基于salt-syndic安装部署saltstack 实现多级master以及实现saltsatck的web界面halite

于salt-syndic的saltstack架构图

系统环境：

[root@js01 halite]# uname -srmi

Linux 2.6.18-308.el5 x86_64 x86_64

[root@js01 halite]# cat /etc/issue

Red Hat Enterprise Linux Server release 5.8 (Tikanga)

配置yum源

[root@js01 halite]# vim /etc/yum.repos.d/salt.repo 

[saltstack-repo]

name=SaltStack repo for RHEL/CentOS $releasever

baseurl=http://repo.saltstack.com/yum/redhat/5/x86_64/latest/

enabled=1

gpgcheck=0

[saltstack-epel]

name=SaltStack repo for epel

baseurl=http://mirrors.aliyun.com/epel/5/x86_64/

enabled=1

gpgcheck=0

升级python至少需要python2.6版本

解决依赖

# yum update

# yum install gcc 

# yum install zlib-devel.x86_64

# yum install python26-devel.x86_64  python26-ioflo

升级

# wget http://www.python.org/ftp/python/2.6.7/Python-2.6.7.tar.bz2

# tar jxvf Python-2.6.7.tar.bz2

# cd Python-2.6.7

# ./configure --prefix=/usr/local/python26

# make &&　make install

# mv /usr/bin/python  /usr/bin/python.bak

# ln -s /usr/local/python2.6/bin/python2.6 /usr/bin/python

检验python指向是否成功

# python -V

解决系统python软链接指向python2.6版本后，yum不能正常工作

vi /usr/bin/yum

将文本编辑显示的#!/usr/bin/python修改为#!/usr/bin/python2.4，保存修改即可

使salt的yum模块能够正常工作

# vim /usr/bin/repoquery

将文本编辑显示的#!/usr/bin/python -tt修改为#!/usr/bin/python2.4 -tt，保存修改即可

安装salt

IP：10.50.131.28

安装mater

# yum insatll salt-master

修改配置文件/etc/salt/master

default_include: master.d/*.conf

worker_threads: 10

timeout: 20

auto_accept: True

state_events: True

file_roots:

  base:

    - /srv/salt

pillar_roots:

  base:

    - /srv/pillar

order_masters: True

启动master 

[root@js01 halite]# /etc/init.d/salt-master start

验证master是否正常

[root@js01 halite]# netstat -antlp | grep python 

python         

tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      7629/python2.6      

tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      7644/python2.6   

在master的服务器安装minion

# yum insatll salt-minion

修改配置文件/etc/salt/master

master: 10.50.131.29 

id: minion-10-50-131-28

IP:10.50.131.29

安装master

# yum insatll salt-master

配置master

auto_accept: True

syndic_master: 10.50.131.28

启动master 

# /etc/init.d/salt-master start

启动salt-syndic

# /etc/init.d/salt-syndic satrt

安装minion

# yum insatll python26

# yum insatll salt-minion

修改配置文件/etc/salt/minion

 master: 10.50.131.29 

 id: minion-10-50-131-29

启动minion

# /etc/init.d/salt-minion start

验证master和minion

master 10.50.131.28

#  salt-key

Accepted Keys:

minion-10-50-131-28

minion-10.50.131.29

Denied Keys:

Unaccepted Keys:

Rejected Keys:

syndic 10.50.131.29

# salt-key 

Accepted Keys:

minion-10-50-131-28

minion-10.50.131.29

Denied Keys:

Unaccepted Keys:

master 10.50.131.28

# salt '*' test.ping

minion-10.50.131.29:

    True

minion-10-50-131-28:

    True

Rejected Keys:

语法高亮：

安装 vim 语法加亮插件

mkdir ~/.vim/

git clone https://github.com/saltstack/salt-vim.git

mv salt-vim/{ftdetect,ftplugin,syntax} ~/.vim/

配置.vimrc文件

cat >> ~/.vimrc <<EOF

set nocompatible

filetype plugin indent on

set nocompatible

set tabstop=2

set shiftwidth=2

set expandtab

EOF

配置saltsatck的web界面halite

在master安装部署

# yum install python-halite

# pip install -U halite

# pip install paste

# yum install python26-devel

# yum install gcc

# pip install gevent

在master端添加配置文件

在/etc/salt/master.d中加入saltweb.conf,需要用到salt的eauth系统,添加如下配置

[root@js01 halite]# vim /etc/salt/master.d/saltweb.conf 

external_auth:

   pam:

     salt:

     - .*

     - '@runner'

     - '@wheel'

#注解

#你不能在pam登陆中使用root用户; 它会导致认证失败.

有三种方式运行halite

1）

halite:

   level: 'debug'

   server: 'cherrypy'

   host: '0.0.0.0'

   port: '82'

   cors: False

   tls: False

2）

halite:

   level: 'debug'

   server: 'paste'

   host: '0.0.0.0'

   port: '82'

   cors: False

   tls: False

3）

halite:

   level: 'debug'

   server: 'gevent'

   host: '0.0.0.0'

   port: '82'

   cors: False

   tls: False

重启master;

# /etc/init.d/salt-master restart

添加登陆用户

# useradd salt

# echo "salt" | passwd �-stdin salt

建立用户后进行测试

# salt -a pam \*  test.ping

username: salt

password: 

minion-10.50.131.29:

    True

minion-10-50-131-28:

    True

输入用户和密码 如看到minion返回信息 则表示登陆验证成功

然后打开

http://ip:端口/app，通过salt/salt登陆即可

通过web界面执行test.ping 和state.highstate

以下对应salt的模块目录以及对应的sls文件

# tree /srv/salt/

/srv/salt/

|-- httpd.conf

|-- top.sls

`-- web.sls

# vim /srv/salt/top.sls 

base:

    '*':

# vim /srv/salt/web.sls 

nginx:

    service:

        - running

apache:

  pkg.installed:

    {% if grains['os'] == 'RedHat' %}

    - name: httpd

    {% elif grains['os'] == 'Ubuntu' %}

    - name: apache2

    {% endif %}

/etc/httpd/conf/httpd.conf:

  file.managed:

    - source: salt://httpd.conf

    - user: root

    - group: root

    - mode: 644