通过saltstack模块调用,结合ansible实现2台服务器之间免密钥登录,同时安装minion端。
适用场景:已存在安装saltstack的master端,新上线服务器,需安装minion端加入至master。
在master端事先生成密钥对,写好免密钥登录和安装minion端脚本。脚本统一放在/srv/salt/_shell。
- 免密钥配置脚本
1
2
3
4
5cat /srv/salt/_shell/installpub.sh
cd /root/
umask 077
test -d .ssh || mkdir .ssh
echo 'xxxx' >> .ssh/authorized_keys
注意此处.ssh目录权限为700,authorized_keys文件权限为600或700。
安装配置minion端脚本
1
2
3
4
5
6
7cat /srv/salt/_shell/minionid.sh
yum install -y salt-minion
#ip=`ifconfig | grep -w 'inet' |grep -v grep |awk ` #根据不同版本centos获取方式不一样
ip=ifconfig eth0|grep inet|awk '{print $2}'
sed -i 's/^#master:salt/master: 19.168.145.130/' /etc/salt/minion
sed -i 's/^#id:.*/id: $ip/' /etc/salt/minion客户端代码
saltapi.py1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70import json
import requests
class SaltServer(object):
def __init__(self):
self.session = requests.session()
self.token = self.getToken()
print(self.token)
def getToken(self):
url = "http://192.168.48.137:8000/login"
headers = {"Accept": "application/json"}
data = {
"username": "saltapi",
"password": "saltapi",
"eauth": "pam"
}
res = self.session.post(url=url, headers=headers, data=data)
text = res.text
result = json.loads(text)
token = result.get("return")[0].get("token")
return token
def runModules(self, minionid, fun, arg=None):
url = "http://192.168.48.137:8000"
data = {
"client": "local",
"tgt": minionid,
"fun": fun,
"arg": arg
}
resultBean = dict()
try:
res = self.session.post(url=url, data=data)
text = res.text
data = json.loads(text).get("return")
resultBean['code'] = 0
resultBean['message'] = "success"
resultBean['data'] = data
except Exception as e:
resultBean['code'] = 1
resultBean['message'] = "failed"
resultBean['data'] = e
finally:
return resultBean
def runRunner(self, fun, **kwargs):
url = "http://192.168.48.137:8000"
data = {
"client": "runner",
"fun": fun,
}
data.update(kwargs)
print(data)
resultBean = dict()
try:
res = self.session.post(url=url, data=data)
text = res.text
data = json.loads(text).get("return")
resultBean['code'] = 0
resultBean['message'] = "success"
resultBean['data'] = data
except Exception as e:
resultBean['code'] = 1
resultBean['message'] = "failed"
resultBean['data'] = e
finally:
return resultBean位于
master端,位置为/srv/salt/__runner/masterApp.py,提供具体执行方法masterApp.py1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29import codecs
import json
import commands
def publicKey(ipaddr):
with codecs.open('/tmp/{0}.txt'.format(ipaddr), 'w') as f:
f.write("{0} ansible_ssh_pass=123456".format(ipaddr))
resultBean = dict()
cmd = "ansible -i /tmp/{0}.txt all -m script -a '/srv/salt/_shell/installpub.sh'".format(ipaddr)
status, output = commands.getstatusoutput(cmd)
if status == 0:
resultBean['code'] = 0
resultBean['message'] = 'success'
resultBean['data'] = output
return json.dumps(resultBean)
def installMinionid(ipaddr):
with codecs.open('/tmp/{0}.txt'.format(ipaddr), 'w') as f:
f.write("{0} ansible_ssh_pass=123456".format(ipaddr))
resultBean = dict()
cmd = "ansible -i /tmp/{0}.txt all -m script -a '/srv/salt/_shell/minionid.sh'".format(ipaddr)
status, output = commands.getstatusoutput(cmd)
if status == 0:
resultBean['code'] = 0
resultBean['message'] = 'success'
resultBean['data'] = output
return json.dumps(resultBean)
最后在客户端调用测试test.py1
2
3
4
5
6
7from saltstack_api.util.saltapi import SaltServer
saltServer = SaltServer()
result1 = saltServer.runRunner('masterApp.publicKey', ipaddr='192.168.48.133')
print(result1)
result2 = saltServer.runRunner('masterApp.installMinionid', ipaddr='192.168.48.133')
print(result2)
