SaltStack 认证过程master端:
[root@node110 master]# pwd
/etc/salt/pki/master
[root@node110 master]# ll
total 28
-r-------- 1 root root 1679 Dec 9 16:17 master.pem #master 私钥
-rw-r--r-- 1 root root 451 Dec 9 16:17 master.pub #master 公钥
drwxr-xr-x 2 root root 4096 Dec 12 16:43 minions/
drwxr-xr-x 2 root root 4096 Dec 9 16:17 minions_autosign
drwxr-xr-x 2 root root 4096 Dec 9 16:17 minions_denied
drwxr-xr-x 2 root root 4096 Dec 12 16:43 minions_pre
drwxr-xr-x 2 root root 4096 Dec 9 16:17 minions_rejected
[root@node110 master]# cd minions
[root@node110 minions]# ls
minion.saltstack.com #minion公钥:以client ID为名称的minion公钥
客户端minion:
[root@node120 minion]# pwd
/etc/salt/pki/minion
[root@node120 minion]# ll
total 12
-r-------- 1 root root 1679 Dec 12 16:18 minion.pem #客户端私钥
-rw-r--r-- 1 root root 451 Dec 12 16:18 minion.pub #客户端公钥
-rw-r--r-- 1 root root 451 Dec 12 16:43 minion_master.pub #master端公钥
服务端与客户端一直保持长连接:
[root@node110 master]# lsof -i:4505
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 2427 root 12u IPv4 13636 0t0 TCP *:4505 (LISTEN)
salt-mast 2427 root 14u IPv4 16152 0t0 TCP node110:4505->node120:58113(ESTABLISHED)
[root@node110 master]# lsof -i:4506
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 2435 root 20u IPv4 13635 0t0 TCP *:4506 (LISTEN)
salt-mast 2435 root 22u IPv4 16089 0t0 TCP node110:4506->node120:5557(ESTABLISHED)
