saltstack安装配置

Posted 2020-10-17

saltstack

安装配置

 

操作系统版本	主机名	IP地址	角色
CentOS   6.6	salt-master	10.0.0.22	saltstack服务端
CentOS   6.6	salt-minion1	10.0.0.8	saltstack客户端
CentOS   6.6	salt-minion2	10.0.0.9	saltstack客户端

 

1.         用yum方式分别安装服务端和客户端（需要epel源）

[[email protected] ~]# yum install salt-master salt-minion

[[email protected] ~]# yum -y install salt-minion

[[email protected] ~]# yum -y install salt-minion

 

2.         将salt服务加入到开机自启动

[[email protected] ~]# chkconfig salt-master on

[[email protected] ~]# chkconfig salt-minion on

[[email protected] ~]# chkconfig salt-minion on

 

3.         启动salt服务端，配置salt客户端并启动

[[email protected] ~]# /etc/init.d/salt-master start

[[email protected] ~]# sed -i '16a master: 10.0.0.22' /etc/salt/minion

[[email protected] ~]# sed -n '16,17p' /etc/salt/minion

#master: salt

master: 10.0.0.22

[[email protected] ~]# /etc/init.d/salt-minion start

 

4.         查看客户端秘钥

[[email protected] ~]# tree /etc/salt/pki/minion/       

/etc/salt/pki/minion/

|-- minion.pem

`-- minion.pub

 

5.         查看服务端秘钥和未同意的客户端秘钥

[[email protected] ~]# tree /etc/salt/pki/master 

/etc/salt/pki/master

|-- master.pem

|-- master.pub

|-- minions

|-- minions_autosign

|-- minions_denied

|-- minions_pre

|   |-- salt-minion1

|   `-- salt-minion2

`-- minions_rejected

 

[[email protected] ~]# salt-key   #查看所有未接受的minion

Accepted Keys:

Denied Keys:

Unaccepted Keys:

salt-minion1

salt-minion2

Rejected Keys:

 

6.         master端添加和删除minion

[[email protected] ~]# salt-key -A    #接受所有的minion

The following keys are going to be accepted:

Unaccepted Keys:

salt-minion1

salt-minion2

Proceed? [n/Y] y

Key for minion salt-minion1 accepted.

Key for minion salt-minion2 accepted.

[[email protected] ~]# salt-key

Accepted Keys:

minions1

minions2

Denied Keys:

Unaccepted Keys:

Rejected Keys:

[[email protected] ~]# tree /etc/salt/pki/master

/etc/salt/pki/master

|-- master.pem

|-- master.pub

|-- minions

|   |-- salt-minion1

|   `-- salt-minion2

|-- minions_autosign

|-- minions_denied

|-- minions_pre

`-- minions_rejected

[[email protected] ~]# tree /etc/salt/pki/minion/   #这时服务端的秘钥也被放在了客户端上

/etc/salt/pki/minion/

|-- minion.pem

|-- minion.pub

`-- minion_master.pub

[[email protected] ~]# salt-key -d salt-minion1   #删除salt-minion1

[[email protected] ~]# salt-key -a salt-minion1   #接受salt-minion1

[[email protected] ~]# salt-key -D           #删除所有的minion

[[email protected] ~]# salt-run manage.up    #查看存活的minion

[[email protected] ~]# salt-run manage.down   #查看死掉的minion

[[email protected] ~]# salt-run manage.status   #查看所有的minion状态

[[email protected] ~]# salt-run manage.versions  #查看master和所有minion的版本信息

 

7.         修改服务端配置文件

[[email protected] salt]# grep -A 6 "file_roots:" /etc/salt/master  #将×××部分注释去掉

# file_roots:

#   base:

#     - /srv/salt/

#   dev:

#     - /srv/salt/dev/services

#     - /srv/salt/dev/states

#   prod:

--

file_roots:

  base:

    - /srv/salt/base

  test:

    - /srv/salt/test

  prod:

    - /srv/salt/prod

[[email protected] salt]# grep -A 8 "file_roots:" /etc/salt/master|grep -v "#"  #添加×××部分

file_roots:

  base:

    - /srv/salt/base

  test:

    - /srv/salt/test

  prod:

    - /srv/salt/prod

  script:

    - /srv/salt/script

[[email protected] ~]# mkdir /srv/salt/script    #创建script文件夹

[[email protected] ~]# /etc/init.d/salt-master restart   #重启salt-master服务

 

8.         在服务端测试

[[email protected] ~]# salt 'salt-minion1' test.ping  #测试salt-minion1存活状态

[[email protected] ~]# salt -L salt-minion1,salt-minion2 test.ping  #测试salt-minion1和salt-minion2的存活状态

[[email protected] ~]# salt -S 10.0.0.0/24 test.ping   #测试10.0.0.0网段的主机存活状态

[[email protected] ~]# salt '*' test.ping   #给所有客户端发消息测试是否存活，“*”表示所有客户端

salt-minion2:

    True

salt-minion1:

True

执行shell命令

[[email protected] ~]# salt '*' cmd.run 'uptime'   #查看所有客户端的负载

salt-minion2:

     13:37:35 up 11 days, 22:11,  3 users,  load average: 0.00, 0.00, 0.00

salt-minion1:

     13:37:35 up 8 days,  2:48,  3 users,  load average: 0.00, 0.00, 0.00

[[email protected] ~]# salt '*'  cmd.run 'df -h'    #查看所有客户端的文件系统使用情况

其他

[[email protected] ~]# salt 'salt-minion1' grains.ls    #显示salt-minion1的所有信息

[[email protected] ~]# salt 'salt-minion1' grains.items  # 显示salt-minion1所有详细信息，包括CPU、内存、内核等信息

[[email protected] ~]# salt 'salt-minion1' grains.item cpu_model  #显示salt-minion1的CPU信息

[[email protected] ~]# salt 'salt-minion1' grains.get cpu_model   #同上条命令一样

[[email protected] ~]# salt -G os:CentOS cmd.run 'whoami'  #在所有操作系统为CentOS的主机上执行whoami命令   -G：grants

 

[[email protected] ~]# grep "pillar_opts:" /etc/salt/master  #将False改为True

pillar_opts: True

[[email protected] ~]# /etc/init.d/salt-master restart

 

 

[[email protected] ~]# grep -A 3  "grains:" /etc/salt/minion   #去掉以下四行注释

grains:

  roles:

    - webserver

    - memcache

[[email protected] ~]# /etc/init.d/salt-minion restart

[[email protected] ~]# salt -G 'roles:memcache' cmd.run 'whoami'  #在所有角色为memcache的机器上执行命令whoami

 

9.         进入/srv/salt目录，创建安装Apache文件

[[email protected] salt]# cat /srv/salt/apache.sls    #注意空格一个都不能多或少，否则出错

apache-install:

  pkg.installed:

    - names:

      - httpd

      - httpd-devel

 

apache-service:

  service.running:

    - name: httpd

    - enable: True

    - reload: True

 

[[email protected] ~]# salt '*' state.sls apache   #给所有客户端安装Apache软件，在客户端上会采用yum安装