页面“Salt安装”与“Zabbix 调用API 批量添加主机”之间的差异

来自linux中国网wiki
(页面间的差异)
跳到导航 跳到搜索
 
(创建页面,内容为“ =pre= 已有 salt 可以见 批量添加 salt Salt-ssh批量自动安装被控端minion =批量添加zabbix agent= ==直接用cmd.run== salt 'prod-mq03' cmd…”)
 
第1行: 第1行:
==pre==
 
master 192.168.23.50
 
  
client 192.168.20.208
+
=pre=
  
  个人观点puppet最大缺点就是默认情况下Agent每隔30分钟向master同步状态,master主动推送功能比较薄弱(2.7版本),ansible基于SSH服务执行,如果服务器过多不建议使用,他是使用轮训的方式。Salt基于消息队列。性能相当好,适合大量生产环境。
+
已有 salt
  
 +
可以见 批量添加 salt  Salt-ssh批量自动安装被控端minion
  
 +
=批量添加zabbix agent=
 +
==直接用cmd.run==
 +
  salt 'prod-mq03' cmd.run 'yum install  -y zabbix-agent'
 +
==zabbix state.sls ==
 +
有空要试一下
  
 +
[https://blog.csdn.net/u011075143/article/details/78615691 salt 使用state文件来配置zabbix客户端文件]
  
[https://www.zhihu.com/question/22707761 SaltStack 与 Ansible 选择]
+
[https://www.cnblogs.com/Jackie-Chen/articles/10795003.html SaltStack批量安装zabbix-agent(yum安装)]
[https://www.centos.bz/2016/12/saltstack-event-driven-watching-event/ SaltStack事件驱动(1) – 监视事件]
 
  
==第一 添加RPM源==
+
[https://www.cnblogs.com/xiewenming/p/7713660.html SaltStack安装zabbix-agent-第九篇]
<pre>
 
#1.Run the following commands to install the SaltStack repository and key:
 
#sudo yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm  -y
 
  
sudo yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest.el7.noarch.rpm -y #201912
+
[https://www.cnblogs.com/python-study/p/5504501.html SaltStack 使用pillar安装配置管理zabbix]
  
sudo yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el6.noarch.rpm-y
+
[https://blog.csdn.net/reblue520/article/details/76286843 saltstack自动化运维系列⑦SaltStack实践配置管理安装zabbix]
#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm -y
 
#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm -y
 
 
 
#2.Run sudo yum clean expire-cache
 
yum clean expire-cache
 
 
 
#3.Install the salt-minion, salt-master, or other Salt components:
 
sudo yum install salt-master -y
 
sudo yum install salt-minion -y
 
sudo yum install salt-ssh -y
 
sudo yum install salt-syndic -y
 
sudo yum install salt-cloud -y
 
sudo yum install salt-api -y
 
 
 
 
 
 
 
##ios old
 
#7系列
 
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 
#6系列
 
rpm -ivh http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
 
#rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
 
#7系列
 
rpm -ivh http://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-7.noarch.rpm
 
#5系列
 
wget http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm
 
rpm -ivh epel-release-5-4.noarch.rpm
 
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL #导入密钥
 
yum info salt</pre>
 
 
 
==第二 on master==
 
<pre>useradd salt
 
yum install salt-master -y
 
 
 
vi /etc/salt/master
 
# The address of the interface to bind to
 
interface: masterip #前面要有两个空格
 
# The tcp port used by the publisher
 
  publish_port: 4505#前面要有两个空格
 
#自动认证
 
auto_accept: True
 
# The user to run the salt-master as. Salt will update all permissions to
 
# allow the specified user to run the master. If the modified files cause
 
# conflicts set verify_env to False.
 
user: root
 
# interface used for the file server, authentication, job returnes, etc.
 
  ret_port: 4506#前面要有两个空格
 
 
 
 
 
systemctl restart salt-master
 
systemctl  enable salt-master
 
 
 
cat  /etc/salt/master | grep -v ^# |sort -u
 
 
 
#cento6
 
/sbin/chkconfig --add nginx
 
/sbin/chkconfig  --level  345 nginx  on
 
 
 
</pre>
 
 
 
==第三 client==
 
<pre>useradd salt
 
yum install salt-minion -y
 
 
 
vi /etc/salt/minion #修改配置请见下面的非交互
 
#编辑11行:#master: salt
 
master: masterip
 
master: 192.168.23.50
 
 
 
103 id: ad_admin
 
 
 
# Overwrite the default tcp ports used by the minion when in tcp mode
 
tcp_pub_port: 4510
 
tcp_pull_port: 4511
 
 
 
cp /etc/salt/minion  .
 
#非交互
 
sed  's/#master: salt/master:  192.168.30.88/' -i /etc/salt/minion
 
sed  's/#master: salt/master:  172.16.200.13/' -i /etc/salt/minion
 
sed 's/#id:/id: you_name/' -i /etc/salt/minion
 
sed 's/#tcp_pub_port: 4510/tcp_pub_port: 4510/' -i /etc/salt/minion
 
sed 's/#tcp_pull_port: 4511/tcp_pull_port: 4511/' -i /etc/salt/minion
 
 
 
 
 
systemctl restart salt-minion
 
systemctl enable  salt-minion
 
 
 
CentOS5.6配置salt节点minion
 
http://zhoulg.blog.51cto.com/48455/1140186</pre>
 
 
 
==防火墙规则 ==
 
注意 这个才是对的 比较 安全的
 
在主控端添加(所有 minion)TCP 4505,TCP 4506 的规则,而在被控端无须配置防火墙,原理是被控端直接与主控端的zeromp建立链接接收
 
 
 
===1.on master ===
 
#salt-master服务需要监听4045和4046端口,因此需要开放这两个端口 一般加这个就行了 小伙伴今天又加反了 哈哈
 
iptables -I INPUT -s minion_ip -p tcp -m multiport --dports 4505,4506 -j ACCEPT
 
 
 
  #Allow Salt to communicate with Master on the loopback interface
 
iptables -A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT
 
 
 
===2.on minion===
 
iptables -I INPUT -s 192.168.30.94 -p tcp -m multiport --dports 4510,4511 -j ACCEPT
 
 
 
 
 
 
 
<pre>
 
#这个平时一般为了删除而查看 哈哈
 
iptables -L -n --line-number |grep 21 # //--line-number可以显示规则序号,在删除的时候比较方
 
iptables -D INPUT 3 # //删除input的第3条规则
 
iptables -R INPUT 3 -j DROP # //将规则3改成DROP
 
 
 
##官方的写得有点开放 不太好
 
为SALT开启防火墙配置
 
http://docs.saltstack.cn/topics/tutorials/firewall.html
 
http://yango.iteye.com/blog/2264641
 
 
 
RHEL 6 / CENTOS 6
 
一些Linux发行版带有的``lokkit``命令行软件可以很简单的通过命令行打开iptables防火墙的端口。只是需要小心不要太粗心而关闭了ssh端口。
 
 
 
lokkit范例:
 
lokkit -p 22:tcp -p 4505:tcp -p 4506:tcp
 
 
 
#iptables
 
iptables -A INPUT -m state --state new -m tcp -p tcp --dport 4505 -j ACCEPT
 
iptables -A INPUT -m state --state new -m tcp -p tcp --dport 4506 -j ACCEPT
 
 
 
 
 
MASTER端白名单
 
 
 
# Allow Minions from these networks
 
iptables -I INPUT -s 192.168.1.0/22 -p tcp -m multiport --dports 4505,4506 -j ACCEPT
 
-I INPUT -s 10.1.2.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT
 
-I INPUT -s 10.1.3.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT
 
# Allow Salt to communicate with Master on the loopback interface
 
-A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT
 
# Reject everything else
 
-A INPUT -p tcp -m multiport --dports 4505,4506 -j REJECT</pre>
 
 
 
==配置key==
 
<pre>在master端通过salt-key -L查看Keys如下:
 
[root@vm1 test]# salt-key -L
 
Accepted Keys:
 
Unaccepted Keys:
 
test1
 
Rejected Keys:
 
[root@vm1 test]# salt-key -A
 
Key for minion test1 accepted.
 
 
 
[root@vm1 test]# salt 'test1' test.ping
 
test1:
 
True
 
 
 
显示所有minion的认证信息
 
salt-key  -L
 
 
 
接受所有 Unaccepted Keys 状态的minion的认证信息
 
salt-key  -A
 
 
 
# 接受192.168.30.100的认证信息,不需要手动验证
 
salt-key -a 192.168.30.100 -y
 
 
 
 
 
# 拒绝认证192.168.0.100
 
salt-key -d 192.168.0.100
 
 
#删除单个  有时minion 挂掉 是因为key 重名了
 
salt-key  -d prod-web01 然后重启minion
 
 
 
# 拒绝所有 Unaccepted Keys 状态的minion
 
salt-key -D
 
 
 
</pre>
 
 
 
==常用命令==
 
<pre>
 
1)检查master与minion的连接状态:salt '*' test.ping or salt 'test1' test.ping
 
2)远程执行命令:salt '*' cmd.run 'ls /root'
 
test1:
 
anaconda-ks.cfg
 
bootstrap-salt.sh
 
install.log
 
install.log.syslog
 
vm2
 
 
 
3)从master上传文件至minion:
 
salt-cp nodeid source_file target_file
 
例子:salt-cp 'vm01' /root/test/bootstrap-salt.sh /root
 
4)master同步命令:
 
salt '*' state.highstate
 
 
 
To have the Minion start automatically at boot time:
 
chkconfig salt-minion on
 
#7
 
systemctl enable salt-minion.service
 
to start the Minion:
 
#7
 
systemctl start salt-minion.service
 
 
 
https://docs.saltstack.com/en/latest/topics/installation/rhel.html
 
 
 
#所有内置模块
 
http://docs.saltstack.com/ref/modules/all/index.html
 
http://wiki.saltstack.cn/modules/all
 
常用内置模块
 
[root@vm3 ~]# salt 'vm0' pkg.install w3m
 
vm0:
 
———-
 
gpg-pubkey:
 
———-
 
new:
 
217521f6-45e8a532,e8562897-459f07a4
 
old:
 
217521f6-45e8a532
 
w3m:
 
———-
 
new:
 
0.5.1-18.el5
 
 
 
分组相关
 
salt -N direct  test.ping
 
salt -L sdkredis,sdklog,ad_web,inlandgw,ad_admin,da  test.ping
 
</pre>
 
 
 
==遇到问题==
 
<pre>
 
2017
 
[root@da ~]# /etc/init.d/salt-master restart
 
Stopping salt-master daemon:                              [FAILED]
 
Starting salt-master daemon: WARNING: Unable to bind socket 1.2.22.3:4505, error: [Errno 99] Cannot assign requested address; Is there another salt-master running?
 
The salt master is shutdown. The ports are not available to bind
 
                                                          [FAILED]
 
 
 
打开blind ip
 
# The address of the interface to bind to:
 
interface: 0.0.0.0
 
 
 
 
 
问题1
 
[root@localhost soft]# yum install python-jinja2
 
Loaded plugins: fastestmirror, security
 
Determining fastest mirrors
 
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again
 
 
 
编辑/etc/yum.repos.d/epel.repo和/etc/yum.repos.d/epel-testing.repo
 
将mirrorlist注释,将baseurl打开
 
 
 
问题2:
 
file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-29.el6_2.2.x86_64
 
64 conflicts with file from package python-2.6.6-36.el6.x86_64
 
Error Summary
 
 
 
升级下python版本
 
yum update python or yum install python
 
 
 
问题其一
 
minion 有这些log 加上 salt-key -L 为空
 
017-08-04 16:35:57,645 [salt.utils.parsers            ][WARNING ][5761] Minion received a SIGTERM. Exiting.
 
 
 
记录配置 master ip on master 好搞笑 各种搞错了 笨蛋
 
 
 
[root@ ~]# cat  /etc/salt/minion    |  grep -v  \^# | grep -v \^$
 
master:  10.10.1.25
 
master_port: 4506
 
id: ad_web
 
tcp_pub_port: 4510
 
tcp_pull_port: 4511
 
 
 
 
 
问题其二
 
To repair this issue, delete the public key for this minion on the Salt Master and restart this minion.
 
Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.
 
 
 
原因:
 
大概的意思就是,minion端拿到的key与master端的不符,验证无法通过。
 
解决方法是删除minion端的key,再重新与master进行连接和认证。
 
 
 
on master上删除key
 
/etc/salt/pki/master/minions
 
 
 
如果实在不行 就把minion的也删除了
 
解决方法是删除minion端的key,再重新与master进行连接和认证
 
 
 
minion_master.pub
 
</pre>
 
 
 
==trouble shooting==
 
 
 
<pre>
 
一开始添加的是7 的源 ,导致不成功,后面一看 居然是6
 
--> 完成依赖关系计算
 
错误:Package: python-babel-0.9.6-8.el7.noarch (salt-latest)
 
          Requires: python(abi) = 2.7
 
          已安装: python-2.6.6-66.el6_8.x86_64 (@base)
 
              python(abi) = 2.6
 
          Available: python34-3.4.8-1.el6.i686 (epel)
 
              python(abi) = 3.4
 
错误:Package: python-msgpack-0.4.6-1.el7.x86_64 (salt-latest)
 
          Requires: libpython2.7.so.1.0()(64bit)
 
 
 
 
 
rm  /etc/yum.repos.d/salt-latest.repo
 
</pre>
 
 
 
== 参考==
 
[http://devopstarter.info/xue-xi-saltyuan-ma-zhi-hui-zhi-pythonxin-hao-liang/ 学习Salt源码智慧之Python信号量]
 
 
 
[http://www.diyoms.com/automation/1690.html saltstack学习—快速安装]
 
 
 
[https://repo.saltstack.com/index.html 官方文档install]
 
 
 
[http://debugo.com/saltstack-starter/ SaltStack之初窥门径]
 
 
 
https://repo.saltstack.com/#rhel
 
https://docs.saltstack.com/en/latest/
 
 
 
[http://docs.saltstack.com/topics/installation/rhel.html install]
 
 
 
[http://docs.saltstack.com/topics/installation/index.html 总的文档]
 
 
 
[http://docs.saltstack.com/topics/configuration.html configure]
 
 
 
SaltStack installation on Centos 7
 
 
 
更加详细的配置
 
Configuring the Salt Master
 
http://docs.saltstack.com/ref/configuration/master.html
 
 
 
Configuring the Salt Minion
 
http://docs.saltstack.com/ref/configuration/minion.html
 
 
 
 
 
Saltstack系列3:Saltstack常用模块及API
 
http://www.cnblogs.com/MacoLee/p/5753640.html
 
 
 
CentOS7.2系统环境中安装saltstack详细配置过程讲解
 
 
 
Python自动化运维 ,这个不错,从用fabric 批量 salt开始呢
 
http://opython.com/?cat=4
 
http://blog.sina.com.cn/s/blog_7f1737720101ebzg.html
 
 
 
深入SaltStack(转)
 
http://blog.sina.com.cn/s/blog_7f1737720101ebz9.html
 
 
 
http://blog.halfss.com/blog/2013/06/15/saltxiang-guan-shi-yong/
 
 
 
Salt stack first sls 文件
 
http://blog.csdn.net/qingchn/article/details/8752004
 
 
 
Salt实战之自动安装部署MooseFS
 
http://blog.csdn.net/shanliangliuxing/article/details/8986731
 
 
 
Centos 6.4安装SaltStack 有酷酷的防火墙写法
 
 
 
参考资料
 
salt的安装部署
 
http://zhengbin.blog.51cto.com/2989505/1229884
 
 
 
salt基础命令
 
http://zhengbin.blog.51cto.com/2989505/1229891
 
 
 
salt-minion,salt-master,multi master
 
http://www.cnblogs.com/taosim/articles/3598919.html
 
 
 
[[category:saltstack]]
 

2019年12月26日 (四) 07:03的版本

pre

已有 salt

可以见 批量添加 salt Salt-ssh批量自动安装被控端minion

批量添加zabbix agent

直接用cmd.run

  salt 'prod-mq03' cmd.run 'yum install  -y zabbix-agent'

zabbix state.sls

有空要试一下 

salt 使用state文件来配置zabbix客户端文件

SaltStack批量安装zabbix-agent(yum安装)

SaltStack安装zabbix-agent-第九篇

SaltStack 使用pillar安装配置管理zabbix

saltstack自动化运维系列⑦SaltStack实践配置管理安装zabbix