安装
服务端安装
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm # 加入第三方源
yum install salt-master –y
启动服务
/etc/init.d/salt-master start
添加置开机启动
chkconfig salt-master on
客户端安装
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm
yum install salt-minion –y
启动服务
/etc/init.d/salt-minion start
添加置开机启动
chkconfig salt-minion on
配置
服务端配置
服务器配置文件路径
/etc/salt/master
服务端在不更改任何配置的情况下也是可以正常运行的
salt-key --accept=gw2 #认证客户端,
salt-key -a gw2 # 同上一条
salt-key -L #查看已认证服务器
服务端分组配置
Vi /etc/salt/master
#添加如下配置
nodegroups:
t1: 'L@gw1,gw2'
t2: 'L@gw3'
注:组名前边必需使用空格,不能使用tab
测试配置是否生效
salt -N t1 test.ping
返回如下结果:
salt -N t2 test.ping
返回如下结果:
配置参数注解
Interface 绑定网络接口IP地址,默认0.0.0.0
interface: 192.168.0.1
publish_port 设置master与minion的认证通信端口 默认值:4505
publish_port: 4505
User 设置saltstack 启动用户,默认为root
user: root
max_open_files
默认值:100000
每一个minion连接到master,至少要使用一个文件描述符,如果足够多的minion连接到master上,你将会从控制台上看到salt-master crashes:
Too many open files (tcp_listener.cpp:335)
Aborted (core dumped)
默认值这个值取决于ulimit -Hn的值,即系统的对打开文件描述符的硬限制
如果你希望重新设置改值或者取消设置,记住这个值不能超过硬限制,提高硬限制取决于你的操作系统或分配,一个好的方法是internet找到对应操作系统的硬限制设置,比如这样搜索:raise max open files hard limit debian
max_open_files: 100000
worker_threads
默认值:5
启动用来接收或应答minion的线程数。如果你有很多minion,而且minion延迟你的应答,你可以适度的提高该值。在点对点的系统环境中使用时,该值不要被设置为3以下,但是可以将其设置为1
worker_threads: 5
ret_port
默认值:4506
这个端口是master用来发送命令或者接收minions的命令执行返回信息
ret_port: 4506
Pidfile
默认值:/var/run/salt-master.pid指定master的pid文件位置
pidfile: /var/run/salt-master.pid
root_dir
默认值:/
指定该目录为salt运行的根目录,改变它可以使salt从另外一个目录开始运行,好比chroot
root_dir: /
pki_dir
默认值:/etc/salt/pki
这个目录是用来存放pki认证秘钥
pki_dir: /etc/salt/pki
Cachedir
默认值:/var/cache/salt
这个目录是用来存放缓存信息,特别是salt工作执行的命令信息
cachedir: /var/cache/salt
keep_jobs
默认值:24
设置保持老的工作信息的过期时间,单位小时
Keep_jobs 24
job_cache
默认值:True
设置master维护的工作缓存,这是一个很好的功能,当你的Minons超过5000台时,他将很好的承担这个大的架构,关闭这个选项,之前的工作执行以及工作系统将无法被利用,一般不推荐关掉改选项,开启改选项将会是很明智的,他将使master获得更快的IO系统
job_cache true
ext_job_cache
默认值:”
对所有的minions使用指定的默认值returner,当使用了这个参数来指定一个returner并且配置正确,minions将会一直将返回的数据返回到returner,这也会默认值禁用master的本地缓存
ext_job_cache: redis
minion_data_cache
默认值:True
minion data cache是关于minion信息存储在master上的参数,这些信息主要是pillar 和 grains数据.这些数据被缓存在cachedir定义的目录下的minion目录下以minion名为名的目录下并且预先确定哪些minions将从执行回复
minion_cache_dir: True
客户端配置
编辑配置文件
vi /etc/salt/minion
#添加如下内容
master: 172.22.168.1 # 服务端IP
master_port: 4506 # 服务端端口
/etc/init.d/salt-minion restart # 重启生效
客户端自动同步配置
schedule:
highstate:
function: state.highstate
seconds: 60 # 每60秒同步一次配置
日志查看路径
服务端:/var/log/salt/master
客户端:/var/log/salt/minion
测试
测试连通性
salt "*" test.ping
返回结果
注:如出现上图结果表示可连接成功
配置管理
发送配置文件
推送配置(以ngx配置文件为例)
编辑文件
cd /srv/salt
vim nginx.sls
#添加如下内容
nginx:
file.managed:
- source: salt://nginx/nginx.conf #服务端文件路径
- name: /usr/local/nginx/conf/nginx.conf # 客户端文件路径
- user: root
- group: root
- mode: 644
#执行命安装命令
salt ‘*’ state.highstate
或者强制执行这个状态
salt '*' state.sls nginx
安装软件包
安装apache
cd /srv/salt
编辑入口件
vim top.sls
#添加如下内容
base:
'*':
- httpd
vim httpd.sls
# 添加如下内容
httpd:
pkg:
- installed
#执行命安装命令
salt ‘*’ state.highstate
或者强制执行这个状态
salt '*' state.sls httpd
返回结果
注:如出现上图结果表示安装成功。
编译安装mysql
编辑安装配置文件
cd /srv/salt
mkdir mysql
cd mysql
wget wget http://downloads.mysql.com/archives/mysql-5.1/mysql-5.1.48.tar.gz #下载mysql安装包
cd ..
vim top.sls
#添加如下内容
base:
'*':
- mysql # mysql 安装
- mysqlconf # mysql 配置初始化等
vim mysql.sls
#添加如下内容
# 发送安装文件
mysql_file:
file.managed:
- source: salt://mysql/mysql-5.1.48.tar.gz
- name: /tmp/mysql-5.1.48.tar.gz
- user: root
- group: root
- mode: 644
#建立mysql 用户
mysql_user:
user.present:
- name: mysql
- createhome: /home/mysql
- gid_from_name: True
- shell: /sbin/nologin
# 安装依赖库
mysql_pkgs:
pkg.installed:
- pkgs:
- gcc
# 解压安装包
mysql_exp:
cmd.run:
- cwd: /tmp
- names:
- tar zxvf mysql-5.1.48.tar.gz
- unless: test -d /tmp/mysql-5.1.48
#编译安装
mysql_install:
cmd.run:
- cwd: /tmp/mysql-5.1.48
- names:
- ./configure --prefix=/export/mysql --localstatedir=/export/mysql/data --with-plugins=innodb_plugin,innobase,partition,myisam,heap --enable-assembler --with-charset=utf8 --with-extra-charsets=all --enable-thread-safe-client --with-client-ldflags=-all-static --with-fast-mutexes --enable-static=yes --with-big-tables && make && make install
- unless: test -d /export/mysql/
Vim mysqlconf.sls
#添加如下文件
include: # 引用mysql 安装脚本
- mysql
mysqlconf:
file.managed: 发送mysql 配置文件
- source: salt://mysql/my.cnf
- name: /etc/my.cnf
- user: root
- group: root
- mode: 644
- template: jinja #使用 jinja模块,主要用于取服务器信息跟椐服务器配置更改配置文件
mysql_init: # 初始化mysql
cmd.run:
- names:
- /bin/chown mysql.mysql /export/mysql/ -R
- /export/mysql/bin/mysql_install_db --user=mysql
- unless: test -d /export/mysql/data/ #测试目录是否存在,如果存在则不做初始化
mysqld: # 推送送mysql 启动脚本
file.managed:
- source: salt://mysql/mysqld
- name: /etc/init.d/mysqld
- user: root
- group: root
- mode: 755
- unless: test -d /export/init.d/mysqld
service.running: #启动mysql
- enable: True
# 添加mysql 配置文件及启动脚本
Cd /srv/salt/mysql
Vim my.cnf
# 添加如下内容
[client]
port = 3306
socket = /tmp/mysql.sock
[mysqld]
port = 3306
socket = /tmp/mysql.sock
back_log = 200 # mysql
max_connect_errors = 10
max_allowed_packet = 16M
binlog_cache_size = 1M
max_heap_table_size = 64M
read_buffer_size = 2M
read_rnd_buffer_size = 16M
sort_buffer_size = 8M
join_buffer_size = 8M
thread_cache_size = 32
thread_concurrency = 8
query_cache_size = 128M
query_cache_limit = 2M
ft_min_word_len = 4
ignore_builtin_innodb
default-table-type = InnoDB
plugin_load=innodb=ha_innodb_plugin.so;innodb_trx=ha_innodb_plugin.so;innodb_locks=ha_innodb_plugin.so
character-set-server = utf8
table_open_cache = 1024
wait_timeout=86400
interactive_time=86400
max_connections = 2000
max_allowed_packet = 16M
event_scheduler=1
lower_case_table_names=1
open_files_limit=10000
key_buffer_size = 128M
query_cache_type = 0
thread_stack = 192K
transaction_isolation = REPEATABLE-READ
tmp_table_size = 64M
skip-external-locking
skip-name-resolve
log-warnings=5
log-bin=master-bin
log-bin-index=master-bin.index
binlog_format=mixed
slow_query_log
long_query_time = 2
server-id = 1
key_buffer_size = 32M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 128M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover
innodb_additional_mem_pool_size = 16M
innodb_buffer_pool_size = 5G
innodb_data_file_path = ibdata1:1024M:autoextend
#innodb_write_io_threads = 8
#innodb_read_io_threads = 8
innodb_thread_concurrency = {{ grains['num_cpus'] }} # 取cpu 核数 ,这里调用的,jinja 模块
innodb_flush_log_at_trx_commit = 1
innodb_log_buffer_size = 8M
innodb_log_file_size = 256M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 512M
sort_buffer_size = 512M
read_buffer = 8M
write_buffer = 8M
[mysqlhotcopy]
interactive-timeout
[mysqld_safe]
open-files-limit = 819
#mysql 启动脚本
Vim mysqld
#添加如下内容
#!/bin/sh
# Copyright Abandoned 1996 TCX DataKonsult AB & Monty Program KB & Detron HB
# This file is public domain and comes with NO WARRANTY of any kind
# MySQL daemon start/stop script.
# Usually this is put in /etc/init.d (at least on machines SYSV R4 based
# systems) and linked to /etc/rc3.d/S99mysql and /etc/rc0.d/K01mysql.
# When this is done the mysql server will be started when the machine is
# started and shut down when the systems goes down.
# Comments to support chkconfig on RedHat Linux
# chkconfig: 2345 64 36
# description: A very fast and reliable SQL database engine.
# Comments to support LSB init script conventions
### BEGIN INIT INFO
# Provides: mysql
# Required-Start: $local_fs $network $remote_fs
# Should-Start: ypbind nscd ldap ntpd xntpd
# Required-Stop: $local_fs $network $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop MySQL
# Description: MySQL is a very fast and reliable SQL database engine.
### END INIT INFO
# If you install MySQL on some other places than /usr/local/mysql, then you
# have to do one of the following things for this script to work:
#
# - Run this script from within the MySQL installation directory
# - Create a /etc/my.cnf file with the following information:
# [mysqld]
# basedir=<path-to-mysql-installation-directory>
# - Add the above to any other configuration file (for example ~/.my.ini)
# and copy my_print_defaults to /usr/bin
# - Add the path to the mysql-installation-directory to the basedir variable
# below.
#
# If you want to affect other MySQL variables, you should make your changes
# in the /etc/my.cnf, ~/.my.cnf or other MySQL configuration files.
# If you change base dir, you must also change datadir. These may get
# overwritten by settings in the MySQL configuration files.
basedir=/export/mysql
datadir=/export/mysql/data
# Default value, in seconds, afterwhich the script should timeout waiting
# for server start.
# Value here is overriden by value in my.cnf.
# 0 means don't wait at all
# Negative numbers mean to wait indefinitely
service_startup_timeout=900
# The following variables are only set for letting mysql.server find things.
# Set some defaults
pid_file=
server_pid_file=
use_mysqld_safe=1
user=mysql
if test -z "$basedir"
then
basedir=/usr/local/mysql
bindir=./bin
if test -z "$datadir"
then
datadir=/usr/local/mysql/data
fi
sbindir=./bin
libexecdir=./bin
else
bindir="$basedir/bin"
if test -z "$datadir"
then
datadir="$basedir/data"
fi
sbindir="$basedir/sbin"
libexecdir="$basedir/libexec"
fi
# datadir_set is used to determine if datadir was set (and so should be
# *not* set inside of the --basedir= handler.)
datadir_set=
#
# Use LSB init script functions for printing messages, if possible
#
lsb_functions="/lib/lsb/init-functions"
if test -f $lsb_functions ; then
. $lsb_functions
else
log_success_msg()
{
echo " SUCCESS! $@"
}
log_failure_msg()
{
echo " ERROR! $@"
}
fi
PATH=/sbin:/usr/sbin:/bin:/usr/bin:$basedir/bin
export PATH
mode=$1 # start or stop
shift
other_args="$*" # uncommon, but needed when called from an RPM upgrade action
# Expected: "--skip-networking --skip-grant-tables"
# They are not checked here, intentionally, as it is the resposibility
# of the "spec" file author to give correct arguments only.
case `echo "testing\c"`,`echo -n testing` in
*c*,-n*) echo_n= echo_c= ;;
*c*,*) echo_n=-n echo_c= ;;
*) echo_n= echo_c='\c' ;;
esac
parse_server_arguments() {
for arg do
case "$arg" in
--basedir=*) basedir=`echo "$arg" | sed -e 's/^[^=]*=//'`
bindir="$basedir/bin"
if test -z "$datadir_set"; then
datadir="$basedir/data"
fi
sbindir="$basedir/sbin"
libexecdir="$basedir/libexec"
;;
--datadir=*) datadir=`echo "$arg" | sed -e 's/^[^=]*=//'`
datadir_set=1
;;
--user=*) user=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
--pid-file=*) server_pid_file=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
--service-startup-timeout=*) service_startup_timeout=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
--use-mysqld_safe) use_mysqld_safe=1;;
--use-manager) use_mysqld_safe=0;;
esac
done
}
parse_manager_arguments() {
for arg do
case "$arg" in
--pid-file=*) pid_file=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
--user=*) user=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
esac
done
}
wait_for_pid () {
verb="$1"
manager_pid="$2" # process ID of the program operating on the pid-file
i=0
avoid_race_condition="by checking again"
while test $i -ne $service_startup_timeout ; do
case "$verb" in
'created')
# wait for a PID-file to pop into existence.
test -s $pid_file && i='' && break
;;
'removed')
# wait for this PID-file to disappear
test ! -s $pid_file && i='' && break
;;
*)
echo "wait_for_pid () usage: wait_for_pid created|removed manager_pid"
exit 1
;;
esac
# if manager isn't running, then pid-file will never be updated
if test -n "$manager_pid"; then
if kill -0 "$manager_pid" 2>/dev/null; then
: # the manager still runs
else
# The manager may have exited between the last pid-file check and now.
if test -n "$avoid_race_condition"; then
avoid_race_condition=""
continue # Check again.
fi
# there's nothing that will affect the file.
log_failure_msg "Manager of pid-file quit without updating file."
return 1 # not waiting any more.
fi
fi
echo $echo_n ".$echo_c"
i=`expr $i + 1`
sleep 1
done
if test -z "$i" ; then
log_success_msg
return 0
else
log_failure_msg
return 1
fi
}
# Get arguments from the my.cnf file,
# the only group, which is read from now on is [mysqld]
if test -x ./bin/my_print_defaults
then
print_defaults="./bin/my_print_defaults"
elif test -x $bindir/my_print_defaults
then
print_defaults="$bindir/my_print_defaults"
elif test -x $bindir/mysql_print_defaults
then
print_defaults="$bindir/mysql_print_defaults"
else
# Try to find basedir in /etc/my.cnf
conf=/etc/my.cnf
print_defaults=
if test -r $conf
then
subpat='^[^=]*basedir[^=]*=\(.*\)$'
dirs=`sed -e "/$subpat/!d" -e 's//\1/' $conf`
for d in $dirs
do
d=`echo $d | sed -e 's/[ ]//g'`
if test -x "$d/bin/my_print_defaults"
then
print_defaults="$d/bin/my_print_defaults"
break
fi
if test -x "$d/bin/mysql_print_defaults"
then
print_defaults="$d/bin/mysql_print_defaults"
break
fi
done
fi
# Hope it's in the PATH ... but I doubt it
test -z "$print_defaults" && print_defaults="my_print_defaults"
fi
#
# Read defaults file from 'basedir'. If there is no defaults file there
# check if it's in the old (depricated) place (datadir) and read it from there
#
extra_args=""
if test -r "$basedir/my.cnf"
then
extra_args="-e $basedir/my.cnf"
else
if test -r "$datadir/my.cnf"
then
extra_args="-e $datadir/my.cnf"
fi
fi
parse_server_arguments `$print_defaults $extra_args mysqld server mysql_server mysql.server`
# Look for the pidfile
parse_manager_arguments `$print_defaults $extra_args manager`
#
# Set pid file if not given
#
if test -z "$pid_file"
then
pid_file=$datadir/mysqlmanager-`/bin/hostname`.pid
else
case "$pid_file" in
/* ) ;;
* ) pid_file="$datadir/$pid_file" ;;
esac
fi
if test -z "$server_pid_file"
then
server_pid_file=$datadir/`/bin/hostname`.pid
else
case "$server_pid_file" in
/* ) ;;
* ) server_pid_file="$datadir/$server_pid_file" ;;
esac
fi
case "$mode" in
'start')
# Start daemon
# Safeguard (relative paths, core dumps..)
cd $basedir
manager=$bindir/mysqlmanager
if test -x $libexecdir/mysqlmanager
then
manager=$libexecdir/mysqlmanager
elif test -x $sbindir/mysqlmanager
then
manager=$sbindir/mysqlmanager
fi
echo $echo_n "Starting MySQL"
if test -x $manager -a "$use_mysqld_safe" = "0"
then
if test -n "$other_args"
then
log_failure_msg "MySQL manager does not support options '$other_args'"
exit 1
fi
# Give extra arguments to mysqld with the my.cnf file. This script may
# be overwritten at next upgrade.
"$manager" \
--mysqld-safe-compatible \
--user="$user" \
--pid-file="$pid_file" >/dev/null 2>&1 &
wait_for_pid created $!; return_value=$?
# Make lock for RedHat / SuSE
if test -w /var/lock/subsys
then
touch /var/lock/subsys/mysqlmanager
fi
exit $return_value
elif test -x $bindir/mysqld_safe
then
# Give extra arguments to mysqld with the my.cnf file. This script
# may be overwritten at next upgrade.
pid_file=$server_pid_file
$bindir/mysqld_safe --datadir=$datadir --pid-file=$server_pid_file $other_args >/dev/null 2>&1 &
wait_for_pid created $!; return_value=$?
# Make lock for RedHat / SuSE
if test -w /var/lock/subsys
then
touch /var/lock/subsys/mysql
fi
exit $return_value
else
log_failure_msg "Couldn't find MySQL manager ($manager) or server ($bindir/mysqld_safe)"
fi
;;
'stop')
# Stop daemon. We use a signal here to avoid having to know the
# root password.
# The RedHat / SuSE lock directory to remove
lock_dir=/var/lock/subsys/mysqlmanager
# If the manager pid_file doesn't exist, try the server's
if test ! -s "$pid_file"
then
pid_file=$server_pid_file
lock_dir=/var/lock/subsys/mysql
fi
if test -s "$pid_file"
then
mysqlmanager_pid=`cat $pid_file`
echo $echo_n "Shutting down MySQL"
kill $mysqlmanager_pid
# mysqlmanager should remove the pid_file when it exits, so wait for it.
wait_for_pid removed "$mysqlmanager_pid"; return_value=$?
# delete lock for RedHat / SuSE
if test -f $lock_dir
then
rm -f $lock_dir
fi
exit $return_value
else
log_failure_msg "MySQL manager or server PID file could not be found!"
fi
;;
'restart')
# Stop the service and regardless of whether it was
# running or not, start it again.
if $0 stop $other_args; then
$0 start $other_args
else
log_failure_msg "Failed to stop running server, so refusing to try to start."
exit 1
fi
;;
'reload'|'force-reload')
if test -s "$server_pid_file" ; then
read mysqld_pid < $server_pid_file
kill -HUP $mysqld_pid && log_success_msg "Reloading service MySQL"
touch $server_pid_file
else
log_failure_msg "MySQL PID file could not be found!"
exit 1
fi
;;
'status')
# First, check to see if pid file exists
if test -s "$server_pid_file" ; then
read mysqld_pid < $server_pid_file
if kill -0 $mysqld_pid 2>/dev/null ; then
log_success_msg "MySQL running ($mysqld_pid)"
exit 0
else
log_failure_msg "MySQL is not running, but PID file exists"
exit 1
fi
else
# Try to find appropriate mysqld process
mysqld_pid=`pidof $libexecdir/mysqld`
if test -z $mysqld_pid ; then
if test "$use_mysqld_safe" = "0" ; then
lockfile=/var/lock/subsys/mysqlmanager
else
lockfile=/var/lock/subsys/mysql
fi
if test -f $lockfile ; then
log_failure_msg "MySQL is not running, but lock exists"
exit 2
fi
log_failure_msg "MySQL is not running"
exit 3
else
log_failure_msg "MySQL is running but PID file could not be found"
exit 4
fi
fi
;;
*)
# usage
echo "Usage: $0 {start|stop|restart|reload|force-reload|status} [ MySQL server options ]"
exit 1
;;
esac
exit 0
执行安装
#执行安装命令
salt ‘*’ state.sls mysql #安装mysql
salt ‘*’ state.sls mysqlconf #配置mysql 并初始化
# 由于mysqlconf 引入了 mysql的配置所以安装时可以直接执行下面的命令
Salt ‘*’ state.sls mysqlconf
查看结果
salt '*' cmd.run 'netstat -ntpl|grep 3306'
返回结果如下图
服务管理
服务管理以iptables 为例
1. 编写配置文件
cd /srv/salt
vim top.sls
#添加如下内容
base:
'*':
- iptables
vim iptables.sls
#添加如下内容
iptables:
pkg:
- installed
file.managed:
- source: salt://iptables/iptables
- name: /etc/sysconfig/iptables
- user: root
- group: root
- mode: 644
service.running:
- enable: True
- reload: True
- watch:
- file: /etc/sysconfig/iptables
- pkg: iptables
配置注解
pkg, service , file 这些都是salt的管理模块,pkg 是包管理模块; file是文件管理模块;
service.running: 服务运行状态
reload: True 是否重载服务
watch: 监视文件
当/etc/sysconfig/iptables 发生变化,服务重启更新
当配置文件语法有错误时会返回如下错误
2.推送配置
cd /srv/salt
mkdir iptables
cd iptables
vim iptables
添加下内容
# Generated by iptables-save v1.4.7 on Wed Apr 9 15:42:27 2014
*filter
:INPUT ACCEPT [1:40]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:136]
-A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -i bond1.102 -j DROP
COMMIT
# Completed on Wed Apr 9 15:42:27 2014
执行推送配置命令
salt 'gw2' state.sls iptables
返回结果
注:如出现上图结果表示推送成功。
3.验证
连接gw2服务器查看防火墙状态
iptables -nvL
注:如出现上图添加iptables 规则已生效
命令
常用命令
salt "gw2” cmd.run "df -Th" #查看磁盘空间
salt "gw2” network.interfaces #查看网络接口
salt 'gw2’ disk.usage #查看磁盘信息
salt 'gw2' grains.items #查看服务器信息
salt '*' state.running #查看当前运行的线程
salt '*' sys.doc #查看模块函数帮助信息
salt \* -b 10 test.ping # 每次执行10台
常见问题:
模块
系统模块
自定义模块
API
安装
https://pypi.python.org/packages/source/s/salt-api/salt-api-0.8.4.1.tar.gz
tar zxft salt-api-0.8.4.1.tar.gz
cd salt-api-0.8.4.1
python setup.py install
配置
Mkdir –p /etc/salt/master.d
Cd /etc/salt/master.d
#添加如下配置
rest_cherrypy:
port: 443 #端口
host: 172.22.168.1 #绑定ip
debug: True
disable_ssl: True # 禁用 ssl 如果使用https把这行注掉就可以了
halite:
#ssl_crt: /etc/pki/tls/certs/bbz.com.crt # 配置 ssl
#ssl_key: /etc/pki/tls/certs/bbz.nopass.key # 配置 ssl
static: /export/saltstack/halite/halite
app: /export/saltstack/halite/halite/index.html
external_auth:
pam:
admin:
- .*
验证:
# 获取token 信息
curl -k http://172.22.168.1:443/login -d username='admin' -d password='passwd' -d eauth='pam'
返回结果:
# 执行命令
curl -k http://172.22.168.1:443 -H "Accept: application/x-yaml" -H "X-Auth-Token:
8cf0f9260e910e5089f2d66d1c5828ffa8be0ca2" -d client=local -d tgt='gw1' -d fun='cmd.run' -d arg="df -h"
返回结果:
说明:
Php 代码执行命令代码
// 获取 token 认证
function GetToken($Host, $User, $PassWd)
{
$Url = "http://$Host:443/login";
$PostData = array(
"username" => "$User",
"password" => "$PassWd",
"eauth" => "pam"
);
$o="";
foreach ($PostData as $k=>$v)
{
$o.= "$k=".urlencode($v)."&";
}
$PostData=substr($o,0,-1);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $Url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $PostData);
$output = curl_exec($ch);
curl_close($ch);
$json_Array=json_decode($output, true);
return $json_Array['return'][0]['token'] ;
}
// 执行命令
function ExecCmd($Host, $Token, $ServerList, $Cmd)
{
$header [] = 'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$header [] = 'Accept-Language: zh-CN,zh;q=0.8';
$header [] = 'Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3';
$header [] = 'Cache-Control:max-age=0';
$header [] = 'Cookie:t_skey=p5gdu1nrke856futitemkld661; t__CkCkey_=29f7d98';
$header [] = 'Content-Type:application/x-www-form-urlencoded';
$header [] = "X-Auth-Token: $Token";
$Url = "http://$Host:443";
$PostData = array(
"client" => "local",
"tgt" => "$ServerList",
"fun" => "cmd.run",
"arg" => "$Cmd"
);
$o="";
foreach ($PostData as $k=>$v)
{
$o.= "$k=".urlencode($v)."&";
}
$PostData=substr($o,0,-1);
$ch = curl_init();
curl_setopt ( $ch, CURLOPT_HTTPHEADER, $header );
curl_setopt($ch, CURLOPT_URL, $Url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $PostData);
$output = curl_exec($ch);
curl_close($ch);
$json_Array=json_decode($output, true);
print_r( $json_Array);
return $json_Array;
}
相关网址
http://blog.coocla.org/301.html
http://www.open-open.com/lib/view/open1386665335876.html
http://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html
http://blog.segmentfault.com/yexiaobai/1190000000506668
http://my.oschina.net/u/877567/blog/200797
http://www.ttlsa.com/saltstack/saltstack-web-uiweb/
https://pypi.python.org/
http://docs.saltstack.com/en/latest/salt-modindex.html
http://www.shencan.net/index.php/category/%E8%87%AA%E5%8A%A8%E5%8C%96%E8%BF%90%E7%BB%B4/saltstack/
saltstack配置文档
猜你喜欢
转载自genius-shaobin.iteye.com/blog/2088432
今日推荐
周排行