ag试玩

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

身边有很多运维工程师,做了几年的运维自动化,但依然不能确定选择哪个工自动化工作?还有,怎样更优雅的实施运维自动化和避免事实当中的坑?
马哥教育大咖讲堂-175期特别邀请了一线资深工程师张强为我们带来了一场《saltstack在自动化运维实践》的分享,尝试带着他对工作问题的思考以及部署自动化工具的经验给大家一些帮助和启发。
————————————
作者介绍:
张强,马哥教育Linux大咖讲堂金牌讲师,现就职于伙伴智慧运维工程师,负责主线业务平台,3年Linux一线经验,擅长shell脚本、自动化_发布、web应用等,现在关注自动化运维、分布式数据库,虚拟化技术。


自动化工具比较

puppetyexushisikuangongjuzhongzuishenrurenxinde。jiukeyongcaozuo、mokuaiheyonghujiemianeryan,tashizuiquanmiande。puppetchengxianleshujuzhongxinxiediaodequanmao,jihuhangaimeiyigeyunxingxitong,weigedacaozuoxitongtigongleshenrudegongju。chushishezhibijiaojiandan,zhixuyaozaixuyaojiayiguanlidemeigexitongshanganzhuangzhufuwuqihekehuduandailiruanjian。minglingxingjiekou(cli)jiandanzhiguan,yunxutongguopuppetminglingxiazaiheanzhuangmokuai。ranhou,xuyaoduipeizhiwenjianjinxinggenggai,haorangmokuaishihesuoxuderenwu;yingjiedaozhilingdekehuduanyuzhufuwuqilianxishi,huigenggaipeizhiwenjian,huozhekehuduantongguolijichufagenggaipeizhiwenjiandetuisong(push)laijinxinggenggai。

ansibleguanzhudezhongdianshiliqiujingjianhekuaisu,erqiebuxuyaozaijiedianshanganzhuangdailiruanjian。yinci,ansibletongguosshzhixingsuoyougongneng。xuyaoguanlidejiedianbeitianjiadaoansiblepeizhihuanjing,sshshouquanmiyaobeifujiadaomeigejiedianshang,zheiyuyunxingansibledeyonghuyouguan。yidanwanchenglezheibu,ansiblezhufuwuqikeyitongguosshyujiedianjinxingtongxin,zhixingsuoyoubiyaoderenwu。ansiblekeyishiyongparamiko(jiyussh2xieyidepythonshixian)huobiaozhunsshyongyutongxin,buguohaiyouyizhongjiasumoshi,yunxugengkuaisu、gengdaguimodetongxin。

saltleisiansible,yinweitayeshijiyuclidegongju,caiyongletuisongfangfashixiankehuduantongxin。takeyitongguogithuotongguochengxubaoguanlixitonganzhuangdaozhufuwuqihekehuduanshang。kehuduanhuixiangzhufuwuqitichuqingqiu,qingqiuzaizhufuwuqishangdedaojieshouhou,jiukeyikongzhigaikehuduanle。saltkeyitongguoputongdesshyukehuduanjinxingtongxin,danruguoshiyongmingweiminiondekehuduandailiruanjian,keyidadazengqiangkekuozhanxing。ciwai,salthanyouyigeyibuwenjianfuwuqi,keyiweikehuduanjiakuaiwenjianfuwusudu,zheiwanquanshisaltzhuzhonggaokuozhanxingdeyigetixian。yuansibleyiyang,nikeyizhijietongguocli,xiangkehuduanfachumingling,biruqidongfuwuhuoanzhuangchengxubao;niyekeyishiyongmingweistatedeyamlpeizhiwenjian,chulibijiaofuzaderenwu。haiyou“pillar”,zheixieshifangzaijizhongdifangdeshujuji,yamlpeizhiwenjiankeyizaiyunxingqijianfangwentamen。

ag试玩zongjie:gerenguandianpuppetzuidaquedianjiushimorenqingkuangxiaagentmeige30fenzhongxiangmastertongbuzhuangtai,masterzhudongtuisonggongnengbijiaoboruo(2.7banben),ansiblejiyusshfuwuzhixing,ruguofuwuqiguoduobujianyishiyong,tashishiyonglunxundefangshi。saltjiyuxiaoxiduilie。xingnengxiangdanghao,shihedaliangshengchanhuanjing。

SaltStack简介与特性

saltstack shiyizhongjiyu c/s jiagoudefuwuqijichujiagoujizhonghuaguanlipingtai,guanliduanchengwei master,kehuduanchengwei minion。saltstack jubeipeizhiguanli、yuanchengzhixing、jiankongdenggongneng,yibankeyilijieweishijianhuabande puppet hejiaqiangbande func。saltstack benshenshijiyu python yuyankaifashixian,jieheleqingliangjidexiaoxiduilieruanjian zeromq yu python disanfangmokuai(pyzmq、pycrypto、pyjinjia2、python-msgpack he pyyaml deng)goujian。

ag试玩tongguobushu saltstack huanjing,yunweirenyuankeyizaichengqianshangwantaifuwuqishangzuodaopiliangzhixingmingling,genjubutongdeyewutexingjinxingpeizhijizhonghuaguanli、fenfawenjian、caijixitongshujujiruanjianbaodeanzhuangyuguanlideng。

SaltStack 具有以下特性:

1、bushujiandan、fangbian;

2、zhichidabufenunix/linuxjiwindowshuanjing;

3、zhucongjizhonghuaguanli;

4、peizhijiandan、gongnengqiangda、kuozhanxingqiang;

5、zhukongduan(master)hebeikongduan(minion)jiyuzhengshurenzheng,anquankekao。

6、zhichiapijizidingyimokuai,ketongguopythonqingsongkuozhan。

SaltStack 的工作原理

ag试玩saltstack caiyong c/s jiegoulaiduiyunhuanjingneidefuwuqicaozuoguanlijipeizhiguanli。weilegenghaodelijietadegongzuofangshijiguanlimoxing,jiangtongguotuxingfangshiduiqiyuanlijinxingchanshu。

saltstack kehuduan(minion)zaiqidongshi,huizidongshengchengyitaomiyao,baohansiyaohegongyao。zhihoujianggongyaofasongjifuwuqiduan,fuwuqiduanyanzhengbingjieshougongyao,yicilaijianlikekaoqiejiamidetongxinlianjie。tongshitongguoxiaoxiduilie zeromq zaikehuduanyufuwuduanzhijianjianlixiaoxifabulianjie。jutitongxinyuanlitu,rutu 1 suoshi,minglingzhixingrutu 2 suoshi:

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

zhuanyeshuyushuoming:

ag试玩minion shi saltstack xuyaoguanlidekehuduananzhuangzujian,huizhudongqulianjie master duan,bingcong master duandedaoziyuanzhuangtaixinxi,tongbuziyuanguanlixinxi。

ag试玩master zuoweikongzhizhongxinyunxingzaizhujifuwuqishang,fuze salt minglingyunxingheziyuanzhuangtaideguanli。

zeromq shiyikuankaiyuandexiaoxiduilieruanjian,yongyuzai minion duanyu master duanjianlixitongtongxinqiaoliang。

ag试玩daemon shiyunxingyumeiyigechengyuanneideshouhujincheng,chengdanzhefabuxiaoxijitongxinduankoujiantingdegongneng。

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

yuanlitushuoming:

minion shi saltstack xuyaoguanlidekehuduananzhuangzujian,huizhudongqulianjie master duan,bingcong master duandedaoziyuanzhuangtaixinxi,tongbuziyuanguanlixinxi。

master zuoweikongzhizhongxinyunxingzaizhujifuwuqishang,fuze salt minglingyunxingheziyuanzhuangtaideguanli。

master shangzhixingmoutiaozhilingtongguoduiliexiafadaogege minions quzhixing,bingfanhuijieguo。

SaltStack 的架构设计

weilerangdajiagenghaodelijie saltstack jizhonghuaguanlifangmiandeyoushi,yinci,genjuxiangmudeshijiqingkuanghuizhilebushujiagoutu,bingzaiwenzhongduijiagoutujinxinglexiangxishuoming。rutu 3 suoshi:

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

shuoming:

ag试玩saltstack desuoyoubeiguanlikehuduanjiedian(rutu 3 suoshi db he web),doushitongguomiyaojinxingjiamitongxin,shiyongduankouwei 4506。kehuduanyufuwuqiduandeneirongchuanshu,shitongguoxiaoxiduiliewancheng,shiyongduankouwei 4505。master keyifasongrenhezhilingrang minion zhixing,salt youhenduokezhixingmokuai,birushuo cmd mokuai,zaianzhuang minion deshihouyijingzidaile,tamentongchangweiyunide python kuzhong,locate salt | grep /usr/ keyikandao salt zidaidesuoyoudongxi。

ag试玩weilegenghaodelijiejiagouyongyi,yixiajiangzhanshizhuyaodeminglingfabuguocheng:

ag试玩saltstack de master yu minion zhijiantongguo zeromq jinxingxiaoxichuandi,shiyongle zeromq defabudingyuemoshi,lianjiefangshibaokuo tcp he ipc。

salt mingling,jiang cmd.run ls minglingcong salt.client.localclient.cmd_cli fabudao master,huoquyige jodid,genju jobid huoquminglingzhixingjieguo。

master jieshoudaominglinghou,jiangyaozhixingdeminglingfasongjikehuduan minion。

minion congxiaoxizongxianshangjieshoudaoyaochulidemingling,jiaoji minion._handle_aes chuli。

minion._handle_aes faqiyigebendixianchengdiaoyong cmdmod zhixing ls mingling。xianchengzhixingwan ls hou,diaoyong minion._return_pub fangfa,jiangzhixingjieguotongguoxiaoxizongxianfanhuiji master。

master jieshoudaokehuduanfanhuidejieguo,diaoyong master.handle_aes fangfajiangjieguoxiedewenjianzhong。

salt.client.localclient.cmd_cli tongguolunxunhuoqu job zhixingjieguo,jiangjieguoshuchudaozhongduan。

SaltStack 的安装与配置

ag试玩dui saltstack youleyigechubudelejiezhihou,tongguoshijianlicaozuojinyibulejie saltstack。

yi、anzhuangsalt

saltxuyaoepelyuanzhichi,suoyouanzhuangqianxuyaoxiananzhuangepelyuanbao。

1、salt-master

ag试玩# yum -y install salt-master

ag试玩2、salt-minion

ag试玩# yum -y install salt-minion

er、peizhisalt

1、master(/etc/salt/master)

ag试玩# saltyunxingdeyonghu,yingxiangdaosaltdezhixingquanxian

user: root

ag试玩#saltdeyunxingxiancheng,kaidexianchengyueduoyibanchulidesuduyuekuai,danyibanbuyaochaoguocpudegeshu

ag试玩worker_threads: 10

# masterdeguanliduankou

publish_port : 4505

ag试玩# mastergenminiondetongxunduankou,yongyuwenjianfuwu,renzheng,jieshoufanhuijieguodeng

ag试玩ret_port : 4506

# ruguozheigemasteryunxingdesalt-syndiclianjiedaoleyigegenggaocengjidemaster,neimezheigecanshuxuyaopeizhichenglianjiedaodezheigegaocengjimasterdejiantingduankou

syndic_master_port : 4506

# zhidingpidwenjianweizhi

ag试玩pidfile: /var/run/salt-master.pid

# saltstack keyikongzhidewenjianxitongdekaishiweizhi

ag试玩root_dir: /

# rizhiwenjiandizhi

ag试玩log_file: /var/log/salt_master.log

# fenzushezhi

ag试玩nodegroups:

ag试玩group_all: ‘*’

ag试玩# salt statezhixingshihoudegenmulu

ag试玩file_roots:

base:

ag试玩– /etc/salt/

# shezhipillar degenmulu

pillar_roots:

base:

– /etc/pillar

2、peizhiminion(/etc/salt/minion)

master: mail  #zheikuaidemailzhideshizai/etc/hostswenjianzhongsuodingyidezhujiming

id: node1

3、qidongsalt

ag试玩service salt-master start

ag试玩service salt-minion start

# saltstack shishiyongpython2deyuyanbianxie,duipython3dejianrongxingbuhao,qingshiyongpython2dehuanjing

4、renzhengminglingjieshao

salt-key #zhengshuguanli

# salt-key –l       #chakansuoyouminion-key

# salt-key –a      #jieshoumougeminion-key

ag试玩# salt-key –a      #jieshousuoyouminion-key

ag试玩# salt-key –d       #shanchumougeminion-key

ag试玩# salt-key –d       #shanchusuoyouminion-key

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

5、saltminglingjieshao

minglinggeshi:salt [options] [arguments]

li:salt \* cmd.run ‘uptime’

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

SaltStack minion匹配方式

1、 glob(saltmorendetargetleixing,shiyongshelldetongpeifulaizhidingyigehuoduogeminion id)

# salt \* test.ping huo salt ‘*’ test.ping

2、pcrejianrongzhengzebiaodashi

# salt –e ‘^[m|m]in.[e|o|u]n$’ test.ping

ag试玩3、subnet(tongguozhidingyigeipv4dizhihuoyigecidrdeipv4ziwang)

# salt –s 192.168.0.42 test.ping

ag试玩# salt –s 192.168.0.0/16 test.ping

ag试玩4、grains(saltkeyitongguocaozuoxitong、cpujiagoujizidingyixinxidengjiqitezhengjinxingtarget minion)

# salt –g ‘os:ubuntu’ test.ping

ag试玩# salt –g ‘os_family:debian’ test.ping

ag试玩5、pillar(saltzhichitongguopillarshujujinxingpipei)

ag试玩# salt –i ‘my_val:my_val’ test.ping

6、hunhe(compound)

# salt –c ‘web* or g@os:arch’ test.ping

7、jiedianzu(nodegroup)

ag试玩jiedianzuxuyaoshixiandingyi,peizhifangfaruxia:

ag试玩# vim /etc/salt/master

nodegroups:

ag试玩node: ‘l@node1,node2’

# salt -n node test.ping

SaltStack常用模块

1、statusmokuai(chakanxitongxinxi)

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

ag试玩# salt “*” status.diskstats    #chakancipanxinxi

ag试玩# salt “*” status.meminfo      #chakanneicunxinxi

ag试玩# salt “*” status.w            #wminglingfanhuixinxi

2、chakansuoyoumoduleliebiao

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

ag试玩3、chakanzhidingmoduledesuoyoufunctionfangfa

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

4、chakanzhidingmoduleyongfa

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

5、jutimokuaideshiyong(lizi)

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

tongshidaozhidingjiqichakan

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

ag试玩cmd.runmokuaideshiyong

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

Grains

Static bits of information that a minion collects about the system when the minion first starts.

the grains interface is made available to salt modules and components so that the right salt minion commands are automatically available on the right systems.

以上是官方的解释,大致意思是说grains是minion第一次启动的时候采集的静态数据,可以用在salt的模块和其他组件中。例如,当os_family的Grain数据为Centos时,则会使用yum工具组件来进行软件包管理。Grains会在Minion进程启动时加载,并缓存在内存中。ag试玩这样salt-minion进程就无须每次操作都重新检索系统来获取Grain,极大的提高了Minion的性能。

ag试玩1、womenzheilijiandanzuoyigeshuchuceshi,keyikandaominionjiediandeyixiexinxiruxia:

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

chakanjutimeiyixiangxinxi

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

2、yingyongchangjing:

ag试玩grainsdetexing–meiciqidonghuibao、jingtaijuedingletameiyoupillarlinghuo,yaozhidaopillarshisuishikebiande,zhiyaozaimasterduanxiugaileneiyibandouhuilikeshengxiaode。suoyigrainsgengshihezuoyixiejingtaideshuxingzhidecaiji,lirushebeidejiaose(role),cipangeshu(disk_num),caozuoxitongbanbendengzhurucileifeichanggudingdeshuxing。jiandanzongjieqilaigrainsdeyongturuxia:

ag试玩(1),grainskeyizaistatexitongyingyongzhong,yonghupeizhiguanlimokuai。

(2),grainskeyizaitargetzhongshiyong,yonglaipipeiminion,biruos,yong-g。

ag试玩(3),grainskeyiyongyuxinxichaxun,grainsbaocunzheshoujidaodekehuduandexinxi。

ag试玩neimewomenjiukeyidedaoyigedazhidepanduan,ruguonixiangdingyideshuxingzhishijingchangbianhuade,neiqingcaiyongpillar,ruguoshihenguding、buyibiandeneiqingyonggrains。

3、grainsyouxianji

ag试玩grainskeyibaochizaiminionduan、tongguomasterduanxiafadengduogefangshilaifenfa。danbutongdefangfayoubutongdeyouxianjide(youdidaogao):

(1). /etc/salt/grains

(2) /etc/salt/minion

(3)./srv/salt/_grains/  masterduan_grainsmuluxia

ag试玩youxianjishunxuyiciweicunzaizaiminionduan/etc/salt/minionpeizhiwenjianzhongdetongminggrainshuifugai/etc/salt/grainswenjianzhongdezhi,ertongguomasterduan_grainsmuluxiagrainswenjianxiafadezhikeyihuifugaiminionduandesuoyoutongmingzhi。bijiaoaokou,zongzhijide,tongguomasterxiafadegrainsyouxianjishizuigaodeke,/etc/salt/minioncizhi,/etc/salt/grainszuidi(core grainsbudadong,jiubutaolunle,zheigebi/etc/salt/grainshaidi)。

4、grainsdexiafa

grainsdexiafadazhikeyifenweilianggesilu:

(1)zidingyide(_grains)keyitongguostate.highstate、saltutil.sync_grains、saltutil.sync_all dengfangfapiliangxiafa,qiejisuoyouzai_grainsmuluxiadesuoyouzidingyigrainszhidouhuixiafadaominion,zheishixuedejiaoxun。

(2)gudingcunfangzaiminionduanpeizhiwenjianzhong,rugrains、minionwenjianzhong,keyitongguofile managerdefangfaqupiliangxiafa/etc/salt/grainsdengpeizhiwenjianshixiangrainsdepiliangxiafa,dangranleyetongguobiedefangshibazheigewenjianpiliangxiafaxiaqu,doushiokde。

duibi:

(1)tongguostate.highstate xiafadegrainshaochushiwuxuzhongqiminionjikeshengxiao,dantongguoxiafa/etc/salt/grainswenjianxiafadegrainszhizebixuzhongqiminionduanfuwucaikeyishengxiao。

ag试玩(2)zidingyide_grainsmeicizaihighstatediaoyongdeshihoujiuhuizidongxiafa、shuaxin,er/etc/salt/grainswenjiandezebuhui。

Pillar

ag试玩zaidaduoshuchangjingzhong,pillardebiaoxianxingweihegrainyizhi,danyougehendadequbieshi:pillarzaimastershangjinxingdingyi,cunzaiyuyigejizhonghuadelujing。pillarshujushiyutedingminionguanliande,yejiushishuomeiyigeminiondouzhinengkandaozijideshuju,suoyipillarkeyiyonglaichuandiminganshuju(zaisaltdeshejizhong,pillarshiyongdulidejiamisession,yeshiweilebaozhengminganshujudeanquanxing)。

ag试玩pillarkeyiyongzaineixiedifang:

1、minganshuju

ag试玩lirussh key,jiamizhengshudeng,youyupillarshiyongdulidejiamisession,keyiquebaozheixieminganshujububeiqitaminionkandao。

2、bianliang

keyizaipillarzhongchulipingtaichayixing,biruzhenduibutongdecaozuoxitongshezhiruanjianbaodemingzi,ranhouzaistatezhongyinyong。

3、qitarenheshuju

ag试玩keyizaipillarzhongtianjiarenhexuyaoyongdaodeshuju。birudingyiyonghuheuiddeduiyingguanxi,mniondejiaosedeng。

ag试玩4、yongzaitargettingzhong

pillarkeyiyonglaixuanzeminion,shiyong-ixuanxiang。

dingyipillar:

masterpeizhiwenjianzhongdingyi:

morenqingkuangxia,masterpeizhiwenjianzhongdesuoyoushujudoutianjiadaopillarzhong,qieduisuoyouminionkeyong。ruguoyaojinyongzheiyimorenzhi,keyizaimasterpeizhiwenjianzhongtianjiaruxiashuju,zhongqifuwuhoushengxiao:

pillar_opts: false

shiyongslswenjiandingyipillar

ag试玩pillarshiyongyustatexiangsideslswenjian。pillarwenjianfangzaimasterpeizhiwenjianzhongpillar_rootsdingyidemuluxia。shiliruxia:

ag试玩pillar_roots:

base:

ag试玩– /srv/pillar

ag试玩xiamianzheiduandaimadingyilebasehuanjingxiadepillarwenjianbaocunzai/srv/pillar/muluxia。yustatexiangsi,pillaryeyoutop file,yeshiyongxiangtongdepipeifangshijiangshujuyingyongdaominionshang。shiliruxia:

# cat /srv/pillar/top.sls:

base:

‘*’:

ag试玩– packages

ag试玩# cat /srv/pillar/packages.sls:

ag试玩{% if grains[‘os’] == ‘redhat’ %}

apache: httpd

git: git

ag试玩{% elif grains[‘os’] == ‘debian’ %}

apache: apache2

git: git-core

ag试玩{% endif %}

ag试玩basehuanjingzhongsuoyoudeminiondoujuyoupackageszhongdingyideshuju。pillarcaiyongyufile serverxiangtongdewenjianyingshefangshi,zaibenlizhong,packagesyingshedaowenjian/srv/pillar/packages.sls。zhuyikeyyuvalueyaoyongmaohaojiakonggefenge,meiyoukonggedehuajiangjiexishibai。

ag试玩ruhezhidaominionyongyouneixiepillarshuju?

ag试玩zaimastershangxiugaipillarwenjianhou,xuyaoyongyixiaminglingshuaxinminionshangdeshuju:

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

ag试玩shiyongpillarhuoquzidingyishuju:

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

State

jianshu:sls(daibiaosalt statewenjian)shisalt statexitongdehexin。slsmiaoshulexitongdemubiaozhuangtai,yougeshijiandandeshujugoucheng。zheijingchangbeichengzuopeizhiguanli

ag试玩top.slsshipeizhiguanliderukouwenjian,yiqiedoushicongzheilikaishi,zaimaster zhujishang,morencunfangzai/srv/salt/mulu.

top.sls morencong base biaoqiankaishijiexizhixing,xiayijishicaozuodemubiao,keyitongguozhengze,grainmokuai,huofenzuming,laijinxingpipei,zaixiayijishiyaozhixingdestatewenjian,bubaohuankuozhanming。

chuangjian/srv/salt/top.sls

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

stateshizhan

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

老司机独爱Linux自动化运维神器saltstack,看他60分钟的真言

————广告时间————

《马哥Linux云计算及架构师》课程,由知名Linux布道师马哥创立,经历了8年的发展,联合阿里巴巴、唯品会、大众点评、腾讯、陆金所等大型互联网一线公司的马哥课程团队的工程师进行深度定制开发,课程采用 Centos7.2系统教学,加入了大量实战案例,授课案例均来自于一线的技术案例。

开课时间:11月06号

相关新闻