saltstack的封装和内网使用

时间:2022-10-21 02:57:07

0.客户端使用

linux:把linux的ragent文件夹拷贝到内网linux /opt目录下,运行初始化脚本

salt服务端:# @Master:"/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd"  #apipwd 是saltapi的用户密码
salt客户端:# @Minion:"/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name"  #master_ip代表要绑定的master的IP,minion_name是设置这台minion的显示名称。
启动:
/opt/ragent/tools/master.py start
/opt/ragent/tools/minion.py start
/opt/ragent/tools/api.py start
停止
/opt/ragent/tools/master.py stop
/opt/ragent/tools/minion.py stop
/opt/ragent/tools/api.py stop

window:把window的ragent文件夹拷贝到c盘即可,运行初始化脚本

init.bat 10.92.xxx.xx mywindow  #第一个参数绑定master的IP,第二个是设置这台minion的显示名称。
启动:
C:\ragent\tools\minion.bat start
停止:
C:\ragent\tools\minion.bat stop

1.linux客户端封装

linux: 建议在系统低版本安装,高版本适配低版本,
1.安装python,先找到自己要的版本,源码安装。
2.把包拷贝过去,然后一个个安装即可。可参考:
https://www.cnblogs.com/zhutianpeng/p/3883819.html,
https://blog.csdn.net/linux_player_c/article/details/50551460
例如:
安装pycryto
[root@master tar_install]# tar xvf pycrypto-2.6.1.tar.gz
[root@master tar_install]# cd pycrypto-2.6.1
[root@master pycrypto-2.6.1]# python setup.py install 这里的python记得全部都用自己第一步下载的
whl 可以直接用pip 安装

全部安装后,有时候就可以了 有时候会在启动master的时候报少了什么 这个时候再找再加装就行,这是因为不同系统有的已经内置有的没有。

另外,有取巧的方法,直接在有网环境pip install 安装后一个个拷贝过去,不过兼容性差,部分有问题的话要一一解决。

包的获取:./pip3 install  --target=/opt/salt salt -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com (把所有包下载下来)

3.主要安装salt可添加参数:./setup.py --salt-root-dir=/opt/ragent/salt/conf/ --salt-base-file-roots-dir=/opt/ragent/salt/conf/ --salt-home-dir=/opt/ragent/salt/conf/ install
(--salt-root-dir这个参数是核心,有这个就可以自定义目录)
4.安装成功后,把配置文件拷贝到相应目录,配置master和minion,配置文件可在已封装好的/ragent/salt/conf 里面找。有时候启动文件会在安装salt后,自动生成,有时候不会,同样拷贝过去就行了。

2.window客户端封装

1.也是先安装好python,直接下载一个exe安装到指定目录就行
2.直接静默安装salt: C:\ragent\tools>minion64.exe /S /master=10.92.216.250 /minion-name=test /D=C:\ragent\salt (这个/D是核心,官网没有的,有这个才可以自定义目录)
3.配置什么的,参考封装好的修改即可。window的一般无需变动。

3.linux配置

linux的master配置 路径:\opt\ragent\salt\conf\etc\salt\ master

interface: 0.0.0.0
file_roots:
base:
- /opt/ragent/salt/file

linux的api配置 路径:\opt\ragent\salt\conf\etc\salt\ master.d\api.conf

rest_cherrypy:
port: # salt-api 监听端口
ssl_crt: /opt/ragent/salt/conf/sslkey/localhost.crt # ssl认证的证书
ssl_key: /opt/ragent/salt/conf/sslkey/localhost_nopass.key

linux的api配置 路径:\opt\ragent\salt\conf\etc\salt\ master.d\eauth.conf

external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'

linux的master配置 路径:\opt\ragent\salt\conf\etc\salt\ minion

master: 192.168.xx.x
id: xx.com

4.配置用户和签名证书

# 创建用户(用于salt-api认证)
useradd -M -s /sbin/nologin saltapi && echo "thispwd"|/usr/bin/passwd saltapi --stdin

生成签名证书:

[root@cgc certs]# cd /etc/pki/tls/certs/
[root@cgc certs]# make thecert
make: *** No rule to make target `thecert'. Stop.
[root@cgc certs]# make testcert
umask ; \
/usr/bin/openssl genrsa -aes128 > /etc/pki/tls/private/localhost.key
Generating RSA private key, bit long modulus
............................................+++
...............................................+++
e is (0x10001)
Enter pass phrase: #填写密码thispwd
Verifying - Enter pass phrase: #填写密码thispwd
umask ; \
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days -out /etc/pki/tls/certs/localhost.crt
Enter pass phrase for /etc/pki/tls/private/localhost.key: #填写密码thispwd
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:GuangZhou
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

解密key文件,生成无密码的key文件, 过程中需要输入key密码,该密码为之前生成证书时设置的密码

cd /etc/pki/tls/private/
openssl rsa -in localhost.key -out localhost_nopass.key
Enter pass phrase for localhost.key:

添加证书到客户端:

cp /etc/pki/tls/certs/localhost.crt  /opt/ragent/salt/conf/sslkey/localhost.crt
cp /etc/pki/tls/private/localhost_nopass.key /opt/ragent/salt/conf/sslkey/localhost_nopass.key

验证:

# 创建用户(用于salt-api认证)
useradd -M -s /sbin/nologin saltapi && echo "thispwd"|/usr/bin/passwd saltapi --stdin curl -sSk https://localhost:8001/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=thispwd -d eauth=pam
87475ab6906bb76baec11af6deee28a7dbd42e26
curl -k https://127.0.0.1:8001/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 87475ab6906bb76baec11af6deee28a7dbd42e26" -d client='local' -d tgt='*' -d fun='test.ping'
curl -k https://127.0.0.1:8001 -H "Accept: application/x-yaml" -H "X-Auth-Token: 87475ab6906bb76baec11af6deee28a7dbd42e26" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='ifconfig'

5.window配置

window只有minion,配置文件:C:\ragent\salt\conf\minion

master: 10.92.xx.xxx
id: win7

如果有部分路径问题,可修改salt包的源码配置文件:

C:\ragent\salt\bin\Lib\site-packages\salt\_syspaths.py  按需修改

# This file was auto-generated by salt's setup on Wednesday, 06 June 2018 @ 20:06:22 UTC.

ROOT_DIR = 'C:/ragent/salt'
SHARE_DIR = None
CONFIG_DIR = None
CACHE_DIR = None
SOCK_DIR = None
SRV_ROOT_DIR= 'C:/ragent/salt/file'
BASE_FILE_ROOTS_DIR = 'C:/ragent/salt/file'
BASE_PILLAR_ROOTS_DIR = None
BASE_MASTER_ROOTS_DIR = None
BASE_THORIUM_ROOTS_DIR = None
LOGS_DIR = None
PIDFILE_DIR = None
SPM_FORMULA_PATH = None
SPM_PILLAR_PATH = None
SPM_REACTOR_PATH = None
HOME_DIR = 'C:/ragent/salt'

6.linux脚本

初始化init.py:

#!/opt/ragent/python/bin/python3
# coding:utf-8
# @Author : ChenGengCong
# @date : 2018.6.22
# @file : init.py
# @Master:"/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd"
# @Minion:"/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name"
import subprocess
import sys class Saltstack():
def __init__(self):
self.CONFPATH = '/opt/ragent/salt/conf/etc/salt'
self.TOOLSPATH = '/opt/ragent/tools'
#防火墙关闭先不写 def master(self, apipwd='thispwd',master_bind_ip='0.0.0.0'):
#初始化master环境
stopcmd = "%s/master.py stop" % self.TOOLSPATH
pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout
stopapicmd = "%s/api.py stop" % self.TOOLSPATH
pipe = subprocess.run(stopapicmd, shell=True, stdout=subprocess.PIPE).stdout
#master绑定的ip地址
setcmd = "sed -i '/^interface/s/.*/interface: %s/g' %s/master" % (master_bind_ip, self.CONFPATH)
pipe = subprocess.run(setcmd, shell=True, stdout=subprocess.PIPE).stdout
#创建api密码
addcmd = "useradd -M -s /sbin/nologin saltapi"
p = subprocess.run(addcmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout
pwdcmd = "echo '%s'|/usr/bin/passwd saltapi --stdin" % apipwd
pipe = subprocess.run(pwdcmd, shell=True, stdout=subprocess.PIPE).stdout
#启动master环境
startcmd = "%s/master.py start" % self.TOOLSPATH
pipe = subprocess.run(startcmd, shell=True, stdout=subprocess.PIPE).stdout
stopapicmd = "%s/api.py start" % self.TOOLSPATH
pipe = subprocess.run(stopapicmd, shell=True, stdout=subprocess.PIPE).stdout def minion(self,master_ip, minion_name):
#初始化minion环境
stopcmd = "%s/minion.py stop" % self.TOOLSPATH
pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout # 删除已有认证
delid = "rm -f %s/minion_id" % self.CONFPATH
std = subprocess.run(delid, shell=True, stdout=subprocess.PIPE).stdout
delpki = "rm -f %s/salt/pki/minion/*" % self.CONFPATH
std = subprocess.run(delpki, shell=True, stdout=subprocess.PIPE).stdout # 设置master ip地址
setip = "sed -i '/^master/s/.*/master: %s/g' %s/minion" % (master_ip,self.CONFPATH)
pipe = subprocess.run(setip, shell=True, stdout=subprocess.PIPE).stdout # 设置minion ID 即客户端唯一识别名
setid = "sed -i '/^id:/s/.*/id: %s/g' %s/minion" % (minion_name,self.CONFPATH)
pipe = subprocess.run(setid, shell=True, stdout=subprocess.PIPE).stdout #启动minion环境
stopcmd = "%s/minion.py start" % self.TOOLSPATH
pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout '''
@初始化命令
@master:
ssh root@ "/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd"
@minion
ssh root@ "/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name"
'''
if __name__ == "__main__":
name = sys.argv[1]
Salt = Saltstack()
if name == "master":
try:
apipwd = sys.argv[2]
Salt.master(apipwd)
except:
Salt.master()
elif name == "minion":
master_ip = sys.argv[2]
minion_name = sys.argv[3]
Salt.minion(master_ip, minion_name)
else:
print("USAGE: %s (master|minion) master_ip minion_id" % sys.argv[0])

api.py

#!/opt/ragent/python/bin/python3
# -*- coding: utf-8 -*-
#encoding:utf-8
#@Time : 2018-06-13 15:41:33
#@Author : chengengcong
#@File : api.py
import sys
import subprocess
import os
SALT_PATH = '/opt/ragent/salt'
def start_app(name):
if status_app(name)>1:
print ("%s is running,you can try restart"%(name))
else:
cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) def stop_app(name):
cmd = "pgrep %s|xargs kill -9"%(name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout def status_app(name):
cmd = "pgrep %s|wc -l"%(name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout
result = int(str(pipe.read(),encoding='utf-8'))
return result if __name__ == "__main__":
name = 'salt-api'
if len(sys.argv)==1:
start_app(name)
if len(sys.argv)>1:
key = sys.argv[1]
if key == 'start':
start_app(name)
elif key == 'stop':
stop_app(name)
elif key == 'restart':
stop_app(name)
start_app(name)
else:
result = status_app(name)
if result>0:
print ('%s is active!'%(name))
else:
print ('%s is inactive!'%(name))

master.py

#!/opt/ragent/python/bin/python3
# -*- coding: utf-8 -*-
#encoding:utf-8
#@Time : 2018-06-13 15:41:33
#@Author : chengengcong
#@File : master.py
import sys
import subprocess
SALT_PATH = '/opt/ragent/salt'
def start_app(name):
if status_app(name)>1:
print ("%s is running,you can try restart"%(name))
else:
cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) def stop_app(name):
cmd = "pgrep %s|xargs kill -9"%(name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout def status_app(name):
cmd = "pgrep %s|wc -l"%(name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout
result = int(str(pipe.read(),encoding='utf-8'))
return result if __name__ == "__main__":
name = 'salt-master'
if len(sys.argv)==1:
start_app(name)
if len(sys.argv)>1:
key = sys.argv[1]
if key == 'start':
start_app(name)
elif key == 'stop':
stop_app(name)
elif key == 'restart':
stop_app(name)
start_app(name)
else:
result = status_app(name)
if result>0:
print ('%s is active!'%(name))
else:
print ('%s is inactive!'%(name))

minion.py

#!/opt/ragent/python/bin/python3
# -*- coding: utf-8 -*-
#encoding:utf-8
#@Time : 2018-06-13 15:41:33
#@Author : chengengcong
#@File : master.py
import sys
import subprocess
SALT_PATH = '/opt/ragent/salt'
def start_app(name):
if status_app(name)>0:
print ("%s is running,you can try restart"%(name))
else:
cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) def stop_app(name):
cmd = "pgrep %s|xargs kill -9"%(name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout def status_app(name):
cmd = "pgrep %s|wc -l"%(name)
pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout
result = int(str(pipe.read(),encoding='utf-8'))
return result if __name__ == "__main__":
name = 'salt-minion'
if len(sys.argv)==1:
start_app(name)
if len(sys.argv)>1:
key = sys.argv[1]
if key == 'start':
start_app(name)
elif key == 'stop':
stop_app(name)
elif key == 'restart':
stop_app(name)
start_app(name)
else:
result = status_app(name)
if result>0:
print ('%s is active!'%(name))
else:
print ('%s is inactive!'%(name))

7.window脚本

init.bat

::date:2018-04-09 15:35:11
::author:chengengcong
::company:NanWangDingXin
::version:1.0.1
::file: init.bat
::Parameter: init.bat 10.92.xxx.xx mywindow
@echo off
C:\ragent\salt\bin\ssm.exe install salt-minion c:\ragent\salt\bin\python.exe
C:\ragent\salt\bin\ssm.exe set salt-minion AppParameters "-E -s c:\ragent\salt\bin\Scripts\salt-minion -c c:\ragent\salt\conf -l quiet"
C:\ragent\salt\bin\ssm.exe set salt-minion AppDirectory c:\ragent\salt\bin
C:\ragent\salt\bin\ssm.exe set salt-minion AppExit Default Restart
C:\ragent\salt\bin\ssm.exe set salt-minion AppStopMethodConsole 24000
C:\ragent\salt\bin\ssm.exe set salt-minion AppStopMethodWindow 2000
C:\ragent\salt\bin\ssm.exe set salt-minion Description "Salt Minion from saltstack.com"
C:\ragent\salt\bin\ssm.exe set salt-minion DisplayName salt-minion
C:\ragent\salt\bin\ssm.exe set salt-minion ObjectName LocalSystem
C:\ragent\salt\bin\ssm.exe set salt-minion Start SERVICE_AUTO_START
C:\ragent\salt\bin\ssm.exe set salt-minion Type SERVICE_WIN32_OWN_PROCESS
set master=%1%
set id=%2%
echo master: %master%>C:\ragent\salt\conf\minion
echo id: %id%>>C:\ragent\salt\conf\minion
net stop salt-minion
net start salt-minion

minion.bat

::date:2018-04-09 15:35:11
::author:chengengcong
::company:NanWangZongBu
::version:1.0.1
::file: minion.bat
::Parameter: minion.bat status
@echo off
set input=%1%
call:%input%
goto:eof
:status
for /f "skip=3 tokens=4" %%i in ('sc query salt-minion') do set "zt=%%i" &goto :next
:next
echo %zt%
goto:eof
:start
net start salt-minion
goto:eof
:stop
net stop salt-minion
goto:eof