SaltStack介绍

一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。

salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.

通信原理

1.SaltStack 采用 C/S模式

2.master和minion之间是通过秘钥对建立信任关系,建立信任关系以后,master进程起来会监听2个端口(4505和4506)

3.4505端口对应的是ZMQ的PUB system, 用于和minion建立长连接并发送数据

4.4506端口对应的是REP system,用于接受minion的数据

5.在minion端口启动minion进程,不会监听任何端口,minion会用随机的端口和master通信

6.master和minion之间的通信用到了zeromq消息队列

7.master每一次下发任务所有的minion都会收到任务,minion会根据任务条件判断是否需要返回数据给master

步骤

  1. Salt stack的Master与Minion之间通过ZeroMq进行消息传递,使用了ZeroMq的发布-订阅模式,连接方式包括tcp,ipc

  2. salt命令,将cmd.run ls命令从salt.client.LocalClient.cmd_cli发布到master,获取一个Jodid,根据jobid获取命令执行结果。

  3. master接收到命令后,将要执行的命令发送给客户端minion。

  4. minion从消息总线上接收到要处理的命令,交给minion._handle_aes处理

  5. minion._handle_aes发起一个本地线程调用cmdmod执行ls命令。线程执行完ls后,调用minion._return_pub方法,将执行结果通过消息总线返回给master

  6. master接收到客户端返回的结果,调用master._handle_aes方法,将结果写的文件中

  7. salt.client.LocalClient.cmd_cli通过轮询获取Job执行结果,将结果输出到终端。

环境说明

CentOS7.   64bit  linux-node1.example.com  192.168.56.11 (salt-master和salt-minion)
CentOS7. 64bit linux-node2.example.com 192.168.56.12 (salt-minion)
一,在192.168.56.11安装salt-master和salt-minion并启动master
[root@linux-node1 ~]# yum install -y salt-master salt-minion
[root@linux-node1 ~]# systemctl start salt-master
二,master上进入salt目录了解目录结构
[root@linux-node1 ~]# cd /etc/salt/
[root@linux-node1 salt]# ls
master minion pki
[root@linux-node1 salt]# tree pki/
pki/
└── master
├── master.pem #私钥
├── master.pub
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected directories, files
三,在192.168.56.12,修改minion配置文件master
[root@linux-node2 ~]# yum install -y salt-minion
[root@linux-node2 ~]vi /etc/salt/minion #修改master 和id默认是主机名
[root@linux-node2 salt]# grep -n ^master minion
:master: 192.168.56.11
[root@linux-node2 ~]#systemctl start salt-minion
#在node1上面做同样的设置
四,在192.168.56.11上面查看pki情况,显示已经有2个minion准备加入
[root@linux-node1 salt]# tree pki
pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre #minion启动以后给master发送申请,master在这里可以看到正在申请加入的minion-id
│ │ ├── linux-node1.example.com
│ │ └── linux-node2.example.com
│ └── minions_rejected
└── minion
├── minion.pem
└── minion.pub directories, files
五,在master上面接受minion加入
[root@linux-node1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [n/Y] Y
Key for minion linux-node1.example.com accepted.
Key for minion linux-node2.example.com accepted.
六,秘钥接受后,查看pki的密码变化,秘钥名称是和minionID名称一样(公钥)
[root@linux-node1 salt]# tree pki
pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions #已经进入到master的minion
│ │ ├── linux-node1.example.com
│ │ └── linux-node2.example.com
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre
│ └── minions_rejected
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub directories, files
七,在minion节点查看 master的公钥也给到了minion后面就可以正常通信
[root@linux-node2 salt]# tree pki/
pki/
└── minion
├── minion_master.pub #这个会传送给master,在master上面存放的文件名称是minionID
├── minion.pem
└── minion.pub
八,在master上面查看key的信任关系

[root@linux-node1 base]# salt-key -L
Accepted Keys:
linux-node1.example.com
linux-node2.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:

九,检查master和minion之间通信是否正常,如果返回True则说明正常
[root@linux-node1 ~]# salt "*" test.ping
linux-node1.example.com:
True
linux-node2.example.com:
True
十一,使用salt的执行模块进行维护管理

一般在公司使用会通过web界面包装定义作业,然后进行审批执行

[root@linux-node1 ~]# salt "*" cmd.run "w"    # "*" 是执行对象  cmd 是执行模块 run是cmd的方法 "w" 是方法的参数 也就是命令
linux-node2.example.com:
:: up :, user, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/ 192.168.56.1 : : .15s .15s -bash
linux-node1.example.com:
:: up :, user, load average: 0.01, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/ 192.168.56.1 : .00s .43s .32s /usr/bin/python /usr/bin/salt * cmd.run w
[root@linux-node1 ~]# salt "*" cmd.run "date"
linux-node2.example.com:
Sun Oct :: EDT
linux-node1.example.com:
Sun Oct :: EDT
十二,删除minon key
[root@linux-node1 base]# salt-key -D #全部删除 也可以加指定的minion id
The following keys are going to be deleted:
Accepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [N/y] Y
Key for minion linux-node1.example.com deleted.
Key for minion linux-node2.example.com deleted.
[root@linux-node1 base]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:
十三,查看salt调用cdm模块所在路径及salt的其它模块
[root@linux-node1 modules]# pwd
/usr/lib/python2./site-packages/salt/modules
[root@linux-node1 modules]# ls |grep cmd
cmdmod.py #用户执行的cmd模块
cmdmod.pyc
cmdmod.pyo
其它模块
[root@linux-node1 modules]# pwd
/usr/lib/python2./site-packages/salt/modules
[root@linux-node1 modules]# ls
aliases.py chef.py drbd.py grub_legacy.py ldapmod.py netbsd_sysctl.py postfix.py runit.py state.py win_dns_client.py
aliases.pyc chef.pyc drbd.pyc grub_legacy.pyc ldapmod.pyc netbsd_sysctl.pyc postfix.pyc runit.pyc state.pyc win_dns_client.pyc
aliases.pyo chef.pyo drbd.pyo grub_legacy.pyo ldapmod.pyo netbsd_sysctl.pyo postfix.pyo runit.pyo state.pyo win_dns_client.pyo
alternatives.py chocolatey.py ebuild.py guestfs.py linux_acl.py netscaler.py postgres.py rvm.py status.py win_file.py
alternatives.pyc chocolatey.pyc ebuild.pyc guestfs.pyc linux_acl.pyc netscaler.pyc postgres.pyc rvm.pyc status.pyc win_file.pyc
alternatives.pyo chocolatey.pyo ebuild.pyo guestfs.pyo linux_acl.pyo netscaler.pyo postgres.pyo rvm.pyo status.pyo win_file.pyo
apache.py cloud.py eix.py hadoop.py linux_lvm.py network.py poudriere.py s3.py sudo.py win_firewall.py
apache.pyc cloud.pyc eix.pyc hadoop.pyc linux_lvm.pyc network.pyc poudriere.pyc s3.pyc sudo.pyc win_firewall.pyc
apache.pyo cloud.pyo eix.pyo hadoop.pyo linux_lvm.pyo network.pyo poudriere.pyo s3.pyo sudo.pyo win_firewall.pyo
aptpkg.py cmdmod.py elasticsearch.py haproxyconn.py linux_sysctl.py neutron.py powerpath.py saltcloudmod.py supervisord.py win_groupadd.py
aptpkg.pyc cmdmod.pyc elasticsearch.pyc haproxyconn.pyc linux_sysctl.pyc neutron.pyc powerpath.pyc saltcloudmod.pyc supervisord.pyc win_groupadd.pyc
aptpkg.pyo cmdmod.pyo elasticsearch.pyo haproxyconn.pyo linux_sysctl.pyo neutron.pyo powerpath.pyo saltcloudmod.pyo supervisord.pyo win_groupadd.pyo
archive.py composer.py environ.py hashutil.py localemod.py nfs3.py ps.py saltutil.py svn.py win_ip.py
archive.pyc composer.pyc environ.pyc hashutil.pyc localemod.pyc nfs3.pyc ps.pyc saltutil.pyc svn.pyc win_ip.pyc
archive.pyo composer.pyo environ.pyo hashutil.pyo localemod.pyo nfs3.pyo ps.pyo saltutil.pyo svn.pyo win_ip.pyo
artifactory.py config.py eselect.py hg.py locate.py nftables.py publish.py schedule.py swift.py win_network.py
artifactory.pyc config.pyc eselect.pyc hg.pyc locate.pyc nftables.pyc publish.pyc schedule.pyc swift.pyc win_network.pyc
artifactory.pyo config.pyo eselect.pyo hg.pyo locate.pyo nftables.pyo publish.pyo schedule.pyo swift.pyo win_network.pyo
at.py container_resource.py etcd_mod.py hipchat.py logadm.py nginx.py puppet.py scsi.py sysbench.py win_ntp.py
at.pyc container_resource.pyc etcd_mod.pyc hipchat.pyc logadm.pyc nginx.pyc puppet.pyc scsi.pyc sysbench.pyc win_ntp.pyc
at.pyo container_resource.pyo etcd_mod.pyo hipchat.pyo logadm.pyo nginx.pyo puppet.pyo scsi.pyo sysbench.pyo win_ntp.pyo
augeas_cfg.py cpan.py event.py hosts.py logrotate.py nova.py pw_group.py sdb.py syslog_ng.py win_path.py
augeas_cfg.pyc cpan.pyc event.pyc hosts.pyc logrotate.pyc nova.pyc pw_group.pyc sdb.pyc syslog_ng.pyc win_path.pyc
augeas_cfg.pyo cpan.pyo event.pyo hosts.pyo logrotate.pyo nova.pyo pw_group.pyo sdb.pyo syslog_ng.pyo win_path.pyo
aws_sqs.py cp.py extfs.py htpasswd.py lvs.py npm.py pw_user.py seed.py sysmod.py win_pkg.py
aws_sqs.pyc cp.pyc extfs.pyc htpasswd.pyc lvs.pyc npm.pyc pw_user.pyc seed.pyc sysmod.pyc win_pkg.pyc
aws_sqs.pyo cp.pyo extfs.pyo htpasswd.pyo lvs.pyo npm.pyo pw_user.pyo seed.pyo sysmod.pyo win_pkg.pyo
blockdev.py cron.py file.py http.py lxc.py omapi.py pyenv.py selinux.py sysrc.py win_repo.py
blockdev.pyc cron.pyc file.pyc http.pyc lxc.pyc omapi.pyc pyenv.pyc selinux.pyc sysrc.pyc win_repo.pyc
blockdev.pyo cron.pyo file.pyo http.pyo lxc.pyo omapi.pyo pyenv.pyo selinux.pyo sysrc.pyo win_repo.pyo
bluez.py cyg.py firewalld.py ilo.py mac_group.py openbsdpkg.py qemu_img.py sensors.py systemd.py win_servermanager.py
bluez.pyc cyg.pyc firewalld.pyc ilo.pyc mac_group.pyc openbsdpkg.pyc qemu_img.pyc sensors.pyc systemd.pyc win_servermanager.pyc
bluez.pyo cyg.pyo firewalld.pyo ilo.pyo mac_group.pyo openbsdpkg.pyo qemu_img.pyo sensors.pyo systemd.pyo win_servermanager.pyo
boto_asg.py daemontools.py freebsdjail.py img.py macports.py openbsdrcctl.py qemu_nbd.py serverdensity_device.py system_profiler.py win_service.py
boto_asg.pyc daemontools.pyc freebsdjail.pyc img.pyc macports.pyc openbsdrcctl.pyc qemu_nbd.pyc serverdensity_device.pyc system_profiler.pyc win_service.pyc
boto_asg.pyo daemontools.pyo freebsdjail.pyo img.pyo macports.pyo openbsdrcctl.pyo qemu_nbd.pyo serverdensity_device.pyo system_profiler.pyo win_service.pyo
boto_cfn.py darwin_sysctl.py freebsdkmod.py incron.py mac_user.py openbsdservice.py quota.py service.py system.py win_shadow.py
boto_cfn.pyc darwin_sysctl.pyc freebsdkmod.pyc incron.pyc mac_user.pyc openbsdservice.pyc quota.pyc service.pyc system.pyc win_shadow.pyc
boto_cfn.pyo darwin_sysctl.pyo freebsdkmod.pyo incron.pyo mac_user.pyo openbsdservice.pyo quota.pyo service.pyo system.pyo win_shadow.pyo
boto_cloudwatch.py data.py freebsdpkg.py influx.py makeconf.py openbsd_sysctl.py rabbitmq.py shadow.py system_rest_sample.py win_status.py
boto_cloudwatch.pyc data.pyc freebsdpkg.pyc influx.pyc makeconf.pyc openbsd_sysctl.pyc rabbitmq.pyc shadow.pyc system_rest_sample.pyc win_status.pyc
boto_cloudwatch.pyo data.pyo freebsdpkg.pyo influx.pyo makeconf.pyo openbsd_sysctl.pyo rabbitmq.pyo shadow.pyo system_rest_sample.pyo win_status.pyo
boto_dynamodb.py ddns.py freebsdports.py ini_manage.py match.py openstack_config.py raet_publish.py slack_notify.py test.py win_system.py
boto_dynamodb.pyc ddns.pyc freebsdports.pyc ini_manage.pyc match.pyc openstack_config.pyc raet_publish.pyc slack_notify.pyc test.pyc win_system.pyc
boto_dynamodb.pyo ddns.pyo freebsdports.pyo ini_manage.pyo match.pyo openstack_config.pyo raet_publish.pyo slack_notify.pyo test.pyo win_system.pyo
boto_elasticache.py deb_apache.py freebsdservice.py __init__.py mdadm.py oracle.py random_org.py smartos_imgadm.py test_virtual.py win_timezone.py
boto_elasticache.pyc deb_apache.pyc freebsdservice.pyc __init__.pyc mdadm.pyc oracle.pyc random_org.pyc smartos_imgadm.pyc test_virtual.pyc win_timezone.pyc
boto_elasticache.pyo deb_apache.pyo freebsdservice.pyo __init__.pyo mdadm.pyo oracle.pyo random_org.pyo smartos_imgadm.pyo test_virtual.pyo win_timezone.pyo
boto_elb.py debconfmod.py freebsd_sysctl.py introspect.py memcached.py osxdesktop.py rbenv.py smartos_vmadm.py timezone.py win_update.py
boto_elb.pyc debconfmod.pyc freebsd_sysctl.pyc introspect.pyc memcached.pyc osxdesktop.pyc rbenv.pyc smartos_vmadm.pyc timezone.pyc win_update.pyc
boto_elb.pyo debconfmod.pyo freebsd_sysctl.pyo introspect.pyo memcached.pyo osxdesktop.pyo rbenv.pyo smartos_vmadm.pyo timezone.pyo win_update.pyo
boto_iam.py debian_ip.py fsutils.py ipmi.py mine.py pacman.py rdp.py smf.py tls.py win_useradd.py
boto_iam.pyc debian_ip.pyc fsutils.pyc ipmi.pyc mine.pyc pacman.pyc rdp.pyc smf.pyc tls.pyc win_useradd.pyc
boto_iam.pyo debian_ip.pyo fsutils.pyo ipmi.pyo mine.pyo pacman.pyo rdp.pyo smf.pyo tls.pyo win_useradd.pyo
boto_route53.py debian_service.py gem.py ipset.py modjk.py pagerduty.py redismod.py smtp.py tomcat.py xapi.py
boto_route53.pyc debian_service.pyc gem.pyc ipset.pyc modjk.pyc pagerduty.pyc redismod.pyc smtp.pyc tomcat.pyc xapi.pyc
boto_route53.pyo debian_service.pyo gem.pyo ipset.pyo modjk.pyo pagerduty.pyo redismod.pyo smtp.pyo tomcat.pyo xapi.pyo
boto_secgroup.py defaults.py genesis.py iptables.py mod_random.py pam.py reg.py softwareupdate.py twilio_notify.py xfs.py
boto_secgroup.pyc defaults.pyc genesis.pyc iptables.pyc mod_random.pyc pam.pyc reg.pyc softwareupdate.pyc twilio_notify.pyc xfs.pyc
boto_secgroup.pyo defaults.pyo genesis.pyo iptables.pyo mod_random.pyo pam.pyo reg.pyo softwareupdate.pyo twilio_notify.pyo xfs.pyo
boto_sns.py devmap.py gentoolkitmod.py jboss7_cli.py mongodb.py parted.py rest_package.py solaris_group.py upstart.py xmpp.py
boto_sns.pyc devmap.pyc gentoolkitmod.pyc jboss7_cli.pyc mongodb.pyc parted.pyc rest_package.pyc solaris_group.pyc upstart.pyc xmpp.pyc
boto_sns.pyo devmap.pyo gentoolkitmod.pyo jboss7_cli.pyo mongodb.pyo parted.pyo rest_package.pyo solaris_group.pyo upstart.pyo xmpp.pyo
boto_sqs.py dig.py gentoo_service.py jboss7.py monit.py pecl.py rest_sample.py solarisips.py useradd.py yumpkg.py
boto_sqs.pyc dig.pyc gentoo_service.pyc jboss7.pyc monit.pyc pecl.pyc rest_sample.pyc solarisips.pyc useradd.pyc yumpkg.pyc
boto_sqs.pyo dig.pyo gentoo_service.pyo jboss7.pyo monit.pyo pecl.pyo rest_sample.pyo solarisips.pyo useradd.pyo yumpkg.pyo
boto_vpc.py disk.py git.py junos.py moosefs.py pillar.py rest_service.py solarispkg.py uwsgi.py zcbuildout.py
boto_vpc.pyc disk.pyc git.pyc junos.pyc moosefs.pyc pillar.pyc rest_service.pyc solarispkg.pyc uwsgi.pyc zcbuildout.pyc
boto_vpc.pyo disk.pyo git.pyo junos.pyo moosefs.pyo pillar.pyo rest_service.pyo solarispkg.pyo uwsgi.pyo zcbuildout.pyo
brew.py djangomod.py glance.py keyboard.py mount.py pip.py ret.py solaris_shadow.py varnish.py zfs.py
brew.pyc djangomod.pyc glance.pyc keyboard.pyc mount.pyc pip.pyc ret.pyc solaris_shadow.pyc varnish.pyc zfs.pyc
brew.pyo djangomod.pyo glance.pyo keyboard.pyo mount.pyo pip.pyo ret.pyo solaris_shadow.pyo varnish.pyo zfs.pyo
bridge.py dnsmasq.py glusterfs.py key.py munin.py pkgin.py rh_ip.py solaris_user.py vbox_guest.py zk_concurrency.py
bridge.pyc dnsmasq.pyc glusterfs.pyc key.pyc munin.pyc pkgin.pyc rh_ip.pyc solaris_user.pyc vbox_guest.pyc zk_concurrency.pyc
bridge.pyo dnsmasq.pyo glusterfs.pyo key.pyo munin.pyo pkgin.pyo rh_ip.pyo solaris_user.pyo vbox_guest.pyo zk_concurrency.pyo
bsd_shadow.py dnsutil.py gnomedesktop.py keystone.py mysql.py pkgng.py rh_service.py solr.py virt.py znc.py
bsd_shadow.pyc dnsutil.pyc gnomedesktop.pyc keystone.pyc mysql.pyc pkgng.pyc rh_service.pyc solr.pyc virt.pyc znc.pyc
bsd_shadow.pyo dnsutil.pyo gnomedesktop.pyo keystone.pyo mysql.pyo pkgng.pyo rh_service.pyo solr.pyo virt.pyo znc.pyo
btrfs.py dockerio.py gpg.py kmod.py nacl.py pkg_resource.py riak.py splunk_search.py virtualenv_mod.py zpool.py
btrfs.pyc dockerio.pyc gpg.pyc kmod.pyc nacl.pyc pkg_resource.pyc riak.pyc splunk_search.pyc virtualenv_mod.pyc zpool.pyc
btrfs.pyo dockerio.pyo gpg.pyo kmod.pyo nacl.pyo pkg_resource.pyo riak.pyo splunk_search.pyo virtualenv_mod.pyo zpool.pyo
cassandra_cql.py dpkg.py grains.py launchctl.py nagios.py pkgutil.py rpm.py sqlite3.py win_autoruns.py zypper.py
cassandra_cql.pyc dpkg.pyc grains.pyc launchctl.pyc nagios.pyc pkgutil.pyc rpm.pyc sqlite3.pyc win_autoruns.pyc zypper.pyc
cassandra_cql.pyo dpkg.pyo grains.pyo launchctl.pyo nagios.pyo pkgutil.pyo rpm.pyo sqlite3.pyo win_autoruns.pyo zypper.pyo
cassandra.py drac.py groupadd.py layman.py netbsdservice.py portage_config.py rsync.py ssh.py win_disk.py
cassandra.pyc drac.pyc groupadd.pyc layman.pyc netbsdservice.pyc portage_config.pyc rsync.pyc ssh.pyc win_disk.pyc
cassandra.pyo drac.pyo groupadd.pyo layman.pyo netbsdservice.pyo portage_config.pyo rsync.pyo ssh.pyo win_disk.pyo

更多salt使用的模块

十四,日志文件路径,必要是可以开机debug模式排查问题
[root@linux-node1 base]# tailf /var/log/salt/master 

更改minion_id步骤

1.停止salt-minion 如果不停止会一直给master发消息
2.master上面salt-key 删除老的id   salt-key -d minionid
3.mininon上删除/etc/salt/minion_id  rm -f /etc/salt/minion_id
4.删除minion端/etc/salt/pki   rm -rf /etc/salt/pki
5.minion上配置文件修改id
6.启动minion
7.master重新salt-key加入

05-11 13:50