搜索到
12
篇与
的结果
-
saltstack之service/cp/get/file模块初探 模块salt -d 所有的模块参数disk.usage 磁盘模块[root@master ~]# salt '*' disk.usage minion-node07.10.0.0.07.com: ---------- /: ---------- 1K-blocks: 18208184 available: 14663688 capacity: 16% filesystem: /dev/sda2 used: 2612912 /boot: ---------- 1K-blocks: 289293 available: 245456 capacity: 11% filesystem: /dev/sda1 used: 28477 /dev/shm: ---------- 1K-blocks: 502176 available: 502160 capacity: 1% filesystem: tmpfs used: 16 minios.10.0.0.8.com: ---------- /: ---------- 1K-blocks: 18208184 available: 14605476 capacity: 16% filesystem: /dev/sda2 used: 2671124 /boot: ---------- 1K-blocks: 289293 available: 245456 capacity: 11% filesystem: /dev/sda1 used: 28477 /dev/shm: ---------- 1K-blocks: 502176 available: 502164 capacity: 1% filesystem: tmpfs used: 12 minion-node11.10.0.0.11.com: ---------- /: ---------- 1K-blocks: 18208184 available: 14665968 capacity: 16% filesystem: /dev/sda2 used: 2610632 /boot: ---------- 1K-blocks: 289293 available: 245456 capacity: 11% filesystem: /dev/sda1 used: 28477 /dev/shm: ---------- 1K-blocks: 243112 available: 243100 capacity: 1% filesystem: tmpfs used: 12 [root@master ~]# hosts,需要主机名能够ping通[root@master ~]# salt '*' hosts.get_ip master.com minion-node07.10.0.0.07.com: minios.10.0.0.8.com: minion-node11.10.0.0.11.com: [root@master ~]# service模块,远程查看服务[root@master ~]# salt '*' service.get_all minios.10.0.0.8.com: - NetworkManager - abrt-ccpp - abrt-oops - abrtd - acpid - atd - auditd - blk-availability - bluetooth - control-alt-delete - cpuspeed -省略一千字 minion-node11.10.0.0.11.com: - NetworkManager - abrt-ccpp - abrt-oops - abrtd - acpid - atd - auditd - blk-availability - bluetooth - control-alt-delete - cpuspeed - crond -省略一千字 minion-node07.10.0.0.07.com: - NetworkManager - abrt-ccpp - abrt-oops - abrtd - acpid - atd - auditd -省略一千字 [root@master ~]# service.restart重启某服务1,查看状态 [root@master ~]# salt '*' service.status nginx minios.10.0.0.8.com: False minion-node07.10.0.0.07.com: False minion-node11.10.0.0.11.com: False 2,启动服务 [root@master ~]# salt '*' service.start nginx minios.10.0.0.8.com: True minion-node07.10.0.0.07.com: True minion-node11.10.0.0.11.com: True 3,停止服务 [root@master ~]# salt '*' service.stop nginx minios.10.0.0.8.com: True minion-node07.10.0.0.07.com: True minion-node11.10.0.0.11.com: True 4,再来查看已经被停止 [root@master ~]# salt '*' service.status nginx minios.10.0.0.8.com: False minion-node11.10.0.0.11.com: False minion-node07.10.0.0.07.com: False [root@master ~]# file模块hash对比,salt '*' file.check_hash /etc/issue.net md5:对比值如,我随便输入,则false[root@master ~]# salt '*' file.check_hash /etc/issue.net md5:111 minion-node07.10.0.0.07.com: False minion-node11.10.0.0.11.com: False minios.10.0.0.8.com: False [root@master ~]# 判断/etc/passwd文件是否存在[root@master ~]# salt '*' file.file_exists /etc/passwd minios.10.0.0.8.com: True minion-node07.10.0.0.07.com: True minion-node11.10.0.0.11.com: True [root@master ~]# salt-cp复制,把master的文件cp到客户端例如:1,将/etc/hosts文件复制到/etc/hosts[root@master ~]# salt-cp '*' /etc/hosts /etc/hosts {'minion-node07.10.0.0.07.com': {'/etc/hosts': True}, 'minion-node11.10.0.0.11.com': {'/etc/hosts': True}, 'minios.10.0.0.8.com': {'/etc/hosts': True}} 2,将/etc/hosts文件复制到/tmp/hosts[root@master ~]# salt-cp '*' /etc/hosts /tmp/hosts {'minion-node07.10.0.0.07.com': {'/tmp/hosts': True}, 'minion-node11.10.0.0.11.com': {'/tmp/hosts': True}, 'minios.10.0.0.8.com': {'/tmp/hosts': True}} 3,查看[root@master ~]# ll /tmp/hosts -rw-r--r-- 1 root root 198 12月 11 09:17 /tmp/hosts [root@master ~]# -
saltstack正则简单匹配 远程执行第三功能,输出!可以写入到数据库里,文件里!匹配ID:正则表达式:不同的匹配方式需要加不同参数!-E:正则 -L:列出,多个用逗号分隔, -G: grain -N: 节点组 -R: 范围 -C:混合 -I:pillar -S: ipv4 子网掩码的形式 salt ‘*.doam.net’ test.ping--------匹配以*.doam.net的 salt ‘*.doam.*’ test.ping----------匹配中间为doam的 salt ‘web?.doam.*’ test.ping-------一个问号表示统配一个,多个表示通赔多个 salt ‘web[1-5]’ test.ping----------1-5,通赔以web开头的1-5的id salt ‘web[1,3]’ test.ping---------统配以web开头,1和3的id salt ‘web[x-z]’ test.ping----------统配以web开头,x到z结尾的id 如下:[root@master ~]# salt '*' test.ping minios.10.0.0.8.com: True [root@master ~]# salt '*.10.0.0.8.*' test.ping minios.10.0.0.8.com: True [root@master ~]# salt 'minios.10.0.0.8.*' test.ping minios.10.0.0.8.com: True 我们添加一台新的测试:[root@master ~]# salt-key Accepted Keys: minios.10.0.0.8.com Denied Keys: Unaccepted Keys: minion-node11.10.0.0.11.com Rejected Keys: [root@master ~]# salt-key -a minion-node11.10.0.0.11.com The following keys are going to be accepted: Unaccepted Keys: minion-node11.10.0.0.11.com Proceed? [n/Y] y Key for minion minion-node11.10.0.0.11.com accepted. [root@master ~]# salt-key Accepted Keys: minion-node11.10.0.0.11.com minios.10.0.0.8.com Denied Keys: Unaccepted Keys: Rejected Keys: [root@master ~]# salt '*' test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]# 匹配上面两个主机名:-E测试[root@master ~]# salt -E '(minios|minion-node11)'.10.0.0.*.com test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]# 修改top.sls下发测试[root@master ~]# vim /etc/salt/status/top.sls base: '(minios|minion-node11).10.0.0.*.com': ------->匹配以minios主机和minion-node11主机.10.0.0.*.com - match: pcre ------------------------------>正则表达式必选项 - init.pkg - init.conf ~ 执行前几章的安装包和配置文件[root@master ~]# salt '*' state.highstate minion-node11.10.0.0.11.com: ---------- ID: pkg.init Function: pkg.installed Name: sl Result: True Comment: The following packages were installed/updated: sl Started: 07:55:48.875688 Duration: 21309.13 ms Changes: ---------- sl: ---------- new: 5.02-1.el6 old: ---------- ID: conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf updated Started: 07:56:10.188457 Duration: 54.812 ms Changes: ---------- diff: --- +++ @@ -39,8 +39,8 @@ #<domain> <type> <item> <value> # -#* soft core 0 -#* hard rss 10000 +* soft core 0 +* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 @@ -48,3 +48,4 @@ #@student - maxlogins 4 # End of file +*-nofile65535 Summary ------------ Succeeded: 2 (changed=2) Failed: 0 ------------ Total states run: 2 minios.10.0.0.8.com: Minion did not return. [No response] -------------------->这里有问题,提示没有返回信息!暂时忽略他 [root@master ~]# ID号命名:角色-node1.业务(web).idc1.域名.com如:nginx-node1.web.idc1.linuxea.com以及IP地址也可-L [root@master ~]# salt -L 'minion-node11.10.0.0.11.com,minios.10.0.0.8.com' test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]# -S [root@master ~]# salt -S '10.0.0.0/24' test.ping minios.10.0.0.8.com: True minion-node11.10.0.0.11.com: True [root@master ~]#
-
saltstack的master与minion认证及salt-key常用参数 minion认证[root@minion minion]# ll /etc/salt/pki/minion/ 总用量 12 -rw-r--r--. 1 root root 451 12月 8 06:11 minion_master.pub -r--------. 1 root root 1675 12月 8 05:56 minion.pem -rw-r--r--. 1 root root 451 12月 8 05:56 minion.pub [root@minion minion]# 而master端则是放在以下路径,这里的钥匙则是minion的,如果id名称换掉,则需要删掉重新认证:[root@master ~]# ll /etc/salt/pki/master/minions 总用量 4 -rw-r--r--. 1 root root 451 12月 8 06:09 minios.10.0.0.8.com [root@master ~]# master在minion秘钥位置[root@minion minion]# ll /etc/salt/pki/minion/minion_master.pub -rw-r--r--. 1 root root 451 12月 8 06:11 /etc/salt/pki/minion/minion_master.pub [root@minion minion]# 而master和minion是保持长链接的![root@master ~]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 1124 root 12u IPv4 10089 0t0 TCP *:4505 (LISTEN) salt-mast 1124 root 14u IPv4 12365 0t0 TCP 10.0.0.7:4505->10.0.0.8:33079 (ESTABLISHED) [root@minion minion]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mini 1125 root 24u IPv4 10455 0t0 TCP 10.0.0.8:33079->10.0.0.7:4505 (ESTABLISHED) salt-kye参数1,删除:salt-key -d[root@master ~]# salt-key Accepted Keys: minios.10.0.0.8.com Denied Keys: Unaccepted Keys: 10.0.0.8 Rejected Keys: [root@master ~]# salt-key -d 10.0.0.8 The following keys are going to be deleted: Unaccepted Keys: 10.0.0.8 Proceed? [N/y] y Key for minion 10.0.0.8 deleted. [root@master ~]# salt-key Accepted Keys: minios.10.0.0.8.com Denied Keys: Unaccepted Keys: Rejected Keys: [root@master ~]# 2,-a :同意某一个主机-A :同意所有主机-d :删除-D :删除所有-l :列出所有如:查看时间:[root@master ~]# salt '*' cmd.run 'uptime' minios.10.0.0.8.com: 06:23:43 up 20 min, 1 user, load average: 0.00, 0.00, 0.00 [root@master ~]#
-
saltstack配置sls文件下发 在上篇文章中的返回结果是已经安装过的!通过salt在尝试安装sl,返回结果如下:[root@master init]# salt 'minios.10.0.0.8.com' state.sls init.pkg minios.10.0.0.8.com: ---------- ID: pkg.init Function: pkg.installed Name: sl Result: True Comment: The following packages were installed/updated: sl Started: 07:05:37.645283 Duration: 145585.54 ms Changes: ---------- sl: ---------- new: 5.02-1.el6 old: Summary ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 [root@master init]# saltstack配置文件下发创建配置文件的模块!批量修改/etc/security/limits.conf文件~ [root@master init]# vim /etc/salt/status/init/conf.sls conf-config:----------------------------------->命名 file.managed:-------------------------------->file状态模块:managed管理 - name: /etc/security/limits.conf---------->name:被管理文件的路径 - source: salt://init/files/limits.conf---->source:salt://limits.conf在master的文件路径 - user: root------------------------------->文件用户 - group: root------------------------------>组 - mode: 644-------------------------------->权限 当创建完config.sls后需要在top.sls中写入init.conf,才能够调用![root@master status]# vim /etc/salt/status/top.sls base: 'minios.10.0.0.8.com': - init.pkg - init.conf 创建files目录[root@master init]# mkdir files [root@master init]# pwd /etc/salt/status/init [root@master init]# 将/etc/security/limits.conf的limits.conf复制到/etc/salt/status/init/files下[root@master init]# cp /etc/security/limits.conf /etc/salt/status/init/files/ 修改/etc/salt/status/init/files/下的limits.conf模板,打开两个参数,如下:[root@master init]# vim /etc/salt/status/init/files/limits.conf * soft core 0 * hard rss 10000 没改之前,在minion查看[root@minion ~]# cat /etc/security/limits.conf |grep 10000 #* hard rss 10000 [root@minion ~]# 我们在master上执行state.highstate,在执行过程中,都会检查pkg和conf[root@master init]# salt 'minios.10.0.0.8.com' state.highstate minios.10.0.0.8.com: ---------- ID: pkg.init Function: pkg.installed Name: sl Result: True Comment: Package sl is already installed. Started: 07:34:41.304171 Duration: 978.561 ms Changes: ---------- ID: conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf updated Started: 07:34:42.339015 Duration: 27.806 ms Changes: ---------- diff: --- +++ @@ -39,8 +39,8 @@ #<domain> <type> <item> <value> # -#* soft core 0 -#* hard rss 10000 +* soft core 0 +* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 Summary ------------ Succeeded: 2 (changed=1) Failed: 0 ------------ Total states run: 2 [root@master init]# 在minion上查看结果[root@minion ~]# cat /etc/security/limits.conf |grep 10000 * hard rss 10000 [root@minion ~]#
-
saltstack远程执行安装包 saltstacksaltstack主要用来远程执行,配置管理和云管理1,更新yum源wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 2,更新epel源mkdir /home/linuxea/tools -p && cd /home/linuxea/tools wget http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm rpm -qa |grep epel 3,yum安装服务端:yum install salt-master启动服务端,监听端口4405,4406[root@master ~]# service salt-master start [root@master ~]# lsof -i :4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 26847 root 12u IPv4 65103 0t0 TCP *:4505 (LISTEN) [root@master ~]# lsof -i :4506 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 26881 root 20u IPv4 65251 0t0 TCP *:4506 (LISTEN) [root@master ~]# 客户端:yum install salt-minion[root@minion ~]# service salt-minon start [root@minion ~]# vim /etc/salt/minion master: 10.0.0.7 id: minios.10.0.0.8.com 把minion_id修改,不使用此ID[root@minion ~]# cat /etc/salt/minion_id 10.0.0.8 [root@minion ~]# mv /etc/salt/minion_id /etc/salt/minion_id.bak [root@minion ~]# master和minon需要认证!---------->id的认证[root@master ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: 10.0.0.8 minios.10.0.0.8.com Rejected Keys: [root@master ~]# 添加认证[root@master ~]# salt-key -a minios.10.0.0.8.com The following keys are going to be accepted: Unaccepted Keys: minios.10.0.0.8.com Proceed? [n/Y] y Key for minion minios.10.0.0.8.com accepted. [root@master ~]# 在查看,minios.10.0.0.8.com已经被认证[root@master ~]# salt-key Accepted Keys: minios.10.0.0.8.com Denied Keys: Unaccepted Keys: 10.0.0.8 Rejected Keys: [root@master ~]# 测试minios.10.0.0.8.com,返回True是正常(*代表所有)[root@master ~]# salt 'minios.10.0.0.8.com' test.ping minios.10.0.0.8.com: True [root@master ~]# 使用cmd.run模块远程执行!远程查看硬盘[root@master ~]# salt 'minios.10.0.0.8.com' cmd.run 'df -h' minios.10.0.0.8.com: Filesystem Size Used Avail Use% Mounted on /dev/sda2 18G 2.5G 14G 16% / tmpfs 491M 236K 491M 1% /dev/shm /dev/sda1 283M 28M 240M 11% /boot 远程查看系统时间[root@master ~]# salt 'minios.10.0.0.8.com' cmd.run 'uptime' minios.10.0.0.8.com: 06:16:18 up 3:00, 2 users, load average: 0.00, 0.01, 0.00 [root@master ~]# 配置管理!default_include: master.d/*.conf ----------->配置文件放置interface: 0.0.0.0-------------------------->监听端口user: root---------------------------------->默认用户例如:file_roots: (两个空格)base: (四个空格) - /etc/salt/states dev: - /etc/salt/states/prod - /srv/salt/dev/states prod: - /srv/salt/prod/services - /srv/salt/prod/states 本文修改:[root@master ~]# vim /etc/salt/master default_include: master.d/*.conf interface: 0.0.0.0 state_top: top.sls --------------------->后缀 user: root file_roots: base: - /etc/salt/status dev: - /etc/salt/services/dev [root@master ~]# mkdir -p /etc/salt/status [root@master ~]# mkdir -p /etc/salt/services/dev [root@master ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定] [root@master ~]# log位置[root@master ~]# tail -f /var/log/salt/master 编写状态文件!给每个类型创建分支创建一个安装文件包的分支文件目录[root@master status]# mkdir /etc/salt/status/init 在top.sls中调用init目录下的pkg文件[root@master ~]# vim /etc/salt/status/top.sls #huanjing base: 'minios.10.0.0.8.com': - init.pkg 创建pkg文件,写入需要安装的文件,格式如下:[root@master status]# vim /etc/salt/status/pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap - nginx 目录结构如下:[root@master status]# tree /etc/salt/ /etc/salt/ ├── master ├── pki │ └── master │ ├── master.pem │ ├── master.pub │ ├── minions │ │ └── minios.10.0.0.8.com │ ├── minions_autosign │ ├── minions_denied │ ├── minions_pre │ │ └── 10.0.0.8 │ └── minions_rejected ├── services │ └── dev └── status ├── init ├── pkg.sls └── top.sls 11 directories, 7 files [root@master status] 执行测试:[root@master init]# salt 'minios.10.0.0.8.com' state.sls init.pkg minios.10.0.0.8.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 07:31:40.877509 Duration: 921.628 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed. Started: 07:31:41.799288 Duration: 0.439 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 07:31:41.799851 Duration: 0.328 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nginx Result: True Comment: Package nginx is already installed. Started: 07:31:41.800254 Duration: 0.321 ms Changes: Summary ------------ Succeeded: 4 Failed: 0 ------------ Total states run: 4 [root@master init]# 在minios.10.0.0.8.com查看[root@minion ~]# rpm -qa mtr mtr-0.75-5.el6.x86_64 [root@minion ~]# rpm -qa nmap nmap-5.51-4.el6.x86_64 [root@minion ~]# rpm -qa nginx nginx-1.0.15-12.el6.x86_64 [root@minion ~]# rpm -qa lrzsz lrzsz-0.12.20-27.1.el6.x86_64 [root@minion ~]#
