一.API接口
利用api接口来实现SaltStack推送,管理集群是非常方便的手段,下面我们尝试利用API来实现Salt的功能….
1.在server1上安装salt api
yum insatll -y salt-api
2.配置自签名证书
cd /etc/pki/tls/cd private/
openssl genrsa 1024
openssl genrsa 1024 > localhost.key
cd certs
make testcert
3.
cd /etc/salt
vim master # 只支持以.conf结尾的文件
cd master.d/
vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
ll /etc/pki/tls/certs/localhost.crt
ll /etc/pki/tls/private/localhost.key
4.
vim auth.conf
external_auth:
pam:
saltapi:
- ‘.*’
- ‘@wheel’
- ‘@runner’
- ‘@jobs’
5.创建用户并设置密码
useradd saltapi
passwd saltapi
5.打开salt-api,重启salt-master,并查看是否监听8000端口
/etc/init.d/salt-api start
netstat -antlp | grep 8000
7.验证服务并获得token
8.利用token号测试三台minion是否通
curl -sSk https://localhost:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: ff47bf4450abec313837e663c3eeea399bb54947' -d client=local -d tgt='*' -d fun=test.ping
9.编写python脚本请求salt api接口
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://172.25.1.1:8000',username='saltapi',password='jay')
sapi.token_id()
print sapi.list_all_key() # (1)打印该master节点下的所有获得key的minion
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
sapi.deploy('server3','nginx.service') # (2)在server上推送nginx服务
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
(1)打印该master节点下的所有获得key的minion
(2)在server上推送nginx服务
二.常用模块
(一).在salt中自己编写模块
mkdir /srv/salt/_modules
cd /srv/salt/_modules
vim my_disk.py
#!/usr/bin/env python
def df():
return __salt__['cmd.run']('df -h')
salt '*' saltutil.sync_modules # 刷新salt模块库
salt '*' my_disk.df # 推送自己的模块
(二).salt中的常用模块ssh
1.在sevrer3上关闭minion
2.在server1上安装salt-ssh
yum install -y salt-ssh
3.在server上编辑ssh的配置文件:
vim /etc/salt/roster
server3:
host: 172.25.1.3 # 想要连接的主机
user: root # 该主机的超级用户
passwd: redhat # 该超级用户的密码
4.在server1中连通server3
salt-ssh 'server3' test.ping -i
5.不用minion,直接用利用ssh免密
salt-ssh 'server3' my_disk.df
三.salt-syndic功能
syndic 相当于zabbix 的代理,Syndic是Master的一个小组件, 位于salt-master软件包中, 安装salt-master时就安装了syndic
1.选择server4作为top master,关掉上边的minion,在server1上去掉server4这个minion
/etc/init.d/salt-minion stop
chkconfig salt-minion off
2.在server4上安装salt-master
yum install salt-master
3.修改sevrer4上边maser的配置文件
vim /etc/salt/master
857 order_masters: True # 打开允许syndic功能
4.在server1上安装yum install salt-syndic -y
编辑master配置文件vim /etc/salt/master
861 syndic_master: 172.25.1.4 # 设置top master为server4
5.在server4上发现server1
salt-key -L
salt-key -A
6.在sevrer4上执行推送,推送到了server1的minion各个minion上