SaltStack 安装配置1.导入安装源
centos5
rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
centos6
rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
2.安装salt软件包
master端
yum installsalt-master
配置文件目录:
[root@node110 ~]#cd /etc/salt/
[root@node110salt]# ls
master pki
[root@node110salt]# pwd
/etc/salt
启动的端口:
[root@node110 ~]#netstat -lntup
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 4201/python2.6
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 4221/python2.6
minion端(俗称的client端)
yum installsalt-minion
配置文件:
[root@node120 ~]#cd /etc/salt/
[root@node120salt]# ls
minion minion.d minion_id pki
[root@node120salt]# pwd
/etc/salt
日志文件:
[root@node110salt]# cd /var/log/salt/
[root@node110salt]# ls
key master
[root@node110salt]# pwd
/var/log/salt
在客户端开启连接服务端的IP地址:
vim/etc/salt/minion +16
15 # resolved, thenthe minion will fail to start.
16 master: 172.16.1.110
修改id,不使用主机名当作id:
77 # clusters.
78 id: minion.saltstack.com
通过以上配置后,在服务器将看到这个id
在服务端查看key:
[root@node110salt]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion.saltstack.com
Rejected Keys:
在server上,将客户端加入到server,进行认证:
[root@node110salt]# salt-key -a minion.saltstack.com
The following keysare going to be accepted:
Unaccepted Keys:
minion.saltstack.com
Proceed? [n/Y] y
Key for minionminion.saltstack.com accepted.
在server端,查看server端信认的客户端:
[root@node110salt]# salt-key -L
Accepted Keys:
minion.saltstack.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
测试服务端与客户端之间的连接是否正常:
[root@node110salt]# salt '*' test.ping # *号代表所以的主机
minion.saltstack.com:
True
[root@node110salt]# salt 'minion.saltstack.com' test.ping
minion.saltstack.com:
True
在server端远程查看客户端的情况:
[root@node110salt]# salt 'minion.saltstack.com' cmd.run 'hostname'#cmde模块 run方法
minion.saltstack.com:
node120
3.配置修改
master端
[root@ldap~]# sed -e 's/#.*//' -e '/^$/ d' /etc/salt/master
interface:0.0.0.0
publish_port:4505
user: root
max_open_files:100000
ret_port:4506
pidfile:/var/run/salt-master.pid
syndic_log_file:syndic.log
log_file:/var/log/salt/master
key_logfile:/var/log/salt/key
log_fmt_logfile:'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
minion端
[root@monitor~]# sed -e 's/#.*//' -e '/^$/ d' /etc/salt/minion
master:salt.server.365dw.cn
master_port:4506
pidfile:/var/run/salt-minion.pid
pki_dir:/etc/salt/pki/minion
id:client01.server.365dw.cn
cachedir:/var/cache/salt/minion
4.重启服务端及客户端
master端:
/etc/init.d/iptablesstop
/etc/init.d/salt-masterrestart
minion端:
/etc/init.d/iptablesstop
/etc/init.d/salt-minionrestart
5.证书认证
slat-key -L查看后发现Unaccepted keys
[root@ldap~]# salt-key -L
AcceptedKeys:
UnacceptedKeys:
client01.server.365dw.cn
RejectedKeys:
salt-key -A认证,Proceed输入Y
[root@ldap~]# salt-key -A
Thefollowing keys are going to be accepted:
UnacceptedKeys:
client01.server.365dw.cn
Proceed?[n/Y] Y
Key forminion client01.server.365dw.cn accepted.
再次salt-key -L查看,Unaccepted Keys未认证的客户端变成了accept的客户端。
[root@ldap~]# salt-key -L
AcceptedKeys:
client01.server.365dw.cn
UnacceptedKeys:
RejectedKeys:
6.测试,使用salt内置的cmd.run命令进行ping 测试。
[root@ldap~]# salt '*' cmd.run 'ping -c1 www.365dw.cn'
client01.server.365dw.cn:
PING www.365dw.cn (112.124.43.79) 56(84) bytes of data.
64 bytes from 112.124.43.79: icmp_seq=1ttl=128 time=12.5 ms
--- www.365dw.cn ping statistics ---
1packets transmitted, 1 received, 0% packet loss, time 0ms
rttmin/avg/max/mdev = 12.534/12.534/12.534/0.000 ms
