.10.0.0.11.com: ---------- ID: pkg.init Function: pkg.installed Name: sl Result: True Comment: The following packages were installed/updated: sl Started: 07:55:48.875688 Duration: 21309.13 ms Changes: ---------- sl: ---------- new: 5.02-1.el6 old: ---------- ID: conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf updated Started: 07:56:10.188457 Duration: 54.812 ms Changes: ---------- diff: --- +++ @@ -39,8 +39,8 @@ #<domain> <type> <item> <value> # -#* soft core 0 -#* hard rss 10000 +* soft core 0 +* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 @@ -48,3 +48,4 @@ #@student - maxlogins 4 # End of file +*-nofile65535 Summary ------------ Succeeded: 2 (changed=2) Failed: 0 ------------ Total states run: 2 minios.10.0.0.8.com: Minion did not return. [No response] -------------------->这里有问题，提示没有返回信息！暂时忽略他 [root@master ~]# ID号命名：角色-node1.业务(web).idc1.域名.com如：nginx-node1.web.idc1.linuxea.com以及IP地址也可-L [root@master ~]# salt -L 'minion-node11.10.0.0.11.com,minios.10.0.0.8.com' test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]# -S [root@master ~]# salt -S '10.0.0.0/24' test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]#

saltstack的master与minion认证及salt-key常用参数 minion认证[root@minion minion]# ll /etc/salt/pki/minion/ 总用量 12 -rw-r--r--. 1 root root 451 12月 8 06:11 minion_master.pub -r--------. 1 root root 1675 12月 8 05:56 minion.pem -rw-r--r--. 1 root root 451 12月 8 05:56 minion.pub [root@minion minion]# 而master端则是放在以下路径，这里的钥匙则是minion的，如果id名称换掉，则需要删掉重新认证：[root@master ~]# ll /etc/salt/pki/master/minions 总用量 4 -rw-r--r--. 1 root root 451 12月 8 06:09 minios.10.0.0.8.com [root@master ~]# master在minion秘钥位置[root@minion minion]# ll /etc/salt/pki/minion/minion_master.pub -rw-r--r--. 1 root root 451 12月 8 06:11 /etc/salt/pki/minion/minion_master.pub [root@minion minion]# 而master和minion是保持长链接的！[root@master ~]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 1124 root 12u IPv4 10089 0t0 TCP *:4505 (LISTEN) salt-mast 1124 root 14u IPv4 12365 0t0 TCP 10.0.0.7:4505->10.0.0.8:33079 (ESTABLISHED) [root@minion minion]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mini 1125 root 24u IPv4 10455 0t0 TCP 10.0.0.8:33079->10.0.0.7:4505 (ESTABLISHED) salt-kye参数1，删除：salt-key -d[root@master ~]# salt-key Accepted Keys: minios.10.0.0.8.com Denied Keys: Unaccepted Keys: 10.0.0.8 Rejected Keys: [root@master ~]# salt-key -d 10.0.0.8 The following keys are going to be deleted: Unaccepted Keys: 10.0.0.8 Proceed? [N/y] y Key for minion 10.0.0.8 deleted. [root@master ~]# salt-key Accepted Keys: minios.10.0.0.8.com Denied Keys: Unaccepted Keys: Rejected Keys: [root@master ~]# 2,-a :同意某一个主机-A :同意所有主机-d :删除-D :删除所有-l :列出所有如：查看时间：[root@master ~]# salt '*' cmd.run 'uptime' minios.10.0.0.8.com: 06:23:43 up 20 min, 1 user, load average: 0.00, 0.00, 0.00 [root@master ~]#