master:
查看主机解析(如果内网有自己的DNS主从,那就更省事情了)
[root@master ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.140mastermaster.saltstack.com 10.10.10.141node01node01.saltstack.com 10.10.10.142node02node02.saltstack.com
安装外部epel源,然后安装salt-master
[root@master ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@master ~]# yum -y install salt-master [root@master ~]# /etc/init.d/salt-master start Starting salt-master daemon: [确定] [root@master ~]# chkconfig --add salt-master [root@master ~]# chkconfig salt-master on [root@master ~]# chkconfig --list | grep salt-master salt-master 0:关闭1:关闭2:启用3:启用4:启用5:启用6:关闭 [root@master ~]# netstat -tunlp | grep python tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2907/python2.6 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 2927/python2.6
备注:
a) SaltStack是基于python进行开发,server端监听的是4505以及4506两个端口
b) SaltStack master启动后默认监听4505和4506两个端口。4505(publish_port)为saltstack的消息发布系统,4506(ret_port)为saltstack客户端与服务端通信的端口。
c) 如果使用lsof 查看4505端口,会发现所有的minion在4505端口持续保持在ESTABLISHED状态。
[root@master ~]# lsof -i :4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2907 root 12u IPv4 16492 0t0 TCP *:4505 (LISTEN) [root@master ~]# lsof -i :4506 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 2927 root 20u IPv4 16519 0t0 TCP *:4506 (LISTEN)
进入salt的目录,查看目录结构:
[root@master ~]# cd /etc/salt/ [root@master salt]# tree . ├── master ├── pki │ └── master │ ├── master.pem │ ├── master.pub │ ├── minions │ ├── minions_autosign │ ├── minions_denied │ ├── minions_pre │ ├── minions_rejected │ └── ssh │ ├── salt-ssh.rsa │ └── salt-ssh.rsa.pub ├── roster ├── roster.bak └── roster.org 8 directories, 8 files
备注:/etc/salt/master这个文件,为saltstack master的主配置文件
salt master端的几个重要命令说明:
[root@master ~]# rpm -ql salt-master /etc/rc.d/init.d/salt-master # salt-master服务器启动脚本 /etc/salt/master # salt master配置文件 /usr/bin/salt # salt master核心操作命令 /usr/bin/salt-cp # salt文件传输命令 /usr/bin/salt-key # salt证书管理命令 /usr/bin/salt-master # salt master服务命令 /usr/bin/salt-run # salt master runner命令 /usr/bin/salt-unity /usr/share/man/man1/salt-cp.1.gz /usr/share/man/man1/salt-key.1.gz /usr/share/man/man1/salt-master.1.gz /usr/share/man/man1/salt-run.1.gz /usr/share/man/man1/salt-unity.1.gz /usr/share/man/man7/salt.7.gz
minion:
安装和配置minion端
[root@node01 ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@node01 ~]# yum -y install salt-minion [root@node01 ~]# /etc/init.d/salt-minion start Starting salt-minion daemon: [确定] [root@node01 ~]# chkconfig --list | grep salt salt-minion 0:关闭1:关闭2:启用3:启用4:启用5:启用6:关闭 [root@node01 ~]# tree /etc/salt/ /etc/salt/ ├── minion ├── minion.d ├── minion_id └── pki └── minion ├── minion.pem └── minion.pub 3 directories, 4 files You have new mail in /var/spool/mail/root [root@node01 ~]# cd /etc/salt/
修改前备份minion端配置文件(运维要养成好习惯)
[root@node01 salt]# cp minion minion.bak 设置master的名称:(这里也可以写为master: 10.10.10.140) [root@node01 salt]# sed -i "16s/#master: salt/master: master.saltstack.com/" /etc/salt/minion 设置minion端的ID [root@node01 salt]# sed -i "78s/#id:/id: minion.saltstack.com/" /etc/salt/minion [root@node01 salt]# diff /etc/salt/minion /etc/salt/minion.bak 16c16 < master: master.saltstack.com --- > #master: salt 78c78 < id: node01.saltstack.com --- > #id: [root@node01 salt]# egrep -v '#|^$' /etc/salt/minion |uniq id: node01.saltstack.com [root@node01 salt]# /etc/init.d/salt-minion restart Stopping salt-minion daemon: [确定] Starting salt-minion daemon: [确定]
在master端接受指定的key:
[root@master ~]# salt-key -L Accepted Keys: Denied Keys: Unaccepted Keys: node01.saltstack.com Rejected Keys: 说明:使用salt-key -L表明查看key的信息 [root@master ~]# salt-key -a node01.saltstack.com The following keys are going to be accepted: Unaccepted Keys: node01.saltstack.com Proceed? [n/Y] Y Key for minion node01.saltstack.com accepted. 说明:如上所示,在服务端允许node01.saltstack.com成为被信任的key [root@master ~]# salt-key -L Accepted Keys: node01.saltstack.com Denied Keys: Unaccepted Keys: Rejected Keys:
salt minion端的几个重要命令说明:
[root@node01 ~]# rpm -ql salt-minion /etc/rc.d/init.d/salt-minion # salt minion服务启动脚本 /etc/salt/minion # salt minion配置文件 /usr/bin/salt-call # salt call拉取命令 /usr/bin/salt-minion # salt minion服务命令 /usr/share/man/man1/salt-call.1.gz /usr/share/man/man1/salt-minion.1.gz
使用salt推送几个常用的命令进行测试:
[root@master ~]# salt '*' test.ping node01.saltstack.com: True 说明:返回值为True,表明执行的结果是正确的 [root@master ~]# salt 'node01.saltstack.com' cmd.run 'df -h' node01.saltstack.com: Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 8.4G 4.5G 66% / tmpfs 932M 84K 932M 1% /dev/shm /dev/sda1 190M 42M 139M 23% /boot /dev/sda3 2.0G 18M 1.8G 1% /tmp [root@master ~]# salt 'node01.saltstack.com' cmd.run 'ntpdate -u 10.203.10.20' node01.saltstack.com: 15 Feb 13:37:12 ntpdate[9245]: step time server 10.203.10.20 offset -28800.128648 sec
补充信息:salt-cp是个非常常用的命令,下面举例说明下常见的用法
[root@master ~]# echo "welcome to China">>test.txt [root@master ~]# salt-cp '*' test.txt /tmp/ {'node01.saltstack.com': {'/tmp/test.txt': True}, 'node02.saltstack.com': {'/tmp/test.txt': True}} [root@master ~]# salt '*' cmd.run 'cat /tmp/test.txt' node01.saltstack.com: welcome to China node02.saltstack.com: welcome to China [root@master ~]# salt-cp -E 'node[0-9][1-9].saltstack.com' test.txt /tmp/test2.txt {'node01.saltstack.com': {'/tmp/test2.txt': True}, 'node02.saltstack.com': {'/tmp/test2.txt': True}} [root@master ~]# salt-cp -G 'os:CentOS' test.txt /tmp/test3.txt {'node01.saltstack.com': {'/tmp/test3.txt': True}, 'node02.saltstack.com': {'/tmp/test3.txt': True}}
到此,salt的master以及minion端的安装就已完成