saltstack 从入门到使用实战

1.saltstack安装配置及测试

一.安装部署
1.Master端:
 yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm
 yum clean expire-cache  && yum update -y
 yum -y install salt-master  && yum -y install salt-minion
 systemctl start salt-master #启动salt-master  
 systemctl enable salt-master
 
 
2.Minion端:
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm 
yum clean expire-cache  && yum update -y  && yum -y install salt-minion

systemctl start salt-minion
systemctl enable salt-minion

二.初步配置
1.Master端配置:
[root@linux-master1 ~]# vim /etc/salt/master //修改下面几行 (由于这个文件内容默认全部注释的,所以可以直接情清空该文件,然后复制下面内容。但是记住配置的格式不能错!!)
interface: 192.168.1.181 //绑定主控端master的ip,冒号后必须空一格
auto_accept: True //当该项配置成True时表示自动认证,就不需要手动运行salt-key命令进行证书信任
file_roots: //指定saltstack文件根目录位置
base: //前面必须留两个空格
- /srv/salt //前面必须留四个空格

	[root@linux-master1 ~]# systemctl restart salt-master
	Starting salt-master daemon: [ OK ]
	
	
	(如果master端也想管控自己,可以配置自己的monion)




2.Minion端配置:
	[root@linux-node1 ~]# vim /etc/salt/minion         //修改下面几行                      
	master: 192.168.1.181          //指定主控端master的ip地址,冒号后必须空一格(可以是主机名)
	id: minion-192-168-1-173     //唯一标识符,可以不配,不配默认就是主机名,修改被控端monion主机识别id,建议使用主机名或ip来设置,冒号后必须空一格
	
	[root@linux-node2 ~]# systemctl start salt-minion
	Starting salt-minion daemon: [ OK ]

三.测试初步配置通畅性
1.查看当前的salt key信息
[root@zabbix ~]# salt-key -L
Accepted Keys:
minion-dev12-192.168.1.173
minion-test-xktest001-192.168.1.114
minion-testcat001-192.168.1.48
Denied Keys:
Unaccepted Keys:
Rejected Keys:

2.测试被控主机的连通性
[root@zabbix ~]# salt '*' test.ping
	minion-dev12-192.168.1.173:
		True
	minion-testcat001-192.168.1.48:
		True
	minion-test-xktest001-192.168.1.114:
		True
		

c)远程命令执行(cmd模块),格式:salt  'client配置的id' 模块.方法  '命令参数'           (其中'*'表示所有的client)
[root@linux-master1 ~]# salt '*' cmd.run 'uptime'
[root@zabbix ~]# salt '*' cmd.run 'uptime'
minion-dev12-192.168.1.173:
	 16:58:52 up 701 days,  2:47,  1 user,  load average: 0.27, 0.25, 0.28
minion-testcat001-192.168.1.48:
	 16:58:52 up 189 days,  1:11,  1 user,  load average: 1.58, 1.62, 1.46
minion-test-xktest001-192.168.1.114:
	 16:58:52 up 159 days, 43 min,  1 user,  load average: 0.02, 0.16, 0.29







####.关于修改minion的id后,无法连通问题:
	minion配置中有一个id配置,默认是hostname,如果id配置和hostname不一致会导致无法进行通信,那么当hostname做了修改,或者错误的时候该怎么配置呢?
	①关闭salt-minion  
	②salt-key -d id  在master上删除minion的id  
	③minion上删除pki目录 rm -f /etc/salt/pki/minion/*

	④minion上删除minion_id文件 [id: minion-dev12-192.168.1.173]
	⑤修改完成,启动minion
	#此处必须先停掉minion修改,并删除相应的文件,否则会默认地去查找原先的配置,已踩坑

	#以下是刚装完查看minion_id变成了www.test123.com。进行修改成linux-node2.example.com
	[root@linux-node2 salt]# cat minion_id 
	www.test123.com
	[root@linux-node2 salt]# systemctl stop salt-minion
	[root@linux-node2 salt]# rm -rf pki
	[root@linux-node2 salt]# rm -rf minion_id 
	[root@linux-node2 salt]# systemctl start salt-minion
	[root@linux-node2 salt]# cat minion_id 
	linux-node2.example.com

2.saltstack常见使用模块介绍

四.saltstack 常见使用方式

1.利用Saltstack远程执行命令
saltstack的一个比较突出优势就是具备执行远程命令的功能。操作方法与func相似,可以帮助运维人员完成集中化的操作平台。
命令格式: slat '<操作目标>' <方法> [参数]

	salt '*' cmd.run 'df -h'
	salt '*' cmd.run 'uptime'
	salt '*' cmd.run 'free -m'
	
	salt-cp命令  远程批量传输文件

	1): -E  
	通过正则表达式进行匹配。
		示例:查看被控制端minion-test*字符开头的主机id名是否连通。
		[root@zabbix ~]# salt -E '^minion-test*' test.ping
		minion-testcat001-192.168.1.48:
			True
		minion-test-xktest001-192.168.1.114:
			True
		
	2):-L:--list        
	以主机id名列表的形式进行过滤,格式与Python的列表相似,即不同主机id名称使用逗号分隔。

		示例:获取主机id名为minion-testcat001-192.168.1.48,minion-test-xktest001-192.168.1.114 获取完整操作系统发行版名称。
		[root@zabbix ~]# salt -L 'minion-testcat001-192.168.1.48,minion-test-xktest001-192.168.1.114' grains.item osfullname
		minion-testcat001-192.168.1.48:
			----------
			osfullname:
				CentOS Linux
		minion-test-xktest001-192.168.1.114:
			----------
			osfullname:
				CentOS Linux
				
	3):-G:--grain    【常见重要使用模块】

	    根据被控主机的grains信息(grains是saltstack重要组件之一,重要作用是收集被控主机的基本系统信息)进行匹配过滤,格式为'<grain value>:<glob expression>'。


	    3.1):grains常见查询:
	    [root@zabbix ~]# salt 'minion-test*'  grains.ls
		minion-testcat001-192.168.1.48:
		    - SSDs
		    - biosreleasedate
		    - biosversion
		    - cpu_flags
		    - cpu_model
		    - cpuarch
		    - cwd
		    - disks
		    - dns
		    - domain
		    - fqdn
		    - fqdn_ip4
		    - fqdn_ip6
		    - fqdns
		    - gid
		    - gpus
		    - groupname
		    - host
		    - hwaddr_interfaces
		    - id
		    - init
		    - ip4_gw
		    - ip4_interfaces
		    - ip6_gw
		    - ip6_interfaces
		    - ip_gw
		    - ip_interfaces
		    - ipv4
		    - ipv6
		    - kernel
		    - kernelrelease
		    - kernelversion
		    - locale_info
		    - localhost
		    - lsb_distrib_codename
		    - lsb_distrib_id
		    - machine_id
		    - manufacturer
		    - master
		    - mdadm
		    - mem_total
		    - nodename
		    - num_cpus
		    - num_gpus
		    - os
		    - os_family
		    - osarch
		    - oscodename
		    - osfinger
		    - osfullname
		    - osmajorrelease
		    - osrelease
		    - osrelease_info
		    - path
		    - pid
		    - productname
		    - ps
		    - pythonexecutable
		    - pythonpath
		    - pythonversion
		    - saltpath
		    - saltversion
		    - saltversioninfo
		    - selinux
		    - serialnumber
		    - server_id
		    - shell
		    - swap_total
		    - systemd
		    - uid
		    - username
		    - uuid
		    - virtual
		    - zfs_feature_flags
		    - zfs_support
		    - zmqversion



	    [root@zabbix ~]# salt 'minion-test*'  grains.items
		minion-testcat001-192.168.1.48:
		    ----------
		    SSDs:
		    biosreleasedate:
		        04/01/2014
		    biosversion:
		        rel-1.10.2-0-g5f4c7b1-20181220_000000-szxrtosci10000
		    cpu_flags:
		        - fpu
		        - vme
		        - de
		        - pse
		        - tsc
		        - msr
		        - pae
		        - mce
		        - cx8
		        - apic
		        - sep
		        - mtrr
		        - pge
		        - mca
		        - cmov
		        - pat
		        - pse36
		        - clflush
		        - mmx
		        - fxsr
		        - sse
		        - sse2
		        - ss
		        - ht
		        - syscall
		        - nx
		        - pdpe1gb
		        - rdtscp
		        - lm
		        - constant_tsc
		        - rep_good
		        - nopl
		        - xtopology
		        - nonstop_tsc
		        - eagerfpu
		        - pni
		        - pclmulqdq
		        - ssse3
		        - fma
		        - cx16
		        - pcid
		        - sse4_1
		        - sse4_2
		        - x2apic
		        - movbe
		        - popcnt
		        - tsc_deadline_timer
		        - aes
		        - xsave
		        - avx
		        - f16c
		        - rdrand
		        - hypervisor
		        - lahf_lm
		        - abm
		        - 3dnowprefetch
		        - invpcid_single
		        - ssbd
		        - ibrs
		        - ibpb
		        - stibp
		        - fsgsbase
		        - tsc_adjust
		        - bmi1
		        - hle
		        - avx2
		        - smep
		        - bmi2
		        - erms
		        - invpcid
		        - rtm
		        - mpx
		        - avx512f
		        - avx512dq
		        - rdseed
		        - adx
		        - smap
		        - clflushopt
		        - clwb
		        - avx512cd
		        - avx512bw
		        - avx512vl
		        - xsaveopt
		        - xsavec
		        - xgetbv1
		        - arat
		        - md_clear
		        - spec_ctrl
		        - intel_stibp
		        - flush_l1d
		    cpu_model:
		        Intel(R) Xeon(R) Gold 6161 CPU @ 2.20GHz
		    cpuarch:
		        x86_64
		    cwd:
		        /
		    disks:
		        - vda
		    dns:
		        ----------
		        domain:
		        ip4_nameservers:
		            - 100.125.17.29
		            - 100.125.135.29
		        ip6_nameservers:
		        nameservers:
		            - 100.125.17.29
		            - 100.125.135.29
		        options:
		            - single-request-reopen
		        search:
		            - openstacklocal
		        sortlist:
		    domain:
		        localdomain
		    fqdn:
		        localhost.localdomain
		    fqdn_ip4:
		        - 127.0.0.1
		    fqdn_ip6:
		        - ::1
		    fqdns:
		    gid:
		        0
		    gpus:
		        |_
		          ----------
		          model:
		              GD 5446
		          vendor:
		              unknown
		    groupname:
		        root
		    host:
		        localhost
		    hwaddr_interfaces:
		        ----------
		        eth0:
		            fa:16:3e:61:e9:24
		        lo:
		            00:00:00:00:00:00
		    id:
		        minion-testcat001-192.168.1.48
		    init:
		        systemd
		    ip4_gw:
		        192.168.1.1
		    ip4_interfaces:
		        ----------
		        eth0:
		            - 192.168.1.48
		        lo:
		            - 127.0.0.1
		    ip6_gw:
		        False
		    ip6_interfaces:
		        ----------
		        eth0:
		            - fe80::f816:3eff:fe61:e924
		        lo:
		            - ::1
		    ip_gw:
		        True
		    ip_interfaces:
		        ----------
		        eth0:
		            - 192.168.1.48
		            - fe80::f816:3eff:fe61:e924
		        lo:
		            - 127.0.0.1
		            - ::1
		    ipv4:
		        - 127.0.0.1
		        - 192.168.1.48
		    ipv6:
		        - ::1
		        - fe80::f816:3eff:fe61:e924
		    kernel:
		        Linux
		    kernelrelease:
		        3.10.0-1062.12.1.el7.x86_64
		    kernelversion:
		        #1 SMP Tue Feb 4 23:02:59 UTC 2020
		    locale_info:
		        ----------
		        defaultencoding:
		            UTF-8
		        defaultlanguage:
		            en_US
		        detectedencoding:
		            UTF-8
		        timezone:
		            unknown
		    localhost:
		        cat-test
		    lsb_distrib_codename:
		        CentOS Linux 7 (Core)
		    lsb_distrib_id:
		        CentOS Linux
		    machine_id:
		        ef219b153e8049718c374985be33c24e
		    manufacturer:
		        OpenStack Foundation
		    master:
		        192.168.1.181
		    mdadm:
		    mem_total:
		        7820
		    nodename:
		        cat-test
		    num_cpus:
		        4
		    num_gpus:
		        1
		    os:
		        CentOS
		    os_family:
		        RedHat
		    osarch:
		        x86_64
		    oscodename:
		        CentOS Linux 7 (Core)
		    osfinger:
		        CentOS Linux-7
		    osfullname:
		        CentOS Linux
		    osmajorrelease:
		        7
		    osrelease:
		        7.8.2003
		    osrelease_info:
		        - 7
		        - 8
		        - 2003
		    path:
		        /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
		    pid:
		        13036
		    productname:
		        OpenStack Nova
		    ps:
		        ps -efHww
		    pythonexecutable:
		        /usr/bin/python
		    pythonpath:
		        - /usr/bin
		        - /usr/lib/python2.7/site-packages/setuptools-19.6.2-py2.7.egg
		        - /usr/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg
		        - /usr/lib/python2.7/site-packages/cloud_init-0.7.9-py2.7.egg
		        - /usr/lib64/python27.zip
		        - /usr/lib64/python2.7
		        - /usr/lib64/python2.7/plat-linux2
		        - /usr/lib64/python2.7/lib-tk
		        - /usr/lib64/python2.7/lib-old
		        - /usr/lib64/python2.7/lib-dynload
		        - /usr/lib64/python2.7/site-packages
		        - /usr/lib/python2.7/site-packages
		    pythonversion:
		        - 2
		        - 7
		        - 5
		        - final
		        - 0
		    saltpath:
		        /usr/lib/python2.7/site-packages/salt
		    saltversion:
		        3000.5
		    saltversioninfo:
		        - 3000
		        - 5
		    selinux:
		        ----------
		        enabled:
		            False
		        enforced:
		            Disabled
		    serialnumber:
		        acc3aa91-3bdb-4900-90a8-4d49b7e7c136
		    server_id:
		        1515288221
		    shell:
		        /bin/sh
		    swap_total:
		        7999
		    systemd:
		        ----------
		        features:
		            +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
		        version:
		            219
		    uid:
		        0
		    username:
		        root
		    uuid:
		        bf942ead-97b5-439a-b625-93ffb3cf3bce
		    virtual:
		        kvm
		    zfs_feature_flags:
		        False
		    zfs_support:
		        False
		    zmqversion:
		        4.1.4


		[root@zabbix ~]# salt 'minion-test*'  grains.item os
		minion-test-xktest001-192.168.1.114:
		    ----------
		    os:
		        CentOS
		minion-testcat001-192.168.1.48:
		    ----------
		    os:
		        CentOS




		3.2):grains 正则匹配
			示例:获取主机发行版本为7.2的Python版本号
			[root@zabbix ~]# salt -G 'osrelease:7.2.*' cmd.run 'python -V'
			minion-dev12-192.168.1.173:
				Python 2.7.5
				
			[root@zabbix ~]# salt --grain-pcre  'osrelease:7.*' cmd.run 'python -V'
			minion-dev12-192.168.1.173:
				Python 2.7.5
			minion-testcat001-192.168.1.48:
				Python 2.7.5
			minion-test-xktest001-192.168.1.114:
				Python 2.7.5


		3.3):自定义grain
			*在minion上进行配置grains ,重启systemctl restart salt-minion 
				grains:
				  roles:
				    - webserver
				    - memcache
				  deployment: datacenter4
				  cabinet: 13
				  cab_u: 14-15
				  
			* 在master上查询是否添加上了自定义的grains
			salt 'minion-test-xktest001-192.168.1.114'  grains.items

			 cab_u:
    			14-15
		    cabinet:
		        13
			deployment:
    			datacenter4

			 roles:
		        - webserver
		        - memcache  






	4):-I:--pillar  【常见重要使用模块】

		#使用场景: 
			a.敏感数据
			b.定时执行任务





		#根据被控主机的pillar(作用是定义与被控主机相关的任何数据,定义好的数据可以被其他组件使用)信息进行过滤匹配.
		格式为'对象名称:对象值',比如过滤所有具备'apache:httpd' pillar值的主机。

		示例:探测具有"nginx:root:/data"信息的主机连通性【我测试不通】
			[root@linux-master1 ~]# salt -I 'nginx:root:/data' test.ping
			minion-dev12-192.168.1.173:
				True
			minion-test-xktest001-192.168.1.114:
				True
			其中pillar属性配置文件如下(后面会讲到)	
			nginx:
				root:/data
			

		






	5):-N:--nodegroup      

	 根据主控端master配置文件中的分组名称进行过滤。
		如下配置的组信息(主机信息支持正则表达式、grain、条件运算符等),通常根据业务类型划分,不同业务具备相同的特点,包括部署环境、应用平台、配置文件等。
		nodegroups:
		  dev: 'minion-dev12-192.168.1.173'
		  test: 'minion-testcat001-192.168.1.48,minion-test-xktest001-192.168.1.114'
		  #xk-test: ''
		  #uat: ''

		其中:
		L@    表示后面的主机id格式为列表,即主机id以逗号隔开;
		G@   表示以grain格式描述;
		S@   表示以ip子网或地址格式描述
		
		示例:探测web1group(或web2group)被控主机的连通性
		[root@zabbix ~]# salt -N dev test.ping
		minion-dev12-192.168.1.173:
			True
		[root@zabbix ~]# salt -N test test.ping
		minion-testcat001-192.168.1.48:
			True
		minion-test-xktest001-192.168.1.114:
			True


	
	6):-C:--compound        

	根据条件运算符not、and、or去匹配不同规则的主机信息。
		示例:探测minion-192开头并且操作系统为Centos的主机连通性。
		[root@zabbix ~]# salt -C 'E@^minion-dev* and G@os:Centos' test.ping
		minion-dev12-192.168.1.173:
			True
		[root@zabbix ~]# salt -C 'E@^minion-test* and G@os:Centos' test.ping
		minion-testcat001-192.168.1.48:
			True
		minion-test-xktest001-192.168.1.114:
			True
			
		其中:
		not语句不能作为第一个条件执行,不过可以通过以下方法来规避:
		示例:探测非minion-prod开头的主机连通性。
		[root@zabbix ~]# salt -C '* and not E@^minion-prod*' test.ping
		minion-dev12-192.168.1.173:
			True
		minion-testcat001-192.168.1.48:
			True
		minion-test-xktest001-192.168.1.114:
			True
		


	7):-S:--ipcidr 

	根据被控主机的ip地址或ip子网进行匹配。
		[root@zabbix ~]# salt -S 192.168.0.0/16 test.ping
		minion-dev12-192.168.1.173:
			True
		minion-testcat001-192.168.1.48:
			True
		minion-test-xktest001-192.168.1.114:
			True
		[root@zabbix ~]# salt -S 192.168.1.173 test.ping
		minion-dev12-192.168.1.173:
			True
		[root@zabbix ~]# salt -S 192.168.1.114 test.ping
		minion-test-xktest001-192.168.1.114:
			True
		[root@zabbix ~]# salt -S 192.168.1.48 test.ping
		minion-testcat001-192.168.1.48:
			True

		



	
	
	
	
	
2.Saltstack常用模块及API

	saltstack提供了非常丰富的功能模块,涉及操作系统的基础功能、常用工具支持等,更多模块信息请见:https://docs.saltstack.com/en/latest/ref/modules/all/index.html
	当然,也可以通过sys模块列出当前版本支持的所有模块:
	[root@zabbix ~]# salt '*' sys.list_modules
	minion-dev12-192.168.1.173:
		- acl
		- aliases
		- alternatives
		- ansible
		- apache
		- archive #压缩解压
		- artifactory
		- beacons
		- bigip
		- boto_cfn
		- boto_cloudwatch
		- boto_dynamodb
		- boto_ec2
		- boto_elasticache
		- boto_iam
		- boto_secgroup
		- boto_sns
		- bridge
		- btrfs
		- buildout
		- chroot
		- cloud
		- cmd
		- composer
		- config
		- consul
		- container_resource
		- cp
		- cron
		- cryptdev
		- data
		- defaults
		- devmap
		- disk
		- django
		- dnsmasq
		- dnsutil
		- drbd
		- environ
		- etcd
		- ethtool
		- event
		- extfs
		- file
		- firewalld
		- freezer
		- gem
		- genesis
		- git
		- glassfish
		- gnome
		- google_chat
		- grafana4
		- grains
		- group
		- hashutil
		- highstate_doc
		- hosts
		- http
		- incron
		- ini
		- inspector
		- introspect
		- iosconfig
		- ip
		- ipset
		- iptables
		- jboss7
		- jboss7_cli
		- jinja
		- k8s
		- kernelpkg
		- key
		- keyboard
		- kmod
		- locale
		- locate
		- log
		- logrotate
		- lowpkg
		- mandrill
		- match
		- mattermost
		- mine
		- minion
		- modjk
		- mount
		- msteams
		- nagios_rpc
		- namecheap_domains
		- namecheap_domains_dns
		- namecheap_domains_ns
		- namecheap_ssl
		- namecheap_users
		- network
		- nexus
		- nginx
		- nova
		- npm
		- nspawn
		- nxos_api
		- openscap
		- openstack_config
		- opsgenie
		- out
		- pagerduty
		- pagerduty_util
		- pam
		- parallels
		- partition
		- peeringdb
		- pillar
		- pip
		- pkg
		- pkg_resource
		- postfix
		- ps
		- publish
		- pushover
		- pyenv
		- qemu_img
		- qemu_nbd
		- rabbitmq
		- random
		- random_org
		- rbenv
		- redis
		- rest_sample_utils
		- restartcheck
		- ret
		- rsync
		- rvm
		- s3
		- s6
		- salt_proxy
		- salt_version
		- saltcheck
		- saltutil
		- schedule
		- scsi
		- sdb
		- seed
		- selinux
		- serverdensity_device
		- service
		- shadow
		- slack
		- slsutil
		- smbios
		- smtp
		- solrcloud
		- sqlite3
		- ssh
		- state
		- status
		- statuspage
		- supervisord
		- svn
		- sys
		- sysctl
		- sysfs
		- syslog_ng
		- system
		- telegram
		- telemetry
		- temp
		- test
		- timezone
		- tuned
		- udev
		- uptime
		- user
		- vault
		- vbox_guest
		- virtualenv
		- vsphere
		- webutil
		- x509
		- xfs
		- xml
		- zabbix
		- zenoss
		
	接下来抽取出常见的模块进行介绍,并列举模块API的用法。
	API原理:通过调用master client模块,实例化一个LocalClient对象,再调用cmd()方法来实现的。
	如下是API实现test.ping的示例:
	import salt.client 
	client = salt.client.LocalClient()
	ret = client.cmd('*','test.ping')
	print ret

	结果以一个标准的python字典形式的字符串返回码,可以通过eval()函数转换成python的字典类型,方便后续的业务逻辑处理,程序运行结果如下:	
	{'minion-192-168-1-102': True, 'minion-192-168-1-118': True}

	截图如下:
	[root@zabbix tmp]# python test002.py 
	{u'minion-test-xktest001-192.168.1.114': True, u'minion-testcat001-192.168.1.48': True, u'minion-dev12-192.168.1.173': True}
	
	###注意:将字符字典转换成python的字典类型,推荐使用ast模块的literal_eval()方法,可以过滤表达式中的恶意函数。
	
	
	
	
	1).Archive模块
		功能:实现系统层面的压缩包调用,支持gunzip、gzip、rar、tar、unrar、unzip等。
		
		示例1:采用tar解压被控制机的/tmp/eureka.tar.gz 包
		[root@zabbix ~]# salt  'minion-dev12-192.168.1.173' archive.tar xf /tmp/eureka.tar.gz dest=/tmp
		minion-dev12-192.168.1.173:
		
		示例2:采用gzip压缩被控制机的/tmp/test.txt文件
		[root@zabbix ~]# salt 'minion-dev*' archive.gzip /tmp/eureka.txt
		minion-dev12-192.168.1.173:
		
		实例3:将被控制机的/mnt/test打包到/mnt下的test.tar.gz
		[root@linux-node1 ~]# salt '*' archive.tar zcf /mnt/test.tar.gz /mnt/test
		##将被控制机的/mnt/nginx-1.9.7.tar.gz包解压,解压默认放到被控制机的当前用户家目录(即/root)路径下(注意:archive.tar后面的参数前不能加-)
		##将被控制机的/mnt/heihei.tar.bz2包解压,解压默认放到被控制机的当前用户家目录(即/root)路径下
		
		
	2)......其他的根据常用模块通过查看帮助文档
		有非常详细的使用方法
		salt 'minion-testcat001-192.168.1.48' sys.doc
		
		
		常用的模块:
		1.sys.doc
		2.test 	  [test.ping]
		3.system  [system.reboot/system.shutdown/system.poweroff]
		4.status  [cpuinfo/loadavg/meminfo/netstats/uptime/diskusage/procs]
		5.service [status/available/restart/stop/status/disabled/get_all]
		6.saltutl [is_running/running/kill_job/]
		7.pip     [install/uninstall/list/freeze/version]
		8.pillar  [data,ext,get,item,items,raw]
		9.cmd     [run/script]
		10.file   [修改文件的一些权限等]

3.saltstack日志转存储

五.配置通过数据库接收saltstack 回显

1.rsyslog接收salt日志
	[root@zabbix ~]# salt '*' test.ping --return syslog 【master执行】
	minion-dev12-192.168.1.173:
		True
	minion-testcat001-192.168.1.48:
		True
	minion-test-xktest001-192.168.1.114:
		True
		
	[root@design-0012 ~]# tail  -10000 /var/log/messages|grep "minion" 【minon查看】
	Dec  1 14:47:33 localhost salt-minion: {"fun_args": [], "jid": "20201201064732908317", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "minion-dev12-192.168.1.173"}




2.mysql接收salt日志

	1):准备mysql,新建salt库,并创建表:
	CREATE TABLE `salt_returns` (
	  `fun` varchar(50) NOT NULL,
	  `jid` varchar(255) NOT NULL,
	  `return` mediumtext NOT NULL,
	  `id` varchar(255) NOT NULL,
	  `success` varchar(10) NOT NULL,
	  `full_ret` mediumtext NOT NULL,
	  `alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
	  KEY `id` (`id`),
	  KEY `jid` (`jid`),
	  KEY `fun` (`fun`)
	) ENGINE=InnoDB DEFAULT CHARSET=utf8;
	
	2):salt-minion端安装yum -y install MySQL-python,并配置/etc/salt/minion ,重启salt-minion
		[root@cat-test ~]# cat /etc/salt/minion|grep "mysql"
		#return: mysql
		mysql.host: '192.168.1.100'
		mysql.user: 'salt'
		mysql.pass: 'Salt@123456'
		mysql.db: 'salt'
		mysql.port: 3306
		
	3):测试使用
		[root@Master ~]# salt '*' cmd.run 'hostname' --return mysql 
		minion-dev12-192.168.1.173:
			design-0012
		minion-testcat001-192.168.1.48:
			cat-test
		minion-test-xktest001-192.168.1.114:
			test-xkcat001
			
	##如果有上千上万台,对mysql的压力是非常大的,生产中我们不建议采用。


3.通过配置master来转存储
	1):创建sql:https://www.unixhot.com/docs/saltstack/ref/returners/all/salt.returners.mysql.html

	2):配置master节点/etc/salt/master
		#return: mysql
		master_job_cache: mysql
		mysql.host: '119.3.56.222'
		mysql.user: 'salt'
		mysql.pass: 'Salt@123456'
		mysql.db: 'salt'
		mysql.port: 13067


	3):重启
		systemctl restart salt-master

	4):验证
		salt '*'  test.ping
		查看数据库




4.通过event编写python脚本来转存储
	0):安装mysql,创建数据库及账号并授权,安装python的mysql模块
		CREATE TABLE `salt_returns` (
	  `fun` varchar(50) NOT NULL,
	  `jid` varchar(255) NOT NULL,
	  `return` mediumtext NOT NULL,
	  `id` varchar(255) NOT NULL,
	  `success` varchar(10) NOT NULL,
	  `full_ret` mediumtext NOT NULL,
	  `alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
	  KEY `id` (`id`),
	  KEY `jid` (`jid`),
	  KEY `fun` (`fun`)
	) ENGINE=InnoDB DEFAULT CHARSET=utf8;
	###########为了方便看数量,新增自增nid:
	CREATE TABLE `salt_returns` (
	   `nid` int auto_increment primary key not null,
	  `fun` varchar(50) NOT NULL,
	  `jid` varchar(255) NOT NULL,
	  `return` mediumtext NOT NULL,
	  `id` varchar(255) NOT NULL,
	  `success` varchar(10) NOT NULL,
	  `full_ret` mediumtext NOT NULL,
	  `alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
	  KEY `id` (`id`),
	  KEY `jid` (`jid`),
	  KEY `fun` (`fun`)
	) ENGINE=InnoDB DEFAULT CHARSET=utf8;
	
	
	yum -y install MySQL-python  #执行脚本的时候遇的问题,发现安装的是1.2.5的版本导致不兼容,
	# ImportError: this is MySQLdb version (1, 2, 5, 'final', 1), but _mysql is version (1, 4, 6, 'final', 0)n 
	pip uninstall mysqlclient
	pip install mysqlclient==1.4.6
	

	1):监听脚本,master端执行salt '*' cmd.run 'hostname',会打印出一个字典。
	import salt.utils.event
	event=salt.utils.event.MasterEvent('/var/run/salt/master')
	for eachevent in event.iter_events(full=True):
		print eachevent
		print "------"
		
		
	2):自定义return 
	a.master节点安装yum -y install MySQL-python 
	b.编写returnner
		vi salt_event_to_mysql.py 
		#!/bin/env python 
		#coding=utf8
		import json 
		import salt.config
		import salt.utils.event 
		import MySQLdb
		_opts_=salt.config.client_config('/etc/salt/master')
		conn=MySQLdb.connect(host=_opts__['mysql.host'],user=_opts_['mysql.user'],passwd=_opts_['mysql.pass'],db=_opts_[''mysql.db',port=_opts_['mysql.port'])
		cursor=conn.cursor()
		
		event=salt.utils.event.MasterEvent(_opts_['sock_dir'])
		for eachevent in event.iter_events(full=True):
			ret=eachevent['data']
			if "salt/job/" in eachevent['tag']:
				if ret.has_key('id') and ret.has_key('return'):
					if ret['fun'] == "saltutil.find_job":
					continue
				
				sql='''inster into `salt_returns`(`fun`,`jid`,`return`,`id`,`success`,`full_ret`) values(%s,%s,%s,%s,%s,%s)'''
				cursor.execute(sql,(ret['fun'],ret['jid'],json.dumps(ret['return']),ret['id'],ret['success'],json.dumps[ret]))
				
				cursor.execute("COMMIT")
			
			
			else:
				pass
			
		fi	
	
	
	c.增加master节点配置mysql  /etc/salt/master
		#event_return: mysql
		mysql.host: '119.3.56.222'
		mysql.user: 'salt'
		mysql.pass: 'Salt@123456'
		mysql.db: 'salt'
		mysql.port: 13067

		

	d.验证是否写入数据库
	[root@zabbix tmp]# python salt_event_to_mysql.py 
	
	[root@zabbix ~]# salt '*'  cmd.run 'free -m' #不用加--return ,查看mysql数据库发现已经写入!
	minion-dev12-192.168.1.173:
					  total        used        free      shared  buff/cache   available
		Mem:          15886        4043        5330         533        6511       10917
		Swap:          8191        4874        3317
	minion-test-xktest001-192.168.1.114:
					  total        used        free      shared  buff/cache   available
		Mem:           7820         553         761           8        6505        7018
		Swap:          7999           0        7999
	minion-testcat001-192.168.1.48:
					  total        used        free      shared  buff/cache   available
		Mem:           7820        5538         210          87        2071        1894
		Swap:          7999         194        7805

4.saltstack核心sls语法简述

1.Salt 的核心是state

state 状态系统的核心是sls,或者叫做 **S**aLt State 文件。
SLS表示系统将会是什么样的一种状态,而且是以一种很简单的格式来包含这些数据----经常也叫做配置管理。

2.sls是什么,用什么语法编写
SLS文件实际上只是一些:字典 dictionaries 列表 list 字符串 数字

sls文件主要使用的YAML语法来进行编写。

3.sls 编写 yaml 注意事项

salt缩进有2个空格组成,不要使用tabs  

字典格式的,键值对以1个空格隔开。
例如 cabinet: 13

列表项,使用一个短横杠+一个空格;多个项使用同样的缩进级别作为同一列表的一部分。 
例如:roles:
	    - webserver
	    - memcache


参考: 
YAML 编写规则:
http://docs.saltstack.cn/topics/yaml/index.html

State 模块列表:

https://docs.saltstack.com/en/latest/ref/states/all/index.html

5.saltstack文件系统及sls模版使用

六.文件系统Demo

1.修改配置文件
	vi /etc/salt/master    #file_roots 
	file_roots:
	  base:
		- /srv/salt
	  dev:
		- /srv/salt/dev
	
	
	systemctl restart salt-master


2.创建目录
	mkdir /srv/salt -p 
	mkdir /srv/salt/dev -p



3.写sls文件

	[root@zabbix salt]# cat top.sls 
	base: #哪个环境
	  '*': #哪些机器
	   - hosts #使用哪个sls文件
	
	
	[root@zabbix salt]# cat hosts.sls 
	/tmp/hosts:  #同步到远程机器的的地址
	  file.managed:
		- source: salt://tmp/hosts  #同步源
		- user: root
		- group: root
		- mode: 600
		
		
	/srv/salt/etc/hosts文件要准备好。


	###目录结构如下:
	../salt/
	├── top.sls
	│   

	├── etc
	│   ├── hosts
	│   └── script
	│       └── test.sh
	├── hosts
	│   ├── a.sls
	│   ├── h.sls
	│   └── init.sls

	


4.如何运行
	1): salt '*'  state.sls hosts  或者 salt '*'  state.highstate
	[root@zabbix salt]# salt '*'  state.sls hosts #state.sls模块,hosts.sls要在/srv/salt根目录下查找该文件
	minion-dev12-192.168.1.173:
	----------
			  ID: /tmp/hosts
		Function: file.managed
		  Result: True
		 Comment: File /tmp/hosts updated
		 Started: 18:42:34.344385
		Duration: 64.319 ms
		 Changes:   
				  ----------
				  diff:
					  --- 
					  +++ 
					  @@ -1,4 +1,3 @@
					   salt-master    192.168.1.1
					   salt-minion01  192.168.1.2
					   salt-minion02  192.168.1.3
					  -salt-minion03  192.168.1.4

	Summary for minion-dev12-192.168.1.173
	------------
	Succeeded: 1 (changed=1)
	Failed:    0



	[root@zabbix salt]# salt '*'  state.highstate
	minion-dev12-192.168.1.173:
	----------
			  ID: /tmp/hosts
		Function: file.managed
		  Result: True
		 Comment: File /tmp/hosts is in the correct state
		 Started: 18:34:54.551044
		Duration: 21.687 ms
		 Changes:   

	Summary for minion-dev12-192.168.1.173
	------------
	Succeeded: 1
	Failed:    0
	------------
	Total states run:     1
	Total run time:  21.687 ms





	2):规范化的管理
		mkdir /srv/salt/hosts && mv hosts.sls /srv/salt/hosts
		
		salt '*'  state.sls hosts.hosts 
		#hosts.hosts 表示hosts目录下的hosts.sls文件
		[root@zabbix salt]# salt '*'  state.sls hosts.hosts
		minion-dev12-192.168.1.173:
		----------
				  ID: /tmp/hosts
			Function: file.managed
			  Result: True
			 Comment: File /tmp/hosts updated
			 Started: 18:47:11.725849
			Duration: 64.385 ms
			 Changes:   
					  ----------
					  diff:
						  --- 
						  +++ 
						  @@ -1,3 +1,4 @@
						   salt-master    192.168.1.1
						   salt-minion01  192.168.1.2
						   salt-minion02  192.168.1.3
						  +aaaaa

		Summary for minion-dev12-192.168.1.173
		------------
		Succeeded: 1 (changed=1)
		Failed:    0
		------------
		Total states run:     1
		Total run time:  64.385 ms


	#如果需要安装软件,则改为mv hosts.sls init.sls ,给一个默认的init文件。
		salt '*'  state.sls hosts  
		#如果能找到hosts.hosts.sls就执行,如果没有则找init.sls !!!
		
		[root@zabbix salt]# salt '*'  state.sls hosts
		minion-dev12-192.168.1.173:
		----------
				  ID: /tmp/hosts
			Function: file.managed
			  Result: True
			 Comment: File /tmp/hosts updated
			 Started: 18:51:05.357742
			Duration: 39.004 ms
			 Changes:   
					  ----------
					  diff:
						  --- 
						  +++ 
						  @@ -2,3 +2,4 @@
						   salt-minion01  192.168.1.2
						   salt-minion02  192.168.1.3
						   aaaaa
						  +bbbbb

		Summary for minion-dev12-192.168.1.173
		------------
		Succeeded: 1 (changed=1)
		Failed:    0
		------------
		Total states run:     1
		Total run time:  39.004 ms
	
	#vi /srv/salt/h.sls 
	hostname:
		cmd.run
	
		[root@zabbix hosts]# salt '*'  state.sls hosts.h
		minion-dev12-192.168.1.173:
		----------
				  ID: hostname
			Function: cmd.run
			  Result: True
			 Comment: Command "hostname" run
			 Started: 18:54:33.566382
			Duration: 8.697 ms
			 Changes:   
					  ----------
					  pid:
						  24842
					  retcode:
						  0
					  stderr:
					  stdout:
						  design-0012

		Summary for minion-dev12-192.168.1.173
		------------
		Succeeded: 1 (changed=1)
		Failed:    0
		------------
		Total states run:     1
		Total run time:   8.697 ms

6.saltstack proxy代理架构

1.saltstack proxy  架构

	 Master
   |        |
  proxy   proxy ------------------>>>>>>也需要安装salt-master
  | | |   | | |
m1 m2 m2  m4 m5 m6


proxy上需要安装sync来进行同步master上的目录,一个master则不存在文件同步的问题。
Master的执行日志可以存储到Mysql上。

使用的核心组件为:salt syndic
3个重要参数:
	syndic_master: 更高级别master的ip地址
	syndic_log_file:  syndic日志文件的路径(绝对路径或相对路径均可)

	order_masters: True 【官方文档没有介绍,如果不加该参数则不进行转发】


1):proxy节点安装
	安装yum install -y salt-master
	安装yum install -y salt-syndic
	vi /etc/salt/master  
	syndic_master: 192.168.1.181  #添加salt-master节点地址
	syndic_log_file: /var/log/salt/syndic
	order_masters: True

	重启salt-master 和 salt-syndic



2):配置minion到proxy节点
	vi /etc/salt/minion
	master: 192.168.1.150
	or
	master: 192.168.1.219




3):清理salt-key认证,从master-->proxy--->minion
	master:
		cd /etc/salt/master 
		salt-key -D -y && rm -rf pki
		systemctl restart salt-master


	proxy:
		cd /etc/salt/
		salt-key -D -y && rm -rf pki
		systemctl restart salt-master  && systemctl restart salt-syndic
		#如果proxy有2台则进行同样操作


	minion:
		cd /etc/salt
		rm -rf pki


	#最后从master节点开始接受key
	master: salt-key -A -y
	proxy: salt-key -A -y 


	#验证:
	proxy:
		[root@tools-skywalking-test001 salt]# salt '*'  test.ping
		minion-test-xktest001-192.168.1.114:
		    True


		 [root@sonarqube-jenkins02 salt]# salt '*'  test.ping
		 minion-testcat001-192.168.1.48:
		    True



		确认从proxy--->minion通畅




	master:
		[root@zabbix salt]# salt '*'  test.ping
		minion-test-xktest001-192.168.1.114:
		    True
		minion-testcat001-192.168.1.48:
		    True


		确认master--->proxy【因为proxy没有安装minion所有不会显示】---->minion通畅

2.saltstack 双主 架构

Master1     Master2
   |           |
m1 m2 m3    m1  m2  m3


双主是在minion上配置2个master:
vi /etc/salt/minion
master:
  - m1
  - m2


前提是保证minion持续运行能跟2个master持续保持连接。

7.saltstack 生产实践注意事项

1.不建议用salt 的file模块进行:目录管理,代码部署等。
建议用 "命令编排的状态管理":
	压缩包,file.managed
	cmd.run 执行部署

2.不建议使用salt 管理项目的配置文件。
建议用:分层管理,salt只管理服务的配置 例如Nginx Apache Tomcat

3.如果你有固定的文件服务器
可以使用source: salt:// http:// ftp://

4.SLS 版本化

1.在git上创建项目
2.找一个测试环境,编写sls进行测试,提交到仓库
3.生产环境git pull代码,测试完毕后,再全部执行
	可以知道提交变更了什么配置或者文件.

5.使用Master job Cache保存Job的输出Mysql存储
cd /var/cache/salt/jobs

vi /etc/salt/master  #keep_jobs: 24 默认保留24小时

生产的话,最好保留输出到Mysql中保存。

6.saltstack 二次开发
1):Master Job cache 将所有的job出输出保存在Mysql
2):如果做管理平台,可以将User id 和Jid做关联
3):使用List 做目标选择

8.saltstack 安装部署实战

1.练习:安装apache 并启动服务?
1):
[root@zabbix base]# cat apache.sls 
apache-install:
  pkg.installed:
    - name: httpd              

apache-service:
  service.running:
    - name: httpd
    - enable: True



[root@zabbix base]# salt 'minion-test-xktest001-192.168.1.114'  state.sls   apache
minion-test-xktest001-192.168.1.114:
----------
          ID: apache-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 11:11:06.062511
    Duration: 1255.692 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 11:11:07.319372
    Duration: 221.627 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for minion-test-xktest001-192.168.1.114
------------
Succeeded: 2 (changed=1)
Failed:    0
------------
Total states run:     2
Total run time:   1.477 s

注意:如果想把apache.sls放在目录里分类放,可以在base中mkdir apache或者mkdir web
[root@zabbix base]# mv apache.sls  apache
[root@zabbix base]# salt 'minion-testcat001-192.168.1.48'  state.sls  web.apache



2):创建top.sls来执行apache.sls的高级状态

cd /sr/salt/base
vi top.sls
[root@zabbix base]# cat top.sls 
base:
  'minion-test-xktest001-192.168.1.114':
    - web.apache
  'minion-testcat001-192.168.1.48':
    - web.apache


目录结构如下:执行: salt '*'  state.highstate 

├── top.sls
└── web
	└── apache.sls

2.练习:

使用sls安装nxing,并管理Nginx的配置文件,当Nginx配置文件被修改的时,自动更新配置文件,并重启Nginx?



1.创建sls文件并准备nginx配置文件

mkdir /srv/salt/nginx 
vi init.sls
-------------------------------SLS文件--------------------------------------------------
nginx:
  pkg:
    - installed
  service:
    - running
    - enable: True
    - reload: True
    -watch: #监控下面2个文件有变化重启
      - pkg: nginx
      - file: /etc/nginx/nginx.conf
      - file: /etc/nginx/conf.d/default.conf
/etc/nginx/nginx.conf:
  file.managed:
    - source: salt://etc/nginx/nginx.conf
    - user: root
    - group: root
    - mode: 644
/etc/nginx/conf.d/default.conf:
  file.managed:
    - source: salt://etc/nginx/conf.d/default.conf
    - user: root
    - group: root
    - mode: 644
-----------------------------------------------------------------------------------------

cp /etc/nginx/nginx.conf  /srv/salt/etc/nginx/
cp /etc/nginx/conf.d/default.conf.rpmsave   /srv/salt/etc/nginx/conf.d/default.conf





2.执行salt 安装

cd /srv/salt/nginx  
[root@zabbix nginx]# salt 'minion-test*'  state.sls nginx 
minion-testcat001-192.168.1.48:
----------
          ID: nginx
    Function: pkg.installed
      Result: True
     Comment: The following packages were installed/updated: nginx
     Started: 15:57:16.394723
    Duration: 30605.935 ms
     Changes:   
              ----------
              centos-indexhtml:
                  ----------
                  new:
                      7-9.el7.centos
                  old:
              dejavu-fonts-common:
                  ----------
                  new:
                      2.33-6.el7
                  old:
              dejavu-sans-fonts:
                  ----------
                  new:
                      2.33-6.el7
                  old:
              fontconfig:
                  ----------
                  new:
                      2.13.0-4.3.el7
                  old:
              fontpackages-filesystem:
                  ----------
                  new:
                      1.44-8.el7
                  old:
              gd:
                  ----------
                  new:
                      2.0.35-26.el7
                  old:
              gperftools-libs:
                  ----------
                  new:
                      2.6.1-1.el7
                  old:
              libX11:
                  ----------
                  new:
                      1.6.7-3.el7_9
                  old:
              libX11-common:
                  ----------
                  new:
                      1.6.7-3.el7_9
                  old:
              libXau:
                  ----------
                  new:
                      1.0.8-2.1.el7
                  old:
              libXpm:
                  ----------
                  new:
                      3.5.12-1.el7
                  old:
              libjpeg-turbo:
                  ----------
                  new:
                      1.2.90-8.el7
                  old:
              libxcb:
                  ----------
                  new:
                      1.13-1.el7
                  old:
              libxslt:
                  ----------
                  new:
                      1.1.28-6.el7
                  old:
              nginx:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-all-modules:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-filesystem:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-http-image-filter:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-http-perl:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-http-xslt-filter:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-mail:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-stream:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              openssl11-libs:
                  ----------
                  new:
                      1:1.1.1g-1.el7
                  old:
----------
          ID: /etc/nginx/nginx.conf
    Function: file.managed
      Result: True
     Comment: File /etc/nginx/nginx.conf is in the correct state
     Started: 15:57:47.020842
    Duration: 57.542 ms
     Changes:   
----------
          ID: /etc/nginx/conf.d/default.conf
    Function: file.managed
      Result: True
     Comment: File /etc/nginx/conf.d/default.conf updated
     Started: 15:57:47.078554
    Duration: 21.527 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644
----------
          ID: nginx
    Function: service.running
      Result: True
     Comment: Service nginx has been enabled, and is running
     Started: 15:57:47.100388
    Duration: 265.845 ms
     Changes:   
              ----------
              nginx:
                  True

Summary for minion-testcat001-192.168.1.48
------------
Succeeded: 4 (changed=3)
Failed:    0
------------
Total states run:     4
Total run time:  30.951 s
minion-test-xktest001-192.168.1.114:
----------
          ID: nginx
    Function: pkg.installed
      Result: True
     Comment: The following packages were installed/updated: nginx
     Started: 15:57:14.591576
    Duration: 113224.327 ms
     Changes:   
              ----------
              centos-indexhtml:
                  ----------
                  new:
                      7-9.el7.centos
                  old:
              dejavu-fonts-common:
                  ----------
                  new:
                      2.33-6.el7
                  old:
              dejavu-sans-fonts:
                  ----------
                  new:
                      2.33-6.el7
                  old:
              fontconfig:
                  ----------
                  new:
                      2.13.0-4.3.el7
                  old:
              fontpackages-filesystem:
                  ----------
                  new:
                      1.44-8.el7
                  old:
              gd:
                  ----------
                  new:
                      2.0.35-26.el7
                  old:
              gperftools-libs:
                  ----------
                  new:
                      2.6.1-1.el7
                  old:
              libX11:
                  ----------
                  new:
                      1.6.7-3.el7_9
                  old:
              libX11-common:
                  ----------
                  new:
                      1.6.7-3.el7_9
                  old:
              libXau:
                  ----------
                  new:
                      1.0.8-2.1.el7
                  old:
              libXpm:
                  ----------
                  new:
                      3.5.12-1.el7
                  old:
              libjpeg-turbo:
                  ----------
                  new:
                      1.2.90-8.el7
                  old:
              libxcb:
                  ----------
                  new:
                      1.13-1.el7
                  old:
              libxslt:
                  ----------
                  new:
                      1.1.28-6.el7
                  old:
              nginx:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-all-modules:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-filesystem:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-http-image-filter:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-http-perl:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-http-xslt-filter:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-mail:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              nginx-mod-stream:
                  ----------
                  new:
                      1:1.16.1-3.el7
                  old:
              openssl11-libs:
                  ----------
                  new:
                      1:1.1.1g-1.el7
                  old:
----------
          ID: /etc/nginx/nginx.conf
    Function: file.managed
      Result: True
     Comment: File /etc/nginx/nginx.conf is in the correct state
     Started: 15:59:07.833296
    Duration: 37.33 ms
     Changes:   
----------
          ID: /etc/nginx/conf.d/default.conf
    Function: file.managed
      Result: True
     Comment: File /etc/nginx/conf.d/default.conf updated
     Started: 15:59:07.870829
    Duration: 19.161 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644
----------
          ID: nginx
    Function: service.running
      Result: True
     Comment: Service nginx has been enabled, and is running
     Started: 15:59:07.890284
    Duration: 313.406 ms
     Changes:   
              ----------
              nginx:
                  True

Summary for minion-test-xktest001-192.168.1.114
------------
Succeeded: 4 (changed=3)
Failed:    0
------------
Total states run:     4
Total run time: 113.594 s






3.检测是否安装nginx包


[root@zabbix nginx]# salt 'minion-test*'  cmd.run 'rpm -qa|grep nginx'
minion-testcat001-192.168.1.48:
    nginx-mod-mail-1.16.1-3.el7.x86_64
    nginx-1.16.1-3.el7.x86_64
    nginx-filesystem-1.16.1-3.el7.noarch
    nginx-mod-http-perl-1.16.1-3.el7.x86_64
    nginx-mod-stream-1.16.1-3.el7.x86_64
    nginx-mod-http-image-filter-1.16.1-3.el7.x86_64
    nginx-mod-http-xslt-filter-1.16.1-3.el7.x86_64
    nginx-all-modules-1.16.1-3.el7.noarch
minion-test-xktest001-192.168.1.114:
    nginx-mod-stream-1.16.1-3.el7.x86_64
    nginx-mod-mail-1.16.1-3.el7.x86_64
    nginx-mod-http-xslt-filter-1.16.1-3.el7.x86_64
    nginx-1.16.1-3.el7.x86_64
    nginx-all-modules-1.16.1-3.el7.noarch
    nginx-filesystem-1.16.1-3.el7.noarch
    nginx-mod-http-perl-1.16.1-3.el7.x86_64
    nginx-mod-http-image-filter-1.16.1-3.el7.x86_64






4.修改配置文件,让Minion端更新重启【定时更新重启】
	1):master:  
		cd /srv/salt/etc/nginx/conf.d
		vi  default.conf
		listen       8080 #8091改为8080



	2):minion端执行命令,更新master端修改后的配置,并重启nginx,去master查找nginx.sls文件,如果没有则执行init.sls文件:
		[root@test-xkcat001 ~]# salt-call state.sls  nginx 
		local:
		----------
		          ID: nginx
		    Function: pkg.installed
		      Result: True
		     Comment: All specified packages are already installed
		     Started: 10:16:01.410080
		    Duration: 1256.837 ms
		     Changes:   
		----------
		          ID: /etc/nginx/nginx.conf
		    Function: file.managed
		      Result: True
		     Comment: File /etc/nginx/nginx.conf is in the correct state
		     Started: 10:16:02.670970
		    Duration: 29.205 ms
		     Changes:   
		----------
		          ID: /etc/nginx/conf.d/default.conf
		    Function: file.managed
		      Result: True
		     Comment: File /etc/nginx/conf.d/default.conf updated
		     Started: 10:16:02.700376
		    Duration: 26.272 ms
		     Changes:   
		              ----------
		              diff:
		                  --- 
		                  +++ 
		                  @@ -4,7 +4,7 @@
		                   
		                   server {
		                   
		                  -    listen       8091;
		                  +    listen       8080;
		                       server_name  disconf.com;
		                   
		                       #charset koi8-r;
		----------
		          ID: nginx
		    Function: service.running
		      Result: True
		     Comment: Service reloaded
		     Started: 10:16:02.835062
		    Duration: 80.04 ms
		     Changes:   
		              ----------
		              nginx:
		                  True

		Summary for local
		------------
		Succeeded: 4 (changed=2)
		Failed:    0
		------------
		Total states run:     4
		Total run time:   1.392 s



	3):如果想要定时更新
		a.将salt-call state.sls  nginx 写入crontab中定时执行。


		b.pillar的schedule

		schedule:
		  highstate:
		    function:state.highstate
		    minutes:1



		  salt '*'   saltutil.refresh_pillar

		官方文档:http://docs.saltstack.cn/topics/jobs/index.html
		官方示例1:
		schedule:
		  log-loadavg:
		    function: cmd.run #函数运行一个命令
		    seconds: 3660
		    args: #传参数
		      - 'logger -t salt < /proc/loadavg'
		    kwargs: #传字典
		      stateful: False
		      shell: /bin/sh


		 #要是用pillar需要释放该模块vi /etc/salt/master  找到pillar_roots

		 mkdir /srv/pillar

		 #pillar模块必须添加top.sls 
		 vi top.sls
		 ---------------------------
		 base:  #匹配环境
		   '*': #匹配主机范围
		     - nginx #执行nginx这个动作,是pillar下nginx目录
		-----------------------------
		也可以,这种匹配方式有点问题:
		base:
		  test: #匹配master文件中nodegroups的test分组
		    - match: nodegroups
		    - nginx
		-------------------------------

		创建nginx.sls或者init.sls文件
		mkdir /srv/pillar/nginx 
		 vi init.sls
		 schedule:
		   nginx:
		     function: state.sls
		     minutes: 1
		     args:
		       - 'nginx' 
		       #因为我们在/srv/pillar/nginx/init.sls ,所以直接写nginx会默认找init.sls文件,如果没有init.sls则需要写nginx.nginx来找nginx.sls文件。




	
		 [root@zabbix pillar]# salt  '*'  pillar.data
			minion-testcat001-192.168.1.48:
			    ----------
			    schedule:
			        ----------
			        nginx:
			            ----------
			            args:
			                - nginx
			            function:
			                state.sls
			            minutes:
			                1
			minion-test-xktest001-192.168.1.114:
			    ----------
			    schedule:
			        ----------
			        nginx:
			            ----------
			            args:
			                - nginx
			            function:
			                state.sls
			            minutes:
			                1

	     #如果没有执行,则执行刷新操作!
		[root@zabbix nginx]# salt '*'  saltutil.refresh_pillar
		minion-dev12-192.168.1.173:
		    True
		minion-testcat001-192.168.1.48:
		    True
		minion-test-xktest001-192.168.1.114:
		    True



		#再次验证:修改master:vi /srv/salt/etc/nginx/conf.d/default.conf  中端口号8080-->>>>8091
		[root@cat-test ~]# netstat -tunpl|grep 8080
		[root@cat-test ~]# netstat -tunpl|grep 8080
		[root@cat-test ~]# netstat -tunpl|grep 8081
		[root@cat-test ~]# netstat -tunpl|grep 8091
		tcp        0      0 0.0.0.0:8091            0.0.0.0:*               LISTEN      23899/nginx: master 

		右上图看出,8080端口号消失了,出现了8091端口的nginx进程。

3.安装LAMP(Apache,Mysql,PHP)环境?

上述安装后,LAMP您会了麽,动手做一做。
上一篇:自动化运维Saltstack


下一篇:Saltstack 集中化管理平台安装