Linux自动化工具之SaltStack组件
2020-02-24自动化运维90root363°c
A+ A-之前已经介绍过两个组件了, 分别为Grains 和 Pillar .
一. Return组件
return组件可以理解为SaltStack系统对执行Minion返回后的数据进行存储或者返回给其它程序. 它支持多种存储方式, 比如用MySQL、MongoDB、Redis、Memcache等. 通过return我们可以对saltstack的每次操作进行纪录, 对以后日志审计提供了数据来源.
1.1 查看所有return列表
[[email protected]_210 salt]# salt 'docker_211' sys.list_returners docker_211: - carbon - couchdb - etcd - hipchat - local - local_cache - multi_returner - slack - smtp - sqlite3 - syslog
1.2 return流程
return是在master端触发任务, 然后minion接受处理任何后直接与return存储服务器建立连接, 然后把return存到存储服务器.
二. 使用Redis作为return存储方式
2.1 在minion配置文件里定义return存储服务器信息. 添加redis服务器信息即可.
2.1.1 修改salt-minion端配置文件
[[email protected]_211 src]# tail -n4 /etc/salt/minion ->新增如下内容
redis.db: '0'
redis.host: '172.168.200.210'
redis.port: 6379
[[email protected]_211 python-redis-2.8.0]# /etc/init.d/salt-minion restart
2.1.2 安装redis(salt-master)
[[email protected]_210 ~]# cd /usr/local/src
[[email protected]_210 src]# tar -zxvf redis-2.8.1.tar.gz
[[email protected]_210 src]# cd redis-2.8.1
[[email protected]_210 redis-2.8.1]# make
[[email protected]_210 redis-2.8.1]# make PREFIX=/data/src/redis2.8 install
[[email protected]_210 redis-2.8.1]# cp redis.conf /data/src/redis2.8/
[[email protected]_210 redis-2.8.1]# /data/src/redis2.8/bin/redis-server /data/src/redis2.8/redis.conf
2.1.3 安装python
[[email protected]_210 redis-2.8.1]# cd /usr/local/src
[[email protected]_210 src]# wget --no-check-certificate https://pypi.python.org/packages/source/r/redis/redis-2.8.0.tar.gz
[[email protected]_210 src]# tar zxvf redis-2.8.0.tar.gz
[[email protected]_210 src]# mv redis-2.8.0 python-redis-2.8.0
[[email protected]_210 python-redis-2.8.0]# python setup.py install
[[email protected]_210 python-redis-2.8.0]# python -c 'import redis;print redis.VERSION'
(2, 8, 0)
2.1.4 salt-master端执行return
[[email protected]_210 ~]# redis-cli monitor OK 1471603978.923042 [0 172.168.200.211:54214] "SELECT" "0" 1471603978.923132 [0 172.168.200.211:54214] "SET" "docker_211:20160819065258787802" "{\"fun_args\": [], \"jid\": \"20160819065258787802\", \"return\": true, \"retcode\": 0, \"success\": true, \"fun\": \"test.ping\", \"id\": \"docker_211\"}" 1471603978.923240 [0 172.168.200.211:54214] "LPUSH" "docker_211:test.ping" "20160819065258787802" 1471603978.923346 [0 172.168.200.211:54214] "SADD" "minions" "docker_211" 1471603978.923407 [0 172.168.200.211:54214] "SADD" "jids" "20160819065258787802" [[email protected]_210 ~]# salt 'docker_211' test.ping --return redis docker_211: Tru
三. job管理
在SaltStack里面执行任何一个操作都会在Master上产生一个jid号。 Minion端会在cache目录下的proc目录创建一个以jid为名称的文件, 这个文件里面的内容就是此次操作的记录, 当操作处理完成后该文件会自动删除. 而Master端会记录每次操作的详细信息. 这个记录都是存到在Master端cache目录下jobs下.
3.1 通过salt-run来管理job
[[email protected]_210 ~]# salt-run -d |grep jobs 'jobs.active:' -> 查看当前在正运行的jobs Return a report on all actively running jobs from a job id centric salt-run jobs.active 'jobs.list_job:' -> 指定jid查看jobs详细信息 salt-run jobs.list_job 20130916125524463507 'jobs.list_jobs:' -> 查看所有jobs信息 List all detectable jobs and associated functions salt-run jobs.list_jobs 'jobs.lookup_jid:' -> 指定jid查询jobs结果 salt-run jobs.lookup_jid 20130916125524463507 salt-run jobs.lookup_jid 20130916125524463507 outputter=highstate 'jobs.print_job:' -> 指定jid查询jobs详细信息 salt-run jobs.print_job 20130916125524463507 [[email protected]_210 ~]# salt 'docker_211' cmd.run 'sleep 100;whoami' ^CExiting on Ctrl-C This job's jid is: 20160822232427070518 The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later run: salt-run jobs.lookup_jid 20160822232427070518 因为等待时间长, 笔者停止了. 我们可以通过salt-run job管理绿色地方的job号. [[email protected]_210 ~]# salt-run jobs.lookup_jid 20160822232427070518 docker_211: root
3.2 查看这个job的详细信息
[[email protected]_210 ~]# salt-run jobs.list_job 20160822232427070518 Arguments: - sleep 100;whoami Function: cmd.run Minions: - docker_211 Result: ---------- docker_211: ---------- return: root StartTime: 2016, Aug 22 23:24:27.070518 Target: docker_211 Target-type: glob User: root jid: 20160822232427070518
3.3 通过SaltStack Module来管理job
salt-run对job管理功能比较局限, 目前salt-run还不支持kill某个job. 现在我们开始用saltstack自带的module来管理job.
[[email protected]_210 ~]# salt \* sys.doc saltutil | grep job 'saltutil.find_cached_job:' -> 查看job cache信息 Return the data for a specific cached job id salt '*' saltutil.find_cached_job <job id> 'saltutil.find_job:' -> 查看job信息 Return the data for a specific job id salt '*' saltutil.find_job <job id> 'saltutil.kill_job:' -> 杀掉job(发送Sigterm 9信号方式) Sends a kill signal (SIGKILL 9) to the named salt job's process salt '*' saltutil.kill_job <job id> salt '*' saltutil.runner jobs.list_jobs 'saltutil.signal_job:' -> 发送执行信号 Sends a signal to the named salt job's process salt '*' saltutil.signal_job <job id> 15 'saltutil.term_job:' -> 删掉job Sends a termination signal (SIGTERM 15) to the named salt job's process salt '*' saltutil.term_job <job id> [[email protected]_210 ~]# salt 'docker_211' cmd.run 'sleep 100;whoami' ^CExiting on Ctrl-C This job's jid is: 20160822234534774178 The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later run: salt-run jobs.lookup_jid 20160822234534774178 [[email protected]_210 ~]# salt 'docker_211' saltutil.find_job 20160822234534774178 docker_211: ---------- arg: - sleep 100;whoami fun: cmd.run jid: 20160822234534774178 pid: 4477 ret: tgt: docker_211 tgt_type: glob user: root [[email protected]_210 ~]# salt 'docker_211' saltutil.kill_job 20160822234534774178 Signal 9 sent to job 20160822234534774178 at pid 4477
四、Event
Event是SaltStack里面对每个事件的一个记录,它相比job更加底层,Event能记录更加详细的SaltStack事件,比如minion服务启动后请求Master签发证书或者证书校验的过程,都能通过Event事件来查看整个过程。 Event也为扩展SaltStack提供了更加友好的接口。
4.1 查看Event事件
开两个终端, 分别执行以下命令:
[[email protected]_210 ~]# salt-run state.event pretty=True
[[email protected]_210 ~]# salt 'docker_211' test.ping
