前期环境配置
salt-master 192.168.1.131
salt-minion-01 192.168.1.132
salt-minion-02 192.168.1.133
#1、salt-master的配置安装准备工作
#1.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[[email protected] ~]# uname -r
3.10.0-327.el7.x86_64
[[email protected] ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#1.2、安装epel-release和salt-master工具包
[[email protected] ~]# yum install epel-release -y
[[email protected] ~]# yum install salt-master -y
#1.3、配置saltstack开机自启动服务
[[email protected] ~]# systemctl enable salt-master.service
#1.4、启动saltstack master 服务
[[email protected] ~]# systemctl start salt-master.service
#1.5、检查saltstack端口及进程的运行状态,其中4505是saltstack管理服务器发送命令消息的端口,4506是消息返回时所用的端口。saltstack一般是会启动多个进程来进行不同工作的。
[[email protected] ~]# netstat -tunlp | grep python
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17112/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17134/python
[[email protected] ~]# ps aux | grep salt-master | grep -v grep
root 17102 0.0 2.6 315128 26912 ? Ss 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17111 0.6 2.7 402032 27468 ? Sl 19:14 0:05 /usr/bin/python /usr/bin/salt-master
root 17112 0.0 2.2 397056 22644 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17113 0.0 2.4 397056 24800 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17114 0.0 2.1 315128 22048 ? S 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17119 0.3 3.0 1056872 30892 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17120 0.3 3.0 1056872 30872 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17125 0.3 3.0 1056876 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17128 0.2 3.0 1056880 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17133 0.3 3.0 1056880 30852 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17134 0.0 2.2 691984 22600 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
#1.6、关闭防火墙
[[email protected] ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[[email protected] ~]# systemctl stop firewalld.service
#1.7、修改selinux为Permissive模式
[[email protected] ~]# setenforce 0
[[email protected] ~]# getenforce
Permissive
#2、salt-minion的配置安装
#2.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[[email protected] ~]# uname -r
3.10.0-327.el7.x86_64
[[email protected] ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#2.2、安装epel-release工具包和salt-minion客户端
[[email protected] ~]# yum install epel-release -y
[[email protected] ~]# yum install salt-minion -y
#2.3、在minion端配置master的ip地址
#master: salt
master: 192.168.1.131
#2.4、配置开机minion开启自启动服务
[[email protected] ~]# systemctl enable salt-minion.service
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
#2.5、启动salt-minion服务
[[email protected] ~]# systemctl start salt-minion.service
#2.6、关闭防火墙服务
[[email protected] salt]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[[email protected] salt]# systemctl stop firewalld.service
#2.7、查看salt-minion进程的启动状况
[[email protected] salt]# ps -ef | grep salt | grep -v grep
root 16674 1 0 20:41 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion
root 16677 16674 1 20:41 ? 00:00:07 /usr/bin/python /usr/bin/salt-minion
#2.8、同理配置salt-minion-02客户机检查其启动状态
[[email protected] ~]# ps -ef | grep salt
root 16711 1 7 20:50 ? 00:00:02 /usr/bin/python /usr/bin/salt-minion
root 16714 16711 16 20:50 ? 00:00:04 /usr/bin/python /usr/bin/salt-minion
root 16746 2941 0 20:50 pts/0 00:00:00 grep --color=auto salt
3、saltstack的具体操作
[[email protected] ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion-01
salt-minion-02
Rejected Keys:
[[email protected] ~]# cd /etc/salt/pki/master/
[[email protected] master]# cd minions_pre/
[[email protected] minions_pre]# ls
salt-minion-01 salt-minion-02
[[email protected] minions_pre]# cat salt-minion-0*
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o
g5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG
T0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F
10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe
RxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk
wyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA
EwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH
deciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu
L0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+
vWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1
l/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET
iGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO
fQIDAQAB
-----END PUBLIC KEY-----
从上面的信息我们可以看出Unaccepted Keys:存放路径为:/etc/salt/pki/master/minions_pre
[[email protected] salt]# salt-key -A -y #添加salt-key
The following keys are going to be accepted:
Unaccepted Keys:
salt-minion-01
salt-minion-02
Key for minion salt-minion-01 accepted.
Key for minion salt-minion-02 accepted.
[[email protected] salt]# salt-key -L #查看salt-key
Accepted Keys:
salt-minion-01
salt-minion-02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[[email protected] salt]# salt salt-minion* test.ping #简单测试
salt-minion-01:
True
salt-minion-02:
True
[[email protected] salt]# salt salt-minion* cmd.run ‘uname -r‘ #运行linux命令
salt-minion-01:
3.10.0-327.el7.x86_64
salt-minion-02:
3.10.0-327.el7.x86_64