Saltstack automatic operation and maintenance tools - preliminary environment deployment
1.1 GitHub address;
1.2. Record the execution to mysql;
1, Comparison between automatic operation and maintenance tools Saltstack and Ansible;
1. Introduction to ansible
1.1 Agent free decentralization, using native SSH protocol for management (need to get through SSH keyless login in advance)
1.2 in fact, ansible also supports the way of agent, that is, the so-called "pull" mode, which is to pull the tasks to be executed through a client.
1.3 on Github, ansbile has 42.2k statistics source address: https://github.com/ansible/ansible
1.4 main functions
1.4.1 Ansible is fully developed based on Python, which is convenient for secondary development of Ansible;
1.4.2 rich built-in modules, low learning threshold;
1.4.3 Playbook script simplifies environment deployment.
1.5 Ansible only provides a framework.
It mainly includes:
1.5.1 connection plugins: responsible for communication with the monitored end;
1.5.2 host inventory: Specifies the host for operation, which is the host defined in the configuration file for monitoring;
1.5.3 core modules, command modules and user-defined modules of various modules;
1.5.4 with the help of plug-ins, log mail recording and other functions are completed;
1.5.5 playbook: when the script executes multiple tasks, let the node run multiple tasks at once.
1.6 execution principle process;
2. Introduction to saltstack;
2.1 the Agent connected controlled machine needs to be installed. The Agent end needs to be configured with the master address. To establish a trust relationship, the open communication port is 4506 / 4505 by default
2.2 the ability of large-scale Concurrency: the difference of implementation mechanism also leads to the superiority of saltstack in this respect. If there are more than one thousand machines operating at a time, it is more efficient to use saltstack.
2.3 activity of open source community: Saltstack 10.7k statistics on Github source address: https://github.com/saltstack/salt
2.4 main functions:
2.4.1 master-slave centralized management;
2.4.2 simple configuration, powerful function and strong expansibility;
2.4.3 master and minion are based on certificate certification, safe and reliable;
2.4.4 support API and user-defined module, which can be easily extended through Python;
2.5 schematic diagram of saltstack
2.4.1 Minion is the client installation component that SaltStack needs to manage. It will take the initiative to connect to the Master, get the resource status information from the Master, and synchronize the resource management information
2.4.2 the master runs on the host server as the control center, and is responsible for the operation of the Salt command and the management of the resource status.
2.4.3 ZeroMQ is an open-source message queuing software, which is used to build a system communication bridge between Minion and Master.
2.4.4 Daemon is a daemons running in each member, which is responsible for issuing messages and listening to communication ports.
2.6 execution process;
II. Satstack deployment practice
1. System environment list;
|System version||Kernel version||System python version||Saltstack master version||Saltstack minion version|
|CentOS 7.2.1511||3.10.0-862.6.3.el7.x86_64||Python 2.7.5||salt 2015.5.10||salt-minion 2015.5.10|
2. Deployment planning;
1. Adopt cluster deployment when the operation business volume of the production environment is large and the resources are allowed. Eliminate single point of failure
3. Simplify the deployment;
3.1 Environment deployment description of this article: mysql One station saltstack-matser End one saltstack-monion Terminal 5; 3.2 Get package; root@salt-master ~]# yum -y install epel-release && yum -y install salt-maste 3.3 To configure salt-master configuration file; root@salt-master ~]# grep -v "^#" /etc/salt/master |grep -v "^$" interface: 192.168.54.12 #ip address of executive management publish_port: 4505 ##Execution management end service listening port user: ops ##Executive management end user address max_open_files: 100000 ###Maximum number of open files worker_threads: 16 ##The number of threads on the moinon side is not greater than the number of cpu cores in the system ret_port: 4506 #Data collection and reporting port pidfile: /var/run/salt-master.pid ##Allow pid timeout: 5 ##Data collection timeout base: - /etc/salt #saltstack configuration files write the root directory where yaml is stored pillar_roots: #Directory executed by pillar base: - /etc/pillar syndic_master_port: 4506 ###Synchronization information port log_file: /var/log/salt/chj-salt-master ##log file path log_level: warning log_level_logfile: warning #log level client_acl: ops: ##Authorize users to execute salt commands - '*' return: mysql #Execution command return result statistics is used for security audit and command audit master_job_cache: mysql #Database authorization information; mysql.host: '192.168.54.23' #See https://docs.saltstack.com/en/latest/ref/returners/all for other database types supported by the connection address/ mysql.user: 'salt' #Connect users mysql.pass: 'saltstack' #Connection password mysql.db: 'salt' #Connect to database mysql.port: 3306 #Database port
3.4 install salt minion end;
3.4.1 in order to save installation time, adopt ansible for batch
3.5 install the salt moon client;
1.Perform remote installation salt-minion end [ops@devops-manager-dev tools]$ ansible -i ip.txt all -m shell -a "yum -y install epel-release && yum -y install salt-minion" -b -f 3 2.Distribute modify profile script; 2.1.Script content: #/bin/bash minid=$(echo $RANDOM |md5sum|cut -c 1-6) sed -i '1imaster: 192.168.54.12' /etc/salt/minion sed -i '2ilog_file: /var/log/salt/chj-minion.log' /etc/salt/minion sed -i '3iuser: root' /etc/salt/minion sed -i "4iid: chj_salt_$minid" /etc/salt/minion mkdir /var/log/salt/ touch /var/log/salt/chj-minion.log chown ops:ops /var/log/salt -R 3 Start distributing; ansible -i ip.txt all -m copy -a "src=./salt_minon.sh dest=/tmp/salt_minon.sh" -b -f 3 4.Execute modify file script ansible -i ip.txt all -m shell -a "/bin/bash /tmp/salt_minon.sh" -b -f 3 5.start-up salt-minion service [ops@salt-master devops]$ ansible -i ip.txt all -m shell -a "systemctl start salt-minion " -b -f 3 Thursday 12 March 2020 21:33:02 +0800 (0:00:00.090) 0:00:00.090 ******** 192.168.46.21 | CHANGED | rc=0 >> 192.168.46.18 | CHANGED | rc=0 >> 192.168.46.20 | CHANGED | rc=0 >> 192.168.46.224 | CHANGED | rc=0 >> 192.168.46.158 | CHANGED | rc=0 >>
3.6.salt test.ping test;
3.7. Compare the execution time of ansible and saltstack;
3.8 the validation results are returned to mysql database;
Check whether there is data return in mysql table (timestamp problem because mysql used docker in the test environment did not modify the time zone difference by 8 hours)