salt、puppet、ansible
来源:互联网 发布:几个c语言小游戏源码 编辑:程序博客网 时间:2024/05/17 02:06
自动化工具对比
saltstack
salt简介
- C/S模式、证书认证、批量管理主机,比puppet轻量
- 集中化管理、分发文件、采集系统数据及软件包的安装与管理
- 部署简单、管理方便
- 支持大部分的操作系统
- C/S管理模式,易于扩展
- 配置简单、功能覆盖广
- Master和Minion基于认证,确保安全
- 支持API及自定义Pyhton模块,轻松实现功能扩展
salt工作原理
- Minion启动时,会自动生成一套秘钥,将公钥发送给服务器端,服务器验证并接受公钥,以此建立可靠且加密的通信连接。同时通过消息队列ZeroMQ在客户端与服务器之间建立消息发布连接。
- Minion是saltstack需要管理的客户端安装组件,会主动连接Master端,并从Master得到资源状态信息,同步资源管理信息。
- Master负责salt命令运行和资源状态的管理
- ZeroMQ消息队列软件,用于在Master和Minion建立系统通信桥梁。
- Daemon运行于每个成员内的守护进程,承担着发布消息及通信端口监听的功能。
saltstack 依赖配置
- python:
- PyYAML:
- setuptools:
- markupsafe:
- jinja2:
- pyzmq:版本>2.63
salt --versions-report
saltstack配置
master
15 interface: 0.0.0.0 22 publish_port: 4505 32 ret_port: 4506
254 worker_threads: 5
#!/bin/bashcd /usr/local/src/wget http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpmrpm -ivh epel-release-6-8.noarch.rpmyum install python-develyum install salt-master -ysed -i -r 's/^#interface: 0.0.0.0/interface: 0.0.0.0/' mastersed -i -r 's/^#publish_port: 4505/publish_port: 4505/' mastersed -i -r 's/^#worker_threads: 5/worker_threads: 5/' mastersed -i -r 's/^#ret_port: 4506/ret_port: 4506/' masteriptables -I INPUT -p tcp --dport 4505 -j ACCEPT iptables -I INPUT -p tcp --dport 4506 -j ACCEPT iptables-save > /etc/sysconfig/iptableschkconfig salt-master onservice salt-master start
-
作者:燕涛 链接:http://www.jianshu.com/p/df98836f46e9 來源:简书 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
minion
ssh-copy-id root@server3 ssh-copy-di root@server2 scp /etc/yum.repo.d/salt-latest.repo root@serve3:/etc/yum.repo.d/ scp /etc/yum.repo.d/salt-latest.repo root@serve2:/etc/yum.repo.d/ yum clean all yum install -y salt-minion vim /etc/salt/minion master: master IP id: minion自己的IP vim /etc/salt/master master : master自己的IP
puppet
puppet基本特性
- 基于ruby
- 基于master/agent认证机制
- 不依赖客户端系统的管理权限
- 可实现配置自动特推送客户端
- 可跨平台以
puppet 工作特性
- master以守护进程方式进行,包含所有环境需要的所有配置。
- agent使用标准SSL协议进行加密和验证的连接与master通信,然后
yaml语言
yaml语言特性
- 比JSON格式方便
- 大小写敏感
- 缩进表示层级关系
- 缩进只允许使用空格
- 缩进空格数目不重要,只要相同级别元素左侧对齐即可
- ‘#’表示注释一行,被解析器忽略
支持的数据结构
- 对象:键值对的集合
-
key:values
-
- 数组:序列
-
- Name1- Name2- Name3
-
- 混合:
language: - python - C - C++website: YAML: yaml.org Perl:perl.org
- - 纯量:单个不可再分的值(字符串、布尔值、整数、浮点数、Null、时间、日期)
-
number:12.30
- 字符串
str:memgran is a guapi
- 引用:&用来建立锚点(default) 、*用来引用锚点、<<表示合并到当前数据
- 函数和正则表示式的转换
ansible
简介
- 基于python开发,集合众多运维工具优点(puppet、cfengine、chef、func、fabric),实现了批量系统配置、批量程序部署、批量运行命令等功能;
- 基于模块,本身无批量部署能力。ansible提供一种框架;
框架
- 连接插件connection plugins:负责和被监控端实现通信;
- host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
- 各种模块核心模块、command模块、自定义模块;
- 借助于插件完成记录日志邮件等功能;
- playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
总体架构图
特性
- no agents:不需在被管控主机安装任何客户端
- no server:无服务器,直接运行命令
- modules in any languages: 基于模块,可使用任意语言开发模块
- yaml,not code:使用yaml语言定制剧本playbook;
- ssh by default:基于ssh工作;
- strong multi-tier solution:可实现多级指挥
优点
- 轻量级,无需安装agent,更新时,只需在操作机上进行一次更新即可;
- 批量任务执行可写成脚本,且不用分发到远程执行;
- 使用python编写,维护简单;
- 支持 sudo;
任务执行流程
- 见笔记8.14 A4纸
Ansible基础
一、基本配置
- 安装 python:
wget http://www.zlib.net/zlib-1.2.11.tar.gztar zxcvf zlib-1.2.11.tar.gzcd zlib-1.2.11./configuremake make installwget https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgztar zxcvf Python-2.7.8.tgzcd Python-2.7.8./configure --prefix=/usr/localmakemake installcd /usr/local/include/python2.7cp -a ./* /usr/local/include/
- - 安装 setuptools:
wget https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gztar xvzf setuptools-7.0.tar.gzcd setuptools-7.0python setup.py install
- - 安装 pycrypto:
wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gztar xvzf pycrypto-2.6.1.tar.gzcd pycrypto-2.6.1python setup.py install
-
- PyYAML模块安装
wget http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gztar xvzf yaml-0.1.5.tar.gzcd yaml-0.1.5./configure --prefix=/usr/localmake make install
-
wget https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.11.tar.gztar xvzf PyYAML-3.11.tar.gzcd PyYAML-3.11python setup.py install
-
- Jinja2模块安装
wget https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gztar xvzf MarkupSafe-0.9.3.tar.gzcd MarkupSafe-0.9.3python setup.py installwget https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gztar xvzf Jinja2-2.7.3.tar.gzcd Jinja2-2.7.3python setup.py install
- - paramiko模块安装
wget https://pypi.python.org/packages/source/e/ecdsa/ecdsa-0.11.tar.gztar xvzf ecdsa-0.11.tar.gzcd ecdsa-0.11python setup.py installwget https://pypi.python.org/packages/source/p/paramiko/paramiko-1.15.1.tar.gztar xvzf paramiko-1.15.1.tar.gzcd paramiko-1.15.1python setup.py install
-
- simplejson模块安装
wget https://pypi.python.org/packages/source/s/simplejson/simplejson-3.6.5.tar.gztar xvzf simplejson-3.6.5.tar.gzcd simplejson-3.6.5python setup.py install
-
- ansible安装
wget https://github.com/ansible/ansible/archive/v1.7.2.tar.gztar xvzf ansible-1.7.2.tar.gzcd ansible-1.7.2python setup.py install
二、ansible配置
- ssh配置
ssh-keygen ssh-copy-id root@server5scp -r .ssh/ root@server3:ssh root@server3
- ansible配置
mdkir -p /etc/ansiblevim /etc/ansible/ansible.cfg [defaults] host_key_checking = Falsevim /etc/ansible/hosts [servers] 192.168.109.131 192.168.109.138
-
Options: -a MODULE_ARGS, --args=MODULE_ARGS module arguments -k, --ask-pass ask for SSH password --ask-su-pass ask for su password -K, --ask-sudo-pass ask for sudo password --ask-vault-pass ask for vault password -B SECONDS, --background=SECONDS run asynchronously, failing after X seconds (default=N/A) -C, --check don't make any changes; instead, try to predict some of the changes that may occur -c CONNECTION, --connection=CONNECTION connection type to use (default=smart) -f FORKS, --forks=FORKS specify number of parallel processes to use (default=5) -h, --help show this help message and exit -i INVENTORY, --inventory-file=INVENTORY specify inventory host file (default=/etc/ansible/hosts) -l SUBSET, --limit=SUBSET further limit selected hosts to an additional pattern --list-hosts outputs a list of matching hosts; does not execute anything else -m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) -M MODULE_PATH, --module-path=MODULE_PATH specify path(s) to module library (default=/usr/share/ansible/) -o, --one-line condense output -P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15) --private-key=PRIVATE_KEY_FILE use this file to authenticate the connection -S, --su run operations with su -R SU_USER, --su-user=SU_USER run operations with su as this user (default=root) -s, --sudo run operations with sudo (nopasswd) -U SUDO_USER, --sudo-user=SUDO_USER desired sudo user (default=root) -T TIMEOUT, --timeout=TIMEOUT override the SSH timeout in seconds (default=10) -t TREE, --tree=TREE log output to this directory -u REMOTE_USER, --user=REMOTE_USER connect as this user (default=root) --vault-password-file=VAULT_PASSWORD_FILE vault password file -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit
- - 测试 - ping
[root@server5 ~]# ansible servers -m ping192.168.109.131 | success >> { "changed": false, "ping": "pong"}192.168.109.138 | success >> { "changed": false, "ping": "pong"}
- - command
[root@server5 ~]# ansible servers -m command -a 'uptime'192.168.109.131 | success | rc=0 >> 23:15:59 up 1:38, 5 users, load average: 0.05, 0.04, 0.05192.168.109.138 | success | rc=0 >> 23:15:59 up 3:59, 6 users, load average: 0.00, 0.01, 0.05
- setup
-
[root@server5 ~]# ansible servers -m setup192.168.109.131 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "192.168.122.1", "192.168.109.131" ], "ansible_all_ipv6_addresses": [ "fe80::52c2:81e3:8c97:2e0" ], "ansible_architecture": "x86_64", "ansible_bios_date": "07/02/2015", "ansible_bios_version": "6.00", "ansible_cmdline": { "BOOT_IMAGE": "/vmlinuz-3.10.0-514.el7.x86_64", "LANG": "en_US.UTF-8", "crashkernel": "auto", "quiet": true, "rhgb": true, "ro": true, "root": "UUID=8a43bc9e-303d-4271-92b8-bbb171dcf551" },
-
- link
-
[root@server5 ~]# ansible servers -m file -a "src=/etc/hosts dest=/tmp/hosts state=link"192.168.109.131 | success >> { "changed": true, "dest": "/tmp/hosts", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 10, "src": "/etc/hosts", "state": "link", "uid": 0} 192.168.109.138 | success >> {
-
[root@server5 ~]# ll /tmp/hosts lrwxrwxrwx. 1 root root 10 Aug 14 14:28 /tmp/hosts -> /etc/hosts[root@server3 ~]# ll /tmp/hosts lrwxrwxrwx. 1 root root 10 Aug 13 23:28 /tmp/hosts -> /etc/hosts
-
- copy
-
[root@server5 ~]# ansible servers -m copy -a "src=/etc/ansible/ansible.cfg dest=/tmp/ansible.cfg owner=root group=root mode=0644"[root@server3 ~]# ll /tmp/ansible.cfg -rw-r--r--. 1 root root 37 Aug 13 23:33 /tmp/ansible.cfg[root@server5 ~]# ansible servers -m copy -a "src=/root/test.sh dest=/root/test.sh owner=root group=root mode=0755"192.168.109.138 | success >> { "changed": false, "dest": "/root/test.sh", "gid": 0, "group": "root", "md5sum": "7c73186c5baeeced9773809d51f55903", "mode": "0755", "owner": "root", "path": "/root/test.sh", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 17, "state": "file", "uid": 0}192.168.109.131 | success >> { "changed": true, "dest": "/root/test.sh", "gid": 0, "group": "root", "md5sum": "7c73186c5baeeced9773809d51f55903", "mode": "0755", "owner": "root", "secontext": "system_u:object_r:admin_home_t:s0", "size": 17, "src": "/root/.ansible/tmp/ansible-tmp-1502692717.29-206531122290598/source", "state": "file", "uid": 0}
- shell
-
[root@server5 ~]# ansible servers -m shell -a "/root/test.sh"192.168.109.138 | success | rc=0 >>Sun Aug 13 23:40:29 PDT 2017192.168.109.131 | success | rc=0 >>Sun Aug 13 23:40:29 PDT 2017[root@server5 ~]# ansible-doc -lacl Sets and retrieves file ACL information. add_host add a host (and alternatively a group) toairbrake_deployment Notify airbrake about app deployments alternatives Manages alternative programs for common c
salt、puppet、ansible
salt
- salt有master,minion在初始化时会连接到该master上。master将命令分发到minion上。,初始化时,minion会交换一个秘钥建立握手,然后建立一个持久的加密的TCP连接。master可同时连接很多minion而无需担心过载,归功于ZeroMQ。
- 执行模块和状态模块
- 支持事件和反应器,执行引擎支持监控
- 使用PyCrypto的AES实现及key管理
ansible
- 无master,使用ssh主要的通讯工具(意味着慢);ansible也支持ZeroMQ;ansible推荐使用inventory(映射组合主机关系的)文件来追踪机器。
- 支持sudo
阅读全文
0 0
- salt、puppet、ansible
- Puppet vs. Chef vs. Ansible vs. Salt 评分
- Docker培训课程 - 谈docker,chef,puppet,ansible,salt stack延伸
- Puppet SaltStack Chef Ansible
- 在Puppet/Ansible中使用PPA
- ansible和puppet的安装和比较
- Puppet vs. Chef vs. Ansible vs. SaltStack
- 几个配置管理系统puppet、chef、saltstack、ansible的对比
- salt
- salt
- salt
- puppet
- Puppet
- puppet
- puppet
- Puppet
- puppet
- puppet
- 10、函数的扩展 为函数参数指定默认值、函数的 rest 参数、箭头函数—ES6学习笔记
- 李沐深度学习
- IntelliJ IDEA配置Tomcat
- io框架练习
- stl函数大全
- salt、puppet、ansible
- PostgreSQL基础5--聚合与排序
- systemctl命令介绍
- ListView多条目加载
- Linux搭建本地TFTP服务器
- ClassLoad类加载器读取ClassPath路径下的配置文件并完成创建JDBC链接(二)
- Squeeze-and-Excitation Networks
- leetcode---triangle---dp
- POJ3363