salt使用
一、安装二、配置启动:
/etc/init.d/salt-master start
tree /etc/salt/
/etc/salt/
├── master
├── minion
└── pki
└── master
├── master.pem
├── master.pub
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
1、修改minion配置文件:
vim /etc/salt/minion
https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gifhttps://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif
#master: salt
master: 192.168.56.11 #(建议能够解析,使用域名)
#id: #(指定minion的ID,不指定就为主机的FQDN名)
View Code /etc/init.d/salt-minion start
2、master与minion通信:密钥通信 (minion将公钥发给master,master将minion公钥保存在pki/master/minions_pre/,并已ID命名)
minion:
tree
.
├── minion
├── minion.d
├── minion_id
└── pki
└── minion
├── minion.pem
└── minion.pub
当minion的ID是主机名时:主机房不能变
cat minion_id
ec2-52-33-196-199.us-west-2.compute.amazonaws.com
master:
# tree
.
├── master
├── minion
├── minion.d
├── minion_id
└── pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre
│ │ ├── ec2-52-33-196-199.us-west-2.compute.amazonaws.com
│ │ └── gitlab-test
│ └── minions_rejected
└── minion
├── minion.pem
└── minion.pub
master进行密钥认证:
salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
ec2-52-33-196-199.us-west-2.compute.amazonaws.com
gitlab-test
Rejected Keys:
# salt-key -a 'e*'
The following keys are going to be accepted:
Unaccepted Keys:
ec2-52-33-196-199.us-west-2.compute.amazonaws.com
Proceed? y
Key for minion ec2-52-33-196-199.us-west-2.compute.amazonaws.com accepted.
# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
gitlab-test
Proceed? y
Key for minion gitlab-test accepted.
# salt-key
Accepted Keys:
ec2-52-33-196-199.us-west-2.compute.amazonaws.com
gitlab-test
Denied Keys:
Unaccepted Keys:
Rejected Keys:
认证后:(master将公钥保存在pki/master/minions/,minion将master公钥保存在pki/minion/minion_master.pub)【修改minionID需要:1先听minion服务;2salt-key -d minion-ID;3到minion服务器上删除PKI目录,再删除minion_id文件;4最后修改minion的id】
minion:
tree
.
├── minion
├── minion.d
│ └── _schedule.conf
├── minion_id
└── pki
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
master:
# tree
.
├── master
├── minion
├── minion.d
│ └── _schedule.conf
├── minion_id
└── pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ │ ├── ec2-52-33-196-199.us-west-2.compute.amazonaws.com
│ │ └── gitlab-test
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre
│ └── minions_rejected
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
修改master:
salt定义file_server
vim /etc/salt/master
https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gifhttps://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif
file_roots: base:
- /srv/salt/base dev:
- /srv/salt/dev test:
- /srv/salt/test prod:
- /srv/salt/prod
View Code mkdir -p /srv/salt/{base,test,dev,prod}
salt-ssh使用:
1、安装软件包:
yum -y install salt-ssh
cd /etc/salt/
2、编辑配置:
vim roster
https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gifhttps://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif
centos6.com:
host: 192.168.140.71
user: root
passwd: 123.com
port: 22
gitlab-test:
host: 192.168.140.75
user: root
passwd: 1234.com
port: 22
View Code salt-ssh '*' test.ping
gitlab-test:
True
centos6.com:
True
免交互SSH登录:
vim .ssh/config
StrictHostKeyChecking no
页:
[1]