saltstack - Automated Operations and Maintenance Layout Tool

brief introduction

Salt is an underlying platform management tool developed in python.SaltStack uses C/S mode, server side is salt's master, client side is minion, minion communicates with master via ZeroMQ message queue.Master listens on ports 4505 and 4506, 4505 is the master and minion authenticated communication port, and 4506 is the master used to send commands or receive minion command execution return information.

Introduction to saltstack:

1. Lightweight management tools to execute commands in batches;

2. Common templates:

pkg: package, update with addition or deletion;
File: Used to manage files, including synchronizing files, setting file permissions and belonging groups, deleting files, etc.
cmd: execute commands or scripts on minion;
user: Manage account operations;
Service: Manage service operations of the system;
cron: Manage crontab tasks
3. The saltstack data system:

Grains (static data);
pillar (dynamic data);
4. Three main functions:
(1) Remote execution
(2) Configuration Management
(3) Cloud Management

Important components:

(1)grains:

grains is some information that is collected when minion (client) is started, such as static information such as operating system type, network card ip, etc.
grains'information is not dynamic and does not change from time to time; it is only collected when the minion starts.
(2)pillar:

Unlike grains, pillars are defined on the master and are some information defined for the minion.For example, important data (passwords) can exist in a pillar, variables can be defined, and so on.
(3)state:

Is the core function of saltstack, which manages controlled hosts through pre-specified sls files (including package, network configuration, system services, system users, etc.)

Working principle:

The SaltStack client (Minion) automatically generates a set of keys, both private and public, at startup.The public key is then sent to the server, which validates and accepts the public key to establish a reliable and encrypted communication connection.At the same time, a message publishing connection is established between the client and the server through the message queue ZeroMQ.

1. Minion is the client installation component SaltStack needs to manage. It actively connects to and synchronizes resource management information from the Master side.
2. Master, as the control center, runs on the host server and is responsible for the management of Salt command operation and resource status. An instruction is executed on Master and sent to each Minions in a queue to execute it and return the results.
3. ZeroMQ is an open source message queuing software used to build a system communication bridge between the Minion and Master ends.

Differentiate from ansible:

1. Management configuration is faster and more stable
ansible transmits data based on the SSH protocol; Saltstack uses message queue zeroMQ to transfer data faster, 40 times faster than ssh.
2. The ansible installation and deployment process is very simple, and it is inconvenient for saltstack to deploy the minion side.

Practice - Bulk Installation of Apache Services


1. Modify Host Name

Modify host name:
[root@localhost ~]# hostnamectl set-hostname master.saltstack.com
[root@localhost ~]# hostnamectl set-hostname web01.saltstack.com
[root@localhost ~]#  hostnamectl set-hostname web02.saltstack.com

Modify/etc/hosts file (copy remotely with scp, all three hosts are the same):
vim /etc/hosts
192.168.220.131 master.saltstack.com
192.168.220.140 web01.saltstack.com
192.168.220.136 web02.saltstack.com

Turn off the firewall:
systemctl stop firewalld.service
setenforce 0

Add epel source for three hosts:
yum install -y epel-release

2. Install saltstack:

1,master Install on:
yum install -y salt-master

2,Managed end( minion)Install on:
yum install -y salt-minion

3. Configure master host:

vim  /etc/salt/master 

interface: 192.168.220.131   //Modify the listen address (master's address)
auto_accept: True            //Modify to true to avoid running salt-key to determine certificate authentication

file_roots:                  //Open the saltstack file root directory location, which you need to create yourself
   base:
     - /srv/salt

nodegroups:                  //Turn on and set group classification
   group1: 'web01.saltstack.com'
   group2: 'web02.saltstack.com'

pillar_opts: True            //Turn on pillar to synchronize files

pillar_roots:                //Open the pillar home directory, which you need to create yourself
   base:
     - /srv/pillar


4. Open services:

[root@master ~]# systemctl start salt-master.service 
[root@master ~]# netstat -napt | egrep '4506|4505'
tcp        0      0 192.168.220.131:4505    0.0.0.0:*               LISTEN      68112/python        
tcp        0      0 192.168.220.131:4506    0.0.0.0:*               LISTEN      68136/python 

(5) Configure the minino end:

vim  /etc/salt/minino
//First:
master: 192.168.220.131        //Line 16, specify host IP address
id: web01.saltstack.com        //Line 78, specify the host name of the controlled end
//Second:
master: 192.168.220.131       
id: web02.saltstack.com 

systemctl start salt-minion.service   //Open Service

(6) Testing the communication status with the controlled side in the main control side

[root@master ~]# Salt'*'test.ping //View communication status
web01.saltstack.com:
    True
[root@master ~]# salt '*' test.ping
web01.saltstack.com:
    True
web02.saltstack.com:
    True

salt '*' cmd.run 'df -h'      //View mounting of all managed segments

[root@master ~]# salt-key //View clients that have been accepted on master
Accepted Keys:
web01.saltstack.com
web02.saltstack.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:

//View all values of grains on the monitored host (each time minino gets client information at startup):
salt 'web01.saltstack.com' grains.items (Static Data)
salt 'web01.saltstack.com' pillar.items (Dynamic Data)

(7) Start installing Apache services in bulk:
The following demonstrates remotely installing Apache through yum:

mkdir /srv/salt

vim /srv/salt/top.sls
base:
  '*':    
    - apache
//Note:'*'means that apache modules are executed on all clients.

vim /srv/salt/apache.sls
apache-service:
  pkg.installed:
    - names:                // If there is only one service, it can be written as -name: httpd without wrapping a line
      - httpd
      - httpd-devel
  service.running:
    - name: httpd
    - enable: True
//Note: apache-service is a custom id name.pkg.installed is the package installation function. Below is the name of the package to be installed.service.running is also a function to ensure that the specified service is started, enable d to indicate that it is started.


systemctl restart salt-master    //Restart Service
salt '*' state.highstate         //Execute refresh state configuration command



Next, go to two minino s to verify that httpd was installed successfully:

Tags: Linux saltstack Apache vim yum

Posted on Mon, 03 Feb 2020 22:21:10 -0500 by craigtolputt