一.salt-syndic

syndic就是一層代理，如同zabbix proxy功能一樣，隔離master與minion，使其不需要通訊，只需要與syndic都通訊就可以

1.server4安裝salt-master

[root@server4 ~]# scp server1:/etc/yum.repos.d/saltstack.repo /etc/yum.repos.d/ [root@server4 ~]# yum clean all [root@server4 ~]# yum repolist [root@server4 ~]# yum install salt-master -y

2.server4安裝salt-syndic

[root@server4 ~]# yum install salt-syndic-2019.2.0-1.el7.noarch.rpm -y [root@server4 ~]# systemctl start salt-syndic

3.修改/etc/salt/master配置文件

[root@server4 ~]# vim /etc/salt/master [root@server4 ~]# systemctl start salt-master [root@server4 ~]# netstat -antlp

4.server1安裝salt-syndic，并打開服務(wù)

[root@server1 ~]# yum install salt-syndic-2019.2.0-1.el7.noarch.rpm -y [root@server1 ~]# systemctl start salt-syndic

編輯server1的salt-master配置文件

[root@server1 ~]# vim /etc/salt/master [root@server1 ~]# systemctl restart salt-master.service

5.server1與server4建立聯(lián)系

[root@server4 ~]# salt-key -L Rejected Keys: [root@server4 ~]# salt-key -A [root@server4 ~]# salt-key -L

測(cè)試：

[root@server4 ~]# salt '*' test.ping

二.salt-ssh

salt-ssh：是通過(guò)ssh協(xié)議執(zhí)行命令進(jìn)行管理服務(wù)器,不需要在服務(wù)器端安裝minion客戶端,如時(shí)有安裝minion也可以調(diào)用minion模塊;salt-ssh有點(diǎn)類似ansible 無(wú)客戶端基于ssh協(xié)議進(jìn)行管理服務(wù)器.通過(guò)roser(/etc/salt/roser)配置文件.

1.關(guān)閉server2的salt-minion便于驗(yàn)證

[root@server2 ~]# systemctl stop salt-minion.service

2.server1安裝salt-ssh模塊并修改文件/etc/salt/roster

[root@server1 ~]# yum install salt-ssh -y [root@server1 ~]# vim /etc/salt/roster

3.測(cè)試

[root@server1 ~]# salt-ssh '*' test.ping [root@server1 ~]# salt-ssh server2 -r "df" [root@server1 ~]# salt-ssh server2 -r "hostname"

三.salt-api

1.在server1（master）上安裝salt-api

[root@server1 ~]# yum install -y salt-api

2.在/etc/pki/tls/private目錄下生成相應(yīng)的鑰匙

[root@server1 ~]# cd /etc/pki [root@server1 pki]# ls CA consumer java product rpm-gpg tls ca-trust entitlement nssdb product-default rsyslog [root@server1 pki]# cd tls/ [root@server1 tls]# ls cert.pem certs misc openssl.cnf private [root@server1 tls]# cd private/ [root@server1 private]# ls [root@server1 private]# openssl genrsa 2048 > localhost.key

3.在/etc/pki/tls/certs目錄下面生成相應(yīng)的證書，因?yàn)樵谶@個(gè)目錄下面有makefile文件，該文件里面有生成證書的相應(yīng)方式，使用鑰匙生成證書

[root@server1 certs]# pwd /etc/pki/tls/certs [root@server1 certs]# make testcert

4.server1的/etc/salt/master文件中有api模塊命名方式

[root@server1 certs]# cd /etc/salt [root@server1 salt]# vim master

5.在/etc/salt/master.d目錄下編輯api的配置文件添加證書及其鑰匙

[root@server1 salt]# cd /etc/salt/master.d/ [root@server1 master.d]# ls [root@server1 master.d]# vim api.conf [root@server1 master.d]# cat api.conf rest_cherrypy:port: 8000ssl_crt: /etc/pki/tls/certs/localhost.crtssl_key: /etc/pki/tls/private/localhost.key

6.編輯授權(quán)文件

[root@server1 master.d]# pwd /etc/salt/master.d [root@server1 master.d]# vim auth.conf [root@server1 master.d]# cat auth.conf external_auth:pam:saltapi:- .*- '@wheel'- '@runner' - '@jobs'

7.建立授權(quán)用戶及其設(shè)置密碼

[root@server1 master.d]# useradd saltapi [root@server1 master.d]# passwd saltapi [root@server1 master.d]# systemctl restart salt-master [root@server1 master.d]# systemctl start salt-api [root@server1 master.d]# netstat -antlp ##端口8000

8.測(cè)試

[root@server1 master.d]# curl -sSk https://172.25.31.1:8000/login -H 'ACCEPT: application/x-yaml' -d username=saltapi -d password=westos -d eauth=pamreturn: [root@server1 master.d]# curl -sSk https://172.25.31.1:8000 -H 'ACCEPT: application/x-yaml' -H 'X-Auth-Token: 0cbada767c80e60b9d204df23206efa0dffb349a' -d client=local -d tgt='*' -d fun=test.ping

編輯python腳本

# -*- coding: utf-8 -*-import urllib2,urllib import timetry:import json except ImportError:import simplejson as jsonclass SaltAPI(object):__token_id = ''def __init__(self,url,username,password):self.__url = url.rstrip('/')self.__user = usernameself.__password = passworddef token_id(self):''' user login and get token id '''params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}encode = urllib.urlencode(params)obj = urllib.unquote(encode)content = self.postRequest(obj,prefix='/login')try:self.__token_id = content['return'][0]['token']except KeyError:raise KeyErrordef postRequest(self,obj,prefix='/'):url = self.__url + prefixheaders = {'X-Auth-Token' : self.__token_id}req = urllib2.Request(url, obj, headers)opener = urllib2.urlopen(req)content = json.loads(opener.read())return contentdef list_all_key(self):params = {'client': 'wheel', 'fun': 'key.list_all'}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)minions = content['return'][0]['data']['return']['minions']minions_pre = content['return'][0]['data']['return']['minions_pre']return minions,minions_predef delete_key(self,node_name):params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)ret = content['return'][0]['data']['success']return retdef accept_key(self,node_name):params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)ret = content['return'][0]['data']['success']return retdef remote_noarg_execution(self,tgt,fun):''' Execute commands without parameters '''params = {'client': 'local', 'tgt': tgt, 'fun': fun}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)ret = content['return'][0][tgt]return retdef remote_execution(self,tgt,fun,arg):''' Command execution with parameters ''' params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)ret = content['return'][0][tgt]return retdef target_remote_execution(self,tgt,fun,arg):''' Use targeting for remote execution '''params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)jid = content['return'][0]['jid']return jiddef deploy(self,tgt,arg):''' Module deployment '''params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)return contentdef async_deploy(self,tgt,arg):''' Asynchronously send a command to connected minions '''params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)jid = content['return'][0]['jid']return jiddef target_deploy(self,tgt,arg):''' Based on the node group forms deployment '''params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}obj = urllib.urlencode(params)self.token_id()content = self.postRequest(obj)jid = content['return'][0]['jid']return jiddef main():sapi = SaltAPI(url="https://172.25.31.1:8000",username="saltapi",password="westos")#sapi.token_id()print sapi.list_all_key() ##打開該端口查看key設(shè)為A#sapi.delete_key('test-01')#sapi.accept_key('test-01')sapi.deploy('server3','nginx.service') ##打開該端口指定主機(jī)安裝相應(yīng)的服務(wù)B#print sapi.remote_noarg_execution('test-01','grains.items')if __name__ == '__main__':main()

測(cè)試：

[root@server1 ~]# vim saltapi.py [root@server1 ~][root@server1 ~]# python saltapi.py ([u'server2', u'server3'], [])

總結(jié)

以上是生活随笔為你收集整理的saltstack中salt-sndic、salt-ssh和salt-api的应用的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。