SaltStack 安装配置

1.导入安装源

centos5

rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

centos6

rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

2.安装salt软件包

master

yum installsalt-master

配置文件目录

[root@node110 ~]#cd /etc/salt/

[root@node110salt]# ls

master  pki

[root@node110salt]# pwd

/etc/salt

 

启动的端口

[root@node110 ~]#netstat -lntup

tcp        0     0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      4201/python2.6     

tcp        0     0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      4221/python2.6

 

minion俗称的client

yum installsalt-minion

配置文件

[root@node120 ~]#cd /etc/salt/

[root@node120salt]# ls

minion  minion.d minion_id  pki

[root@node120salt]# pwd

/etc/salt

日志文件:

[root@node110salt]# cd /var/log/salt/

[root@node110salt]# ls

key  master

[root@node110salt]# pwd

/var/log/salt

 

 

在客户端开启连接服务端的IP地址:

vim/etc/salt/minion +16

15 # resolved, thenthe minion will fail to start.

 16 master: 172.16.1.110

修改id,不使用主机名当作id:

 77 # clusters.

 78 id: minion.saltstack.com

通过以上配置后在服务器将看到这个id

在服务端查看key:

[root@node110salt]# salt-key

Accepted Keys:

Denied Keys:

Unaccepted Keys:

minion.saltstack.com

Rejected Keys:

在server上,将客户端加入到server,进行认证:

[root@node110salt]# salt-key -a minion.saltstack.com

The following keysare going to be accepted:

Unaccepted Keys:

minion.saltstack.com

Proceed? [n/Y] y

Key for minionminion.saltstack.com accepted.

 

在server端,查看server端信认的客户端:

[root@node110salt]# salt-key -L

Accepted Keys:

minion.saltstack.com

Denied Keys:

Unaccepted Keys:

Rejected Keys:

 

测试服务端与客户端之间的连接是否正常:

[root@node110salt]# salt '*' test.ping       #  *号代表所以的主机

minion.saltstack.com:

    True

[root@node110salt]# salt 'minion.saltstack.com' test.ping

minion.saltstack.com:

    True

在server端远程查看客户端的情况:

[root@node110salt]# salt 'minion.saltstack.com' cmd.run 'hostname'#cmde模块 run方法

minion.saltstack.com:

    node120

 

3.配置修改

master

[root@ldap~]# sed -e 's/#.*//' -e '/^$/ d' /etc/salt/master

interface:0.0.0.0

publish_port:4505

user: root

max_open_files:100000

ret_port:4506

pidfile:/var/run/salt-master.pid

syndic_log_file:syndic.log

log_file:/var/log/salt/master

key_logfile:/var/log/salt/key

log_fmt_logfile:'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'

minion

[root@monitor~]# sed -e 's/#.*//' -e '/^$/ d' /etc/salt/minion

master:salt.server.365dw.cn

master_port:4506

pidfile:/var/run/salt-minion.pid

pki_dir:/etc/salt/pki/minion

id:client01.server.365dw.cn

cachedir:/var/cache/salt/minion

 

 

4.重启服务端及客户端

master端:

/etc/init.d/iptablesstop

/etc/init.d/salt-masterrestart

minion:

/etc/init.d/iptablesstop

/etc/init.d/salt-minionrestart

5.证书认证

slat-key -L查看后发现Unaccepted keys

[root@ldap~]# salt-key -L

AcceptedKeys:

UnacceptedKeys:

client01.server.365dw.cn

RejectedKeys:

 

salt-key -A认证,Proceed输入Y

[root@ldap~]# salt-key -A

Thefollowing keys are going to be accepted:

UnacceptedKeys:

client01.server.365dw.cn

Proceed?[n/Y] Y

Key forminion client01.server.365dw.cn accepted.

 

再次salt-key -L查看,Unaccepted Keys未认证的客户端变成了accept的客户端。

[root@ldap~]# salt-key -L

AcceptedKeys:

client01.server.365dw.cn

UnacceptedKeys:

RejectedKeys:

6.测试,使用salt内置的cmd.run命令进行ping 测试。

[root@ldap~]# salt '*' cmd.run 'ping -c1 www.365dw.cn'

client01.server.365dw.cn:

    PING www.365dw.cn (112.124.43.79) 56(84) bytes of data.

    64 bytes from 112.124.43.79: icmp_seq=1ttl=128 time=12.5 ms

   

    --- www.365dw.cn ping statistics ---

    1packets transmitted, 1 received, 0% packet loss, time 0ms

    rttmin/avg/max/mdev = 12.534/12.534/12.534/0.000 ms

分割线
YWSOS.COM 平台代运维解决方案
 评论
 发表评论
姓   名:

Powered by AKCMS