saltstack是一个功能强大的自动化运维软件。
有三种模式
1)本地模式(local),不需要启动进程,只要配置文件就可以写出来
2)master minion 模式
3)代理模式(syndic)
4)ssh模式
我们本次主要使用的是master minion模式
master –> minion 模式:
master默认—->监听本地所有网络接口
长连接
发布订阅系统:4505端口
minion端只做订阅(pub推送、sub接收)
4506端口:专门用于接收minion端的返回值
1.yum仓库的搭建:
vim /etc/yum.repos.d/rhel-source.repo
[rhel6.5]
name=Red Hat
baseurl=http://172.25.254.40/rhel6.5
gpgcheck=0
[salt]
name=salt
baseurl=ftp://172.25.254.250/pub/docs/saltstack/rhel6
gpgcheck=0
yum仓库中新增加的文件有
PyYAML-3.11-1.el6.x86_64.rpm
libyaml-0.1.3-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-crypto-debuginfo-2.6.1-3.el6.x86_64.rpm
python-enum34-1.0-4.el6.noarch.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-impacket-0.9.14-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-setproctitle-1.1.7-2.el6.x86_64.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
repodata
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm
随后在几个主机之间做好解析
vim /etc/hosts
4 172.25.254.143 server2
5 172.25.254.145 server3
6 172.25.254.146 server5
在两个minion端
安装minion
yum install salt-minion -y
修改配置文件
vim /etc/salt/master
16 master: server2 #修改为master主机名
开启服务
/etc/init.d/salt-minion start
master端
修改配置文件如下
vim /etc/salt/master
534 file_roots:
535 base:
536 - /srv/salt
salt '*' test.ping #查看并发现minion主机
salt-key -A #添加认证
salt-key -L #查看已经认证的minion主机
Accepted Keys:
server3
server5
Denied Keys:
Unaccepted Keys:
Rejected Keys:
校验码的查看(判别文件是否更改)
cd /etc/salt/pki/master/
md5sum master.pub
6320641fbe72d9f9b4fc43cef7cd33da master.pubcd
md5sum minion/minion_master.pub
6320641fbe72d9f9b4fc43cef7cd33da minion/minion_master.pub
相互交换公钥用来做加密解密
实例:apache的安装脚本
httpd:
pkg.installed
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- require:
- pkg: httpd
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
安装检测:
salt server3 state.sls httpd.apache
实例:nginx的安装脚本:
nginx-install:
user.present:
- name: nginx
- uid: 800
- shell: /sbin/nologin
- createhome: False
- home: /usr/local/nginx
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module && make && make install
- creates: /usr/local/nginx
- require:
- pkg: nginx-install
- file: nginx-install
- user: nginx-install
安装检测:
salt server3 state.sls nginx.install