Saltstack automatic operation and maintenance tools - preliminary environment deployment

Saltstack automatic operation and maintenance tools - preliminary environment deployment

Document reference:

1.1 GitHub address;


1.2. Record the execution to mysql; 


1, Comparison between automatic operation and maintenance tools Saltstack and Ansible;

1. Introduction to ansible

1.1 Agent free decentralization, using native SSH protocol for management (need to get through SSH keyless login in advance)

1.2 in fact, ansible also supports the way of agent, that is, the so-called "pull" mode, which is to pull the tasks to be executed through a client.

1.3 on Github, ansbile has 42.2k statistics source address:

1.4 main functions

1.4.1 Ansible is fully developed based on Python, which is convenient for secondary development of Ansible;

1.4.2 rich built-in modules, low learning threshold;

1.4.3 Playbook script simplifies environment deployment.

1.5 Ansible only provides a framework.

It mainly includes:

1.5.1 connection plugins: responsible for communication with the monitored end;

1.5.2 host inventory: Specifies the host for operation, which is the host defined in the configuration file for monitoring;

1.5.3 core modules, command modules and user-defined modules of various modules;

1.5.4 with the help of plug-ins, log mail recording and other functions are completed;

1.5.5 playbook: when the script executes multiple tasks, let the node run multiple tasks at once.



1.6 execution principle process;



2. Introduction to saltstack;

2.1 the Agent connected controlled machine needs to be installed. The Agent end needs to be configured with the master address. To establish a trust relationship, the open communication port is 4506 / 4505 by default

2.2 the ability of large-scale Concurrency: the difference of implementation mechanism also leads to the superiority of saltstack in this respect. If there are more than one thousand machines operating at a time, it is more efficient to use saltstack.

2.3 activity of open source community: Saltstack 10.7k statistics on Github source address:

2.4 main functions:

2.4.1 master-slave centralized management;

2.4.2 simple configuration, powerful function and strong expansibility;

2.4.3 master and minion are based on certificate certification, safe and reliable;

2.4.4 support API and user-defined module, which can be easily extended through Python;

2.5 schematic diagram of saltstack



2.4.1 Minion is the client installation component that SaltStack needs to manage. It will take the initiative to connect to the Master, get the resource status information from the Master, and synchronize the resource management information

2.4.2 the master runs on the host server as the control center, and is responsible for the operation of the Salt command and the management of the resource status.

2.4.3 ZeroMQ is an open-source message queuing software, which is used to build a system communication bridge between Minion and Master.

2.4.4 Daemon is a daemons running in each member, which is responsible for issuing messages and listening to communication ports.

2.6 execution process;



II. Satstack deployment practice

1. System environment list;

System version Kernel version System python version Saltstack master version Saltstack minion version
CentOS  7.2.1511 3.10.0-862.6.3.el7.x86_64     Python 2.7.5 salt 2015.5.10  salt-minion 2015.5.10

2. Deployment planning;

Deployment recommendations:

1. Adopt cluster deployment when the operation business volume of the production environment is large and the resources are allowed. Eliminate single point of failure


3. Simplify the deployment;

3.1 Environment deployment description of this article:  
     mysql One station  saltstack-matser End one saltstack-monion Terminal 5;
3.2 Get package;
      root@salt-master ~]# yum -y install epel-release && yum -y install salt-maste  
3.3 To configure salt-master configuration file;
root@salt-master ~]# grep -v "^#" /etc/salt/master  |grep -v "^$"
interface:  #ip address of executive management
publish_port: 4505          ##Execution management end service listening port
user: ops                   ##Executive management end user address
max_open_files: 100000      ###Maximum number of open files
worker_threads: 16          ##The number of threads on the moinon side is not greater than the number of cpu cores in the system
ret_port: 4506              #Data collection and reporting port
pidfile: /var/run/    ##Allow pid
timeout: 5                  ##Data collection timeout
    - /etc/salt         #saltstack configuration files write the root directory where yaml is stored
pillar_roots:                #Directory executed by pillar
    - /etc/pillar
syndic_master_port: 4506    ###Synchronization information port
log_file: /var/log/salt/chj-salt-master      ##log file path
log_level: warning 
log_level_logfile: warning  #log level
  ops:                      ##Authorize users to execute salt commands
    - '*'
return: mysql               #Execution command return result statistics is used for security audit and command audit
master_job_cache: mysql     #Database authorization information; '' #See for other database types supported by the connection address/
mysql.user: 'salt'        #Connect users
mysql.pass: 'saltstack'   #Connection password
mysql.db: 'salt'          #Connect to database
mysql.port: 3306          #Database port

3.4 install salt minion end;

3.4.1 in order to save installation time, adopt ansible for batch

3.5 install the salt moon client;

1.Perform remote installation salt-minion end
[ops@devops-manager-dev tools]$ ansible -i ip.txt all -m shell -a "yum -y install epel-release && yum -y install salt-minion" -b -f 3 

2.Distribute modify profile script;
2.1.Script content:
minid=$(echo $RANDOM |md5sum|cut -c 1-6)
sed -i '1imaster:' /etc/salt/minion 
sed -i '2ilog_file: /var/log/salt/chj-minion.log' /etc/salt/minion
sed -i '3iuser: root' /etc/salt/minion         
sed -i "4iid: chj_salt_$minid" /etc/salt/minion
mkdir /var/log/salt/
touch /var/log/salt/chj-minion.log
chown ops:ops /var/log/salt -R

3 Start distributing;
ansible -i ip.txt all -m copy -a "src=./ dest=/tmp/" -b -f 3

4.Execute modify file script

ansible -i ip.txt all -m shell -a "/bin/bash /tmp/" -b -f 3

5.start-up salt-minion service

[ops@salt-master devops]$ ansible -i ip.txt all -m shell -a "systemctl start salt-minion " -b -f 3
Thursday 12 March 2020  21:33:02 +0800 (0:00:00.090)       0:00:00.090 ******** | CHANGED | rc=0 >> | CHANGED | rc=0 >> | CHANGED | rc=0 >> | CHANGED | rc=0 >> | CHANGED | rc=0 >>

3.6.salt test;

3.7. Compare the execution time of ansible and saltstack;

3.8 the validation results are returned to mysql database;


Check whether there is data return in mysql table (timestamp problem because mysql used docker in the test environment did not modify the time zone difference by 8 hours)

Keywords: Linux saltstack ansible MySQL github

Added by imstupid on Fri, 13 Mar 2020 06:38:18 +0200