下面将为大家介绍使用脚本离线自动安装SaltStack Master 服务,同时安装saltstack 的API服务以便我们可以在master 上对minion 主机进行自动化运维管控,同时我们还可以基于saltstack 提供的API接口进行二次开发,例如我们可以开发自己的自动化运维软件,将平时需要在命令行进行的运维操作可以在界面上达到同样的效果。
[root@my-server script]# tree .
.
├── api.conf
├── auth.conf
├── bootstrap-saltapi.sh
├── master
├── README.txt
├── salt3006.tar.gz
└── salt.sql上面是本次安装所需要的脚本及离线文件:
[root@my-server script]# cat api.conf
rest_cherrypy:
host:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.keyapi.conf 是SaltStack 的API 配置服务,使用yml格式,其中host 指定本机暴露的IP地址或者域名,port 暴露服务端口,ssl_crt 是https 证书路径,saltstack 的API 服务使用的是https协议,证书在后面的脚本中自动生成,ssl_key 对应crt证书密钥。
[root@my-server script]# cat auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
auth.conf 是SaltStack 外部认证方式配置,这里使用pam方式。用于控制通过Salt API访问Salt功能的权限。
[root@my-server script]# cat bootstrap-saltapi.sh
#!/bin/bash
set -x
logFile=/tmp/bootstrap-saltapi.log
out(){
echo `date "+%Y-%m-%d %H:%M:%S"`": $*"
echo `date "+%Y-%m-%d %H:%M:%S"`": $*" >> $logFile
}
host=$1
checkParameters() {
if [ ! $host ]; then
out "host is required."
exit 1
fi
}
validateRunAsRoot() {
if [[ $EUID -ne 0 ]]; then
out "ERROR: run as root is required, please swith to root ro run!"
exit 1
fi
out "Run AS user check passed! current user is root"
}
installMysql() {
yum install mariadb-server -y
systemctl start mariadb
systemctl enable mariadb
out "create salt mysql job schema."
cd /opt/script
mysql -e "source ./salt.sql"
out "authorization all permissions of the root user."
mysql -e "grant all privileges on *.* to 'root'@'%' identified by 'root'; grant all privileges on *.* to 'root'@'localhost' identified by 'root'; flush privileges;"
mysql -uroot -proot -h localhost -e "show databases;use salt;show tables;"
}
installSaltMasterAndSaltAPI() {
tar -xvf ./salt3006.tar.gz -C /opt
cd /opt/salt3006
rpm -ivh --replacepkgs pciutils*.rpm salt-300*.rpm salt-api*.rpm salt-master*.rpm salt-minion*.rpm
out "config salt-master then start server again..."
mv /etc/salt/master /etc/salt/master.bak
cp /opt/script/master /etc/salt/master -f
sed -i "s/interface: 0.0.0.0/interface: ${host}/g" /etc/salt/master
# add salt auth user and set password
useradd -M -s /sbin/nologin saltapi
echo "saltapi" | passwd saltapi --stdin
# config saltapi auth.
salt-call --local tls.create_self_signed_cert
cp -r /opt/script/auth.conf /etc/salt/master.d/
cp -r /opt/script/api.conf /etc/salt/master.d/
sed -i "s/host:/host: ${host}/g" /etc/salt/master.d/api.conf
# if current os does not have python3, install it.
python3 --version
hasPython3=$(echo $?)
if [ $hasPython3 == 0 ];then
echo "Python3 has installed."
else
yum install python3 -y
fi
# saltstack relenv pip install PyMySQL
cd /opt/saltstack/salt/bin
./pip3 install /opt/salt3006/PyMySQL-1.0.2-py3-none-any.whl
mkdir -p /srv/salt
mkdir -p /srv/scriptfile
out "start salt-master..."
systemctl start salt-master
systemctl enable salt-master
out "start salt-api..."
systemctl start salt-api
systemctl enable salt-api
master_status=$(systemctl status salt-master|grep 'Active: active' | wc -l)
if [ $master_status -ge 1 ]; then
out "salt-master is running."
fi
api_status=$(systemctl status salt-api|grep 'Active: active' | wc -l)
if [ $api_status ]; then
out "salt-api is running."
fi
}
checkSaltApi() {
sleep 10s
curl -sSk https://$host:8000/login -H 'Accept: application/json' -d username='saltapi' -d password='saltapi' -d eauth='pam'
}
main() {
validateRunAsRoot
checkParameters
installMysql
installSaltMasterAndSaltAPI
checkSaltApi
}
main
bootstrap-saltapi.sh 是自动安装脚本路口,里面定义了不同的函数,其中validateRunAsRoot是校验本次安装需要以root 用户运行,checkParameters校验运行此脚本需要一个ip或域名作为参数,一般是本机IP地址,例如:bash bootstrap-saltapi.sh 127.0.0.1,实际安装中将127.0.0.1 进行替换。saltstack 在执行命令后,获取命令执行结果可以使用本机文本存储,也可以使用redis进行缓存,或者 mysql来进行持久化存储,这里我们使用mysql进行持久化存储,方便我们进行二次开发过程中,对命令执行结果的获取,installMysql 既是在本机安装mysql服务的。
installSaltMasterAndSaltAPI用于在本机安装 salt-master 和 salt-api服务。checkSaltApi用于安装完服务后验证 salt-api服务时否正常。main 函数为脚本路口。
[root@my-server script]# cat master | grep -v -e '^#' -e '^$'
interface: 0.0.0.0
publish_port: 4505
user: root
ret_port: 4506
pidfile: /var/run/salt-master.pid
conf_file: /etc/salt/master
cachedir: /var/cache/salt/master
keep_jobs: 24
show_jid: True
auto_accept: True
file_roots:
base:
- /srv/salt
order_masters: True
syndic_wait: 5
log_file: /var/log/salt/master
mysql.host: 'localhost'
mysql.user: 'root'
mysql.pass: 'mysqlpass'
mysql.db: 'salt'
mysql.port: 3306
event_return: mysql
return: mysql
master_job_cache: mysqlmaster 文件是saltstack 中 salt-master 服务的配置文件,这里简要说明下相关配置:
interface 指定Salt Master监听的IP地址。0.0.0.0表示监听所有可用的网络接口。
publish_port 指定发送命令服务端口为4505
user 指定以root权限执行
ret_port 指定命令结果获取端口为4506
conf_file指定当前配置文件路径
auto_accept表示自动接受minion密钥请求
order_masters为True表示按顺序连接多个Master,这里安装的salt-master 为顶层master, saltstack 可以通过salt-syndic 进行扩展为三层结构,可以用于管理数万台虚拟机,一般小批量的使用两层结构即可,即master-minion 结构
最下面mysql开头的是用于配置存储命令结果的mysql配置。
在剩下的文件中 salt3006.tar.gz 是saltstack的离线安装包,如何获取离线安装包在后续文章中会讲到。salt.sql 是用于初始化salt的表结构。
[root@my-server script]# cat salt.sql
/*
SQLyog Ultimate v11.27 (32 bit)
MySQL - 5.5.68-MariaDB : Database - salt
*********************************************************************
*/
/*!40101 SET NAMES utf8 */;
/*!40101 SET SQL_MODE=''*/;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
CREATE DATABASE /*!32312 IF NOT EXISTS*/`salt` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `salt`;
/*Table structure for table `jids` */
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*Table structure for table `salt_events` */
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB AUTO_INCREMENT=3790 DEFAULT CHARSET=utf8;
/*Table structure for table `salt_returns` */
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;使用ifconfig 查看本机IP:
[root@my-server script]# ifconfig
br-811be7c31e57: flags=4099 mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::42:69ff:fe90:81b4 prefixlen 64 scopeid 0x20
ether 02:42:69:90:81:b4 txqueuelen 0 (Ethernet)
RX packets 8214 bytes 807377 (788.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8214 bytes 807377 (788.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099 mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:f0ff:fece:2ab prefixlen 64 scopeid 0x20
ether 02:42:f0:ce:02:ab txqueuelen 0 (Ethernet)
RX packets 202385 bytes 51320096 (48.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 218371 bytes 983738284 (938.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163 mtu 1500
inet 172.22.236.175 netmask 255.255.240.0 broadcast 172.22.239.255
inet6 fe80::216:3eff:fe00:6162 prefixlen 64 scopeid 0x20
ether 00:16:3e:00:61:62 txqueuelen 1000 (Ethernet)
RX packets 27961541 bytes 9347094567 (8.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22301197 bytes 4160742107 (3.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 8214 bytes 807377 (788.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8214 bytes 807377 (788.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 执行命令开始自动安装 bash bootstrap-saltapi.sh 172.22.236.175
查看安装的服务状态:systemctl status salt-master salt-api