目 录
什么是saltstack?
Saltstack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,一般可以理解成简化版的基于puppet和加强版的func。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、pyjinja2、python-msgpack和PyYAML等)构建。
  
Saltstack具有以下特点:

  • 部署简单、方便
  • 支持大部分UNIX/Linux及Windows环境
  • 主从集中化管理
  • 配置简单、功能强大、扩展性强
  • 主控端(Master)和被控制端(minion)基于证书认证,安全可靠
  • 支持API及自定义模块,可通过Python轻松扩展

参考文档:
项目地址: https://github.com/saltstack/salt
官网地址: http://www.saltstack.com
官方文档: http://docs.saltstack.com OR http://docs.saltstack.cn
开发语言: Python
运行模式: C/S

一、环境介绍

HostName IP Service
Master 192.168.179.100 salt-master
Minion 192.168.179.101 salt-minion


基本术语

说明
maste 控制中心,salt命令运行和资源状态管理端
minion 需要管理的客户端机器,会主动连接master端,并从master端得到资源状态信息,同步资源管理信息
states 配置管理的指令集
grains minion端的静态变量
pillar minion端的动态变量
highstate 给minion永久添加状态,从sls配置文件读取
salt schedule 自动保持客户端配置


二、安装前准备(所有机器都需要执行)


2.1 添加Host

        # echo -e "192.168.179.100 master\n192.168.179.101 minion-1" >> /etc/hosts


2.2 关闭防火墙

         # service iptables stop
         # chkconfig iptables off


2.3 关闭Selinux

        #  sed -i 's/SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
        #  setenforce 0


2.4 安装SaltStack的yum源

         #  yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm
         #  yum clean expire-cache


三、安装SaltStack


Master安装


3.1 设置hostname

        #  sed -i 's/HOSTNAME=.*$/HOSTNAME=master/g' /etc/sysconfig/network


3.2 安装Salt-master

        # yum -y install salt-master


3.3 配置salt-master

         # cp /etc/salt/master /etc/salt/master-example
         # sed -i 's/#interface/interface/g' /etc/salt/master
         # egrep -v "^#|^$" /etc/salt/master


3.4 配置安全认证

查看当前

        #  salt-key -L
        Accepted Keys:
        Denied Keys:
        Unaccepted Keys:
        Rejected Keys:


接收所有key

        #  salt-key -A


3.5 启动salt-master

         #  service salt-master start
         # chkconfig salt-master on

查看是否启动成功

         # cat /var/run/salt-master.pid


Minion安装


3.6 设置hostname

        # sed -i 's/HOSTNAME=.*$/HOSTNAME=minion-1/g' /etc/sysconfig/network


3.7 安装Salt-minion

        # yum -y install salt-minion


3.8 配置Salt-minion

         # cp /etc/salt/minion /etc/salt/minion-example
         # sed -i 's/#master: salt/master: master/g' /etc/salt/minion


3.9 启动Salt-minion

         # service salt-minion start
         # chkconfig salt-minion on


四、测试


在master机器上执行

测试ping

    # salt '*' test.ping
    minion-1:
    True


测试运行一个df -h

    #  salt '*' cmd.run 'df -h'
    minion-1:
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/mapper/vg_centos6-lv_root
                           18G  1.7G   15G  11% /
    tmpfs                 490M   12K  490M   1% /dev/shm
    /dev/sda1             477M   63M  389M  14% /boot


五、自动脚本,可以参考下:

    # cat /export/zlyang/autoSaltStackInstall.sh

    #!/bin/bash
################################################
#                                              #
#        author: Zlyang by 2019-08-28          #
#   description: Auto Install SaltStack        #
#                                              #
################################################
INSTALL_TIME=`date +%F\ %T`
CURRENTDIR=`pwd`;
LOGFILE="${CURRENTDIR}/salt_install.log";
ISCLOSEFIREWALLFIREWALL="yes";
ISCLOSESELINUX="yes";
ready(){
    printf "" > ${LOGFILE}
    printf "安装日期:${INSTALL_TIME}\n" >> ${LOGFILE}
    printf "\n"
    printf "\033[31m 请手动配置Host项,手动添加所有节点的主机名与IP对应,格式如下:\033[0m \n"
    printf "\033[31m %-12s %-10s \033[0m \n" 192.168.1.1 master     
    printf "\033[31m *\n *\n \033[0m"
    printf "\n"
    printf "开始准备工作: \n" |tee -a ${LOGFILE}
    stop_iptables;
    close_selinux;
    printf "\n开始安装SaltStack Repo源:\n" |tee -a ${LOGFILE}
    install_salt_repo;
    printf "\n开始安装SaltStack:\n"|tee -a ${LOGFILE}
    install_salt;
}
stop_iptables(){
    printf "\033[31m \n(建议关闭防火墙,以免在安装时遇到不必要的麻烦!如果不关闭请手动开放\033[31m 4505 \033[0m和\033[31m 4506 \033[0m端口)\n \033[0m"
    printf "请选择是否关闭防火墙:\n"
    read -p "[yes/no] :" ISCLOSEFIREWALL
    case "${ISCLOSEFIREWALL}" in
        Y|y|yes|YES)
            /etc/init.d/iptables stop 2>&1 >>/dev/null
            if [[ $? == 0 ]];then
                printf "\t防火墙停止......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
            fi
        ;;
        n|N|no|NO)
            printf "\033[31m \t您未关闭防火墙,请手动开放 4505 和 4506 端口\033[0m\n"|tee -a ${LOGFILE}
            exit 1
        ;;
        *)
            printf "\033[31m \t您未关闭防火墙,请手动开放 4505 和 4506 端口\033[0m\n"|tee -a ${LOGFILE}
            exit 1
        ;;
    esac
}

close_selinux(){
    printf "\033[31m \n(建议关闭SELinux,如果不关闭请手动开放SaltStack所需要的权限)\n \033[0m"
    printf "请选择是否关闭SELinux:\n"
    read -p "[yes/no] :" ISCLOSESELINUX
    case "${ISCLOSESELINUX}" in
        Y|y|yes|YES)
            sed -i 's/SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
            ISDISABLED=`getenforce`;
            case "${ISDISABLED}" in
                Disabled)
                    printf "\tSELinux 已经停止\n"|tee -a ${LOGFILE}
                ;;
                Enforcing)
                    setenforce 0
                    if [[ $? == 0 ]];then
                        printf "\tSELinux 停止......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
                    fi
                ;;
                *)
                    printf "\t\033[31m 您没有停止SELinux,请手动停止并重启机器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
                    printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
                    printf "\033[31m \t您未关闭SELinux,请手动开放SaltStack所需要的权限!\033[0m\n"|tee -a ${LOGFILE}
                ;;
            esac
        ;;
        n|N|no|NO)
            printf "\t\033[31m 您没有停止SELinux,请手动停止并重启机器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
            printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
            printf "\033[31m \t您未关闭SELinux,请手动开放SaltStack所需要的权限!\033[0m\n"|tee -a ${LOGFILE}
        ;;
        *)
            printf "\t\033[31m 您没有停止SELinux,请手动停止并重启机器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
            printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
            printf "\033[31m \t您未关闭SELinux,请手动开放SaltStack所需要的权限!\033[0m\n"|tee -a ${LOGFILE}
        ;;
    esac
}

install_salt_repo(){
    ISINSTALL=`rpm -qa|grep salt-repo-latest-2.el6.noarch`;
    if [[ -z ${ISINSTALL} ]];then
        yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm 2>&1 >> ${LOGFILE}
        if [[ $? == 0 ]];then
            printf "\tsalt-repo安装......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
        else
            printf "\tsalt-repo安装......[\033[31m 失败 \033[0m ]\n"|tee -a ${LOGFILE}
            exit 1
        fi
    else
        printf "\t您已经安装salt-repo,无需重新安装!\n"|tee -a ${LOGFILE}
    fi
}
install_salt(){
    printf "\n请选择需要安装的系统:\n\t1:Salt-Master(Server端) \n\t2:Salt-Minion(Client端) \n\n\tq:退出\n 请选择:"
    read CHOICE_SYSTEM
    case ${CHOICE_SYSTEM} in
        1)
            printf "\t开始安装 Salt-Master:\n" |tee -a ${LOGFILE}
            yum -y install salt-master |tee -a ${LOGFILE}
            if [ $? == "0" ]; then
                 LOCAL_IP=`ifconfig|grep broadcast|awk '{print $2}'`;
                 CONFIG_FILE="/etc/salt/master";
                 if [ -f ${CONFIG_FILE} ]; then
                     printf "\t 服务端:Salt-Master安装......[\033[32m 成功 \-33[0m ]\n" |tee -a ${LOGFILE}
                     printf "\t \n开始配置:\n" |tee -a ${LOGFILE}
                     cp /etc/salt/master /etc/salt/master-example
                     sed -i 's/#interface/interface/g' ${CONFIG_FILE}
                     printf "#################################\n" |tee -a ${LOGFILE}
                     egrep -v "^#|^$" /etc/salt/master |tee -a ${LOGFILE}
                     printf "#################################\n" |tee -a ${LOGFILE}
                     printf "\n 配置安全认证:\n" |tee -a ${LOGFILE}
                     printf "\n \033[31m (默认允许所有Pending的公钥;)\033[0m\n" |tee -a ${LOGFILE}
                     salt-key -A && salt-key -L
                     printf "\n 安全认证配置.......[ \033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
                     printf "\n 开始启动 Salt-Master\n" |tee -a ${LOGFILE}
                     service salt-master start
                     PID=`cat /var/run/salt-master.pid`
                     if [ ! -z ${PID} ]; then
                          printf "\n \t Salt-Master启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
                          printf "\t是否设置开机启动:\n"
                          printf "\t(默认设置:Yes)\n"
                          read -t 5 -p "[yes/no]:" DEFAULT_START
                          case "${DEFAULT_START}" in
                              y|Y|YES|yes)
                                  chkconfig salt-master on
                                  printf "\n \t Salt-Master开机默认启动设置.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
                              ;;
                              n|N|no|NO)
                                  printf "\t您未设置服务开机默认启动,请手动设置:\"chkconfig salt-master on\" \n"
                              ;;
                              *)
                                  chkconfig salt-master on
                                  printf "\n \t Salt-Master开机默认启动设置.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
                              ;;
                          esac
                          for((i=0;i<6;i++)); do
                               printf "* \n"
                               sleep 0.8
                          done
                          printf "\n \033[32m 恭喜您!SaltStack 服务器端已经安装成功!\033[0m \n"
                          exit 0
                     else
                          printf "\n \t Salt-Master启动.......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
                     fi
                 else              
                     printf "\t \033[31m 服务端未正确安装,请重新安装!\033[0m \n"
                     exit 1
                 fi

            else
                 printf "\t 服务端:salt-master安装......[\033[31m 失败 \-33[0m ]\n" |tee -a ${LOGFILE}
                 exit 1
            fi
        ;;

        2)
            printf "\t开始安装 Salt-Minion:\n" |tee -a ${LOGFILE}
            yum -y install salt-minion
            if [ $? == "0" ]; then
                 CONFIG_FILE="/etc/salt/minion";
                 if [ -f ${CONFIG_FILE} ]; then
                     printf "\t 客户端:Salt-Minion安装......[\033[32m 成功 \-33[0m ]\n" |tee -a ${LOGFILE}
                     printf "\t \n开始配置:\n" |tee -a ${LOGFILE}
                     cp /etc/salt/minion /etc/salt/minion-example
                     read -p "请输入Salt-Master服务器IP地址:" SERVER_IP
                     sed -i "s/#master: salt/master: ${SERVER_IP}/g" ${CONFIG_FILE}
                     printf "#################################\n" |tee -a ${LOGFILE}
                     egrep -v "^#|^$" /etc/salt/minion |tee -a ${LOGFILE}
                     printf "#################################\n" |tee -a ${LOGFILE}
                     service salt-minion start
                     PID=`cat /var/run/salt-minion.pid`
                     if [ ! -z ${PID} ]; then
                          printf "\n \t Salt-Minion启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
                          printf "\t是否设置开机启动:\n"
                          printf "\t(默认设置:Yes)\n"
                          read -t 5 -p "[yes/no]:" DEFAULT_START
                          case "${DEFAULT_START}" in
                              y|Y|YES|yes)
                                  chkconfig salt-minion on
                                  printf "\n \t Salt-Minion启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
                              ;;
                              n|N|no|NO)
                                  printf "\t您未设置服务开机默认启动,请手动设置:\"chkconfig salt-minion on\" \n"
                              ;;
                              *)
                                  chkconfig salt-minion on
                                  printf "\n \t Salt-Minion启动.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
                              ;;
                          esac
                          for((i=0;i<6;i++)); do
                               printf "* \n"
                               sleep 0.8
                          done
                          printf "\n \033[32m 恭喜您!SaltStack 客户端已经安装成功!\033[0m \n"
                          exit 0
                     else
                          printf "\n \t Salt-Minion启动.......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
                          exit 1
                     fi
                 else
                      printf "\t 客户端:Salt-Minion安装......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
                      exit 1
                 fi
            else
                 printf "\t 客户端:Salt-Minion安装......[\033[31m 失败 \033[0m ]\n" |tee -a ${LOGFILE}
                 exit 1
            fi
        ;;

        q|Q|quit|exit)
            exit 0
        ;;
        *)
            install_salt;
        ;;
    esac
}

ready;

注: 到此所有的部署均已经完成,在此搭建过程中遇到任何问题可以发送邮件至:[email protected]