Saltstack 简明教程

SaltStack - Salt Proxy Minions

有许多设备(如路由器、网络设备等)具有定制操作系统、有限内存和高度安全性考虑。在这些设备中,我们无法安装标准 salt-minion ,随后也无法管理这些系统。然而,Salt 提供了一项创新技术来克服这一制约。

There are lot of devices like router, network gear, etc., having custom OS, limited memory and high security considerations. In those devices, we were not able to install the standard salt-minion and subsequently were unable to manage those systems. However, Salt provides an innovative technology to overcome this constrain.

Salt 有一个单独的模块,即 salt 代理守护进程,它使用远程系统中运行的 REST 服务来控制远程系统。此 REST 服务是使用 Representational State Transfer (REST) 概念编写的基于 HTTP 的网络服务,它们易于实现且易于使用。

Salt has a separate module, salt proxy minion that controls the remote system using the REST service running in the remote system. This REST service is a HTTP based web service written using the Representational State Transfer (REST) concept and they are both easy to implement and easy to consume.

每个设备将有自己的 SDK 和开发环境来编写复杂应用程序。Salt 预期在设备中开发一个 REST 服务,以符合 Salt 接口规范。Salt 还提供了一个 python 模块来编写 REST 网络服务。如果设备支持 python,那么开发 REST 网络服务将很容易。

Every device will have its own SDK and development environment to write complex applications. Salt expects a REST service to be developed in the device as per the Salt interface specification. Salt also provides a python module to write the REST web service. If the device supports python, then it will be easy to develop the REST web service.

一旦在远程系统中开发和部署了 REST 网络服务,就可以配置 Salt,使其使用 REST 网络服务来控制远程设备,而不是使用 salt 守护进程。

Once the REST web service is developed and deployed in the remote system, Salt can be configured to control the remote device using the REST web service instead of the salt minion.

Working Example

让我们使用一个实时工作环境来学习 salt proxy minion 的概念。对于实时环境,我们为服务器端和代理守护进程选择了 Linux 系统。我们将使用 REST 网络服务来控制系统,而不是使用 salt 守护进程。

Let us learn the concept of salt proxy minion using a live working environment. For the live environment, we chose a Linux system for both the master and the proxy minion. We are going to control the system using REST web service instead of salt-minion.

Install and Configure REST Web Service

Salt 提供了一个 REST 网络服务实现的示例,该示例在其 contrib 模块中命名为 proxyminion_rest_example。让我们安装示例网络服务。

Salt provides a sample of the REST web service implementation, which is named as proxyminion_rest_example in its contrib module. Let us install the sample web service.

  1. Install ‘bottle’ using the pip. The bottle command is a python web framework to develop web application.

pip install bottle = 0.12.8

  1. Download the saltstack/salt-contrib project from github. Otherwise, clone the project using the following command.

git clone https://github.com/saltstack/salt-contrib

  1. Open a terminal and go to the salt-contrib directory.

  2. This salt-contrib directory will have a folder, proxyminion_rest_example. This folder contains sample implementation for the REST web service. Go to the proxyminion_rest_example folder.

  3. Run the following command to start the REST web service.

python rest.py --address <your ip address> --port 8000

  1. Open a browser and load [role="bare"]http://«your ip address»:8000. This will show the default page with services and packages as shown in the screenshot below.

rest web service

现在,我们已经配置了 REST 网络服务,并且它将检查如何配置盐代理来查询 REST 网络服务并控制系统。

Now, we have configured the REST web service and it will check how to configure salt proxy to query the REST web service and control the system.

Configure Salt-Proxy

要配置盐代理,我们必须遵循以下步骤。

To configure the Salt-Proxy, we have to follow the steps given below.

  1. We have to specify the master node for the salt-proxy. Edit the proxy-configuration file location, which is in/etc/salt /proxy, and enter the following code.

master: <your ip address>

  1. Modify / create base pillar file in /srv/pillar/top.sls as shown in the following code block.

base:
  'p8000':
      - p8000

  1. Add a new pillar file, p8000.sls in the /srv/pillar as shown in the code block below.

proxy:
   proxytype: rest_sample
   url: http://<your ip address>:8000

  1. Start salt-proxy in the debug mode using the following command.

salt-proxy --proxyid = p8000 -l debug

  1. Similar to the salt-minion, accept the salt-proxy key as shown below.

salt-key -y -a p8000

The following keys are going to be accepted:
Unaccepted Keys:
p8000
Key for minion p8000 accepted.

Running the Salt

现在,运行 salt 命令并调用 ping.test 函数,如下所示。

Now, run the salt command and call the ping.test function as shown below.

salt p8000 test.ping

我们可以使用 salt 运行 REST web 服务支持的任何函数,它类似于 salt-minion

We can run any function supported by the REST web service by using salt, which is similar to salt-minion.

例如,可以通过以下命令获取 grain 信息。

For example, the grain information can be obtained by using the following command.

salt p8000 grains.items