User Tools

Site Tools


informatica:linux:salt

Salt

salt configuration python

Instalacion

Servidor

Instalacion normal:

sudo aptitude update; sudo aptitude install salt-master
  

Para tener la ultima version en ubuntu:

echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list
wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add -
sudo apt-get update
apt-get install salt-master

Cliente

Instalacion normal:

sudo aptitude update; sudo aptitude install salt-minion

Para tener la ultima version en ubuntu:

echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list
wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add -
sudo apt-get update
apt-get install salt-minion

(Cliente y servidor) Instalacion manual de zeromq

1. Instalar paquetes:

sudo aptitude install python-pip pkg-config python-dev

2. Instalar zeromq

2.1. Descargar:

sudo su
cd /usr/local
wget -c --tries=0 http://download.zeromq.org/zeromq-4.0.3.tar.gz
tar xvfz zeromq-4.0.3.tar.gz

2.2. Instalar:

./configure
make
sudo make install

3. Instalar libsodium

3.1. Descargar:

sudo su
cd /usr/local
wget -c --tries=0 https://download.libsodium.org/libsodium/releases/libsodium-0.4.5.tar.gz
tar xvfz libsodium-0.4.5

3.2. Instalar:

./configure
make
make check
sudo make install
sudo ldconfig

4. Instalar pyzmq

sudo pip install --upgrade pyzmq

Claves

Aceptar las claves del cliente

El cliente se tiene que registrar contra el servidor. Este proceso se realiza una sola vez por cada cliente:

1. (Cliente) Especificar el nombre del servidor. Editar:

sudo cp /etc/salt/minion /etc/salt/minion.bak; sudo vim /etc/salt/minion

Y anyadir la siguiente linea:

master: salt.example.com

2. (Servidor) Listar las peticiones de claves pendientes:

sudo salt-key -L
 
Unaccepted Keys:
client-1.example.com
Accepted Keys:
Rejected:

3. (Servidor) Aceptar una clave en particular:

sudo salt-key -a client.example.com
The following keys are going to be accepted:
Unaccepted Keys:
client.example.com
Proceed? [n/Y] Y
Key for minion client.example.com accepted.

4. (Servidor) Probar:

sudo salt '*' test.ping
client.example.com: True

Regenerar claves del cliente

Este procedimiento es util cuando por ejemplo se clona una Maquina Virtual y se quiere registrar el cliente contra el maestro.

1. (Cliente) para salt:

sudo service salt-minion stop

2. (Cliente) eliminar claves tanto propias como del servidor:

sudo rm -fr /etc/salt/pki/minion/*

3. (Cliente) ajustar el id de minion, por ejemplo especificando el mismo valor que el hostname:

sudo vim /etc/salt/minion_id
cliente-2.example.com

4. (Cliente) arrancar salt:

sudo service salt-minion start

5. (Servidor) ya deberia poder ver la nueva peticion:

sudo salt-key -L

Accepted Keys: cliente.example.com Unaccepted Keys: cliente-2.example.com Rejected Keys:

6. (Servidor) solo queda aceptar las claves:

sudo salt-key -a cliente-2.example.com
The following keys are going to be accepted:
Unaccepted Keys:
cliente-2.example.com
Proceed? [n/Y] Y
Key for minion cliente-2.example.com accepted

Configuracion

Servidor

sudo cp /etc/salt/master cp /etc/salt/master.bak; sudo vim /etc/salt/master
file_roots:
  base:
    - /etc/salt/states

renderer: py
log_level: debug

pillar_roots:
  base:
    - /etc/salt/pillar

Para ejecutar salt-master como usuario no-privilegiado:

1. Para salt:

sudo service salt-master stop
ps aux | grep salt

2. Cambiar permisos (en este caso yo uso '/etc/salt' para almacenar states, etc…):

sudo chown -R usuario:usuario /var/cache/salt /var/log/salt /etc/salt/pki /etc/salt

3. Reiniciar salt:

sudo service salt-master start

Cliente

sudo cp /etc/salt/minion cp /etc/salt/minion.bak; sudo vim /etc/salt/minion
master: salt.example.com

States

Son los modulos en los que se definen las acciones, mas o menos complejas, a realizar por parte de los clientes, o 'minions'. Seria el equivalente a los modulos en puppet.

Ejemplo con python como parser (y la ruta ajustada en el archivo de configuracion, ver mas arriba):

/etc/salt/states/virt_what/init.sls
  
#!py

def run():
    '''
    Install the virt-what package
    '''
    return {'virt-what': {'pkg': ['installed']}}

Ejecucion:

sudo salt '*' state.sls virt_what

Salida (salt 0.17.4-1)

jamgo@salt-1:~$ sudo salt '*' state.sls virt_what
client.example.com:
----------
    State: - pkg
    Name:      virt-what
    Function:  installed
        Result:    True
        Comment:   The following packages were installed/updated: virt-what.
        Changes:   virt-what: { new : 1.12-1
old : 
}
                   

Summary
------------
Succeeded: 1
Failed:    0
------------
Total:     1

Pillars

Ejemplo sencillo

(Salt < 0.16.2 usar 'pillar.data'):

sudo salt '*' pillar.items

Salida:

client.example.com:
    ----------
    master:
        ----------
        auth_mode:
            1
        auto_accept:
            False
        cachedir:
            /var/cache/salt/master
        client_acl:
            ----------
        client_acl_blacklist:
            ----------
        cluster_masters:
        cluster_mode:
            paranoid
        conf_file:
            /etc/salt/master
        config_dir:
            /etc/salt
        cython_enable:
            False
        daemon:
            False
        default_include:
            master.d/*.conf
        enable_gpu_grains:
            False
        enforce_mine_cache:
            False
        environment:
            None
        ext_job_cache:
            
        ext_pillar:
        extension_modules:
            /var/cache/salt/master/extmods
        external_auth:
            ----------
        external_nodes:
            
        failhard:
            False
        file_buffer_size:
            1048576
        file_client:
            local
        file_ignore_glob:
            None
        file_ignore_regex:
            None
        file_recv:
            False
        file_roots:
            ----------
            base:
                - /etc/salt/states
        fileserver_backend:
            - roots
        fileserver_limit_traversal:
            False
        gitfs_base:
            master
        gitfs_remotes:
        gitfs_root:
            
        hash_type:
            md5
        hgfs_branch_method:
            branches
        hgfs_remotes:
        hgfs_root:
            
        id:
            client.example.com
        interface:
            0.0.0.0
        ipv6:
            False
        job_cache:
            True
        keep_jobs:
            24
        key_logfile:
            /var/log/salt/key
        log_datefmt:
            %H:%M:%S
        log_datefmt_logfile:
            %Y-%m-%d %H:%M:%S
        log_file:
            /var/log/salt/master
        log_fmt_console:
            [%(levelname)-8s] %(message)s
        log_fmt_logfile:
            %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s
        log_granular_levels:
            ----------
        log_level:
            debug
        loop_interval:
            60
        master_ext_job_cache:
            
        master_roots:
            ----------
            base:
                - /srv/salt-master
        master_tops:
            ----------
        max_open_files:
            100000
        minion_data_cache:
            True
        nodegroups:
            ----------
        open_mode:
            False
        order_masters:
            False
        outputter_dirs:
        peer:
            ----------
        permissive_pki_access:
            False
        pidfile:
            /var/run/salt-master.pid
        pillar_opts:
            True
        pillar_roots:
            ----------
            base:
                - /srv/pillar
        pillar_version:
            2
        pki_dir:
            /etc/salt/pki/master
        pub_hwm:
            1000
        publish_port:
            4505
        publish_session:
            86400
        range_server:
            range:80
        reactor:
        renderer:
            py
        ret_port:
            4506
        root_dir:
            /
        runner_dirs:
        saltversion:
            0.17.4
        search:
            
        search_index_interval:
            3600
        serial:
            msgpack
        sock_dir:
            /var/run/salt/master
        state_auto_order:
            True
        state_output:
            full
        state_top:
            salt://top.sls
        state_verbose:
            True
        syndic_master:
            
        syndic_wait:
            1
        timeout:
            5
        token_dir:
            /var/cache/salt/master/tokens
        token_expire:
            43200
        user:
            root
        verify_env:
            True
        win_gitrepos:
            - https://github.com/saltstack/salt-winrepo.git
        win_repo:
            /srv/salt/win/repo
        win_repo_mastercachefile:
            /srv/salt/win/repo/winrepo.p
        worker_threads:
            5

Especificar por minion id

/etc/salt/pillar/top.sls
base:
  '*':
    - users
  'test-2.*':
    - data

Grains

Listar

sudo salt '*' grains.ls
client.example.com:
    - biosreleasedate
    - biosversion
    - cpu_flags
    - cpu_model
    - cpuarch
    - defaultencoding
    - defaultlanguage
    - domain
    - fqdn
    - fqdn_ip4
    - fqdn_ip6
    - gpus
    - host
    - id
    - ip_interfaces
    - ipv4
    - ipv6
    - kernel
    - kernelrelease
    - localhost
    - lsb_distrib_codename
    - lsb_distrib_description
    - lsb_distrib_id
    - lsb_distrib_release
    - manufacturer
    - master
    - mem_total
    - nodename
    - num_cpus
    - num_gpus
    - os
    - os_family
    - osarch
    - oscodename
    - osfinger
    - osfullname
    - osrelease
    - path
    - productname
    - ps
    - pythonpath
    - pythonversion
    - saltpath
    - saltversion
    - saltversioninfo
    - serialnumber
    - server_id
    - shell
    - virtual

"pull" de configuracion por parte del cliente

Enlaces

Errores

2014-01-03 22:25:05,116 [salt.master      ][WARNING ] You have a version of ZMQ less than ZMQ 3.2! There are known connection keep-alive issues with ZMQ < 3.2 which may result in loss of contact with minions. Please upgrade your ZMQ!

SOLUCION seguir procedimiento cliente_y_servidor_instalacion_manual_de_zeromq

informatica/linux/salt.txt · Last modified: 2015/04/13 20:19 by 127.0.0.1