基于salt-syndic安装部署saltstack 实现多级master以及实现saltsatck的web界面halite

234rr

于salt-syndic的saltstack架构图


系统环境：
[iyunv@js01 halite]# uname -srmi
Linux 2.6.18-308.el5 x86_64 x86_64
[iyunv@js01 halite]# cat /etc/issue
Red Hat Enterprise Linux Server release 5.8 (Tikanga)

配置yum源
[iyunv@js01 halite]# vim /etc/yum.repos.d/salt.repo

[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=http://repo.saltstack.com/yum/redhat/5/x86_64/latest/
enabled=1
gpgcheck=0
[saltstack-epel]
name=SaltStack repo for epel
baseurl=http://mirrors.aliyun.com/epel/5/x86_64/
enabled=1
gpgcheck=0

升级python至少需要python2.6版本
解决依赖
# yum update
# yum install gcc
# yum install zlib-devel.x86_64
# yum install python26-devel.x86_64  python26-ioflo
升级
# wget http://www.python.org/ftp/python/2.6.7/Python-2.6.7.tar.bz2
# tar jxvf Python-2.6.7.tar.bz2
# cd Python-2.6.7
# ./configure --prefix=/usr/local/python26
# make &&　make install
# mv /usr/bin/python  /usr/bin/python.bak
# ln -s /usr/local/python2.6/bin/python2.6 /usr/bin/python
检验python指向是否成功
# python -V
解决系统python软链接指向python2.6版本后，yum不能正常工作
vi /usr/bin/yum
将文本编辑显示的#!/usr/bin/python修改为#!/usr/bin/python2.4，保存修改即可

使salt的yum模块能够正常工作
# vim /usr/bin/repoquery
将文本编辑显示的#!/usr/bin/python -tt修改为#!/usr/bin/python2.4 -tt，保存修改即可

安装salt
IP：10.50.131.28
安装mater
# yum insatll salt-master
修改配置文件/etc/salt/master
default_include: master.d/*.conf
worker_threads: 10
timeout: 20
auto_accept: True
state_events: True
file_roots:
  base:
    - /srv/salt
pillar_roots:
  base:
    - /srv/pillar
order_masters: True
启动master
[iyunv@js01 halite]# /etc/init.d/salt-master start

验证master是否正常
[iyunv@js01 halite]# netstat -antlp | grep python
python         
tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      7629/python2.6      
tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      7644/python2.6   

在master的服务器安装minion
# yum insatll salt-minion

修改配置文件/etc/salt/master
master: 10.50.131.29
id: minion-10-50-131-28
IP:10.50.131.29
安装master
# yum insatll salt-master

配置master
auto_accept: True
syndic_master: 10.50.131.28

启动master
# /etc/init.d/salt-master start

启动salt-syndic
# /etc/init.d/salt-syndic satrt

安装minion
# yum insatll python26
# yum insatll salt-minion
修改配置文件/etc/salt/minion
master: 10.50.131.29
id: minion-10-50-131-29

启动minion
# /etc/init.d/salt-minion start

验证master和minion
master 10.50.131.28
#  salt-key
Accepted Keys:
minion-10-50-131-28
minion-10.50.131.29
Denied Keys:
Unaccepted Keys:
Rejected Keys:
syndic 10.50.131.29
# salt-key
Accepted Keys:
minion-10-50-131-28
minion-10.50.131.29
Denied Keys:
Unaccepted Keys:

master 10.50.131.28
# salt '*' test.ping
minion-10.50.131.29:
    True
minion-10-50-131-28:
    True
Rejected Keys:



语法高亮：
安装 vim 语法加亮插件
mkdir ~/.vim/
git clone https://github.com/saltstack/salt-vim.git
mv salt-vim/{ftdetect,ftplugin,syntax} ~/.vim/
配置.vimrc文件
cat >> ~/.vimrc <<EOF
set nocompatible
filetype plugin indent on
set nocompatible
set tabstop=2
set shiftwidth=2
set expandtab
EOF


配置saltsatck的web界面halite
在master安装部署
# yum install python-halite
# pip install -U halite
# pip install paste
# yum install python26-devel
# yum install gcc
# pip install gevent
在master端添加配置文件
在/etc/salt/master.d中加入saltweb.conf,需要用到salt的eauth系统,添加如下配置
[iyunv@js01 halite]# vim /etc/salt/master.d/saltweb.conf
external_auth:
   pam:
     salt:
     - .*
     - '@runner'
     - '@wheel'
#注解
#你不能在pam登陆中使用root用户; 它会导致认证失败.
有三种方式运行halite
1）
halite:
   level: 'debug'
   server: 'cherrypy'
   host: '0.0.0.0'
   port: '82'
   cors: False
   tls: False
2）
halite:
   level: 'debug'
   server: 'paste'
   host: '0.0.0.0'
   port: '82'
   cors: False
   tls: False
3）
halite:
   level: 'debug'
   server: 'gevent'
   host: '0.0.0.0'
   port: '82'
   cors: False
   tls: False
重启master;
# /etc/init.d/salt-master restart
添加登陆用户
# useradd salt
# echo "salt" | passwd –-stdin salt
建立用户后进行测试
# salt -a pam \*  test.ping
username: salt
password:
minion-10.50.131.29:
    True
minion-10-50-131-28:
    True
输入用户和密码 如看到minion返回信息 则表示登陆验证成功
然后打开
http://ip:端口/app，通过salt/salt登陆即可

通过web界面执行test.ping 和state.highstate


以下对应salt的模块目录以及对应的sls文件
# tree /srv/salt/
/srv/salt/
|-- httpd.conf
|-- top.sls
`-- web.sls
# vim /srv/salt/top.sls
base:
    '*':
# vim /srv/salt/web.sls
nginx:
    service:
        - running
apache:
  pkg.installed:
    {% if grains['os'] == 'RedHat' %}
    - name: httpd
    {% elif grains['os'] == 'Ubuntu' %}
    - name: apache2
    {% endif %}
/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://httpd.conf
    - user: root
    - group: root
    - mode: 644