SaltStack实战

#安装

安装注意几点

python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64

yum install python-libs解决

yum的版本太低的话是会出现问题的

http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm

rpm –Uvh yum-3.2.29-69.el6.centos.noarch.rpm

Error:

问题:

file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64

解决:

[root@client ~]# yum install python-lib* -y

[root@client ~]# yum install salt-minion -y

问题:

Error: Package: yum-utils-1.1.30-30.el6.noarch (saltstack-repo)

Requires: yum >= 3.2.29-56

Installed: yum-3.2.29-40.el6.centos.noarch (@anaconda-CentOS-201303020151.x86_64/6.4)

yum = 3.2.29-40.el6.centos

解决:

[root@python ~]# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm

[root@python ~]# rpm -Uvh yum-3.2.29-69.el6.centos.noarch.rpm

warning: yum-3.2.29-69.el6.centos.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY

Preparing...                ########################################### [100%]

1:yum                    ########################################### [100%]

问题:

Error Downloading Packages:

python-ordereddict-1.1-2.el6.noarch: failure: python-ordereddict-1.1-2.el6.noarch.rpm from epel: [Errno 256] No more mirrors to try.

python-msgpack-0.4.6-1.el6.x86_64: failure: python-msgpack-0.4.6-1.el6.x86_64.rpm from epel: [Errno 256] No more mirrors to try.

解决:估计要使用黄灯FQ或者使用国内的源

[root@python yum.repos.d]# yum install  python-ordereddict* -y

yum install  python-ordereddict* -y

[root@master ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:C7:F1:FD

inet addr:10.0.0.7  Bcast:10.0.0.255  Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fec7:f1fd/64 Scope:Link

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:10368 errors:0 dropped:0 overruns:0 frame:0

TX packets:6210 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:9829001 (9.3 MiB)  TX bytes:478004 (466.8 KiB)

[root@master ~]# hostname

master

[root@master ~]# uname -a

Linux master 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[root@master ~]# yum install salt-master -y

Server

Client

#开启服务

[root@master ~]# service salt-master start

Starting salt-master daemon: [确定]

[root@master ~]# netstat –lanput

tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      2682/python2.6

tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      2691/python2.6

[root@master salt]# lsof -i:4505

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 2682 root   13u  IPv4  24479      0t0  TCP *:4505 (LISTEN)

[root@master salt]# lsof -i:4506

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 2691 root   21u  IPv4  24490      0t0  TCP *:4506 (LISTEN)

[root@master salt]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.0.10.7 drbd01 master.saltstack.com master

10.0.10.8 drbd02 minion.saltstack.com minion

[root@master salt]# salt-key

Accepted Keys:

Denied Keys:

Unaccepted Keys:

client

minion.saltstack.com

Rejected Keys:

[root@ client ~]# cd /etc/salt/

[root@ client salt]# pwd

/etc/salt

[root@ client salt]# ls

cloud           cloud.maps.d       master    minion.d 
roster

cloud.conf.d    cloud.profiles.d   master.d 
pki

cloud.deploy.d  cloud.providers.d  minion   
proxy

[root@minion salt]# grep
"^#\|^$" minion -v

master: 10.0.0.7

id: minion.saltstack.com

[root@minion salt]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4

::1         localhost localhost.localdomain
localhost6 localhost6.localdomain6

10.0.10.8 drbd02 minion.saltstack.com minion

10.0.10.7 drbd01 master.saltstack.com master

[root@client ~]# /etc/init.d/salt-minion restart

Starting salt-minion daemon: [确定]

#完成认证欢迎客户端的加入

[root@master salt]# salt-key -a
minion.saltstack.com

The following keys are going to be
accepted:

Unaccepted Keys:

minion.saltstack.com

Proceed? [n/Y] Y

Key for minion minion.saltstack.com
accepted.

[root@master salt]# salt-key

Accepted Keys:

minion.saltstack.com

Denied Keys:

Unaccepted Keys:

client

Rejected Keys:

#测试ping

#泛型

[root@master ~]# salt '*' test.ping

minion.saltstack.com:

True

#针对性

[root@master ~]# salt
'minion.saltstack.com' test.ping

minion.saltstack.com:

True

[root@master ~]# salt '*' cmd.run 'df -h'

minion.saltstack.com:

Filesystem            Size  Used Avail Use% Mounted on

/dev/sda3              12G  1.7G 
9.5G  15% /

tmpfs                 935M   12K 
935M   1% /dev/shm

/dev/sda1             194M   26M 
159M  14% /boot

/dev/sr1              1.4G  1.4G    
0 100% /iso1

/dev/sr0              4.1G  4.1G    
0 100% /iso

[root@master ~]# salt '*' cmd.run
'uptime'

minion.saltstack.com:

21:21:34 up  3:37,  4 users, 
load average: 0.10, 0.03, 0.00

在增加一台:

[root@master ~]# mkdir -p
/etc/salt/states/prod

[root@master ~]# grep "^#\|^$"
/etc/salt/master -v

default_include: master.d/*.conf

interface: 0.0.0.0

file_roots:

base:

- /etc/salt/states

prod:

-
/etc/salt/states/prod

[root@master ~]# /etc/init.d/salt-master
restart

Stopping salt-master daemon: [确定]

Starting salt-master daemon: [确定]

[root@master ~]# tail -f
/var/log/salt/master

[root@master states]# grep
"^#\|^$" -v /etc/salt/master

default_include: master.d/*.conf

interface: 0.0.0.0

state_top: top.sls

file_roots:

base:

- /etc/salt/states

prod:

- /etc/salt/states/prod

[root@master states]# cat ./init/pkg.sls

pkg.init:

pkg.installed:

- names:

- lrzsz

- mtr

- nmap

[root@master states]# cat ./prod/top.sls

base:

'minion.saltstack.com'

- init.pkg

[root@master states]# salt '*' state.sls init.pkg

minion.saltstack.com:

----------

ID: pkg.init

Function: pkg.installed

Name: mtr

Result: True

Comment: The following
packages were installed/updated: mtr

Started: 22:28:11.931751

Duration: 22421.578 ms

Changes:

----------

mtr:

----------

new:

2:0.75-5.el6

old:

----------

ID: pkg.init

Function: pkg.installed

Name: nmap

Result: True

Comment: The following
packages were installed/updated: nmap

Started: 22:28:34.362114

Duration: 22710.914 ms

Changes:

----------

libpcap:

----------

new:

14:1.0.0-6.20091201git117cb5.el6

old:

nmap:

----------

new:

2:5.51-2.el6

old:

----------

ID: pkg.init

Function: pkg.installed

Name: lrzsz

Result: True

Comment: The following
packages were installed/updated: lrzsz

Started: 22:28:57.082576

Duration: 8267.01 ms

Changes:

----------

lrzsz:

----------

new:

0.12.20-27.1.el6

old:

Summary for minion.saltstack.com

------------

Succeeded: 3 (changed=3)

Failed:    0

------------

Total states run:     3

[root@minion ~]# which rz

/usr/bin/rz

[root@master states]# tree ./

./

├── init

│   ├── files

│   │   └── limits.conf

│   ├── limit.sls

│   └── pkg.sls

├── prod

└── top.sls

3 directories, 4 files

[root@master states]# cat
./init/limit.sls

limit-conf-config:

file.managed:

- name: /etc/security/limits.conf

- source: salt://init/files/limits.conf

- user: root

- group: root

- mode: 644

[root@master states]# cat ./init/pkg.sls

pkg.init:

pkg.installed:

- names:

- lrzsz

- mtr

- nmap

[root@master states]# cat ./top.sls

base:

'minion.saltstack.com':

- init.pkg

- init.limit

[root@master states]# salt '*' state.highstate

minion.saltstack.com:

----------

ID: pkg.init

Function: pkg.installed

Name: mtr

Result: True

Comment: Package mtr is already installed

Started: 23:05:41.185346

Duration: 817.998 ms

Changes:

----------

ID: pkg.init

Function: pkg.installed

Name: nmap

Result: True

Comment: Package nmap is already installed

Started: 23:05:42.003701

Duration: 0.914 ms

Changes:

----------

ID: pkg.init

Function: pkg.installed

Name: lrzsz

Result: True

Comment: Package lrzsz is already installed

Started: 23:05:42.004743

Duration: 0.587 ms

Changes:

----------

ID: limit-conf-config

Function: file.managed

Name: /etc/security/limits.conf

Result: True

Comment: File /etc/security/limits.conf updated

Started: 23:05:42.009035

Duration: 34.642 ms

Changes:

----------

diff:

---

+++

@@ -39,8 +39,8 @@

#<domain>      <type>  <item>         <value>

#

-#*               soft    core            0

-#*               hard    rss             10000

+*               soft    core            0

+*               hard    rss             10000

#@student        hard    nproc           20

#@faculty        soft    nproc           20

#@faculty        hard    nproc           50

Summary for minion.saltstack.com

------------

Succeeded: 4 (changed=1)

Failed:   
0

------------

Total states run:     4

[root@minion ~]# cat
/etc/security/limits.conf

*               soft    core  
         0

*               hard    rss             10000

#@student        hard    nproc           20

#@faculty        soft    nproc           20

#@faculty        hard    nproc           50

#ftp             hard    nproc           0

#@student        -     
 maxlogins       4

[root@master salt]# tree /etc/salt/pki/

/etc/salt/pki/

├── master

│   ├── master.pem

│   ├── master.pub

│   ├── minions

│   │   └── minion.saltstack.com

│   ├──
minions_autosign

│   ├── minions_denied

│   ├── minions_pre

│   │   └── client

│   └──
minions_rejected

└── minion

[root@master ~]# salt-key

Accepted Keys:

10.0.0.9

正则表达式:

[root@master ~]# salt -E
'((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))'
test.ping

10.0.0.9:

True

[root@master ~]# cat  /etc/salt/states/top.sls

base:

'((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))':

- match: pcre

- init.pkg

- init.limit

[root@master ~]# salt ‘*’ state.highstate

minion.saltstack.com:

ID: states

Function:
no.None

Result: False

Comment: No Top file or external nodes data matches found.

Started:

Duration:

Changes:

Summary for
minion.saltstack.com

Succeeded: 0

Failed:    1

Total states run:     1

10.0.0.9:

ID: pkg.init

Function:
pkg.installed

Name: mtr

Result: True

Comment: Package mtr is already installed

Started: 08:59:28.505182

Duration:
720.628 ms

Changes:

ID: pkg.init

Function:
pkg.installed

Name: nmap

Result: True

Comment: Package nmap is already installed

Started: 08:59:29.226111

Duration:
0.839 ms

Changes:

ID: pkg.init

Function:
pkg.installed

Name: lrzsz

Result: True

Comment: Package lrzsz is already installed

Started: 08:59:29.227087

Duration:
0.607 ms

Changes:

ID: limit-conf-config

Function:
file.managed

Name: /etc/security/limits.conf

Result: True

Comment: File /etc/security/limits.conf is in the correct state

Started: 08:59:29.231194

Duration:
27.495 ms

Changes:

Summary for
10.0.0.9

Succeeded: 4

Failed:    0

Total states run:     4

ERROR: Minions returned with non-zero
exit code

-E 正则

-L list

-S IP

Salt into MySQL

mysql.host: '10.0.0.7'

mysql.user: 'salt'

mysql.pass: 'salt'

mysql.db: 'salt'

mysql.port: 3306

mysql_job_cache: mysql【主master插入】

附件:

Iso.repo:

# CentOS-Media.repo

#


This repo can be used with mounted DVD media, verify the mount point
for


CentOS-6.  You can use this repo
and yum to install items directly off the


DVD ISO that we release.

#

# To use this repo, put in your DVD and
use it with the other repos too:


yum --enablerepo=c6-media [command]

#

# or for ONLY the media repo, do this:

#


yum --disablerepo=\* --enablerepo=c6-media [command]

[c6-media]

name=CentOS-$releasever - Media

baseurl=file:///iso/

file:///iso1/

gpgcheck=0

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

saltstack.repo

[saltstack-repo]

name=SaltStack repo for RHEL/CentOS
$releasever

baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

enabled=1

gpgcheck=0

gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-EL5-GPG-KEY.pub

数据系统:

Grains-静态数据

自定义grains

[root@drbd02 ~]# tail -n 3
/etc/salt/minion

grains:

roles: nginx

env: prod

[root@master ~]# salt -G 'env:prod' test.ping

minion.saltstack.com:

True

[root@master ~]# salt -G 'roles:nginx'
test.ping

minion.saltstack.com:

True

[root@drbd02 ~]# cat /etc/salt/grains

cloud: openstack

[root@master ~]# salt -G
'cloud:openstack' test.ping

minion.saltstack.com:

True

[root@master ~]# salt -G 'test:salt'
test.ping

No minions matched the target. No command
was sent, no jid was assigned.

ERROR: No return received

#不用重启刷新

[root@master ~]# salt
'*' saltutil.sync_grains

minion.saltstack.com:

10.0.0.9:

[root@master ~]# salt -G 'test:salt'
test.ping

minion.saltstack.com:

True

Top.sls:

'roles:nginx':

- match: grain

- init.pkg

Pillar:敏感数据 master指定Pillar 结合grains处理平台差异性

[root@master ~]# salt '*' pillar.ls

minion.saltstack.com:

10.0.0.9:

"/etc/salt/master" 840L, 32677C
written

586 pillar_roots:

587   base:

588     - /etc/salt/pillar

589

[root@master pillar]# cat top.sls

base:

'*':

- init.rsyslog

[root@master pillar]# mkdir init

[root@master pillar]# cd init/

[root@master init]# pwd

/etc/salt/pillar/init

[root@master init]# cat rsyslog.sls

{% if grains['osfinger'] == 'CentOS-6' %}

syslog: rsyslog

{% elif %}

syslog: syslog

{% endif %}

[root@master init]# pwd

/etc/salt/pillar/init

[root@master init]# salt '*'
saltutil.refresh_pillar

10.0.0.9:

True

minion.saltstack.com:

True

SaltStack实战的更多相关文章

  1. saltstack实战4--综合练习3

    Saltstack配置管理-业务引用haproxy 在业务模块里写它的配置 各个业务是不同的,这里有差异性,所以没写在配置模块里. 对minion02也执行安装haproxy [root@master ...

  2. saltstack实战4--综合练习4

    Saltstack配置管理-给minion增加Zabbix-agent zabbix-agent的包 [root@A ~]# rpm -qa |grep zabbix zabbix-2.4.8-1.e ...

  3. saltstack实战4--综合练习2

    Saltstack配置管理-功能模块-安装haproxy 配置管理,我们分了3层 最底层是系统初始化部分 倒数二层是功能模块,就是具体的产品的安装了 假如你的环境需要nginx,php,memcach ...

  4. saltstack实战4--综合练习1

    规范配置管理 实际工作中可能会有现网环境,基线环境,开发环境. 需要使用saltstack统一管理.机器多了,业务多了,可能配置文件存放的会比较乱,因此可以统一管理起来 我们可以再加2个目录,test ...

  5. saltstack实战3--配置管理之pillar

    数据系统-Pillar pillar和grains类似,但是它能给minion指定它想要的数据,安全性较好,另外它是在master端设置的   应用场景: grains的特性–每次启动汇报.静态决定了 ...

  6. saltstack实战3--配置管理之grains

    grains是什么 grains是minion服务启动后,采集的客户端的一些基本信息,硬件信息,软件信息,网络信息,软件版本等.你可以在minion上自定义一些grains信息. 它是静态的信息,mi ...

  7. saltstack实战3--配置管理之YAML语法

    本文来自如下链接http://docs.saltstack.cn/topics/yaml/index.html 了解YAML 默认的SLS文件的renderer是YAML renderer.YAML是 ...

  8. saltstack实战2--远程执行之目标(target)

    target 就是目标的意思,你要在那台机器上执行此命令或此状态.或者说将此动作或者状态文件推送给谁来执行,让那个minion执行可以进行一些匹配 对于拥有大量机器的环境,如果单独一台台的执行指定mi ...

  9. saltstack实战2--远程执行之模块(Modules)

    本来转自http://www.cnblogs.com/MacoLee/p/5753640.html  版权归原作者所有 说明 salt '*' sys.list_modules #列出当前版本支持的模 ...

随机推荐

  1. Nodejs开发(2.连接MongoDB)

    一.先配置MongoDB Win10下下载那个安装版,zip版的会报却各种DLL,安装在你希望的路径,实在安装错了,就剪切过来也行(本例E:\mongodb). 然后是配置启动脚本,就是写一个bat文 ...

  2. Javascript模块化编程(一):模块的写法 作者: 阮一峰

    声明:转载自阮一峰的网络日志 随着网站逐渐变成"互联网应用程序",嵌入网页的Javascript代码越来越庞大,越来越复杂. 网页越来越像桌面程序,需要一个团队分工协作.进度管理. ...

  3. windows 文件权限导致的 git 问题

    windows 文件权限导致的 git 问题 在 windows 上使用 git 时,会遇到明明什么都没有改动,但是 git status 显示一堆文件被修改.这时,通过 git diff 可看到什么 ...

  4. 快速激活JetBrains PhpStorm WebStorm系列产品

    从官方网站下载正版PhpStorm 安装后,注册时选择“License server” 输入“http://idea.lanyus.com/” (不带双引号,后面的斜杠要带上) 完成 恭喜你 激活Je ...

  5. Eclipse中使用自己封装的jar包的过程

    在包名上右键,选择Export"" 经过上面的步骤,成功导出了可运行jar包,下面在另一个自己的工程里引入这个jar包 最终效果如下:可见包已经可以正常使用了!! 运行自己的jar ...

  6. 郑轻校赛题目 问题 G: 多少个0

    问题 G: 多少个0 时间限制: 1 Sec  内存限制: 128 MB提交: 192  解决: 40 题目描述 一个n*n的方格,每个格子中间有一个数字是2或者5,现在从方格的左上角走到右下角,每次 ...

  7. C# 数字带逗号(千分位符、金钱千分位字符)

    首先要明确带了逗号之后  数字就变成字符串了 ,不再是数字了. 昨天做项目的时候需要格式化数字变成带逗号的,本来打算自己写个方法的,后来时间太紧了,就打算从网上查个,查来查去都是要对字符串的位进行操作 ...

  8. 微信端应用 ionic实现texarea 自适应高度

    最近公司项目,做微信端用到texarea 需要实现自适应高度的功能 当然自适应高度的方法很多网上找一大片,最直接的方式就是在使用到texarea的controller中添加js代码事件来实现,这中方式 ...

  9. mysql limit查询优化

    mysql数据库中的查询语句有关limit语句的优化. 一般limit是用在分页的程序的分页上的,当应用数据量够小时,也许感觉不到limit语句的任何问题,但当查询数据量达到一定程度时,limit的性 ...

  10. Locality Sensitive Hash 局部敏感哈希

    Locality Sensitive Hash是一种常见的用于处理高维向量的索引办法.与其它基于Tree的数据结构,诸如KD-Tree.SR-Tree相比,它较好地克服了Curse of Dimens ...