SaltStack Configuration Management and Remote Execution
Installation and Setup
Repository Configuraton
Enable EPEL repository by creating /etc/yum.repos.d/epel.repo:
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
Master Installation
yum install salt-master
Minion Installation
yum install salt-minion
Configuration Files
Minion Configuration
Edit /etc/salt/minion:
master: 192.168.10.205
id: node6.a.com
Master Configuration
Edit /etc/salt/master:
state_top: top.sls
file_roots:
base:
- /etc/salt/states
dev:
- /etc/salt/states/dev
prod:
- /etc/salt/states/prod
Project Structure
mkdir -p /etc/salt/states/prod /etc/salt/states/init
Basic Operations
Key Management
salt-key
salt-key -a node6.a.com
Ping Test
salt '*' test.ping
salt 'minion.saltstack.com' test.ping
Remote Command Execution
salt '*' cmd.run "df -TH"
State Management
Package Installation
Create /etc/salt/states/prod/top.sls:
base:
"minion.saltstack.com":
- init.pkg
Create /etc/salt/states/init/pkg.sls:
pkg.init:
pkg.installed:
- names:
- lrzsz
- mtr
- nmap
- httpd
Execute:
salt '*' state.sls init.pkg
File Synchronization
Update /etc/salt/states/prod/top.sls:
base:
"minion.saltstack.com":
- init.pkg
- init.limit
Create /etc/salt/states/init/limit.sls:
limit-conf-config:
file.managed:
- name: /etc/security/limits.conf
- source: salt://init/files/limits.conf
- user: root
- group: root
- mode: 644
Create directory and copy file:
mkdir -p /etc/salt/states/init/files
cp /etc/security/limits.conf /etc/salt/states/init/files/
salt '*' state.sls init.limit
Salt Execution Targets
Pattern Matching
salt -E "(node6|node9).a.com" test.ping
salt -L "node6.a.com,node9.a.com" test.ping
salt -S '192.168.10.0/24' test.ping
Service Management
salt '*' service.get_all
salt '*' service.status sshd
salt '*' service.restart sshd
File Copying
salt-cp '*' /etc/hosts /tmp/
Database Integration
MySQL Configuration
Install MySQL-python on both master and minions:
yum install MySQL-python -y
Create database schema:
CREATE DATABASE salt DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
USE salt;
CREATE TABLE jids (
jid varchar(255) NOT NULL,
load mediumtext NOT NULL,
UNIQUE KEY jid (jid)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE salt_returns (
fun varchar(50) NOT NULL,
jid varchar(255) NOT NULL,
return mediumtext NOT NULL,
id varchar(255) NOT NULL,
success varchar(10) NOT NULL,
full_ret mediumtext NOT NULL,
alter_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY id (id),
KEY jid (jid),
KEY fun (fun)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE salt_events (
id BIGINT NOT NULL AUTO_INCREMENT,
tag varchar(255) NOT NULL,
data mediumtext NOT NULL,
alter_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
master_id varchar(255) NOT NULL,
PRIMARY KEY (id),
KEY tag (tag)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
GRANT ALL ON salt.* TO salt@'node5.a.com' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON salt.* TO salt@'127.0.0.1' IDENTIFIED BY '123456';
GRANT ALL ON salt.* TO salt@'%' IDENTIFIED BY 'salt';
Configure master:
mysql.host: '192.168.10.205'
mysql.user: 'salt'
mysql.pass: '123456'
mysql.db: 'salt'
mysql.port: 3306
master_job_cache: mysql
Configure minions:
mysql.host: '192.168.10.205'
mysql.user: 'salt'
mysql.pass: '123456'
mysql.db: 'salt'
mysql.port: 3306
Test database integration:
salt '*' test.ping --return mysql
Grains Usage
Display Information
salt 'node6.a.com' grains.items
salt 'node6.a.com' grains.ls
salt 'node6.a.com' grains.item os
salt 'node6.a.com' grains.get os
Target Matching
salt -G 'cpuarch:x86_64' test.ping
Custom Grains
Method 1 - Edit minion config:
grains:
roles: nginx
env: prod
Method 2 - Create grains file:
vim /etc/salt/grains
cloud: openstack
Refresh grains:
salt '*' saltutil.sync_grains
Pillar Management
Configuration
pillar_roots:
base:
- /etc/salt/pillar
Create directory:
mkdir -p /etc/salt/pillar
Create top.sls:
base:
'*':
- init.rsyslog
Create rsyslog.sls:
{% if grains['osfinger'] == 'CentOS-6' %}
syslog: rsyslog
{% elif grains['osfinger'] == 'CentOS-5' %}
syslog: syslog
{% endif %}
Refresh pillar:
salt '*' saltutil.refresh_pillar
Zabbix Agent Deployment
Create /etc/salt/states/init/zabbix_agent.sls:
zabbix_agent:
pkg.installed:
- name: zabbix22-agent
file.managed:
- name: /etc/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- user: root
- group: root
- mode: 644
service.running:
- name: zabbix-agentd
- enable: True
- reload: True
- watch:
- file: zabbix_agent
Update top.sls:
base:
'(node\d.a.com)':
- match: pcre
- init.pkg
- init.limit
- init.zabbix_agent
PHP Source Installation
Preparation
Create /etc/salt/states/init/php_fastcgi.sls:
include:
- init.pkg
php-install:
file.managed:
- name: /usr/local/src/php-5.5.33.tar.gz
- source: salt://php/files/php-5.5.33.tar.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src && tar xvf php-5.5.33.tar.gz && cd php-5.5.33 && ./configure --prefix=/opt/php --with-config-file-path=/opt/php/etc --with-config-file-scan-dir=/opt/php/etc/conf.d --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-pear --with-curl --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv --with-mcrypt --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl --with-mysql --with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-soap --enable-mbstring --enable-magic-quotes --enable-inline-optimization --enable-memory-limit --enable-xml --enable-ftp --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-sqlite-utf8 --enable-shmop --enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg && make && make install
- unless: test -d /opt/php
Create /etc/salt/states/init/pkg.sls:
php-pkg:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- autoconf
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- freetype
- freetype-devel
- libxml2
- libxml2-devel
- zlib
- zlib-devel
- libcurl
- libcurl-devel
- openssl
- openssl-devel
Execute installation:
salt 'node6.a.com' state.sls init.php_fastcgi
System Commands
Status Monitoring
salt-run manage.status
salt-run manage.versions
salt '*' test.ping -v
salt '*' saltutil.running
salt '*' saltutil.kill_job xxx
Salt SSH
Install salt-ssh:
yum install salt-ssh
Configure master for SSH access:
node9.a.com:
host: 192.168.10.209
user: root
passwd: 123456
Test connection:
salt-ssh '*' test.ping
Advanced Features
Target Patterns
salt '*' test.ping
salt '*.minion' test.ping
salt '*node?.minion' test.ping
salt 'node[1-5].minion' test.ping
salt 'node[2,3].minion' test.ping
salt 'node2.minio[n-z]' test.ping
Regular Expression Matching
salt -E '^hzbj.*' test.ping
salt -L 'hzbj-tomcat-021,hzbj-tomcat-022' grains.item osfullname
salt -S 192.168.0.0/16 test.ping
Group Management
Configure groups in master config:
nodegroups:
web1group: 'L@hzbj-tomcat-021'
web2group: 'L@hzbj-tomcat-022'
Use groups:
salt -N web2group test.ping
File and Directory Management
File Management
Create /srv/salt/filetest.sls:
file-test:
file.managed:
- name: /tmp/filetest.txt
- source: salt://test/123/1.txt
- user: root
- group: root
- mode: 644
Directory Management
Create /srv/salt/filedir.sls:
file-dir:
file.recurse:
- name: /tmp/testdir
- source: salt://test1/234
- user: root
- file_mode: 644
- dir_mode: 755
- mkdir: True
- clean: True
Remote Execution
Command Execution
Create /srv/salt/cmdtest.sls:
cmd-test:
cmd.run:
- onlyif: test -f /tmp/123.txt
- names:
- touch /tmp/cmdtest.txt
- mkdir /tmp/cmdtest
- user: root
Script Execution
Create /srv/salt/shelltest.sls:
shell-test:
cmd.script:
- source: salt://test/1.sh
- user: root
Create script /srv/salt/test/1.sh:
#!/bin/bash
touch /tmp/shelltest.txt
if [ -d /tmp/shelltest ]
then
rm -rf /tmp/shelltest
else
mkdir /tmp/shelltest
fi
Cron Management
Create Cron Job
Create /srv/salt/crontest.sls:
cron-test:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: 1-10
- month: '3,5'
- dayweek: '*'
Remove Cron Job
Modify /srv/salt/crontest.sls:
cron-test:
cron.absent:
- name: /bin/touch /tmp/111.txt
- user: root
Utility Commands
File Transfer
salt 'slaver.test.com' cp.get_file salt://apache.sls /tmp/cp.txt
salt 'slaver.test.com' cp.get_dir salt://test /tmp
Host Discovery
salt-run manage.up
Script Execution on Master
Create /srv/salt/test/shell.sh:
#!/bin/bash
echo "msiyuetian.blog.51cto.com" > /tmp/shell.txt
Execute:
salt 'slaver.test.com' cmd.script salt://test/shell.sh
Configuration Management
Apache Installation
Configure file roots:
file_roots:
base:
- /srv/salt
Create /srv/salt/top.sls:
base:
'slaver.test.com':
- apache
Create /srv/salt/apache.sls:
apache-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
Execute:
salt 'slaver.test.com' state.highstate
Summary
SaltStack provides comprehensive configuration management and remote execution capabilities through its modular architecture. The system anables efficient deployment of applications, management of system configurations, and automation of routine administrative tasks across distributed environments.
