首先下载并安装 epel 源,执行以下指令,将 epel.repo 存储到/etc/yum.repos.d 目录下。
wget –o /etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-6.repo
一、安装 Saltstack master 主机
yum install salt-master
安装完成后,输入 chkconfig salt-master on 将 master 服务加入到开机启动项,这样每次系统启动,都会自动加载 master 服务。
输入 service salt-master start 启动 master 服务。
之后通过 netstat –antp 查询服务状态,结果如图 6 所示。【端口4505 4506】netstat –antp|more
二、Minion 角色的安装
yum install salt-minion
安装完成后,输入 chkconfig salt-minion on,将 minion 服务加入到开机启动项,这样每次系统启动,都会自动加载 minion 服务。
输入 service salt-minion start,启动 minion 服务。
之后通过 netstat –antp 查询服务状态。 netstat –antp|more
三、配置
Minion 端配置:
客户端要想被 master 管理,需要修改其配置文件,将服务器指向到 Master 的地址。其配置文件位于/etc/salt/目录下,名为 minion,通过 vi 工具修改 【master: x.x.x.x】
配置完成后,保存并通过 service salt-minon restart 命令重启 minion 服务。
Master 端配置:
Error: Package: salt-2015.5.10-2.el7.noarch (epel)
Requires: python-requests
Error: Package: salt-2015.5.10-2.el7.noarch (epel)
Requires: m2crypto
Error: Package: salt-2015.5.10-2.el7.noarch (epel)
Requires: PyYAML
Error: Package: salt-master-2015.5.10-2.el7.noarch (epel)
Requires: systemd-python
Error: Package: salt-2015.5.10-2.el7.noarch (epel)
Requires: yum-utils
Error: Package: salt-2015.5.10-2.el7.noarch (epel)
Requires: systemd-python
Error: Package: salt-2015.5.10-2.el7.noarch (epel)
Requires: python-jinja2
1、获取key
[root@controller2 ~]# wget -c http://repo.saltstack.com/yum/redhat/7.2/x86_64/latest/SALTSTACK-GPG-KEY.pub
【wget 不好用就用vim 直接编辑文件,文件内容如下】
[root@controller2 ~]# rpm --import SALTSTACK-GPG-KEY.pub
[root@controller2 yum.repos.d]# cat /root/SALTSTACK-GPG-KEY.pub
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
MA==
=dtMN
-----END PGP PUBLIC KEY BLOCK-----
2、配置源
[root@controller2 yum.repos.d]# vim saltstack.repo
[saltstack]
name=SaltStack latest Release Channel for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/7/$basearch/latest/
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/7/$basearch/latest/SALTSTACK-GPG-KEY.pub
enabled=1
enabled_metadata=1
3、安装salt-master
[root@controller2 yum.repos.d]# yum install salt-master
systemctl enable salt-master
systemctl start salt-master
4、安装salt-minion
【依赖包的安装依赖了mitaka源】
配置salt-minion
vim /etc/salt/minion
master: 172.16.142.45
systemctl enable salt-minion
systemctl start salt-minion
查看服务
[root@controller2 yum.repos.d]# netstat -antp|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 998/sshd
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2570/python
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2123/master
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 2588/python
tcp 0 0 172.16.142.45:22 172.16.142.133:58641 ESTABLISHED 2205/sshd: root@not
tcp 0 0 172.16.142.45:49146 172.30.120.146:80 TIME_WAIT -
tcp 0 0 172.16.142.45:49147 172.30.120.146:80 TIME_WAIT -
tcp 0 52 172.16.142.45:22 172.16.142.133:58593 ESTABLISHED 2145/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 998/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2123/master
[root@controller1 ~]# netstat -natp|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 991/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2119/master
tcp 0 0 172.16.142.127:60505 172.30.120.146:80 TIME_WAIT -
tcp 0 0 172.16.142.127:60504 172.30.120.146:80 TIME_WAIT -
tcp 0 52 172.16.142.127:22 172.16.142.133:58873 ESTABLISHED 2142/sshd: root@pts
tcp 0 0 172.16.142.127:22 172.16.142.133:58885 ESTABLISHED 2171/sshd: root@not
tcp6 0 0 :::22 :::* LISTEN 991/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2119/master
service salt-master restart 【所以master节点也得重启才能正常识别到minion】
详细配置:
salt-master 配置 http://blog.csdn.net/zhs2014150551/article/details/48951581
interface: 172.16.142.45
http://www.cnblogs.com/lgeng/p/6567424.html 示例
[CRITICAL] The Salt Master has rejected this minion's public key!
To repair this issue, delete the public key for this minion on the Salt Master and restart this minion.
Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.
http://www.itkeyword.com/doc/5750437542125766x689 操作验证流程
salt-key -A
salt-key -L
rm -f /etc/salt/pki/master/minions/172.16.142.127
salt "*" cmd.run "df -h"
salt-minion -l debug 调试模式启动
salt-key证书管理
master端证书存放路径:/etc/salt/pki/master/minions
salt-key -L #查询所有接收到的证书
salt-key -a <证书名> #接收单个证书
salt-key -A #接受所有证书
salt-key -d <证书名> #删除单个证书
salt-key -D #删除所有证书
[root@controller2 ~]# salt '*' test.ping
controller2:
True
controller1:
Minion did not return. [Not connected]
[root@controller2 ~]#
[root@controller2 ~]# salt '*' cmd.run 'df -h'
controller2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos_controller2-root 18G 1.2G 17G 7% /
devtmpfs 3.8G 0 3.8G 0% /dev
tmpfs 3.8G 16K 3.8G 1% /dev/shm
tmpfs 3.8G 8.4M 3.8G 1% /run
tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup
/dev/sda1 497M 124M 374M 25% /boot
tmpfs 764M 0 764M 0% /run/user/0
controller1:
Minion did not return. [Not connected]
[root@controller2 ~]#
[root@controller2 ~]# salt '*' cmd.script salt://hello.sh
controller2:
----------
cache_error:
True
pid:
0
retcode:
1
stderr:
stdout:
controller1:
Minion did not return. [Not connected]
[root@controller2 ~]#
常用功能
salt '*' test.ping
#*为匹配所有主机,test.ping为salt一个函数,注:*号是正则,若分了多个组,可以类似于web*,只匹配web服务器
salt '*' cmd.run 'df -h'
#查看所有主机的磁盘信息,cmd.run执行单个命令
salt '*' cmd.script salt://hello.sh
salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
#cmd.script执行一个脚本,即把本地脚本拷贝到远程主机上执行,hello.sh要放在指定的文件存放路径,默认是/srv/salt/
salt '*' state.highstate
#向客户端推送master端配置。
salt '*' cmd.run 'df -h ' -t 5
#超时控制
执行远程命令
在cn-gd-gz-0001这台客户端执行命令uname –a
salt 'cn-gd-gz-0001' cmd.run 'uname -a'