三 saltstack 任務管理和集群
https://www.unixhot.com/docs/saltstack/ref/modules/all/salt.modules.saltutil.html#module-salt.modules.saltutil
1 任務管理
1.1 查看正在運行的任務
[root@salt-node4 ~]# salt ‘*‘ saltutil.running salt-node4.damaicha.org-204: |_ ---------- arg: fun: state.highstate jid: 20170318082805017980 pid: 52413 ret: tgt: * tgt_type: glob user: root test-node3.damaicha.org-203: |_ ---------- arg: fun: state.highstate jid: 20170318082805017980 pid: 44995 ret: tgt: * tgt_type: glob user: root [root@salt-node4 ~]#
1.2 停止正在運行中的任務
[root@salt-node4 ~]# salt ‘*‘ saltutil.kill_job 20170318082805017980
2 將master上返回的結果寫在數據庫裏。
前面使用了插件,讓Minnion的數據寫到數據庫裏。
現在讓master上的數據直接寫在文件裏。
返回的數據在這裏/var/cache/salt/master/jobs 是他自己的保存方式。
-
安裝 MySQL-python
[root@salt-node4 ~]# yum -y install MySQL-python
- 修改master配置文件,在文件結尾處添加如下:
salt庫裏的相關的建表語句請看salt一第一部分總結筆記
mysql.host: ‘127.0.0.1‘
mysql.user: ‘salt‘
mysql.pass: ‘salt@pw‘
mysql.db: ‘salt‘
mysql.port: 3306
重啟master服務,讓配置文件生效。
systemctl restart salt-master
3、測試。
[root@salt-node4 /srv]# mysql -usalt -psalt@pw
...
MariaDB [(none)]> select * from salt.salt_returns;
...
3 job 和 runner
https://www.unixhot.com/docs/saltstack/ref/modules/all/salt.modules.saltutil.html#module-salt.modules.saltutil
3.1 job
查看job cache裏的數據
salt-run jobs.list_jobs
查看之前執行job的返回內容
salt-run jobs.lookup_jid jid號
例子:
[root@salt-node4 /srv]# salt-run jobs.list_jobs
20170318125522221559:
----------
Arguments:
- ifconfig
Function:
cmd.run
StartTime:
2017, Mar 18 12:55:22.221559
Target:
*
Target-type:
glob
User:
root
20170318125618022528:
----------
Arguments:
- ifconfig
Function:
cmd.run
StartTime:
2017, Mar 18 12:56:18.022528
Target:
test-*
Target-type:
glob
User:
root
20170318125633831619:
----------
Arguments:
- ifconfig
Function:
cmd.run
StartTime:
2017, Mar 18 12:56:33.831619
Target:
test-*
Target-type:
glob
User:
root
[root@salt-node4 /srv]# salt-run jobs.lookup_jid 20170318125633831619
test-node3.damaicha.org-203:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.203 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fe79:7aa7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:79:7a:a7 txqueuelen 1000 (Ethernet)
RX packets 608231 bytes 219740452 (209.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 452636 bytes 99942459 (95.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 187130 bytes 13223278 (12.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 187130 bytes 13223278 (12.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.2 runner
查看minion的狀態
[root@salt-node4 /srv]# salt-run manage.status
down:
up:
- test-node3.damaicha.org-203
- salt-node4.damaicha.org-204
查看正常連接的minion
[root@salt-node4 /srv]# salt-run manage.up
- test-node3.damaicha.org-203
- salt-node4.damaicha.org-204
查看down掉的minion
[root@salt-node4 /srv]# salt-run manage.down
查看minion的版本
[root@salt-node4 /srv]# salt-run manage.versions
Master:
2016.11.3
Up to date:
----------
salt-node4.damaicha.org-204:
2016.11.3
test-node3.damaicha.org-203:
2016.11.3
2 無Master和多Master
1 masterless 無master
files_roots pillar_roots 和master的一樣,區別在預不從master獲取數據,改成了從本地。
1 修改minion的配置文件。
[root@test-node3 ~]# vim /etc/salt/minion
..
530 file_client: local
..
[root@test-node3 ~]# systemctl restart salt-minion
2 測試
[root@test-node3 ~]# salt-call test.ping
local:
True
2 多master
需要註意的事項。
1 需要共享的東西(使用nfs),結合git做版本管理。
<br/>keys: master minion<br/>file_roots裏的所有文件<br/>pillar_root <br/>
####2 minion的配置。
- 10.0.0.203
- 10.0.0.204
3 Syndic
1 邏輯圖
2 原理
發布任務:將先生要幹一件事,他將要做的事情傳給sydic(小秘),sydic再將要做的事情給陳浩南,陳浩南收到信息後再將事情指派給下面的小弟去做。
返回數據: 小弟幹完事情後,將結果反饋給陳浩南,此時小秘(sydic)和陳浩南在一塊,小秘聽到後將消息轉給蔣先生(不需要陳浩南反饋)
3 應用場景
多機房
註意:syndic的file_roots pilar_roots必須和saltmaster的保持高度一致。
4 配置安裝
4.1角色部署
10.0.0.204 saltmaster+syndic minion
10.0.0.203 saltmaster 將先生
4.2 安裝salt-syndic 10.0.0.204
[root@salt-node4 ~]# yum -y install salt-syndic
4.3 修改master配置文件,告訴陳浩南老大是將先生。10.0.0.204
[root@salt-node4 ~]# vim /etc/salt/maste
...
865 syndic_master: 10.0.0.203
...
[root@salt-node4 ~]# systemctl restart salt-master
[root@salt-node4 ~]# systemctl start salt-syndic
4.4 修改master配置文件,告訴將先生,小弟是陳浩南。10.0.0.203
[root@test-node3 ~]# vim /etc/salt/master
...
857 order_masters: True
...
[root@test-node3 ~]# systemctl restart salt-master
4.5 接受saltmaster+syndic 發來的key(收小弟)
[root@test-node3 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt-node4.damaicha.org-204
Proceed? [n/Y] y
Key for minion salt-node
測試
[root@test-node3 ~]# salt ‘*‘ test.ping
salt-node4.damaicha.org-204:
True
test-node3.damaicha.org-203:
True
##4 saltstack-SSH
1 安裝salt-ssh
[root@salt-node4 ~]# yum -y install salt-ssh
2 編輯配置文件/etc/salt/roster
[root@salt-node4 ~]# vim /etc/salt/roster
#添加如下:
test-node3.damaicha.org-203:
host: 10.0.0.204
user: root
passwd: 123..abc
port: 52113
salt-node4.damaicha.org-204:
host: 10.0.0.203
user: root
passwd: 123..abc
port: 52113
3 測試
# 執行相當於c/s模式時的cmd.run (第一次使用時,這麽玩。)
[root@salt-node4 ~]# salt-ssh ‘*‘ -r ‘ifconfig‘ -i
# 執行高級狀態
[root@salt-node4 ~]# salt-ssh ‘*‘ state.highstate
拓展
拓展:
關閉ssh,key更換時提示的錯誤信息。
cd ~/.ssh
echo StricHostKeyChecking no >config
5 API
配置步驟
- https 證書
- 配置文件
- 驗證。使用pam驗證
- 啟動salt-api
https://www.unixhot.com/docs/saltstack/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt
1 安裝https證書(生產環境是需要購買的)
# 新建本地用戶,後面調用api的時候會用到
[root@salt-node4 ~]# useradd -M -s /sbin/nologin saltapi
[root@salt-node4 ~]# echo ‘saltapi‘|passwd --stdin saltapi
# 本機產生https證書
[root@salt-node4 ~]# cd /etc/pki/tls/certs/
[root@salt-node4 /etc/pki/tls/certs]# make testcert 密碼123123 然後一路回車
[root@salt-node4 /etc/pki/tls/certs]# cd /etc/pki/tls/private/
[root@salt-node4 /etc/pki/tls/private]# openssl rsa -in localhost.key -out salt_nopass.key 密碼是123123
[root@salt-node4 /etc/pki/tls/private]# ls
localhost.key salt_nopass.key
2 安裝CherryPy 和saltapi
[root@salt-node4 ~]# yum -y install python-pip salt-api
[root@salt-node4 ~]# pip install --upgrade pip
[root@salt-node4 ~]# pip install CherryPy==3.2.6 ``# ps: 如果不能安裝這個版本就用yum來進行安裝 yum install python-cherry*``
我遇到的梗:如果salt-api啟動報錯,記得看日誌。如果是cherrypy的問題,就重裝pip install CherryPy
拓展:
[root@salt-node4 ~]# vim .pip/pip.conf
#更新pip源為淘寶的:
[global]
index-url = http://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
3 修改master配置文件
[root@salt-node4 ~]# vim /etc/salt/master
...
12 default_include: master.d/*.conf
...
[root@salt-node4 ~]# cd /etc/salt/master.d/
[root@salt-node4 /etc/salt/master.d]# vim api.conf
rest_cherrypy:
host: 10.0.0.204
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/salt_nopass.key
[root@salt-node4 /etc/salt/master.d]# vim eauth.conf
[root@salt-node4 /etc/salt/master.d]# cat eauth.conf
external_auth:
pam:
saltapi:
- .* # 代表能執行所有模塊
- ‘@wheel‘ # 代表salt-key
- ‘@runner‘ # runner看機器是否存活。
重啟saltmaster 和api
[root@salt-node4 /etc/salt/master.d]# systemctl restart salt-master
[root@salt-node4 /etc/salt/master.d]# systemctl restart salt-api
4 獲取token
[root@salt-node4 master.d]# curl -k https://10.0.0.204:8000/login -H "Accept: application/x-yaml" -d username=‘saltapi‘ -d password=‘saltapi‘ -d eauth=‘pam‘
-----
return:
- eauth: pam
expire: 1490041767.050187
perms:
- .*
- ‘@wheel‘
- ‘@runner‘
start: 1489998567.050187
token: 3d625f75a04cb066e7d1f975d140ff5f96a56a47
user: saltapi
獲得token後,我們使用獲得的token查詢minion的10.0.0.203的信息。它返回的是一個字典
curl -k https://10.0.0.204:8000/minions/test-node3.damaicha.org-203 -H "Accept: application/x-yaml" -H ‘X-Auth-Token: 3d625f75a04cb066e7d1f975d140ff5f96a56a47‘
通過runner查看那些機器活著
curl -k https://10.0.0.204:8000 -H "Accept: application/x-yaml" -H ‘X-Auth-Token: ef0b60cceb33fd66ab1ab3a8344671c461445d1c‘ -d client=‘runner‘ -d fun=‘manage.status‘
--------------
return:
- down: []
up:
- test-node3.damaicha.org-203
- salt-node4.damaicha.org-204
test.ping
[root@test-node3 sysconfig]# curl -k https://10.0.0.204:8000 -H "Accept: application/x-yaml" -H ‘X-Auth-Token: ef0b60cceb33fd66ab1ab3a8344671c461445d1c‘ -d client=‘local‘ -d tgt=‘*‘ -d fun=‘test.ping‘
----
return:
- salt-node4.damaicha.org-204: true
test-node3.damaicha.org-203: true
執行高級狀態,有同步和異步,下面的是同步的比較慢。異步的是async
curl -k https://10.0.0.204:8000 -H "Accept: application/x-yaml" -H ‘X-Auth-Token: ef0b60cceb33fd66ab1ab3a8344671c461445d1c‘ -d client=‘local‘ -d tgt=‘*‘ -d fun=‘state.highstate‘
查看jobs
curl -k https://10.0.0.204:8000/jobs -H "Accept: application/x-yaml" -H ‘X-Auth-Token: ef0b60cceb33fd66ab1ab3a8344671c461445d1c‘
查看指定的jid 的執行內容
curl -k https://10.0.0.204:8000/jobs/20170320163206321875 -H "Accept: application/x-yaml" -H ‘X-Auth-Token: 3d625f75a04cb066e7d1f975d140ff5f96a56a47‘
推薦oms
https://github.com/binbin91/oms
dashboard推薦
https://github.com/yueyongyue/saltshaker
三 saltstack 任務管理和集群