saltstack通过salt-ssh进行ssh管理集群

saltstack 不只是zeromq这一个方式,他也有像ansible那样的ssh的方式,组件的名字叫做salt-ssh ,这是个好东西,看最近群里也在关注这东西,就学习下。 

嗯哼,这里标记我的原文地址,blog.xiaorui.cc     只恨爬虫太刁 !

salt-ssh 可以独立运行的,不用minion的~ 要是需要用salt-ssh的特殊参数,比如grains获取数据的话,还是需要安装minion的,不然他是不好判断你是redhat,debian的 ~ 说句废话 要是能安装minion,谁还用salt-ssh呀。。。。


这类ssh的集群工具还是不少的,我这边简单分析下优缺点!

pdsh、pssh 这东西是要建立在你做好了key关联之后,他的优点就是简单,并发执行。 

vi  server1.txt
192.168.1.11
192.168.1.12
192.168.1.13
192.168.1.14
pssh -h server1.txt -l root -P dir

expect 最大的有点就是交互,但是要成高性能的话,需要自己写多线程的。

#!/usr/bin/expect -f
set toip [lindex argv 0 ]
set ip 10.2.20.14
set password 123123
set timeout 10
spawn ssh root@ip
expect {
"*yes/no" { send "yes\r"; exp_continue}
"*password:" { send "$password\r" }
}

fabric、paramiko python之利器,用过一段时间,该有的都有的,很是强大

from fabric import env
env.hosts = ['user1@host1:port1', 'user2@host2.port2']
env.passwords = {'user1@host1:port1': 'password1', 'user2@host2.port2': 'password2'}

但是个人觉得salt-api背靠着saltstack这个大树,前景还是不错的。 


salt-ssh 可以代替expect之类的密码推送脚本,另外说明下 salt-ssh 用的是sshpass进行密码交互的,首先看下版本,17版本后才开始有的,现在基本都是2014了。 

我们先开始安装 salt-ssh ~

git clone https://github.com/saltstack/salt.git
cd salt
./setup.py install

salt-ssh


我们可以把要执行的信息,也就是ip,帐号,密码等 都放到一个文件里面。当然


文件路径是可以随便定义的,官方是指定到了 /etc/salt/roster

那我们先来测试下salt-ssh最基本的用法。


接着来测试下他的性能,注重于是不是并发执行 ~ 结果让人很爽,是多进程并发执行的~

详细的参数:

指定roster信息文件,这样可以随意配置定义了。 

配置一个默认的密码,然后帮你推送下 ~~~ 这个功能有点怪,规范点的公司,大家的密码都是随机生成的。当然也可以配置成不同的ip不同的密码。 

重大发现: 我在这里补充下~

salt-ssh 第一次执行是根据roster的账号密码推送密码,来实现自动交互的。

执行完了后 会在目标的服务器里面,追加master端的key

然后你就可以删除roster里面的passwd 密码条目了。

我给大家测试下,我把passwd删除了,还是可以运行,这里就不是用sshpass推送密码了,而是直接通过key了 !!!

那关于salt-ssh的参数还是不少的,大家自己看吧 ~

salt-ssh
Synopsis
salt-ssh '*' [ options ] sys.doc
salt-ssh -E '.*' [ options ] sys.doc cmd
Description
Salt ssh allows for salt routines to be executed using only ssh for transport
Options
-r, --raw, --raw-shell
Execute a raw shell command.
要执行的命令,支持管道和常用的特殊符号
--roster-file
Define which roster system to use, this defines if a database backend, scanner, or custom roster system is used. Default is the flat file roster.
指定一个信息文件
--refresh, --refresh-cache
Force a refresh of the master side data cache of the target's data. This is needed if a target's grains have been changed and the auto refresh timeframe has not been reached.
--max-procs
Set the number of concurrent minions to communicate with. This value defines how many processes are opened up at a time to manage connections, the more running process the faster communication should be, default is 25.
--passwd
Set te default password to attempt to use when authenticating.
--key-deploy
Set this flag to attempt to deploy the authorized ssh key with all minions. This combined with --passwd can make initial deployment of keys very fast and easy.
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files for Salt master and minions. The default location on most systems is /etc/salt.
Target Selection
-E, --pcre
The target expression will be interpreted as a PCRE regular expression rather than a shell glob.
-L, --list
The target expression will be interpreted as a comma-delimited list; example: server1.foo.bar,server2.foo.bar,example7.quo.qux
-G, --grain
The target expression matches values returned by the Salt grains system on the minions. The target expression is in the format of '<grain value>:<glob expression>'; example: 'os:Arch*'
This was changed in version 0.9.8 to accept glob expressions instead of regular expression. To use regular expression matching with grains, use the --grain-pcre option.
--grain-pcre
The target expression matches values returned by the Salt grains system on the minions. The target expression is in the format of '<grain value>:< regular expression>'; example: 'os:Arch.*'
-N, --nodegroup
Use a predefined compound target defined in the Salt master configuration file.
-R, --range
Instead of using shell globs to evaluate the target, use a range expression to identify targets. Range expressions look like %cluster.
Using the Range option requires that a range server is set up and the location of the range server is referenced in the master configuration file.
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/ssh.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. Default: warning.
Output Options
--out
Pass in an alternative outputter to display the return of data. This outputter can be any of the available outputters:
grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only for data returned from specific functions; for instance, the grains outputter will not work for non-grains data.
If an outputter is used that does not support the data passed into it, then Salt will fall back on the pprint outputter and display the return data using the Python pprint standard library module.
Note
If using --out=json, you will probably want --static as well. Without the static option, you will get a JSON string for each minion. This is due to using an iterative outputter. So if you want to feed it to a JSON parser, use --static as well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
Print the output indented by the provided value in spaces. Negative values disable indentation. Only applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--no-color
Disable all colored output
--force-color
Force colored output

那么如果想针对salt-ssh模块进行二次开发,或者加点下功能扩展。 




那我们来总结下:

     其实没有ansible之前,他是个ssh工具的好选择,但是ansible来了 ! 那为了更好的控制集群,还是推荐用ansible。当然,你就是喜欢salt-ssh ! (你妹呀,介绍了半天的salt-ssh,后面居然又推荐起ansible了)





大家觉得文章对你有些作用! 如果想赏钱,可以用微信扫描下面的二维码,感谢!
另外再次标注博客原地址  xiaorui.cc

发表评论

邮箱地址不会被公开。 必填项已用*标注