Salt is an underlying platform management tool developed in python.SaltStack uses C/S mode, server side is salt's master, client side is minion, minion communicates with master via ZeroMQ message queue.Master listens on ports 4505 and 4506, 4505 is the master and minion authenticated communication port, and 4506 is the master used to send commands or receive minion command execution return information.
Introduction to saltstack:
1. Lightweight management tools to execute commands in batches;
2. Common templates:
pkg: package, update with addition or deletion;
File: Used to manage files, including synchronizing files, setting file permissions and belonging groups, deleting files, etc.
cmd: execute commands or scripts on minion;
user: Manage account operations;
Service: Manage service operations of the system;
cron: Manage crontab tasks
3. The saltstack data system:
Grains (static data);
pillar (dynamic data);
4. Three main functions:
(1) Remote execution
(2) Configuration Management
(3) Cloud Management
grains is some information that is collected when minion (client) is started, such as static information such as operating system type, network card ip, etc.
grains'information is not dynamic and does not change from time to time; it is only collected when the minion starts.
Unlike grains, pillars are defined on the master and are some information defined for the minion.For example, important data (passwords) can exist in a pillar, variables can be defined, and so on.
Is the core function of saltstack, which manages controlled hosts through pre-specified sls files (including package, network configuration, system services, system users, etc.)
The SaltStack client (Minion) automatically generates a set of keys, both private and public, at startup.The public key is then sent to the server, which validates and accepts the public key to establish a reliable and encrypted communication connection.At the same time, a message publishing connection is established between the client and the server through the message queue ZeroMQ.
1. Minion is the client installation component SaltStack needs to manage. It actively connects to and synchronizes resource management information from the Master side.
2. Master, as the control center, runs on the host server and is responsible for the management of Salt command operation and resource status. An instruction is executed on Master and sent to each Minions in a queue to execute it and return the results.
3. ZeroMQ is an open source message queuing software used to build a system communication bridge between the Minion and Master ends.
Differentiate from ansible:
1. Management configuration is faster and more stable
ansible transmits data based on the SSH protocol; Saltstack uses message queue zeroMQ to transfer data faster, 40 times faster than ssh.
2. The ansible installation and deployment process is very simple, and it is inconvenient for saltstack to deploy the minion side.
Practice - Bulk Installation of Apache Services
1. Modify Host Name
Modify host name: [root@localhost ~]# hostnamectl set-hostname master.saltstack.com [root@localhost ~]# hostnamectl set-hostname web01.saltstack.com [root@localhost ~]# hostnamectl set-hostname web02.saltstack.com Modify/etc/hosts file (copy remotely with scp, all three hosts are the same): vim /etc/hosts 192.168.220.131 master.saltstack.com 192.168.220.140 web01.saltstack.com 192.168.220.136 web02.saltstack.com Turn off the firewall: systemctl stop firewalld.service setenforce 0 Add epel source for three hosts: yum install -y epel-release
2. Install saltstack:
1,master Install on: yum install -y salt-master 2,Managed end( minion)Install on: yum install -y salt-minion
3. Configure master host:
vim /etc/salt/master interface: 192.168.220.131 //Modify the listen address (master's address) auto_accept: True //Modify to true to avoid running salt-key to determine certificate authentication file_roots: //Open the saltstack file root directory location, which you need to create yourself base: - /srv/salt nodegroups: //Turn on and set group classification group1: 'web01.saltstack.com' group2: 'web02.saltstack.com' pillar_opts: True //Turn on pillar to synchronize files pillar_roots: //Open the pillar home directory, which you need to create yourself base: - /srv/pillar
4. Open services:
[root@master ~]# systemctl start salt-master.service [root@master ~]# netstat -napt | egrep '4506|4505' tcp 0 0 192.168.220.131:4505 0.0.0.0:* LISTEN 68112/python tcp 0 0 192.168.220.131:4506 0.0.0.0:* LISTEN 68136/python
(5) Configure the minino end:
vim /etc/salt/minino //First: master: 192.168.220.131 //Line 16, specify host IP address id: web01.saltstack.com //Line 78, specify the host name of the controlled end //Second: master: 192.168.220.131 id: web02.saltstack.com systemctl start salt-minion.service //Open Service
(6) Testing the communication status with the controlled side in the main control side
[root@master ~]# Salt'*'test.ping //View communication status web01.saltstack.com: True [root@master ~]# salt '*' test.ping web01.saltstack.com: True web02.saltstack.com: True salt '*' cmd.run 'df -h' //View mounting of all managed segments [root@master ~]# salt-key //View clients that have been accepted on master Accepted Keys: web01.saltstack.com web02.saltstack.com Denied Keys: Unaccepted Keys: Rejected Keys: //View all values of grains on the monitored host (each time minino gets client information at startup): salt 'web01.saltstack.com' grains.items (Static Data) salt 'web01.saltstack.com' pillar.items (Dynamic Data)
(7) Start installing Apache services in bulk:
The following demonstrates remotely installing Apache through yum:
mkdir /srv/salt vim /srv/salt/top.sls base: '*': - apache //Note:'*'means that apache modules are executed on all clients. vim /srv/salt/apache.sls apache-service: pkg.installed: - names: // If there is only one service, it can be written as -name: httpd without wrapping a line - httpd - httpd-devel service.running: - name: httpd - enable: True //Note: apache-service is a custom id name.pkg.installed is the package installation function. Below is the name of the package to be installed.service.running is also a function to ensure that the specified service is started, enable d to indicate that it is started.
systemctl restart salt-master //Restart Service salt '*' state.highstate //Execute refresh state configuration command
Next, go to two minino s to verify that httpd was installed successfully: