什么是SaltStack
SaltStack管理工具允许管理员对多个操作系统创建一个一致的管理系统
实验环境准备
名称 | 角色 | 地址 |
---|---|---|
centos7-min | master | 192.168.142.172 |
centos7-min2 | client | 192.168.142.110 |
实验步骤
一、主服务器——控制节点
安装epel源并安装控制端
yum install -y epel-release //安装epel源
yum -y install salt-master //安装控制端
修改控制端主配置文件
vi /etc/salt/master
//修改如下:
15行 interface: 192.168.142.172 //监听地址
215行 auto_accept: True //避免要运行salt-key来确认证书认证
416行 file_roots:
base:
- /srv/salt //saltstack文件根目录位置,目录需要手动进行创建
710行组分类:(这里实验环境只有一台客户端,仅设置一个即可)
nodegroups:
group1: ‘web01.saltstack.com‘
552行 pillar_opts: True //开启pillar功能,同步文件功能
529行
pillar_roots:
base:
- /srv/pillar //pillar的主目录,需要手动进行创建
建立salt
&pillar
目录
mkdir /srv/salt
mkdir /srv/pillar
启动服务并关闭核心防护功能
systemctl start salt-master
systemctl enable salt-master
//关闭核心功能
setenforce 0
检测服务启动状况
netstat -anpt | egrep ‘4505|4506‘
//4505为salt的消息发布专用端口;
//4506为客户端与服务端通信的端口
tcp 0 0 192.168.142.172:4505 0.0.0.0:* LISTEN 13692/python
tcp 0 0 192.168.142.172:4506 0.0.0.0:* LISTEN 13704/python
tcp 0 0 192.168.142.172:4506 192.168.142.110:36688 ESTABLISHED 13704/python
tcp 0 0 192.168.142.172:4505 192.168.142.110:57042 ESTABLISHED 13692/python
二、从服务器——被控制节点
安装epel源并安装被控制端
yum install -y epel-release //安装epel源
yum -y install salt-minion //安装被控制端
修改被控端配置文件
vi /etc/salt/minion
//修改配置如下:
16行 master: 192.168.172.142 //指定主控端IP
78行 id: web01.saltstack.com //指定被控端主机名
启动服务
//启动被控端服务
systemctl start salt-minion
在主控端进行检查
//在主控端测试与被控端的通信状态(*号代表所有被控主机)
salt ‘*‘ test.ping
web01.saltstack.com:
True
//检查密钥情况
salt-key -L
Accepted Keys:
web01.saltstack.com
Denied Keys:
Unaccepted Keys:
web01.saltstack.com
Rejected Keys:
注意:
检查时出现以下情况:Salt request timed out. The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased.
请自行检查配置文件格式或者重启服务器。
三、批量部署Apache
以下所有操作均在master端进行
cd /srv/salt/
vim top.sls
//按下图进行添加
base:
‘*‘:
- apache
//在所有的客户端执行apache模块
vim apache.sls
//按下图进行添加
apache-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
//重启服务
systemctl restart salt-master.service
//执行批量部署命令
salt ‘*‘ state.highstate
//执行完成后出现以下信息即为成功
web01.saltstack.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 15:04:51.323952
Duration: 40217.299 ms
Changes:
----------
apr:
----------
new:
1.4.8-5.el7
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-90.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-90.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 15:05:31.545046
Duration: 16876.92 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-gssapi:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-md5:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-plain:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-scram:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-90.el7.centos
old:
libdb:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
libdb-devel:
----------
new:
5.3.21-25.el7
old:
libdb-utils:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-5.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 15:05:48.459684
Duration: 1822.995 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0
四、检查试验结果
web01:
[[email protected] ~]# rpm -q httpd
httpd-2.4.6-90.el7.centos.x86_64
[[email protected] ~]# netstat -ntap | grep 80
tcp6 0 0 :::80 :::* LISTEN 6
感谢阅读~~
原文地址:https://blog.51cto.com/14484404/2468830
时间: 2024-10-29 00:34:15