一、SaltStack介绍SaltStack是一个服务器基础架构集中化管理平台，SaltStack基于Python语言实现，也是基于C/S架构，结合轻量级消息队列（ZeroMQ）与Python第三方模块（Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等）构建，SaltStack整合了Puppet和Chef的功能，更适合大规模批量管理服务器，配置简单。三大主要功能：远程执行、配置管理、云管理运行方式：local、Master/Minion、Salt SSH二、SaltStack工作原理salt-master服务启动后会开启两个端口:4505和4506，minion没有端口，通过“双向密钥交换”(可通过tree /etc/salt/pki命令查看)来实现安全管理。salt-master每执行一条命令，所有minion均可收到。[root@m01 haproxy]# lsof -n -i:4505COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsalt-mini 28094 root 24u IPv4 513347 0t0 TCP 172.16.1.61:46598->172.16.1.61:4505 (ESTABLISHED)salt-mast 28823 root 12u IPv4 507802 0t0 TCP *:4505 (LISTEN)salt-mast 28823 root 14u IPv4 513324 0t0 TCP 172.16.1.61:4505->172.16.1.7:44184 (ESTABLISHED)salt-mast 28823 root 15u IPv4 513348 0t0 TCP 172.16.1.61:4505->172.16.1.61:46598 (ESTABLISHED)salt-mast 28823 root 16u IPv4 889130 0t0 TCP 172.16.1.61:4505->172.16.1.3:49070 (ESTABLISHED)[root@m01 haproxy]# lsof -n -i:4506 #所有的minion都与master通信，而回复的时候，master则使用4506端口COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsalt-mini 28094 root 13u IPv4 513218 0t0 TCP 172.16.1.61:56702->172.16.1.61:4506 (ESTABLISHED)salt-mast 28848 root 20u IPv4 507835 0t0 TCP *:4506 (LISTEN)salt-mast 28848 root 27u IPv4 513219 0t0 TCP 172.16.1.61:4506->172.16.1.61:56702 (ESTABLISHED)salt-mast 28848 root 28u IPv4 513220 0t0 TCP 172.16.1.61:4506->172.16.1.7:46876 (ESTABLISHED)salt-mast 28848 root 29u IPv4 889121 0t0 TCP 172.16.1.61:4506->172.16.1.3:38832 (ESTABLISHED)三、SaltStack安装部署1、环境1234[root@m01 ~]# cat /etc/redhat-releaseCentOS release 6.9 (Final)[root@m01 ~]# uname -r2.6.32-696.el6.x86_642、master服务端安装http://mirrors.zju.edu.cn/epel/6/x86_64/epel-release-6-8.noarch.rpmrpm -ivh epel-release-6-8.noarch.rpm#安装epel源yum install salt-master salt-minion -ysed -i 's/#master: salt/master: 172.16.1.61/g' /etc/salt/minion#修改minion配置文件指定master/etc/init.d/salt-master start/etc/init.d/salt-minion startchkconfig salt-master onchkconfig salt-minion on3、minion客户端安装配置yum install salt-minion -ysed -i 's/#master: salt/master: 172.16.1.61/g' /etc/salt/minion#直接替换指定master地址/etc/init.d/salt-minion startchkconfig salt-minion on4、SaltStack常用命令参数常用命令参数命令说明salt-key -L查看minion列表salt-key -A同意接管所有的minionsalt-key -a同意接管指定的一个minionsalt-key -D删除所有认证的minionsalt-key -d删除指定的minionsalt-run manage.up查看存活的minionsalt-run manage.down查看死掉的minionsalt-run manage.status查看minion的相关状态salt-run manage.versions查看salt的所有master和minion的版本信息salt -d查看帮助文档salt '*' sys.doc查看帮助文档salt -d|grep service查看service相关模块命令salt '*' service.get_all获取minion所有服务salt '*' service.reload sshd重新加载sshd服务salt '*' pkg.list_pkgs显示软件包版本列表salt '*' pkg.version python显示软件包版本信息salt '*' pkg.install httpd安装软件包salt '*' service.status mysql查看mysql服务状态salt '*' service.start mysql启动mysql服务salt '*' sys.list_modules模块列表salt-cp'*'/etc/hosts /etc/hosts分发hosts文件到所有minion端salt'*'file.copy/tmp/zabbix.sls /tmp/sls把服务端对应文件拷贝到minion端相应目录下salt '*' cp.get_dir salt://zabbix /tmp把服务端对应目录拷贝到minion端相应目录下5、远程执行①cmd.script远程执行脚本salt '*' cmd.script salt://scripts/runme.shsalt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'②cmd.shell远程执行命令salt '*' cmd.shell "ls -l | awk '/foo/{print \$2}'"salt '*' cmd.shell template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \$2}'"③测试到客户端的连通性[root@m01 ~]# salt '*' test.pingm01: Truehaproxy01: Trueweb02: True④遇到的问题#问题salt-minion dead but pid file exists#解决rm -fr /etc/salt/pki/minion/minion_master.pub/etc/init.d/salt-minion restart