SaltStack 工具SaltStack 工具 SaltStack基于Python开发的一套C/S架构配置管理工具。

SaltStack 工具

官方文档：docs.saltproject.io/en/latest/c… docs.saltproject.io/salt/instal… docs.saltproject.io/salt/instal…

SaltStack基于Python开发的一套C/S架构配置管理工具。使用SSL证书签发的方式进行认证管理。可以对主机进行集中管理、文件发布、数据采集、软件包管理等配置管理操作。有利于运维人员提高工作效率，规范业务配置和操作。是常见的自动化运维利器。

Saltstack组成

Master是服务端，用于操作调度Minion。
Minion是客户端，接收来自Master的指令并执行。

服务端口

4505 Master和Minion的认证通信端口。（当客户端启动后，会主动向Masteri端注册）
4506 Master与Minion指令交互端口.

配置部署

一台salt-master,多台salt-minion。

centos8 部署

sudo rpm --import https://repo.saltproject.io/salt/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo

sudo yum install salt-master
sudo yum install salt-minion
sudo yum install salt-ssh
sudo yum install salt-syndic
sudo yum install salt-cloud
sudo yum install salt-api


############ salt-master
sudo systemctl enable salt-master && sudo systemctl start salt-master
sudo systemctl enable salt-syndic && sudo systemctl start salt-syndic
sudo systemctl enable salt-api && sudo systemctl start salt-api

# netstat -anlpt | grep 450 
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 169619/python3.6 
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 169625/python3.6


############ salt-minion
# vi /etc/salt/minion 
master: 192.168.1.200

sudo systemctl enable salt-minion && sudo systemctl start salt-minion

centos7 部署

docs.saltproject.io/salt/instal…

sudo rpm --import https://repo.saltproject.io/salt/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo

#  classic packages of Salt on CentOS 7
# sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
# curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo

sudo yum install salt-master
sudo yum install salt-minion
sudo yum install salt-ssh
sudo yum install salt-syndic
sudo yum install salt-cloud
sudo yum install salt-api

sudo systemctl enable salt-master && sudo systemctl start salt-master
sudo systemctl enable salt-minion && sudo systemctl start salt-minion
sudo systemctl enable salt-syndic && sudo systemctl start salt-syndic
sudo systemctl enable salt-api && sudo systemctl start salt-api

salt-api配置

useradd saltapi 
passwd saltapi ## 设置密码 123456

yum -y install salt-api

vi /etc/salt/master.d/api.conf 
external_auth:
    pam:
        saltapi:
            - .*
            - '@wheel'
            - '@runner'

rest_cherrypy:
    port: 8000
    disable_ssl: true
    host: 0.0.0.0

systemctl restart salt-master
systemctl restart salt-api


##########  API(success)
# curl -k http://127.0.0.1:8000/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123456' -d eauth='pam'
return:
- eauth: pam
    expire: 1619230016.3118818
    perms:
    - .*
    - '@wheel'
    - '@runner'
    start: 1619186816.3118815
    token: 01049ff981bc7dae25fdd27875e09afd6cd34989
    user: saltapi

salt-master认证salt-minion

docs.saltproject.io/salt/instal…

Flag	Description
-a	Accepts a specific minion’s key. The -a flag needs to be followed by an argument that includes the ID of the minion key that you want to accept.
-A	Accepts all keys.
-d <minion_id>	Deletes a specific minion’s key. The -d flag needs to be followed by an argument that includes the ID of the minion key that you want to delete.
-L	Lists all minion IDs.

#删除单个key
salt-key -d web1

#删除所有key
salt-key -D

#匹配删除
salt-key -d 'web*'

#查看salt-minion的key
salt-key -L

#认证salt-minion
salt-key -a  salt.master.com

操作命令

#检查集群连接和版本
salt '*' test.version

## 模块使用 
salt '*' sys.doc cmd.run 

## 分发文件 
salt-cp 'node01.zy.com' /etc/hosts  /tmp/hosts
salt-cp -L "node01.zy.com,node02.zy.com" /etc/hosts /tmp/hosts

## 执行命令
salt '*' cmd.run "ls -l | awk '/foo/{print \$2}'"