了解最新公司動態(tài)及行業(yè)資訊
下面將為大家介紹使用腳本離線自動安裝SaltStack Master 服務(wù),同時安裝saltstack 的API服務(wù)以便我們可以在master 上對minion 主機(jī)進(jìn)行自動化運(yùn)維管控,同時我們還可以基于saltstack 提供的API接口進(jìn)行二次開發(fā),例如我們可以開發(fā)自己的自動化運(yùn)維軟件,將平時需要在命令行進(jìn)行的運(yùn)維操作可以在界面上達(dá)到同樣的效果。
上面是本次安裝所需要的腳本及離線文件:
[root@my-server script]# cat api.conf rest_cherrypy: host: port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.keyapi.conf 是SaltStack 的API 配置服務(wù),使用yml格式,其中host 指定本機(jī)暴露的IP地址或者域名,port 暴露服務(wù)端口,ssl_crt 是https 證書路徑,saltstack 的API 服務(wù)使用的是https協(xié)議,證書在后面的腳本中自動生成,ssl_key 對應(yīng)crt證書密鑰。
[root@my-server script]# cat auth.conf external_auth: pam: saltapi: - .* - @wheel - @runner - @jobsauth.conf 是SaltStack 外部認(rèn)證方式配置,這里使用pam方式。用于控制通過Salt API訪問Salt功能的權(quán)限。
[root@my-server script]# cat bootstrap-saltapi.sh #!/bin/bash set -x logFile=/tmp/bootstrap-saltapi.log out(){ echo `date "+%Y-%m-%d %H:%M:%S"`": $*" echo `date "+%Y-%m-%d %H:%M:%S"`": $*" >> $logFile } host=$1 checkParameters() { if [ ! $host ]; then out "host is required." exit 1 fi } validateRunAsRoot() { if [[ $EUID -ne 0 ]]; then out "ERROR: run as root is required, please swith to root ro run!" exit 1 fi out "Run AS user check passed! current user is root" } installMysql() { yum install mariadb-server -y systemctl start mariadb systemctl enable mariadb out "create salt mysql job schema." cd /opt/script mysql -e "source ./salt.sql" out "authorization all permissions of the root user." mysql -e "grant all privileges on *.* to root@% identified by root; grant all privileges on *.* to root@localhost identified by root; flush privileges;" mysql -uroot -proot -h localhost -e "show databases;use salt;show tables;" } installSaltMasterAndSaltAPI() { tar -xvf ./salt3006.tar.gz -C /opt cd /opt/salt3006 rpm -ivh --replacepkgs pciutils*.rpm salt-300*.rpm salt-api*.rpm salt-master*.rpm salt-minion*.rpm out "config salt-master then start server again..." mv /etc/salt/master /etc/salt/master.bak cp /opt/script/master /etc/salt/master -f sed -i "s/interface: 0.0.0.0/interface: ${host}/g" /etc/salt/master # add salt auth user and set password useradd -M -s /sbin/nologin saltapi echo "saltapi" | passwd saltapi --stdin # config saltapi auth. salt-call --local tls.create_self_signed_cert cp -r /opt/script/auth.conf /etc/salt/master.d/ cp -r /opt/script/api.conf /etc/salt/master.d/ sed -i "s/host:/host: ${host}/g" /etc/salt/master.d/api.conf # if current os does not have python3, install it. python3 --version hasPython3=$(echo $?) if [ $hasPython3 == 0 ];then echo "Python3 has installed." else yum install python3 -y fi # saltstack relenv pip install PyMySQL cd /opt/saltstack/salt/bin ./pip3 install /opt/salt3006/PyMySQL-1.0.2-py3-none-any.whl mkdir -p /srv/salt mkdir -p /srv/scriptfile out "start salt-master..." systemctl start salt-master systemctl enable salt-master out "start salt-api..." systemctl start salt-api systemctl enable salt-api master_status=$(systemctl status salt-master|grep Active: active | wc -l) if [ $master_status -ge 1 ]; then out "salt-master is running." fi api_status=$(systemctl status salt-api|grep Active: active | wc -l) if [ $api_status ]; then out "salt-api is running." fi } checkSaltApi() { sleep 10s curl -sSk https://$host:8000/login -H Accept: application/json -d username=saltapi -d password=saltapi -d eauth=pam } main() { validateRunAsRoot checkParameters installMysql installSaltMasterAndSaltAPI checkSaltApi } mainbootstrap-saltapi.sh 是自動安裝腳本路口,里面定義了不同的函數(shù),其中validateRunAsRoot是校驗(yàn)本次安裝需要以root 用戶運(yùn)行,checkParameters校驗(yàn)運(yùn)行此腳本需要一個ip或域名作為參數(shù),一般是本機(jī)IP地址,例如:bash bootstrap-saltapi.sh 127.0.0.1,實(shí)際安裝中將127.0.0.1 進(jìn)行替換。saltstack 在執(zhí)行命令后,獲取命令執(zhí)行結(jié)果可以使用本機(jī)文本存儲,也可以使用redis進(jìn)行緩存,或者 mysql來進(jìn)行持久化存儲,這里我們使用mysql進(jìn)行持久化存儲,方便我們進(jìn)行二次開發(fā)過程中,對命令執(zhí)行結(jié)果的獲取,installMysql 既是在本機(jī)安裝mysql服務(wù)的。
installSaltMasterAndSaltAPI用于在本機(jī)安裝 salt-master 和 salt-api服務(wù)。checkSaltApi用于安裝完服務(wù)后驗(yàn)證 salt-api服務(wù)時否正常。main 函數(shù)為腳本路口。master 文件是saltstack 中 salt-master 服務(wù)的配置文件,這里簡要說明下相關(guān)配置:
interface 指定Salt Master監(jiān)聽的IP地址。0.0.0.0表示監(jiān)聽所有可用的網(wǎng)絡(luò)接口。
publish_port 指定發(fā)送命令服務(wù)端口為4505
user 指定以root權(quán)限執(zhí)行
ret_port 指定命令結(jié)果獲取端口為4506
conf_file指定當(dāng)前配置文件路徑
auto_accept表示自動接受minion密鑰請求
order_masters為True表示按順序連接多個Master,這里安裝的salt-master 為頂層master, saltstack 可以通過salt-syndic 進(jìn)行擴(kuò)展為三層結(jié)構(gòu),可以用于管理數(shù)萬臺虛擬機(jī),一般小批量的使用兩層結(jié)構(gòu)即可,即master-minion 結(jié)構(gòu)
最下面mysql開頭的是用于配置存儲命令結(jié)果的mysql配置。
在剩下的文件中 salt3006.tar.gz 是saltstack的離線安裝包,如何獲取離線安裝包在后續(xù)文章中會講到。salt.sql 是用于初始化salt的表結(jié)構(gòu)。
[root@my-server script]# cat salt.sql /* SQLyog Ultimate v11.27 (32 bit) MySQL - 5.5.68-MariaDB : Database - salt ********************************************************************* */ /*!40101 SET NAMES utf8 */; /*!40101 SET SQL_MODE=*/; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=NO_AUTO_VALUE_ON_ZERO */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; CREATE DATABASE /*!32312 IF NOT EXISTS*/`salt` /*!40100 DEFAULT CHARACTER SET latin1 */; USE `salt`; /*Table structure for table `jids` */ DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; /*Table structure for table `salt_events` */ DROP TABLE IF EXISTS `salt_events`; CREATE TABLE `salt_events` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `tag` varchar(255) NOT NULL, `data` mediumtext NOT NULL, `alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `master_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `tag` (`tag`) ) ENGINE=InnoDB AUTO_INCREMENT=3790 DEFAULT CHARSET=utf8; /*Table structure for table `salt_returns` */ DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;使用ifconfig 查看本機(jī)IP:
[root@my-server script]# ifconfig br-811be7c31e57: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::42:69ff:fe90:81b4 prefixlen 64 scopeid 0x20<link> ether 02:42:69:90:81:b4 txqueuelen 0 (Ethernet) RX packets 8214 bytes 807377 (788.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8214 bytes 807377 (788.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:f0ff:fece:2ab prefixlen 64 scopeid 0x20<link> ether 02:42:f0:ce:02:ab txqueuelen 0 (Ethernet) RX packets 202385 bytes 51320096 (48.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 218371 bytes 983738284 (938.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.22.236.175 netmask 255.255.240.0 broadcast 172.22.239.255 inet6 fe80::216:3eff:fe00:6162 prefixlen 64 scopeid 0x20<link> ether 00:16:3e:00:61:62 txqueuelen 1000 (Ethernet) RX packets 27961541 bytes 9347094567 (8.7 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 22301197 bytes 4160742107 (3.8 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 8214 bytes 807377 (788.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8214 bytes 807377 (788.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0執(zhí)行命令開始自動安裝 bash bootstrap-saltapi.sh 172.22.236.175
查看安裝的服務(wù)狀態(tài):systemctl status salt-master salt-api
salt-master服務(wù)狀態(tài)
salt-api服務(wù)狀態(tài)
24小時免費(fèi)咨詢
請輸入您的聯(lián)系電話,座機(jī)請加區(qū)號