saltstack1 安装及基础操作
saltstack常用网址:官方网站:http://www.saltstack.com
官方文档:http://docs.saltstack.com
GitHub:http://github.com/saltstack
中国SaltStack用户组:http://www.saltstack.cn
saltstack运行方式:
local
mater/minion
salt ssh
saltstack三个功能:
远程执行
配置管理
云管理
master端:10.20.23.144
minion端:10.20.23.144 10.20.23.145
####所有主机名一定可以被解析,这里只列出了master端,minion端也一样###
# hostname
linux-node1
# ping linux-node1
PING linux-node1 (10.20.23.144) 56(84) bytes of data.
64 bytes from linux-node1 (10.20.23.144): icmp_seq=1 ttl=64 time=0.058 ms
64 bytes from linux-node1 (10.20.23.144): icmp_seq=2 ttl=64 time=0.034 ms
# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.20.23.144 linux-node1
10.20.23.145 linux-node2
###服务端###
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install salt-master -y
chkconfig salt-master on
/etc/init.d/salt-master start
###客户端###
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install salt-minion -y
chkconfig salt-minion on
vim /etc/salt/minion
master: 10.20.23.144
##保存退出
/etc/init.d/salt-minion start
###服务端###
# lsof -i:4505
COMMAND PID USER FD TYPE DEVICE> salt-mast 1107 root 12uIPv412007 0t0TCP *:4505 (LISTEN)
# lsof -i:4506
COMMAND PID USER FD TYPE DEVICE> salt-mast 1126 root 20uIPv412036 0t0TCP *:4506 (LISTEN)
# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node1
linux-node2
Rejected Keys:
# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1
linux-node2
Proceed? Y
Key for minion linux-node1 accepted.
# salt-key
Accepted Keys:
linux-node1
linux-node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
下面我们看下saltstackminion端和master端的认证:
# cd /etc/salt/
# ll
总用量 36
-rw-r-----. 1 root root 26392 10月 23 00:37 minion
drwxr-xr-x. 2 root root4096 10月 25 21:57 minion.d
drwxr-xr-x. 4 root root4096 10月 22 23:19 pki
# cd pki/
# ls
masterminion
# cd minion/
# ll
总用量 12
-rw-r--r--. 1 root root451 10月 25 21:57 minion_master.pub
-r--------. 1 root root 1679 10月 22 23:19 minion.pem
-rw-r--r--. 1 root root451 10月 22 23:19 minion.pub
# pwd
/etc/salt/pki/minion
###minion端在第一次启动时会在/etc/salt/pki/minion目录下生成两个key,一个私钥minion.pem,一个公钥minion.pub,会把公钥发给master
# cd /etc/salt/
# ll
总用量 40
-rw-r-----. 1 root root 29435 10月 25 22:43 master
drwxr-xr-x. 3 root root4096 10月 22 19:11 pki
drwxr-xr-x. 4 root root4096 10月 25 23:19 states
# cat minion.saltstack.com
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYHuuZiEwXQg9QFnoUOo
q8rQYLV8EZt2YgljEY8SUggJlN4Hp4gJQeTwGZASdpbh/sAaP8KH/zoxXa1cX+uf
qOObV8k7BY0Ug8NNPa5CByHgGbiAYPthQq7ASm8DZvAt3JAgBOVzwq6U8tle4u/i
vsR+uZ9X0oCZDH/dnuZG1qnaIPvRF+KYHPL1qGmIS1kfH8RizB1uXm2l6Kr1jMzN
nN+fjG5J1ofM/Ku4RcSud2IKXBLp6hrVjXgP1gddsgDFBd7VoClY2Ti3vA1EwpBL
ZoyIz1DuhP27pD4ZrxG7etx1ZsXGsy15gmteWQ09H/NQ1hvzRHpwuHAyvjaGGjNb
gwIDAQAB
-----END PUBLIC KEY-----
# pwd
/etc/salt/pki/master/minions
# ll
总用量 12
-rw-r--r--. 1 root root451 10月 25 21:57 minion_master.pub
-r--------. 1 root root 1679 10月 22 23:19 minion.pem
-rw-r--r--. 1 root root451 10月 22 23:19 minion.pub
# pwd
/etc/salt/pki/minion
# cat minion.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYHuuZiEwXQg9QFnoUOo
q8rQYLV8EZt2YgljEY8SUggJlN4Hp4gJQeTwGZASdpbh/sAaP8KH/zoxXa1cX+uf
qOObV8k7BY0Ug8NNPa5CByHgGbiAYPthQq7ASm8DZvAt3JAgBOVzwq6U8tle4u/i
vsR+uZ9X0oCZDH/dnuZG1qnaIPvRF+KYHPL1qGmIS1kfH8RizB1uXm2l6Kr1jMzN
nN+fjG5J1ofM/Ku4RcSud2IKXBLp6hrVjXgP1gddsgDFBd7VoClY2Ti3vA1EwpBL
ZoyIz1DuhP27pD4ZrxG7etx1ZsXGsy15gmteWQ09H/NQ1hvzRHpwuHAyvjaGGjNb
gwIDAQAB
-----END PUBLIC KEY-----
###minion端的公钥会传递给master端,即minion.saltstack.com即为minion端传递过去的minion.pub 。
###master端公钥同时也会传递给minion端,即:
# pwd
/etc/salt/pki/minion
# cat minion_master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS2k2LCyWaN4crvTziIH
vqpR47an/TPkzMMLLzZSfMcIED+2eYAAZ1HSO2HuifPrCuWaLIsV3iwL/gwPAfvF
kuwNyncz/mkJfCvB4ZupqTHKxWGlS3YM+uKxAT1pWMn44xMTK7OC22jsYfWpRYEY
feXYCmoLR7BRQi+1OaBSEoUSBkIkpGZDoHbucsKd9H2nUb+TmoDZDuxyZcs9CQPw
CCfRW6rl7a9iRgXbxZu0uwonon6xM2RL3bTDv9EdvO/N+pSYQEdkMGvrawxf8ThW
2mzdJVS+pxE1nL4gwpnVxxmoeEY4S41+tHVFwdZ5nhtxHtP+wdlHn5K+YQfxCZyM
sQIDAQAB
-----END PUBLIC KEY-----
# ll
总用量 28
-r--------. 1 root root 1679 10月 22 19:11 master.pem
-rw-r--r--. 1 root root451 10月 22 19:11 master.pub
drwxr-xr-x. 2 root root 4096 10月 25 21:57 minions
drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_autosign
drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_denied
drwxr-xr-x. 2 root root 4096 10月 25 21:57 minions_pre
drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_rejected
# pwd
/etc/salt/pki/master
# cat master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS2k2LCyWaN4crvTziIH
vqpR47an/TPkzMMLLzZSfMcIED+2eYAAZ1HSO2HuifPrCuWaLIsV3iwL/gwPAfvF
kuwNyncz/mkJfCvB4ZupqTHKxWGlS3YM+uKxAT1pWMn44xMTK7OC22jsYfWpRYEY
feXYCmoLR7BRQi+1OaBSEoUSBkIkpGZDoHbucsKd9H2nUb+TmoDZDuxyZcs9CQPw
CCfRW6rl7a9iRgXbxZu0uwonon6xM2RL3bTDv9EdvO/N+pSYQEdkMGvrawxf8ThW
2mzdJVS+pxE1nL4gwpnVxxmoeEY4S41+tHVFwdZ5nhtxHtP+wdlHn5K+YQfxCZyM
sQIDAQAB
-----END PUBLIC KEY-----
###这样就实现了master端和minion端的认证###
# salt '*' test.ping
linux-node1:
True
linux-node2:
True
# salt '*' cmd.run 'uptime'
linux-node1:
21:48:22 up2:49,2 users,load average: 0.00, 0.00, 0.00
linux-node2:
21:48:22 up2:47,1 user,load average: 1.64, 1.56, 1.47
saltstack的配置管理:
salt-master端:
vim /etc/salt/master
416 file_roots:
417 base:
418 - /srv/salt
##保存退出
mkdir /srv/salt
/etc/init.d/salt-master restart
# cd /srv/salt
# vim apache.sls
apache-install:
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service:
service.running:
- name: httpd
- enable: True
-> # salt '*' state.sls apache
##上条语句中的apache就是一个状态,,若是有多个状态呢 ??我们就可以使用高级状态salt '*' state.highstate,,高级状态有一个入口文件top.sls(必须放在base环境下),这个入口文件里写着这个机器有这些状态,,,那些机器有那些状态,,这样执行语句时就不用指定状态了,,直接写在top入口文件里即可。。
页:
[1]