<服务>salt部署和返回结果接收
目录:
salt
salt是一个平台管理工具,为分布式远程执行系统,在远程节点上执行命令和查询数据,主要做批量操作,配置文件同步等基础功能。
核心特点:
- 操作为并发操作
- 安全的加密协议
- 使用最小和最快的网络载荷
- python开发,提供简单的编程接口和自己编写模块
- 通讯使用ZeroMQ实现
官网为www.saltstack.com
支持操作系统有传统linux操作系统,RedHat,CentOS,ubuntu,Debian,suse,Fedora以及MAC OS X和windows(只支持客户端)
salt的工作模式有三种,Master/minion(ZeroMQ),Masterless,Salt-SSH,三大功能为远程执行,配置管理和云管理
安装saltsatck
环境三台主机
| IP | 主机名 | 作用 |
|---|---|---|
| 192.168.0.191 | salt01 | salt-master |
| 192.168.0.192 | salt02 | salt-minion |
| 192.168.0.193 | salt03 | salt-minion |
安装epel源(三台机器都需要)
[root@salt01 ~]# rpm -ivh http://mirror.centos.org/centos/6.8/extras/x86_64/Packages/epel-release-6-8.noarch.rpm
Retrieving http://mirror.centos.org/centos/6.8/extras/x86_64/Packages/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.bzqAog: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
时间同步
[root@salt01 ~]# /usr/sbin/ntpdate pool.ntp.org
23 Apr 00:33:35 ntpdate[3985]: step time server 202.112.29.82 offset -28801.505661 sec
[root@salt01 ~]# echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1' >> /var/spool/cron/root
关闭防火墙
[root@salt01 ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
安装salt
[root@salt01 ~]# yum install -y salt-master
[root@salt02 ~]# yum install -y salt-minion
[root@salt03 ~]# yum install -y salt-minion
如果遇到了一下问题,因为epel中是没有PyYAML等包
Error: Package: salt-2015.5.10-2.el6.noarch (epel)
Requires: PyYAML
Error: Package: salt-2015.5.10-2.el6.noarch (epel)
Requires: python-requests
Error: Package: salt-2015.5.10-2.el6.noarch (epel)
Requires: python-jinja2
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
可以在repo文件中添加以下内容
[newos]
name=newos
baseurl=http://mirror.centos.org/centos/6.8/os/x86_64
gpgcheck=0
enabled=1
需要修改的配置文件
master端不需要修改
minion端需要修改master和id
- master配置是指定minion的master,默认为salt
- id是minion所属类型,默认为主机名,也就是可以不修改id
配置文件中也指出
# Per default, the master will automatically include all config files
# from master.d/*.conf (master.d is a directory in the same directory
# as the main master config file).
#default_include: master.d/*.conf
启动的时候也会默认加载master.d/*.conf,目录默认不存在
master配置解析
- interface: 0.0.0.0 绑定的IP地址
- publish_port: 4505 publish命令分发的端口
- user: root 启动用户
- max_open_files: 100000 最大的文件打开文件数,当然这里支持还不够,需要修改/etc/security/limits.conf支持,ulimit -n查看文件描述符,-a查看所有配置
- worker_threads: 5 zeroMQ的进程数,如果
- ret_port: 4506 return用于接收返回值的端口
- pidfile: /var/run/salt-master.pid pid文件
- root_dir: / 其他配置的pki_dir, cachedir,sock_dir, log_file, autosign_file, autoreject_file, extension_modules,key_logfile, pidfile的根目录
- pki_dir: /etc/salt/pki/master pki的master key存放路径
- cachedir: /var/cache/salt/master cache的目录,缓存一些任务等
- keep_jobs: 24 执行命令的结果缓存时间,一般生产环境下会调小
- timeout: 5 超时时间,也可以执行命令时通过-t参数指定,单位为sec
- output: nested 输出格式
- color: True 输出颜色
- sock_dir: /var/run/salt/master socket的目录
- job_cache: True 缓存返回结果
- open_mode: False 是否公共使用
- auto_accept: False 是否自动进行key的注册
- client_acl 对不同用户,可以执行那些命令
- client_acl_blacklist 不同的用户不能执行那些命令,类似黑名单的机制
- file_recv: False 是否允许minion推送配置文件到master
- state_top: top.sls 入口文件,同时也影响pillar
- file_roots 仓库的根目录
- fileserver_backend 支持的通过git等方式获取配置文件
- pillar_roots pillar的根目录
- order_masters: False
- syndic_master: masterofmaster
- peer和mine不了解,不做介绍
minion配置解析
- master: salt 指定minion的master
- retry_dns: 30 如果是域名的话,进行dns解析检查的时间间隔
- master_port: 4506 master端口,如果master配置文件进行修改,在minion注册和连接master的时候会进行获取,minion端可以不进行修改
- user: root 运行用户,推荐使用root,因为一些操作需要root权限
- id: id默认使用当前主机名
- grains:
- cache_jobs: False minion缓存job结果,直接返回给master,也不需要缓存什么
- backup_mode: minion minion端在进行配置变更操作时,对原文件进行保存
- pkg: yumpkg5 包管理方式,CentOS系列使用yumpkg5
- renderer: yaml_jinja 解析模板文件方式
一般情况下使用默认配置即可。
启动master
[root@salt01 ~]# vi /etc/salt/master
#log_level: warning
改为
log_level: debug
这么做是为了看一下启动的时候,另外master修改配置文件后立刻生效,不需要重启
[root@salt01 ~]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
日志内容
[root@salt01 ~]# cat /var/log/salt/master
2017-04-23 07:42:36,029 [salt.utils.verify][WARNING ][3113] Insecure logging configuration detected! Sensitive data may be logged.
2017-04-23 07:42:36,030 [salt.cli.daemons ][INFO ][3113] Setting up the Salt Master
2017-04-23 07:42:36,233 [salt.crypt ][INFO ][3113] Generating master keys: /etc/salt/pki/master #生成master key
2017-04-23 07:42:36,451 [salt.daemons.masterapi ][INFO ][3113] Preparing the root key for local communication #准备root key用于本地通信
2017-04-23 07:42:36,480 [salt.utils.process ][DEBUG ][3125] Created pidfile: /var/run/salt-master.pid #创建pid
2017-04-23 07:42:36,486 [salt.cli.daemons ][INFO ][3125] The salt master is starting up #启动
2017-04-23 07:42:36,513 [salt.utils.lazy ][DEBUG ][3125] LazyLoaded roots.envs #加载root环境变量
2017-04-23 07:42:36,557 [salt.utils.lazy ][DEBUG ][3125] Could not LazyLoad roots.init
2017-04-23 07:42:36,561 [salt.master ][INFO ][3125] salt-master is starting as user 'root' #以root用户启动
2017-04-23 07:42:36,562 [salt.master ][INFO ][3125] Current values for max open files soft/hard setting: 1024/4096 #设置文件打开数
2017-04-23 07:42:36,562 [salt.master ][INFO ][3125] The value for the 'max_open_files' setting, 100000, is higher than what the user running salt is allowed to raise to, 4096. Defaulting to 4096.
2017-04-23 07:42:36,562 [salt.master ][INFO ][3125] Raising max open files value to 4096
2017-04-23 07:42:36,563 [salt.master ][INFO ][3125] New values for max open files soft/hard values: 4096/4096
2017-04-23 07:42:36,563 [salt.master ][INFO ][3125] Creating master process manager
2017-04-23 07:42:36,563 [salt.master ][INFO ][3125] Creating master maintenance process
2017-04-23 07:42:36,581 [salt.utils.process ][DEBUG ][3125] Started 'salt.master.<type 'type'>.Maintenance' with pid 3126
2017-04-23 07:42:36,591 [salt.master ][INFO ][3125] Creating master publisher process
2017-04-23 07:42:36,607 [salt.utils.process ][DEBUG ][3125] Started 'salt.master.<type 'type'>.Publisher' with pid 3127
2017-04-23 07:42:36,608 [salt.master ][INFO ][3125] Creating master event publisher process
2017-04-23 07:42:36,634 [salt.utils.process ][DEBUG ][3125] Started 'salt.utils.event.<type 'type'>.EventPublisher' with pid 3128
2017-04-23 07:42:36,645 [salt.master ][INFO ][3125] Creating master request server process
2017-04-23 07:42:36,643 [salt.master ][INFO ][3127] Starting the Salt Publisher on tcp://0.0.0.0:4505 #启动4505端口
2017-04-23 07:42:36,674 [salt.master ][INFO ][3127] Starting the Salt Puller on ipc:///var/run/salt/master/publish_pull.ipc
2017-04-23 07:42:36,670 [salt.utils.process ][DEBUG ][3125] Started 'salt.master.run_reqserver' with pid 3133
更多的就进行省略
启动的端口
[root@salt01 ~]# netstat -nlpt | egrep '4505|4506'
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 3127/python2.6
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 3147/python2.6
salt-master在启动的时候会启动两个端口,分别为4505用于master端消息发布给minion端的操作,4506用于接收minion端返回的结果。
启动minion
[root@salt02 ~]# vi /etc/salt/minion
#master: salt
改为
master: salt01
如果需要配置多个master
master:
- salt01
- salt00
[root@salt02 ~]# vi /etc/hosts
[root@salt02 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.191 salt01
[root@salt02 ~]# /etc/init.d/salt-minion start
Starting salt-minion daemon: [ OK ]
master端进行minion端进行注册
查看salt-key列表
[root@salt01 ~]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt02
salt03
Rejected Keys:
添加salt-key
[root@salt01 ~]# salt-key -a salt02
The following keys are going to be accepted:
Unaccepted Keys:
salt02
Proceed? [n/Y] Y
Key for minion salt02 accepted.
会有一个确认的过程,可以通过-y参数直接同意,类似yum
[root@salt01 ~]# salt-key -a salt03 -y
The following keys are going to be accepted:
Unaccepted Keys:
salt03
Key for minion salt03 accepted.
也可以通过-A参数直接同意全部
查看当前的salt-key情况
[root@salt01 ~]# salt-key
Accepted Keys:
salt02
salt03
Denied Keys:
Unaccepted Keys:
Rejected Keys:
测试salt
[root@salt01 ~]# salt '*' test.ping
salt02:
True
salt03:
True
对*匹配所有主机,使用了test模块的ping方法,minion端收到指令后会ping master
这个流程是master接收命令,通过zeroMQ的方式在master的pub端口异步的发送给订阅的所有minion的sub端口,minion端执行后通过request端口返回给master端的return端口。
如果在这个过程中超过了超时时间,会通过find-job指定jid查看执行情况,如果命令在minion执行,master端就会再次等待一个超时时间,再次执行这个流程查询是否在执行,这个查询也是有jid的,如果出现minion没有执行,是有两种情况的,一种是master和minion端的连接有问题,另一种是minion端接收到了指令,还没有在salt的proc目录下创建此次jid的文件也会判定为minion没有执行
minion注册过程
可以看到会自动生成一个minion_id
[root@salt02 ~]# cat /etc/salt/minion_id
salt02
并且生成了minion的私钥和公钥,在注册成功后会有minion的master的公钥
[root@salt02 ~]# ll /etc/salt/pki/minion/
total 12
-rw-r--r--. 1 root root 451 Apr 23 01:11 minion_master.pub
-r--------. 1 root root 1675 Apr 23 2017 minion.pem
-rw-r--r--. 1 root root 451 Apr 23 2017 minion.pub
master端,salt-key就是查看以下目录的情况
[root@salt01 ~]# ll /etc/salt/pki/master/
total 28
-r--------. 1 root root 1679 Apr 23 2017 master.pem
-rw-r--r--. 1 root root 451 Apr 23 2017 master.pub
drwxr-xr-x. 2 root root 4096 Apr 23 01:11 minions #认证的key
drwxr-xr-x. 2 root root 4096 Apr 23 2017 minions_autosign
drwxr-xr-x. 2 root root 4096 Apr 23 2017 minions_denied
drwxr-xr-x. 2 root root 4096 Apr 23 01:11 minions_pre #未认证的key
drwxr-xr-x. 2 root root 4096 Apr 23 2017 minions_rejected #拒绝的key
注册minion和minion的公钥情况
[root@salt01 ~]# ll /etc/salt/pki/master/minions
total 8
-rw-r--r--. 1 root root 451 Apr 23 01:05 salt02
-rw-r--r--. 1 root root 451 Apr 23 01:05 salt03
[root@salt01 ~]# cat !$/salt02
cat /etc/salt/pki/master/minions/salt02
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+V+0MBrhI7AB4EZd1GI
liyKQGpwfRY17i/m6FSjWTlaV1Ux86Zy87KnaIEgmE9c7yxT5IPQQ5C4jb/kMfky
7keVAlnUE/OR/eWQUNJXY8h9DamcirawKcwKXjLFVMaIARADMXqx5i6XTIYKhOiD
Zsghegeq2pm1xCNXnVTQ2lsFr5KhBs9iESx3HxlBV+WvinerxEjqnyURFwcF1lAa
F/JTHOoQZ3kCo9s/GSId5JfSQpVD+ov31eyN+Wz2ADUc3XSRIOzHV74bGeuWtoU3
cMeuxL6PTLhE9IzEKwAMSjSiwbYcuNJV438z7YmGSlkpi+q9LBbUgWr2XL3apf30
eQIDAQAB
-----END PUBLIC KEY-----
salt的数据传输采用的aes加密,master和minion之间使用key管理
修改minion主机名
如果出现需要修改minion的主机名的情况,需要做两点
- 删除/etc/salt/minion_id和/etc/salt/pki目录即可
- 在salt-master端删除该主机原有的salt-key,通过
salt-key -d的方式进行删除
启动minion,在master端重新添加salt-key即可。如果不删除salt-key,就会出现修改主机名的minion启动后自动挂掉,另外minion_id和/etc/salt/pki目录下的内容发生改变,minion也会挂掉。
切换master
如果需要更换master的话,打包master的pki目录,解压到新的master对应位置,修改minion中hosts文件的ip映射到新的master的ip,重启minion即可。
returnner
默认情况下,salt minion的命令执行结果将返回给salt master,而salt returner接口允许将返回发送给任意系统。而master通过第一个参数匹配minion,执行第二个参数,生成一个jid,用于执行
内置的returner模块
| returner模块 | 描述 |
|---|---|
| carbon_return | 将结果返回给carbon接收器 |
| cassandra_return | 将结果返回给cassandra |
| local | 将结果给本地的测试return接口,即打印当前结果 |
| mongo_futurn_return | 将结果返回给mongodb |
| mongo_return | 将结果返回给mongodb |
| mysql | 将结果返回给MySQL |
| postgres | 将结果返回给postgresql |
| redis_return | 将结果返回给redis |
| sentry | 将结果返回给sentry |
| smtp | 通过email返回salt数据 |
| syslog_return | 将结果返回给操作系统的syslog facility |
执行返回到syslog
[root@salt01 ~]# salt '*' test.ping --return syslog
salt03:
True
salt02:
True
Master端没有返回信息
[root@salt01 ~]# tail /var/log/messages
Apr 23 01:01:34 salt01 abrt: detected unhandled Python exception
Apr 23 03:29:43 salt01 kernel: usb 2-2.1: USB disconnect, device number 4
Apr 23 03:29:44 salt01 kernel: usb 2-2.1: new full speed USB device number 5 using uhci_hcd
Apr 23 03:29:44 salt01 kernel: usb 2-2.1: New USB device found, idVendor=0e0f, idProduct=0008
Apr 23 03:29:44 salt01 kernel: usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Apr 23 03:29:44 salt01 kernel: usb 2-2.1: Product: Virtual Bluetooth Adapter
Apr 23 03:29:44 salt01 kernel: usb 2-2.1: Manufacturer: VMware
Apr 23 03:29:44 salt01 kernel: usb 2-2.1: SerialNumber: 000650268328
Apr 23 03:29:44 salt01 kernel: usb 2-2.1: configuration #1 chosen from 1 choice
Apr 23 03:29:44 salt01 kernel: hald[1215]: segfault at 7f10f38d3010 ip 0000003f66b285a6 sp 00007fffa7384318 error 4 in libc-2.12.so[3f66a00000+18b000]
而minion端有返回信息
[root@salt02 ~]# tail /var/log/messages
Apr 23 03:29:38 salt02 kernel: usb 2-2.1: USB disconnect, device number 4
Apr 23 03:29:39 salt02 kernel: usb 2-2.1: new full speed USB device number 5 using uhci_hcd
Apr 23 03:29:39 salt02 kernel: usb 2-2.1: New USB device found, idVendor=0e0f, idProduct=0008
Apr 23 03:29:39 salt02 kernel: usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Apr 23 03:29:39 salt02 kernel: usb 2-2.1: Product: Virtual Bluetooth Adapter
Apr 23 03:29:39 salt02 kernel: usb 2-2.1: Manufacturer: VMware
Apr 23 03:29:39 salt02 kernel: usb 2-2.1: SerialNumber: 000650268328
Apr 23 03:29:39 salt02 kernel: usb 2-2.1: configuration #1 chosen from 1 choice
Apr 23 03:29:39 salt02 kernel: hald[1216]: segfault at 7feb2046b010 ip 0000003f66b285a6 sp 00007fff4de68008 error 4 in libc-2.12.so[3f66a00000+18b000]
Apr 25 21:30:26 salt02 python2.6: {"fun_args": [], "jid": "20170425213025159779", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "salt02"}
- fun_args为参数
- jid为jid
- return为返回值
- retcode
- success为是否成功
- fun为执行的函数
- id为执行的主机
执行返回到mysql
如果要返回到mysql,所有机器要安装mysql的python模块,并在minion端配置
以下命令可以通过此文档复制 https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html
配置mysql数据库
[root@salt01 ~]# yum install -y mysql-server
[root@salt01 ~]# /etc/init.d/mysqld start
[root@salt01 ~]# /usr/bin/mysqladmin -u root password '123456'
[root@salt01 ~]# mysql -uroot -p123456
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> drop database salt;
Query OK, 2 rows affected (0.01 sec)
mysql> CREATE DATABASE `salt`
-> DEFAULT CHARACTER SET utf8
-> DEFAULT COLLATE utf8_general_ci;
Query OK, 1 row affected (0.00 sec)
mysql> USE `salt`;
Database changed
mysql> DROP TABLE IF EXISTS `jids`;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE TABLE `jids` (
-> `jid` varchar(255) NOT NULL,
-> `load` mediumtext NOT NULL,
-> UNIQUE KEY `jid` (`jid`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.01 sec)
mysql> CREATE INDEX jid ON jids(jid) USING BTREE;
ERROR 1061 (42000): Duplicate key name 'jid'
mysql> CREATE TABLE `salt_returns` (
-> `fun` varchar(50) NOT NULL,
-> `jid` varchar(255) NOT NULL,
-> `return` mediumtext NOT NULL,
-> `id` varchar(255) NOT NULL,
-> `success` varchar(10) NOT NULL,
-> `full_ret` mediumtext NOT NULL,
-> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-> KEY `id` (`id`),
-> KEY `jid` (`jid`),
-> KEY `fun` (`fun`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.00 sec)
mysql> DROP TABLE IF EXISTS `salt_events`;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE TABLE `salt_events` (
-> `id` BIGINT NOT NULL AUTO_INCREMENT,
-> `tag` varchar(255) NOT NULL,
-> `data` mediumtext NOT NULL,
-> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-> `master_id` varchar(255) NOT NULL,
-> PRIMARY KEY (`id`),
-> KEY `tag` (`tag`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on salt.* to salt@'%' identified by 'salt';
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
安装MySQL-python
[root@salt01 ~]# salt '*' cmd.run 'yum install -y MySQL-python'
配置minion
[root@salt02 ~]# vi /etc/salt/minion
添加
mysql.host: '192.168.0.191'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
[root@salt02 ~]# /etc/init.d/salt-minion restart
Stopping salt-minion daemon: [ OK ]
Starting salt-minion daemon: [ OK ]
测试
[root@salt01 ~]# salt '*' test.ping --return mysql
salt03:
True
salt02:
True
mysql查看
mysql> select * from salt_returns
-> \G
*************************** 1. row ***************************
fun: test.ping
jid: 20170425224809651568
return: true
id: salt03
success: 1
full_ret: {"fun_args": [], "jid": "20170425224809651568", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "salt03"}
alter_time: 2017-04-25 22:48:10
*************************** 2. row ***************************
fun: test.ping
jid: 20170425224809651568
return: true
id: salt02
success: 1
full_ret: {"fun_args": [], "jid": "20170425224809651568", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "salt02"}
alter_time: 2017-04-25 22:48:10
2 rows in set (0.00 sec)
这个流程是master下发命令,minion端在执行完成后会把返回的结果写入到配置中的MySQL中,一般生产过程中不会这么使用。
event
event是一个本地的ZeroMQ,正常情况下minion返回给master的结果,通过event返回给操作系统的命令行
通过python订阅event
[root@salt01 ~]# vi salt_event.py
[root@salt01 ~]# cat salt_event.py
import salt.utils.event
event = salt.utils.event.MasterEvent('/var/run/salt/master')
for eachevent in event.iter_events(full=True):
print eachevent
print "------"
[root@salt01 ~]# python salt_event.py
此时是没有返回结果的
需要执行salt命令
[root@salt01 ~]# salt '*' disk.usage
可以看到返回结果
[root@salt01 ~]# python salt_event.py
{'tag': 'salt/event/new_client', 'data': {'_stamp': '2017-04-25T15:04:23.387669'}}
------
{'tag': '20170425230423411099', 'data': {'_stamp': '2017-04-25T15:04:23.411730', 'minions': ['salt03', 'salt02']}}
------
{'tag': 'salt/job/20170425230423411099/new', 'data': {'tgt_type': 'glob', 'jid': '20170425230423411099', 'tgt': '*', '_stamp': '2017-04-25T15:04:23.414236', 'user': 'root', 'arg': [], 'fun': 'disk.usage', 'minions': ['salt03', 'salt02']}}
------
{'tag': 'salt/job/20170425230423411099/ret/salt02', 'data': {'fun_args': [], 'jid': '20170425230423411099', 'return': {'/boot': {'available': '158424', '1K-blocks': '198337', 'used': '29673', 'capacity': '16%', 'filesystem': '/dev/sda1'}, '/mnt/os': {'available': '0', '1K-blocks': '3762278', 'used': '3762278', 'capacity': '100%', 'filesystem': '/dev/sr0'}, '/data': {'available': '7722188', '1K-blocks': '8293060', 'used': '149600', 'capacity': '2%', 'filesystem': '/dev/mapper/vg_why-lv_data'}, '/': {'available': '7904168', '1K-blocks': '10079084', 'used': '1662916', 'capacity': '18%', 'filesystem': '/dev/mapper/vg_why-lv_root'}, '/dev/shm': {'available': '247096', '1K-blocks': '247108', 'used': '12', 'capacity': '1%', 'filesystem': 'tmpfs'}}, 'retcode': 0, 'success': True, 'cmd': '_return', '_stamp': '2017-04-25T15:04:23.728035', 'fun': 'disk.usage', 'id': 'salt02'}}
------
{'tag': 'salt/job/20170425230423411099/ret/salt03', 'data': {'fun_args': [], 'jid': '20170425230423411099', 'return': {'/boot': {'available': '158424', '1K-blocks': '198337', 'used': '29673', 'capacity': '16%', 'filesystem': '/dev/sda1'}, '/mnt/os': {'available': '0', '1K-blocks': '3762278', 'used': '3762278', 'capacity': '100%', 'filesystem': '/dev/sr0'}, '/data': {'available': '7722188', '1K-blocks': '8293060', 'used': '149600', 'capacity': '2%', 'filesystem': '/dev/mapper/vg_why-lv_data'}, '/': {'available': '7904164', '1K-blocks': '10079084', 'used': '1662920', 'capacity': '18%', 'filesystem': '/dev/mapper/vg_why-lv_root'}, '/dev/shm': {'available': '247096', '1K-blocks': '247108', 'used': '12', 'capacity': '1%', 'filesystem': 'tmpfs'}}, 'retcode': 0, 'success': True, 'cmd': '_return', '_stamp': '2017-04-25T15:04:23.747137', 'fun': 'disk.usage', 'id': 'salt03'}}
------
通过python将event收集到的命令返回写入到数据库
安装依赖
[root@salt01 ~]# yum install -y MySQL-python
python脚本
[root@salt01 ~]# vi salt_event_to_mysql.py
[root@salt01 ~]# cat salt_event_to_mysql.py
#!/bin/env python
#coding=utf8 #定义字符集
import json #导入json模块,用于处理json格式
import salt.config #导入salt配置模块
import salt.utils.event #导入salt的event模块
import MySQLdb #导入mysql模块
# create mysql connect
__opts__ = salt.config.client_config('/etc/salt/master') #处理salt master配置文件
conn = MySQLdb.connect(host=__opts__['mysql.host'],user=__opts__['mysql.user'],passwd=__opts__['mysql.pass'],db=__opts__['mysql.db'],port=__opts__['mysql.port'])
cursor = conn.cursor() #连接数据库
# listen salt master event
event = salt.utils.event.MasterEvent(__opts__['sock_dir'])
for eachevent in event.iter_events(full=True): #遍历监听event
ret = eachevent['data'] #开始组合
if "salt/job/" in eachevent['tag']: #判断tag中是否有salt/job/
#return event
if ret.has_key('id') and ret.has_key('return'): #
#igonre saltutil.find_job event
if ret['fun'] == "saltutil.find_job":
continue
sql = '''insert into `salt_returns`
(`fun`,`jid`,`return`,`id`,`success`,`full_ret`)
values (%s,%s,%s,%s,%s,%s)''' #sql语句
cursor.execute(sql,(ret['fun'],ret['jid'],json.dumps[ret['return']],ret['id'],ret['success'],json.dumps(ret))) #执行sql
cursor.execute("COMMIT")
#other event
else:
pass
配置mysql
[root@salt01 ~]# vi /etc/salt/master
mysql.host: '192.168.0.191'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
执行命令
[root@salt01 ~]# python salt_event_to_mysql.py
[root@salt01 ~]# salt '*' test.ping
salt02:
True
salt03:
True
mysql认证
mysql> use salt
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from salt_returns\G
*************************** 1. row ***************************
fun: test.ping
jid: 20170425224809651568
return: true
id: salt03
success: 1
full_ret: {"fun_args": [], "jid": "20170425224809651568", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "salt03"}
alter_time: 2017-04-25 22:48:10
*************************** 2. row ***************************
fun: test.ping
jid: 20170425224809651568
return: true
id: salt02
success: 1
full_ret: {"fun_args": [], "jid": "20170425224809651568", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "salt02"}
alter_time: 2017-04-25 22:48:10
*************************** 3. row ***************************
fun: test.ping
jid: 20170426000304239908
return: true
id: salt02
success: 1
full_ret: {"fun_args": [], "jid": "20170426000304239908", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2017-04-25T16:03:04.701550", "fun": "test.ping", "id": "salt02"}
alter_time: 2017-04-26 00:03:04
*************************** 4. row ***************************
fun: test.ping
jid: 20170426000304239908
return: true
id: salt03
success: 1
full_ret: {"fun_args": [], "jid": "20170426000304239908", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2017-04-25T16:03:04.801679", "fun": "test.ping", "id": "salt03"}
alter_time: 2017-04-26 00:03:04
4 rows in set (0.00 sec)
