SaltStack 安装配置 centos7

参考文档

http://docs.saltstack.cn/contents.html

快速安装 

初始配置
控制端master配置
# vim /etc/salt/master
interface: 192.168.100.132

注：192.168.1.229 是本机服务端的IP地址  默认监听所有接口
# auto_accept: True
注：修改auto_accept为True，自动接受客户端的KEY，当然也可以这里不设置，手动接受就行，接受方式：salt-key -a keyname  
控制端默认监听tcp 4505 4506 注意防火墙配置

客户端minion配置
# vim /etc/salt/minion
master: 192.168.100.132
id: 192.168.100.138

注：192.168.100.132 是服务端的IP地址
id :客户端的标识，用服务端连接时，就是用此标识来连接客户端，建议为主机域名

配置服务
# systemctl enable salt-master.service
# systemctl start salt-master.service
# systemctl enable salt-minion.service
# systemctl start salt-minion.service

## 测试被控主机的连通性
# salt '*' test.ping

## 根据被控主机的grains信息进行匹配过滤
# salt -G 'os:Centos' test.ping

## 显示被控主机的操作系统类型
# salt '*' grains.item os

## 远程代码执行测试
# salt '*' cmd.exec_code python 'import sys; print sys.version'

常用命令

# salt-key -L 查看key列表
# salt-key -a KYENAME #允许一个key
# salt-key -A  #允许所有
# salt-key -d KEYNAME #删除一个key
# salt-key -D #删除所有key

##使用ip地址或子网匹配
# salt -S 192.168.100.138 test.ping
# salt -S 192.168.100.0/24 test.ping 

##使用正则表达式:
# salt -E 'virtmach[0-9]' test.ping

##指定列表
# salt -L 'foo,bar,baz,quo' test.ping

##拷贝文件
# salt-cp '*' file.py /root

##超级命令（生产中不建议使用）
# salt '*' cmd.run 'yum install net-tool'

##查看客户端状态
# salt-run manage.status
# salt-run manage.versions
##工具箱
# salt '192.168.100.138' saltutil.running  \\查看正在执行的任务
# salt '192.168.100.138' saltutil.kill_job 20170310143800082264 \\删除正在运行的任务

模块使用

包安装模块

##命令输出
192.168.100.138:
----------
          ID: pkg.init
    Function: pkg.installed
        Name: mtr
      Result: True
     Comment: The following packages were installed/updated: mtr
     Started: 12:17:31.424942
    Duration: 15219.658 ms
     Changes:   
              ----------
              mtr:
                  ----------
                  new:
                      2:0.85-7.el7
                  old:
----------
          ID: pkg.init
    Function: pkg.installed
        Name: nmap
      Result: True
     Comment: The following packages were installed/updated: nmap
     Started: 12:17:46.667926
    Duration: 5258.072 ms
     Changes:   
              ----------
              nmap:
                  ----------
                  new:
                      2:6.40-7.el7
                  old:
              nmap-ncat:
                  ----------
                  new:
                      2:6.40-7.el7
                  old:
----------
          ID: pkg.init
    Function: pkg.installed
        Name: lrzsz
      Result: True
     Comment: The following packages were installed/updated: lrzsz
     Started: 12:17:51.969501
    Duration: 2646.444 ms
     Changes:   
              ----------
              lrzsz:
                  ----------
                  new:
                      0.12.20-36.el7
                  old:

Summary for 192.168.100.138
------------
Succeeded: 3 (changed=3)
Failed:    0
------------
Total states run:     3
Total run time:  23.124 s

　　

文件维护模块

##使用file.managed 维护文件

# vim top.sls
base:
  '192.168.100.138':
    - init.pkg
    - init.limit
# cd init/
# vim limit.sls
limit-conf-config:
  file.managed:
    - name: /etc/security/limits.conf  #minion端 文件路径
    - source: salt://init/files/limits.conf  #master端 文件路径
    - user: root
    - group: root
    - mode: 644

# mkdir files
# cd files
# cp /etc/security/limits.conf .
##随意修改 limits.conf文件内容  验证是某同步
# salt '*' state.highstate
192.168.100.138:
----------
          ID: pkg.init
    Function: pkg.installed
        Name: mtr
      Result: True
     Comment: Package mtr is already installed
     Started: 13:09:50.532559
    Duration: 672.412 ms
     Changes:   
----------
          ID: pkg.init
    Function: pkg.installed
        Name: nmap
      Result: True
     Comment: Package nmap is already installed
     Started: 13:09:51.205178
    Duration: 0.426 ms
     Changes:   
----------
          ID: pkg.init
    Function: pkg.installed
        Name: lrzsz
      Result: True
     Comment: Package lrzsz is already installed
     Started: 13:09:51.205686
    Duration: 0.315 ms
     Changes:   
----------
          ID: limit-conf-config
    Function: file.managed
        Name: /etc/security/limits.conf
      Result: True
     Comment: File /etc/security/limits.conf updated
     Started: 13:09:51.208228
    Duration: 56.86 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,4 +1,4 @@
                  -#this is test
                  +#this is test!!
                   # /etc/security/limits.conf
                   #
                   #This file sets the resource limits for the users logged in via PAM.

Summary for 192.168.100.138
------------
Succeeded: 4 (changed=1)
Failed:    0
------------
Total states run:     4
Total run time: 730.013 ms

把数据返回到mysql服务器

# vim /etc/salt/master
mysql.host: '192.168.100.138'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
master_job_cache: mysql  //master端直接写入mysql，如果不配置此行默认是minion端写入
# vim /etc/salt/minion
mysql.host: '192.168.100.138'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306

# salt '*' test.ping --return mysql