|
|
前期环境配置/ K: y, U7 i1 q3 q# V$ q x
salt-master 192.168.1.131& G/ v% n I; l0 h4 v- h( [; o% g
salt-minion-01 192.168.1.132
/ Q B7 i. i& l1 h8 Hsalt-minion-02 192.168.1.133) P \# p% @$ z2 ~7 h
#1、salt-master的配置安装准备工作# G( ]( D/ b+ C) N9 U
#1.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源# l9 u! a! I' M* P' P
[root@salt-master ~]# cat /etc/redhat-release 7 ^* A' j% o* I
CentOS Linux release 7.2.1511 (Core)
' X5 f7 Z" i* q+ y[root@salt-master ~]# uname -r q( W: T9 H% L" k
3.10.0-327.el7.x86_64+ |$ H4 d4 \& J0 W
[root@salt-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo4 r: c3 I; X! {$ ?+ F
& Q. E* H& @7 s3 p1 z
#1.2、安装epel-release和salt-master工具包
! m2 d% X; h6 ^8 W% l: K& B[root@salt-master ~]# yum install epel-release -y3 p! q3 t4 h6 f; K7 W
[root@salt-master ~]# yum install salt-master -y# L) c) J5 z) o2 {; @1 W
6 m8 \, I; m; u9 s0 g, {
#1.3、配置saltstack开机自启动服务
3 j2 f/ v. ~& e[root@salt-master ~]# systemctl enable salt-master.service1 D, V+ ?: A2 e, w, J- T
( k/ \9 H a+ D A3 L9 X* Y#1.4、启动saltstack master 服务 $ h) e. q& U& D+ W$ z; u
[root@salt-master ~]# systemctl start salt-master.service
5 D8 u' g/ Y! Y3 ~, k' ~4 _' S' T r1 q. T* R0 _& c
#1.5、检查saltstack端口及进程的运行状态,其中4505是saltstack管理服务器发送命令消息的端口,4506是消息返回时所用的端口。saltstack一般是会启动多个进程来进行不同工作的。9 u- v/ r0 j( X4 j) _$ [
[root@salt-master ~]# netstat -tunlp | grep python8 y9 Y4 E ^/ N
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17112/python 9 z2 i' K. x/ B4 L
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17134/python $ q" J5 ~6 s9 p
. ]: K5 G2 x& u0 T C
[root@salt-master ~]# ps aux | grep salt-master | grep -v grep# F9 _& _5 o8 k$ ?5 B6 f. R; F
root 17102 0.0 2.6 315128 26912 ? Ss 19:14 0:00 /usr/bin/python /usr/bin/salt-master
- O5 W( T f% R" d8 i; V6 Croot 17111 0.6 2.7 402032 27468 ? Sl 19:14 0:05 /usr/bin/python /usr/bin/salt-master- H8 D4 g0 q( N5 k0 b6 @. l/ A0 i
root 17112 0.0 2.2 397056 22644 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master, I( D4 g% Y3 G5 V
root 17113 0.0 2.4 397056 24800 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master# U9 e) l& w8 |( W
root 17114 0.0 2.1 315128 22048 ? S 19:14 0:00 /usr/bin/python /usr/bin/salt-master
+ U6 ]) [' r$ G7 P! Uroot 17119 0.3 3.0 1056872 30892 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
) T: A7 s( F* n" r% _# jroot 17120 0.3 3.0 1056872 30872 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master0 u, x' s4 c1 }6 s. m4 h
root 17125 0.3 3.0 1056876 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
5 ^9 N& \: T# a4 j/ ]: groot 17128 0.2 3.0 1056880 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
4 D* W) M9 k1 p. d, I o3 }root 17133 0.3 3.0 1056880 30852 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master0 P! B1 E+ ` N3 o% L0 w
root 17134 0.0 2.2 691984 22600 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
4 T8 P) u& r) O7 o1 `" X- H, m- a3 M( ]0 o; J. E' P0 A/ r
#1.6、关闭防火墙
, `, N F" k4 I% i[root@salt-master ~]# systemctl disable firewalld.service
- b5 O; y0 C* {& @0 wRemoved symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.% J4 ~! j F7 m# I" l* l5 ?) {$ K
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.$ U: R1 R/ X: r
[root@salt-master ~]# systemctl stop firewalld.service, w0 V9 H) d- R9 {
F$ t8 `6 y/ G2 x#1.7、修改selinux为Permissive模式- W# P/ H1 w+ x- F( J0 M
[root@salt-master ~]# setenforce 0
" {3 W! C, _' p" y' D3 D2 ~+ D[root@salt-master ~]# getenforce2 U& X$ {" i- C2 i
Permissive" J; p+ W' M5 ]' o( z5 ], J7 C
+ v N4 G+ H" D- O
) g2 ^/ ~ Q9 |4 u1 q p#2、salt-minion的配置安装$ r8 ^+ |8 m$ a# j6 q/ I1 V, Z! j0 M
#2.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
* y7 j1 _) I3 H! P; ~, }8 r[root@salt-minion-01 ~]# cat /etc/redhat-release 4 A/ ~: r, K4 P' A, W# E0 g; ]7 e
CentOS Linux release 7.2.1511 (Core)
+ h* m0 T6 H2 h5 g[root@salt-minion-01 ~]# uname -r
6 @2 m+ f U; L6 B: S3.10.0-327.el7.x86_64
: k4 `& x2 ]6 t% O. m4 o0 \[root@salt-master ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo' e9 @( C5 `/ R' v
* I) { Z# P n; H: u" ~#2.2、安装epel-release工具包和salt-minion客户端5 D1 [4 v! k0 a7 j1 l
[root@salt-minion-01 ~]# yum install epel-release -y9 l: t6 @+ U# T. \* M. t" a
[root@salt-minion-01 ~]# yum install salt-minion -y. l. c' P; Z* b3 l- P4 m
. h+ }4 Y& @; X7 t/ d( t$ ^2 ]#2.3、在minion端配置master的ip地址
7 i9 F0 r7 M9 M! X* n0 _! w#master: salt
3 q1 |* R) l0 u. p7 Q7 q: h8 [master: 192.168.1.131* T5 e6 w# @" [" O
5 s8 W7 E2 ^0 v8 F$ ?. {3 k: J#2.4、配置开机minion开启自启动服务
1 w; w$ i3 S7 i: H9 w& N( L$ M[root@salt-minion-01 ~]# systemctl enable salt-minion.service
% _/ z6 P% f! ]% m1 O; I1 iCreated symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.0 \. I7 B0 g! S7 c# g q/ B0 ]
" |" }6 N$ ~( k. s! y
#2.5、启动salt-minion服务; z U* I; C( L, t) W" h+ {4 F
[root@salt-minion-01 ~]# systemctl start salt-minion.service
: }+ [3 y6 C5 l+ ]. V0 w. j" z3 X+ Z
! w+ _+ y( V, T2 h- d4 }% V* `#2.6、关闭防火墙服务# |6 j, M; ~' J
[root@salt-minion-01 salt]# systemctl disable firewalld.service
% H3 q1 i0 O7 T6 B4 t) V0 p1 l9 JRemoved symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
; g n. D% |( uRemoved symlink /etc/systemd/system/basic.target.wants/firewalld.service.0 ?' G' C) I9 I; ^3 K
[root@salt-minion-01 salt]# systemctl stop firewalld.service
5 O: [3 P5 ^6 X7 {0 ]$ K( c
$ c# `6 Y* L ]; m# J3 g0 G#2.7、查看salt-minion进程的启动状况: L1 N' ]* t2 y' ?" J
[root@salt-minion-01 salt]# ps -ef | grep salt | grep -v grep. y0 b, [# H' W- g% D
root 16674 1 0 20:41 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion2 q! s# c9 c" G2 G0 V
root 16677 16674 1 20:41 ? 00:00:07 /usr/bin/python /usr/bin/salt-minion
/ ~3 L* q% Q! P* a
/ m8 K1 @9 w7 u0 w4 \- {# x) E) Y2 O#2.8、同理配置salt-minion-02客户机检查其启动状态. x: R6 {6 @. q
[root@salt-minion-02 ~]# ps -ef | grep salt8 R/ N+ f6 j- K- b4 d
root 16711 1 7 20:50 ? 00:00:02 /usr/bin/python /usr/bin/salt-minion
* A# K- P. ~8 \; O" wroot 16714 16711 16 20:50 ? 00:00:04 /usr/bin/python /usr/bin/salt-minion
) D5 F0 v; G' E* m$ F# T' Eroot 16746 2941 0 20:50 pts/0 00:00:00 grep --color=auto salt' y$ N9 E3 H$ B0 e% A) u
# s& k" e8 S4 z
+ ~; m& n+ g5 B0 H& g' }/ I* _- n3、saltstack的具体操作1 S8 Q) A l- W1 I/ z
[root@salt-master ~]# salt-key -L
2 z+ @' K3 S+ B. Z" Z! F5 EAccepted Keys:/ T3 Z+ {4 \) A& V# o
Denied Keys:& @/ B8 c2 [% V/ t( }2 T& @
Unaccepted Keys:
V" K8 m% X4 `salt-minion-01
' |& ~. \) \& v( u% ~( vsalt-minion-02
/ u% \2 _4 R0 i; G/ TRejected Keys:& h+ t; @$ I, a; |- z- F4 w n
[root@salt-master ~]# cd /etc/salt/pki/master/% }$ Y! J% X$ B2 A2 | `
[root@salt-master master]# cd minions_pre/
4 `* ]* L4 v$ ?& _6 _) G[root@salt-master minions_pre]# ls
2 a4 O1 f, W2 N, qsalt-minion-01 salt-minion-02
7 `( m/ I( t/ t7 E$ B f5 M9 C6 b[root@salt-master minions_pre]# cat salt-minion-0*8 ?7 |: {5 o) T( d/ P; b8 B
-----BEGIN PUBLIC KEY-----
8 [" l7 [& V4 l2 \MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o
9 V7 a }5 }; }- ?3 rg5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG
: ^# v2 C* y' m0 ^' u: E8 D1 \T0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F/ Z' A, D5 j$ ?& e; n9 G+ j, z
10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe! }/ N5 G' F5 E$ \
RxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk2 C% v$ p- T- M8 u
wyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA/ t8 H" N$ e1 t( |: F7 Y" O; ~4 k
EwIDAQAB* e1 ]' V i' g% G0 G1 n* d+ P$ s
-----END PUBLIC KEY-----+ W- b5 t4 r6 T* n) h' a! Q$ K
-----BEGIN PUBLIC KEY-----
- O! x8 E0 b8 G( CMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH% p4 R3 ?8 M# N+ ^) ^
deciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu
/ ~& r; X3 i$ _8 Q) k' `0 lL0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+
2 m( U6 M1 ~* ^1 ?5 }8 ^% XvWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1
* q4 ~" }6 k8 n8 R8 O5 \3 R; Sl/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET
$ P' A2 h. Y% b: T$ }* k" s( biGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO$ T1 T& h; L r5 G+ g# \* o
fQIDAQAB. j$ @/ F9 W0 a- H$ U/ X
-----END PUBLIC KEY-----
* f& j, H; T+ I& U* ~& g从上面的信息我们可以看出Unaccepted Keys:存放路径为:/etc/salt/pki/master/minions_pre
$ t- d8 ]" v3 X4 q& x! @# k[root@salt-master salt]# salt-key -A -y #添加salt-key
1 t* h0 d6 G/ c0 C! _The following keys are going to be accepted:7 U. `' @4 `$ ^
Unaccepted Keys:( ~& W( j" d- \ H B
salt-minion-01
* e0 L1 A3 b, h6 _0 d8 X! ?( lsalt-minion-02
) G0 A, T/ O% ?7 jKey for minion salt-minion-01 accepted.0 `8 o1 `* [5 p$ y; f- s$ R
Key for minion salt-minion-02 accepted.6 ]: e+ u' {' {, W" _
[root@salt-master salt]# salt-key -L #查看salt-key! \% B9 H8 X# U) f$ w& C
Accepted Keys:. x. u( ]) S2 Q$ L
salt-minion-01
9 e3 [; k& E& l( E& asalt-minion-02. X' I/ c6 R7 `4 S( G
Denied Keys:
X2 ]) ^ g3 H+ F+ w3 P! o5 |5 Q0 L: |Unaccepted Keys:6 X; |4 d7 u. e( \) \6 K
Rejected Keys:
1 s( i4 p( W0 |+ x: q[root@salt-master salt]# salt salt-minion* test.ping #简单测试6 H F6 q- y- P% M; `8 U! u
salt-minion-01:# ~" u6 k& F3 Q
True
8 P- x, R Z' M( V' }/ |! y- vsalt-minion-02:0 }2 O2 g2 I) n! S. X- A* O: r
True0 M G" E1 G; t; v- }) [
[root@salt-master salt]# salt salt-minion* cmd.run 'uname -r' #运行linux命令
3 M! J2 Q' z Ksalt-minion-01:1 h8 d) H5 l! N8 ^# n
3.10.0-327.el7.x86_64! D" H- _7 Y0 D* d& v
salt-minion-02:
X1 S* E6 z/ A- L7 h( o9 W4 { 3.10.0-327.el7.x86_64, t" q! \9 m. k
7 N/ g* J2 H/ k$ B0 {9 y, f
|
|
发表于 2017-12-25 19:03:12