什么是SaltStack

SaltStack管理工具允许管理员对多个操作系统创建一个一致的管理系统

实验环境准备

名称 角色 地址
centos7-min master 192.168.142.172
centos7-min2 client 192.168.142.110

实验步骤

一、主服务器——控制节点

安装epel源并安装控制端

yum install -y epel-release  //安装epel源

yum -y install salt-master   //安装控制端

修改控制端主配置文件

vi /etc/salt/master
//修改如下:
15行 interface: 192.168.142.172   //监听地址
215行 auto_accept: True        //避免要运行salt-key来确认证书认证
416行 file_roots:
          base:
          - /srv/salt           //saltstack文件根目录位置,目录需要手动进行创建
710行组分类:(这里实验环境只有一台客户端,仅设置一个即可)
nodegroups:
  group1: 'web01.saltstack.com'

552行 pillar_opts: True        //开启pillar功能,同步文件功能
529行 
pillar_roots:
          base:
          - /srv/pillar         //pillar的主目录,需要手动进行创建

建立salt&pillar目录

mkdir /srv/salt
mkdir /srv/pillar

启动服务并关闭核心防护功能

systemctl start salt-master
systemctl enable salt-master
//关闭核心功能
setenforce 0

检测服务启动状况

netstat -anpt | egrep '4505|4506'
//4505为salt的消息发布专用端口;
//4506为客户端与服务端通信的端口
tcp        0      0 192.168.142.172:4505    0.0.0.0:*               LISTEN      13692/python
tcp        0      0 192.168.142.172:4506    0.0.0.0:*               LISTEN      13704/python
tcp        0      0 192.168.142.172:4506    192.168.142.110:36688   ESTABLISHED 13704/python
tcp        0      0 192.168.142.172:4505    192.168.142.110:57042   ESTABLISHED 13692/python

二、从服务器——被控制节点

安装epel源并安装被控制端

yum install -y epel-release  //安装epel源

yum -y install salt-minion   //安装被控制端

修改被控端配置文件

vi /etc/salt/minion
//修改配置如下:
16行 master: 192.168.172.142     //指定主控端IP
78行 id: web01.saltstack.com     //指定被控端主机名

启动服务

//启动被控端服务
systemctl start salt-minion

在主控端进行检查

//在主控端测试与被控端的通信状态(*号代表所有被控主机)
salt '*' test.ping
web01.saltstack.com:
    True

//检查密钥情况
salt-key -L
Accepted Keys:
web01.saltstack.com
Denied Keys:
Unaccepted Keys:
web01.saltstack.com
Rejected Keys:

注意:

检查时出现以下情况:
Salt request timed out. The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased.
请自行检查配置文件格式或者重启服务器。

三、批量部署Apache

以下所有操作均在master端进行

cd /srv/salt/
vim top.sls
//按下图进行添加
base:
  '*':
    - apache
//在所有的客户端执行apache模块

vim apache.sls
//按下图进行添加
apache-service:
  pkg.installed:
    - names:
      - httpd
      - httpd-devel
  service.running:
    - name: httpd
    - enable: True

//重启服务
systemctl restart salt-master.service

//执行批量部署命令
salt '*' state.highstate
//执行完成后出现以下信息即为成功
web01.saltstack.com:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: The following packages were installed/updated: httpd
     Started: 15:04:51.323952
    Duration: 40217.299 ms
     Changes:
              ----------
              apr:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              httpd:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              mailcap:
                  ----------
                  new:
                      2.1.41-2.el7
                  old:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 15:05:31.545046
    Duration: 16876.92 ms
     Changes:
              ----------
              apr-devel:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util-devel:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              cyrus-sasl:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-devel:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              cyrus-sasl-gssapi:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-lib:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-md5:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-plain:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-scram:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              expat-devel:
                  ----------
                  new:
                      2.1.0-10.el7_3
                  old:
              httpd-devel:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              libdb:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-20.el7
              libdb-devel:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
              libdb-utils:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-20.el7
              openldap:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
                      2.4.44-5.el7
              openldap-devel:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 15:05:48.459684
    Duration: 1822.995 ms
     Changes:
              ----------
              httpd:
                  True

Summary
------------
Succeeded: 3 (changed=3)
Failed:    0

四、检查试验结果

web01:

[root@web01 ~]# rpm -q httpd
httpd-2.4.6-90.el7.centos.x86_64
[root@web01 ~]# netstat -ntap | grep 80
tcp6       0      0 :::80                   :::*                  LISTEN      6

感谢阅读~~