SaltStack实战

#安装

安装注意几点

python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64

yum install python-libs解决

yum的版本太低的话是会出现问题的

http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm

rpm –Uvh yum-3.2.29-69.el6.centos.noarch.rpm

Error:

问题:

file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64

解决:

[root@client ~]# yum install python-lib* -y

[root@client ~]# yum install salt-minion -y

问题:

Error: Package: yum-utils-1.1.30-30.el6.noarch (saltstack-repo)

Requires: yum >= 3.2.29-56

Installed: yum-3.2.29-40.el6.centos.noarch (@anaconda-CentOS-201303020151.x86_64/6.4)

yum = 3.2.29-40.el6.centos

解决:

[root@python ~]# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm

[root@python ~]# rpm -Uvh yum-3.2.29-69.el6.centos.noarch.rpm

warning: yum-3.2.29-69.el6.centos.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY

Preparing...                ########################################### [100%]

1:yum                    ########################################### [100%]

问题:

Error Downloading Packages:

python-ordereddict-1.1-2.el6.noarch: failure: python-ordereddict-1.1-2.el6.noarch.rpm from epel: [Errno 256] No more mirrors to try.

python-msgpack-0.4.6-1.el6.x86_64: failure: python-msgpack-0.4.6-1.el6.x86_64.rpm from epel: [Errno 256] No more mirrors to try.

解决:估计要使用黄灯FQ或者使用国内的源

[root@python yum.repos.d]# yum install  python-ordereddict* -y

yum install  python-ordereddict* -y

[root@master ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:C7:F1:FD

inet addr:10.0.0.7  Bcast:10.0.0.255  Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fec7:f1fd/64 Scope:Link

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:10368 errors:0 dropped:0 overruns:0 frame:0

TX packets:6210 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:9829001 (9.3 MiB)  TX bytes:478004 (466.8 KiB)

[root@master ~]# hostname

master

[root@master ~]# uname -a

Linux master 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[root@master ~]# yum install salt-master -y

Server

Client

#开启服务

[root@master ~]# service salt-master start

Starting salt-master daemon: [确定]

[root@master ~]# netstat –lanput

tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      2682/python2.6

tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      2691/python2.6

[root@master salt]# lsof -i:4505

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 2682 root   13u  IPv4  24479      0t0  TCP *:4505 (LISTEN)

[root@master salt]# lsof -i:4506

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 2691 root   21u  IPv4  24490      0t0  TCP *:4506 (LISTEN)

[root@master salt]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.0.10.7 drbd01 master.saltstack.com master

10.0.10.8 drbd02 minion.saltstack.com minion

[root@master salt]# salt-key

Accepted Keys:

Denied Keys:

Unaccepted Keys:

client

minion.saltstack.com

Rejected Keys:

[root@ client ~]# cd /etc/salt/

[root@ client salt]# pwd

/etc/salt

[root@ client salt]# ls

cloud           cloud.maps.d       master    minion.d 
roster

cloud.conf.d    cloud.profiles.d   master.d 
pki

cloud.deploy.d  cloud.providers.d  minion   
proxy

[root@minion salt]# grep
"^#\|^$" minion -v

master: 10.0.0.7

id: minion.saltstack.com

[root@minion salt]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4

::1         localhost localhost.localdomain
localhost6 localhost6.localdomain6

10.0.10.8 drbd02 minion.saltstack.com minion

10.0.10.7 drbd01 master.saltstack.com master

[root@client ~]# /etc/init.d/salt-minion restart

Starting salt-minion daemon: [确定]

#完成认证欢迎客户端的加入

[root@master salt]# salt-key -a
minion.saltstack.com

The following keys are going to be
accepted:

Unaccepted Keys:

minion.saltstack.com

Proceed? [n/Y] Y

Key for minion minion.saltstack.com
accepted.

[root@master salt]# salt-key

Accepted Keys:

minion.saltstack.com

Denied Keys:

Unaccepted Keys:

client

Rejected Keys:

#测试ping

#泛型

[root@master ~]# salt '*' test.ping

minion.saltstack.com:

True

#针对性

[root@master ~]# salt
'minion.saltstack.com' test.ping

minion.saltstack.com:

True

[root@master ~]# salt '*' cmd.run 'df -h'

minion.saltstack.com:

Filesystem            Size  Used Avail Use% Mounted on

/dev/sda3              12G  1.7G 
9.5G  15% /

tmpfs                 935M   12K 
935M   1% /dev/shm

/dev/sda1             194M   26M 
159M  14% /boot

/dev/sr1              1.4G  1.4G    
0 100% /iso1

/dev/sr0              4.1G  4.1G    
0 100% /iso

[root@master ~]# salt '*' cmd.run
'uptime'

minion.saltstack.com:

21:21:34 up  3:37,  4 users, 
load average: 0.10, 0.03, 0.00

在增加一台:

[root@master ~]# mkdir -p
/etc/salt/states/prod

[root@master ~]# grep "^#\|^$"
/etc/salt/master -v

default_include: master.d/*.conf

interface: 0.0.0.0

file_roots:

base:

- /etc/salt/states

prod:

-
/etc/salt/states/prod

[root@master ~]# /etc/init.d/salt-master
restart

Stopping salt-master daemon: [确定]

Starting salt-master daemon: [确定]

[root@master ~]# tail -f
/var/log/salt/master

[root@master states]# grep
"^#\|^$" -v /etc/salt/master

default_include: master.d/*.conf

interface: 0.0.0.0

state_top: top.sls

file_roots:

base:

- /etc/salt/states

prod:

- /etc/salt/states/prod

[root@master states]# cat ./init/pkg.sls

pkg.init:

pkg.installed:

- names:

- lrzsz

- mtr

- nmap

[root@master states]# cat ./prod/top.sls

base:

'minion.saltstack.com'

- init.pkg

[root@master states]# salt '*' state.sls init.pkg

minion.saltstack.com:

----------

ID: pkg.init

Function: pkg.installed

Name: mtr

Result: True

Comment: The following
packages were installed/updated: mtr

Started: 22:28:11.931751

Duration: 22421.578 ms

Changes:

----------

mtr:

----------

new:

2:0.75-5.el6

old:

----------

ID: pkg.init

Function: pkg.installed

Name: nmap

Result: True

Comment: The following
packages were installed/updated: nmap

Started: 22:28:34.362114

Duration: 22710.914 ms

Changes:

----------

libpcap:

----------

new:

14:1.0.0-6.20091201git117cb5.el6

old:

nmap:

----------

new:

2:5.51-2.el6

old:

----------

ID: pkg.init

Function: pkg.installed

Name: lrzsz

Result: True

Comment: The following
packages were installed/updated: lrzsz

Started: 22:28:57.082576

Duration: 8267.01 ms

Changes:

----------

lrzsz:

----------

new:

0.12.20-27.1.el6

old:

Summary for minion.saltstack.com

------------

Succeeded: 3 (changed=3)

Failed:    0

------------

Total states run:     3

[root@minion ~]# which rz

/usr/bin/rz

[root@master states]# tree ./

./

├── init

│   ├── files

│   │   └── limits.conf

│   ├── limit.sls

│   └── pkg.sls

├── prod

└── top.sls

3 directories, 4 files

[root@master states]# cat
./init/limit.sls

limit-conf-config:

file.managed:

- name: /etc/security/limits.conf

- source: salt://init/files/limits.conf

- user: root

- group: root

- mode: 644

[root@master states]# cat ./init/pkg.sls

pkg.init:

pkg.installed:

- names:

- lrzsz

- mtr

- nmap

[root@master states]# cat ./top.sls

base:

'minion.saltstack.com':

- init.pkg

- init.limit

[root@master states]# salt '*' state.highstate

minion.saltstack.com:

----------

ID: pkg.init

Function: pkg.installed

Name: mtr

Result: True

Comment: Package mtr is already installed

Started: 23:05:41.185346

Duration: 817.998 ms

Changes:

----------

ID: pkg.init

Function: pkg.installed

Name: nmap

Result: True

Comment: Package nmap is already installed

Started: 23:05:42.003701

Duration: 0.914 ms

Changes:

----------

ID: pkg.init

Function: pkg.installed

Name: lrzsz

Result: True

Comment: Package lrzsz is already installed

Started: 23:05:42.004743

Duration: 0.587 ms

Changes:

----------

ID: limit-conf-config

Function: file.managed

Name: /etc/security/limits.conf

Result: True

Comment: File /etc/security/limits.conf updated

Started: 23:05:42.009035

Duration: 34.642 ms

Changes:

----------

diff:

---

+++

@@ -39,8 +39,8 @@

#<domain>      <type>  <item>         <value>

#

-#*               soft    core            0

-#*               hard    rss             10000

+*               soft    core            0

+*               hard    rss             10000

#@student        hard    nproc           20

#@faculty        soft    nproc           20

#@faculty        hard    nproc           50

Summary for minion.saltstack.com

------------

Succeeded: 4 (changed=1)

Failed:   
0

------------

Total states run:     4

[root@minion ~]# cat
/etc/security/limits.conf

*               soft    core  
         0

*               hard    rss             10000

#@student        hard    nproc           20

#@faculty        soft    nproc           20

#@faculty        hard    nproc           50

#ftp             hard    nproc           0

#@student        -     
 maxlogins       4

[root@master salt]# tree /etc/salt/pki/

/etc/salt/pki/

├── master

│   ├── master.pem

│   ├── master.pub

│   ├── minions

│   │   └── minion.saltstack.com

│   ├──
minions_autosign

│   ├── minions_denied

│   ├── minions_pre

│   │   └── client

│   └──
minions_rejected

└── minion

[root@master ~]# salt-key

Accepted Keys:

10.0.0.9

正则表达式:

[root@master ~]# salt -E
'((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))'
test.ping

10.0.0.9:

True

[root@master ~]# cat  /etc/salt/states/top.sls

base:

'((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))':

- match: pcre

- init.pkg

- init.limit

[root@master ~]# salt ‘*’ state.highstate

minion.saltstack.com:

ID: states

Function:
no.None

Result: False

Comment: No Top file or external nodes data matches found.

Started:

Duration:

Changes:

Summary for
minion.saltstack.com

Succeeded: 0

Failed:    1

Total states run:     1

10.0.0.9:

ID: pkg.init

Function:
pkg.installed

Name: mtr

Result: True

Comment: Package mtr is already installed

Started: 08:59:28.505182

Duration:
720.628 ms

Changes:

ID: pkg.init

Function:
pkg.installed

Name: nmap

Result: True

Comment: Package nmap is already installed

Started: 08:59:29.226111

Duration:
0.839 ms

Changes:

ID: pkg.init

Function:
pkg.installed

Name: lrzsz

Result: True

Comment: Package lrzsz is already installed

Started: 08:59:29.227087

Duration:
0.607 ms

Changes:

ID: limit-conf-config

Function:
file.managed

Name: /etc/security/limits.conf

Result: True

Comment: File /etc/security/limits.conf is in the correct state

Started: 08:59:29.231194

Duration:
27.495 ms

Changes:

Summary for
10.0.0.9

Succeeded: 4

Failed:    0

Total states run:     4

ERROR: Minions returned with non-zero
exit code

-E 正则

-L list

-S IP

Salt into MySQL

mysql.host: '10.0.0.7'

mysql.user: 'salt'

mysql.pass: 'salt'

mysql.db: 'salt'

mysql.port: 3306

mysql_job_cache: mysql【主master插入】

附件:

Iso.repo:

# CentOS-Media.repo

#


This repo can be used with mounted DVD media, verify the mount point
for


CentOS-6.  You can use this repo
and yum to install items directly off the


DVD ISO that we release.

#

# To use this repo, put in your DVD and
use it with the other repos too:


yum --enablerepo=c6-media [command]

#

# or for ONLY the media repo, do this:

#


yum --disablerepo=\* --enablerepo=c6-media [command]

[c6-media]

name=CentOS-$releasever - Media

baseurl=file:///iso/

file:///iso1/

gpgcheck=0

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

saltstack.repo

[saltstack-repo]

name=SaltStack repo for RHEL/CentOS
$releasever

baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

enabled=1

gpgcheck=0

gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-EL5-GPG-KEY.pub

数据系统:

Grains-静态数据

自定义grains

[root@drbd02 ~]# tail -n 3
/etc/salt/minion

grains:

roles: nginx

env: prod

[root@master ~]# salt -G 'env:prod' test.ping

minion.saltstack.com:

True

[root@master ~]# salt -G 'roles:nginx'
test.ping

minion.saltstack.com:

True

[root@drbd02 ~]# cat /etc/salt/grains

cloud: openstack

[root@master ~]# salt -G
'cloud:openstack' test.ping

minion.saltstack.com:

True

[root@master ~]# salt -G 'test:salt'
test.ping

No minions matched the target. No command
was sent, no jid was assigned.

ERROR: No return received

#不用重启刷新

[root@master ~]# salt
'*' saltutil.sync_grains

minion.saltstack.com:

10.0.0.9:

[root@master ~]# salt -G 'test:salt'
test.ping

minion.saltstack.com:

True

Top.sls:

'roles:nginx':

- match: grain

- init.pkg

Pillar:敏感数据 master指定Pillar 结合grains处理平台差异性

[root@master ~]# salt '*' pillar.ls

minion.saltstack.com:

10.0.0.9:

"/etc/salt/master" 840L, 32677C
written

586 pillar_roots:

587   base:

588     - /etc/salt/pillar

589

[root@master pillar]# cat top.sls

base:

'*':

- init.rsyslog

[root@master pillar]# mkdir init

[root@master pillar]# cd init/

[root@master init]# pwd

/etc/salt/pillar/init

[root@master init]# cat rsyslog.sls

{% if grains['osfinger'] == 'CentOS-6' %}

syslog: rsyslog

{% elif %}

syslog: syslog

{% endif %}

[root@master init]# pwd

/etc/salt/pillar/init

[root@master init]# salt '*'
saltutil.refresh_pillar

10.0.0.9:

True

minion.saltstack.com:

True

SaltStack实战的更多相关文章

  1. saltstack实战4--综合练习3

    Saltstack配置管理-业务引用haproxy 在业务模块里写它的配置 各个业务是不同的,这里有差异性,所以没写在配置模块里. 对minion02也执行安装haproxy [root@master ...

  2. saltstack实战4--综合练习4

    Saltstack配置管理-给minion增加Zabbix-agent zabbix-agent的包 [root@A ~]# rpm -qa |grep zabbix zabbix-2.4.8-1.e ...

  3. saltstack实战4--综合练习2

    Saltstack配置管理-功能模块-安装haproxy 配置管理,我们分了3层 最底层是系统初始化部分 倒数二层是功能模块,就是具体的产品的安装了 假如你的环境需要nginx,php,memcach ...

  4. saltstack实战4--综合练习1

    规范配置管理 实际工作中可能会有现网环境,基线环境,开发环境. 需要使用saltstack统一管理.机器多了,业务多了,可能配置文件存放的会比较乱,因此可以统一管理起来 我们可以再加2个目录,test ...

  5. saltstack实战3--配置管理之pillar

    数据系统-Pillar pillar和grains类似,但是它能给minion指定它想要的数据,安全性较好,另外它是在master端设置的   应用场景: grains的特性–每次启动汇报.静态决定了 ...

  6. saltstack实战3--配置管理之grains

    grains是什么 grains是minion服务启动后,采集的客户端的一些基本信息,硬件信息,软件信息,网络信息,软件版本等.你可以在minion上自定义一些grains信息. 它是静态的信息,mi ...

  7. saltstack实战3--配置管理之YAML语法

    本文来自如下链接http://docs.saltstack.cn/topics/yaml/index.html 了解YAML 默认的SLS文件的renderer是YAML renderer.YAML是 ...

  8. saltstack实战2--远程执行之目标(target)

    target 就是目标的意思,你要在那台机器上执行此命令或此状态.或者说将此动作或者状态文件推送给谁来执行,让那个minion执行可以进行一些匹配 对于拥有大量机器的环境,如果单独一台台的执行指定mi ...

  9. saltstack实战2--远程执行之模块(Modules)

    本来转自http://www.cnblogs.com/MacoLee/p/5753640.html  版权归原作者所有 说明 salt '*' sys.list_modules #列出当前版本支持的模 ...

随机推荐

  1. Linux Shell编程基础

    在学习Linux BASH Shell编程的过程中,发现由于不经常用,所以很多东西很容易忘记,所以写篇文章来记录一下 ls   显示当前路径下的文件,常用的有 -l 显示长格式  -a 显示所有包括隐 ...

  2. 【Android测试】【第十二节】Uiautomator——API详解

    ◆版权声明:本文出自carter_dream的博客,转载必须注明出处. 转载请注明出处:http://www.cnblogs.com/by-dream/p/4921701.html 简单的例子 以一个 ...

  3. Struts(八):动态方法调用

    动态方法调用:通过url动态调用action中的方法. 默认情况下,Struts的动态方法调用处于禁用状态. 测试定义一个action类: package com.dx.actions; public ...

  4. java操作MySQL数据库(插入、删除、修改、查询、获取所有行数)

    插播一段广告哈:我之前共享了两个自己写的小应用,见这篇博客百度地图开发的两个应用源码共享(Android版),没 想到有人找我来做毕设了,年前交付,时间不是很紧,大概了解了下就接下了,主要用到的就是和 ...

  5. 解决 No resource found that matches the given name (at 'icon' with value '@drawable/icon') 问题

    对新解决方案Xamarin的Android项目在项目属性 换图标后 会出现 No resource found that matches the given name (at 'icon' with ...

  6. 。。。contentType与pageEncoding的区别。。。

    今天,开始换了一个新的开发工具IDEA,目前还不熟悉,新建了一个简单的Web项目,用到了Servlet,out.print("大家好!");然后就输出乱码了,用了response. ...

  7. datatable动态添加,及填充数据

    DataTable tblDatas = new DataTable("Datas"); tblDatas.Columns.Add("ID", Type.Get ...

  8. 夺命雷公狗-----React---12--添加类和样式

    <!DOCTYPE> <html> <head> <meta charset="utf-8"> <title></ ...

  9. [Effective JavaScript 笔记]第65条:不要在计算时阻塞事件队列

    第61条解释了异步API怎样帮助我们防止一段程序阻塞应用程序的事件队列.使用下面代码,可以很容易使一个应用程序陷入泥潭. while(true){} 而且它并不需要一个无限循环来写一个缓慢的程序.代码 ...

  10. Java面试题问与答——编译时与运行时

    在开发和设计的时候,我们需要考虑编译时,运行时以及构建时这三个概念.理解这几个概念可以更好地帮助你去了解一些基本的原理.下面是初学者晋级中级水平需要知道的一些问题. Q.下面的代码片段中,行A和行B所 ...