01-SaltSack 安装部署
1.salt支持运行的方式
- Local - Master/Minion - Salt SSH
2.三大功能
- 远程执行 - 配置管理 - 云管理
3.支持的操作系统
- CentOS - RedHat - Debian - Ubuntu - FreeBSD- Solaris- Fedora- Gentoo- MAC OS X- Archlinux - Windows- Suse
4.SaltSack服务端安装部署
# 安装epel源 cd /usr/local/src wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm yum clean all yum makecache # 安装服务端及客户端 yum install salt-master salt-minion -y chkconfig salt-master on chkconfig salt-minion on /etc/init.d/salt-master start
5.SaltSack客户端安装
# 安装epel源 cd /usr/local/src wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm yum clean all yum makecache #客户端 yum install salt-minion -y vim /etc/salt/minion 16 master: 10.0.0.100 # 去掉注释,填入master IP地址 ...... 78 #id: # 填服务器端配置FQDN名,也可以填maste IP地址,也可以不填 /etc/init.d/salt-minion start chkconfig salt-minion on
6.salt管理端认证,需要管理端同意
[root@salt-master master]# tree /etc/salt/pki/master/ /etc/salt/pki/master/ ├── master.pem ├── master.pub ├── minions ├── minions_autosign ├── minions_denied ├── minions_pre # 等待同意的客户端 │ ├── salt-master │ └── salt-minion └── minions_rejected 5 directories, 4 files [root@salt-master minions_pre]# salt-key -L # 查看当前证书签证情况,Unaccepted Keys 代表还未接受的证书 , Accepted Keys: Denied Keys: Unaccepted Keys: salt-master salt-minion01 salt-minion02 [root@salt-master minions_pre]# salt-key -a salt-minion01 # 接受指定salt-minion01证书,接受后salt-master的公钥就会传到salt-minion /etc/salt/pki/minion目录下 The following keys are going to be accepted: Unaccepted Keys: salt-minion01 Proceed? [n/Y] y Key for minion salt-minion01 accepted. [root@salt-master master]# salt-key -a salt* # 加入到管理,-A 同意所有,-a 同意指定某台主机,同意是同时,salt-master的公钥也会传输到minion的kpi目录下 The following keys are going to be accepted: Unaccepted Keys: salt-master salt-minion Proceed? [n/Y] Y Key for minion salt-master accepted. Key for minion salt-minion accepted. [root@salt-master master]# tree /etc/salt/pki/master/ /etc/salt/pki/master/ ├── master.pem ├── master.pub ├── minions # 已经同意的客户端 │ ├── salt-master │ └── salt-minion ├── minions_autosign ├── minions_denied ├── minions_pre └── minions_rejected 5 directories, 4 files
7.saltstack基本操作
[root@salt-master master]# salt '*' test.ping [root@salt-master master]# salt '*' cmd.run 'uptime' [root@salt-master master]# salt '*' cmd.run 'df -h'
8.saltstack查看安装的软件
[root@localhost src]# salt --versions-report
Salt: 2015.5.10
Python: 2.6.6 (r266:84292, Aug 18 2016, 15:13:37)
Jinja2: unknown
M2Crypto: 0.20.2
msgpack-python: 0.4.6
msgpack-pure: Not Installed
pycrypto: 2.0.1
libnacl: Not Installed
PyYAML: 3.10
ioflo: Not Installed
PyZMQ: 14.3.1
RAET: Not Installed
ZMQ: 3.2.5
Mako: Not Installed
Tornado: Not Installed
timelib: Not Installed
dateutil: Not Installed
[root@salt-master salt]# salt-call --version
salt-call 2015.5.10 (Lithium)
9.配置saltsack服务端
[root@salt-master master]# vim /etc/salt/master # 编辑配置文件
416 file_roots: # 打开注释
417 base: # 打开注释,前面2个空格
418 - /srv/salt # 打开注释,前面4个空格
[root@salt-master master]# mkdir /srv/salt
[root@salt-master master]# /etc/init.d/salt-master restart # 修改配置文件,需要重启
[root@salt-master master]# cd /srv/salt/
[root@salt-master salt]# vim apache.sls
apache-install:
pkg.installed: # 2个空格,pkg是模块,installed是方法
- names: # 4个空格
- httpd # 6个空格 ,安装2个包,会用yum来安装
- httpd-devel
apache-services:
service.running:
- name: httpd
- enable: True # 开启自启动
- reload: True # 可以重载
[root@salt-master salt]# salt '*' state.sls apache # state是模块,执行
10.salt执行入口文件。top.sls
[root@salt-master salt]# vim top.sls # 入口文件
base:
'*':
- apache
[root@salt-master salt]# salt '*' state.hightstate 执行命令
http://sofar.blog.51cto.com/353572/1596960/
https://docs.saltstack.com/en/getstarted/fundamentals/install.html
浙公网安备 33010602011771号