|
|
前期环境配置9 x: V: J* {3 ]) o' c r
salt-master 192.168.1.131
! y4 ]6 e( ~0 { o5 @salt-minion-01 192.168.1.132
7 x$ S/ U6 }* @* R* U# _salt-minion-02 192.168.1.1337 }0 R- U% O7 i. B! X
#1、salt-master的配置安装准备工作$ C( Q4 q6 l! @+ R$ J0 {; |- }
#1.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
. R# B( u; X: s$ O[root@salt-master ~]# cat /etc/redhat-release ( m9 C u+ e( S) M, h7 b. E# B9 Y
CentOS Linux release 7.2.1511 (Core) . \& F" b+ {8 k7 {6 p2 r
[root@salt-master ~]# uname -r0 `& a1 @" d5 T% y9 x E6 a
3.10.0-327.el7.x86_64
! s/ X% `" t- A3 |3 m [- e8 f U u[root@salt-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo, v- a1 w$ m7 _# Q" _: I
1 F3 L, J- m; w#1.2、安装epel-release和salt-master工具包% N7 e. C3 y, C6 m$ D
[root@salt-master ~]# yum install epel-release -y6 B4 Z7 _& w! Z. \4 Q" z4 s0 f
[root@salt-master ~]# yum install salt-master -y
- j: A5 R7 v6 \- S5 n* Z ]! Q' W( z
#1.3、配置saltstack开机自启动服务
3 r) N" W8 ?. a" E[root@salt-master ~]# systemctl enable salt-master.service6 U( l% d$ E( i) A% y( j
' ~) W* N0 F& Y! o- ~#1.4、启动saltstack master 服务 ' k0 s0 \) |4 m4 S6 Q
[root@salt-master ~]# systemctl start salt-master.service; z# i" y5 B9 t1 E; w
0 t6 V$ [ ]8 s! j- m* y* I#1.5、检查saltstack端口及进程的运行状态,其中4505是saltstack管理服务器发送命令消息的端口,4506是消息返回时所用的端口。saltstack一般是会启动多个进程来进行不同工作的。
4 ]& H7 l) g# m" n- k; d) Q+ C[root@salt-master ~]# netstat -tunlp | grep python! F+ n f. W: U- G2 P# o6 U
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17112/python : |, O1 b" `) ?- B$ y
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17134/python ! c; l/ O0 h8 |' T
& }7 C5 L* H/ T, Q; V0 O' y: }
[root@salt-master ~]# ps aux | grep salt-master | grep -v grep
$ ]6 S; a2 P$ groot 17102 0.0 2.6 315128 26912 ? Ss 19:14 0:00 /usr/bin/python /usr/bin/salt-master: G, r. O+ c, n2 r! }' j5 j
root 17111 0.6 2.7 402032 27468 ? Sl 19:14 0:05 /usr/bin/python /usr/bin/salt-master2 i0 @; c3 \( H$ R% o& ^" G
root 17112 0.0 2.2 397056 22644 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master/ Z$ A5 t' W, z1 h0 |
root 17113 0.0 2.4 397056 24800 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master$ @1 `' H7 J% @) `2 U" J+ [4 C6 N
root 17114 0.0 2.1 315128 22048 ? S 19:14 0:00 /usr/bin/python /usr/bin/salt-master: a$ I, I. C: c; n
root 17119 0.3 3.0 1056872 30892 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
( X% k8 v" Y, M' ~3 Croot 17120 0.3 3.0 1056872 30872 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master- E% ^9 a) [4 V/ ]2 t% ~ w+ P
root 17125 0.3 3.0 1056876 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
( \/ ]- O9 C/ U' b6 |) Hroot 17128 0.2 3.0 1056880 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
% d5 F J8 [8 W; x8 yroot 17133 0.3 3.0 1056880 30852 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
/ j9 G5 |; Y7 O$ E& n; Sroot 17134 0.0 2.2 691984 22600 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
% I* u7 E$ R2 P$ `# S7 _+ j' A4 t" Q2 m* J( o0 m
#1.6、关闭防火墙
; _7 M' b7 W8 s: Q! Q[root@salt-master ~]# systemctl disable firewalld.service
/ p2 s( q% V& B, Q# ]4 s- k5 G/ [Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service., I" F$ A# l( [, H5 N9 @
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
$ L5 A2 q; m$ A6 P[root@salt-master ~]# systemctl stop firewalld.service
. O' I T4 Z4 p" X p' W
0 T3 ], n `1 }; j#1.7、修改selinux为Permissive模式
% n9 {" \( x; i; ?8 W) g" A8 P# J* b[root@salt-master ~]# setenforce 0
! R8 e+ j* S: ][root@salt-master ~]# getenforce
/ _* b+ ^5 T9 ]Permissive
$ z; A* U" K, y4 t; [% r; I( F' m5 Q+ |- [
! s- V/ Q8 [5 q#2、salt-minion的配置安装
- J- v! T' U/ w3 @/ _) L2 j, u#2.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源6 t3 G- ]: W& X! i/ L- K
[root@salt-minion-01 ~]# cat /etc/redhat-release
# _5 j$ C4 ?! i- ^% GCentOS Linux release 7.2.1511 (Core) ; X8 y' p g5 J) }2 Q7 s- a
[root@salt-minion-01 ~]# uname -r
9 ~, F3 ~: {" Y P: t& P5 G0 o3.10.0-327.el7.x86_645 {) a) e3 p: ^: k; x, ^
[root@salt-master ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo/ W2 r; D7 T% ^' r& E
* D) A$ }1 K7 i J4 z& V6 L3 s
#2.2、安装epel-release工具包和salt-minion客户端- z$ E; B5 `9 U2 f9 `* q! _
[root@salt-minion-01 ~]# yum install epel-release -y. T/ _7 } Z) o4 ^: K% f
[root@salt-minion-01 ~]# yum install salt-minion -y
* U4 {! n% d9 C* p. R- s* G: A$ G! r+ V
#2.3、在minion端配置master的ip地址
" O0 a% u( _3 f' i x#master: salt2 O. Q5 ?4 L( z4 I. L8 M
master: 192.168.1.1311 w3 S2 M: m% h& ~
* a$ M5 E$ j2 o3 S2 J# I) K" v5 g: x#2.4、配置开机minion开启自启动服务
- T, S0 B5 x, F1 ~! q' \[root@salt-minion-01 ~]# systemctl enable salt-minion.service; D6 } I) a& o
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.8 T8 D. X( z `& E2 y8 }
% o9 \; v- W; |! q, H W
#2.5、启动salt-minion服务
3 A2 C6 _6 N* F N- m2 y[root@salt-minion-01 ~]# systemctl start salt-minion.service
$ l3 z# }: w+ p" l$ V' C& J
# c/ B* ?% @3 l# u: E$ @7 Z#2.6、关闭防火墙服务
( R- K- i! X( |* A[root@salt-minion-01 salt]# systemctl disable firewalld.service
$ C2 }4 ^$ n% B; f4 }! t v- fRemoved symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.+ ?* x! H1 \$ ?( N9 `. r" D7 ?. j( I
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
& X/ {1 _6 E5 _" f: W! Z[root@salt-minion-01 salt]# systemctl stop firewalld.service
. w: ^3 `" K( A" M4 |1 t# b, C' y9 @
#2.7、查看salt-minion进程的启动状况
/ X/ e& ?( B1 w" |[root@salt-minion-01 salt]# ps -ef | grep salt | grep -v grep
5 `; P* {. `8 proot 16674 1 0 20:41 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion
2 R) P+ y m6 nroot 16677 16674 1 20:41 ? 00:00:07 /usr/bin/python /usr/bin/salt-minion
! W, K# E5 P9 n B0 c$ C- R& G3 i" N/ j$ E4 h5 a. y& S/ B1 Z
#2.8、同理配置salt-minion-02客户机检查其启动状态
9 I' A& o9 s! _# ]/ f U" B[root@salt-minion-02 ~]# ps -ef | grep salt& Q; U5 I7 C9 j' t, F- V/ z% \
root 16711 1 7 20:50 ? 00:00:02 /usr/bin/python /usr/bin/salt-minion
# N' G6 L+ G. t1 z- o/ troot 16714 16711 16 20:50 ? 00:00:04 /usr/bin/python /usr/bin/salt-minion1 J) L) c/ d& v- Y% k( e* t$ I
root 16746 2941 0 20:50 pts/0 00:00:00 grep --color=auto salt1 b4 k: e6 Y) A& p3 i
* r- L& B2 a5 I5 y: r7 V' b
, l& q5 h7 G C& r( Y7 `
3、saltstack的具体操作3 O( j/ B9 [5 Q; Q( Q
[root@salt-master ~]# salt-key -L
3 |2 V ?1 E/ j t5 ]8 VAccepted Keys:$ P+ c" a1 M& L" L. _/ S% d
Denied Keys: L, b/ o# M' h" @& e
Unaccepted Keys:2 `$ C0 P3 \/ }1 |' }3 H0 N4 J
salt-minion-01
( ]: z T4 A1 ]; {$ \4 o2 H# isalt-minion-02
5 o0 O2 S" {7 _: X0 r( KRejected Keys:) i6 d, w% I, r1 `. z; ~. Z$ X
[root@salt-master ~]# cd /etc/salt/pki/master/
( \1 z" P$ o, n6 x[root@salt-master master]# cd minions_pre/1 Y& U- T. W' x4 Y) ^7 R2 W# u
[root@salt-master minions_pre]# ls
/ K% J! c: V; O! vsalt-minion-01 salt-minion-023 P1 ?: b5 B: X+ A5 U* u
[root@salt-master minions_pre]# cat salt-minion-0*9 N& ~4 v! {7 d; s: y8 j: A
-----BEGIN PUBLIC KEY-----
+ c$ a/ n$ K+ p9 V$ L iMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o& M1 H/ F' J% ^+ c, A
g5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG+ d: h+ ], t; m( p, A
T0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F
! p4 g# `: b2 u4 b- h0 {9 W& _10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe
7 N' Z2 u0 Y6 yRxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk$ W' ?; N/ \: `, t
wyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA
( ~/ m( Z2 `0 t# r! i9 zEwIDAQAB
( @* ^! X" I5 k% i, B/ a7 N2 ^-----END PUBLIC KEY-----& z/ n5 s# `* Q. n
-----BEGIN PUBLIC KEY-----/ s. ]* Y6 W' g4 Y% F
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH
6 F8 v/ h- p% M0 J) MdeciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu# f' l+ H% o, c% d. H5 h
L0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+
( O8 b0 H6 Y+ ~# ~$ v4 bvWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1' e; q- M- p6 r1 }# d
l/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET( x1 o, b, C* M. m( M& p7 \
iGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO
9 {5 a9 ], e z) R `fQIDAQAB5 {3 a$ V6 d+ X5 d* M1 M' ]
-----END PUBLIC KEY-----0 h- l. t. S+ J' @7 ^
从上面的信息我们可以看出Unaccepted Keys:存放路径为:/etc/salt/pki/master/minions_pre
# W( w4 b& Z8 W+ w: w[root@salt-master salt]# salt-key -A -y #添加salt-key
9 T1 w( O4 L9 `4 y( i3 ?" GThe following keys are going to be accepted:6 `7 a3 H5 Z! d) L
Unaccepted Keys:
# l9 A1 B% V- |# f. [3 Ysalt-minion-01
; X' n1 Z: A. bsalt-minion-02
1 m* y+ D4 R- x4 E- OKey for minion salt-minion-01 accepted.
1 j% e r! @2 x( c$ ]7 e1 ~ t( OKey for minion salt-minion-02 accepted.
- y$ b% c+ c. z- ]2 G[root@salt-master salt]# salt-key -L #查看salt-key
% \; _6 j1 v7 CAccepted Keys:# Y r) `1 F/ f- w
salt-minion-01
8 R3 Y8 Z/ T, b3 O5 h0 msalt-minion-02
1 n* d2 F. h- x9 n, sDenied Keys:5 U/ a; o. H, h. Z& a/ |; X& C
Unaccepted Keys:) S* j3 n# H! o! d
Rejected Keys:! S( d; C8 A! S: \1 g
[root@salt-master salt]# salt salt-minion* test.ping #简单测试
5 k3 D5 H7 ~! d1 ] P. E% K1 l0 K9 ksalt-minion-01:
" D) M3 {; k! F1 X. u L True
. T+ _3 r: K* ^6 M% isalt-minion-02: y# G# q4 y2 n# D8 m1 p
True7 t7 a/ E. n4 `$ j8 e
[root@salt-master salt]# salt salt-minion* cmd.run 'uname -r' #运行linux命令. B- B" v9 B" ?& G9 |- z* u9 U
salt-minion-01:! y: J8 y, {5 a8 v+ f3 i9 |5 N
3.10.0-327.el7.x86_64! d+ H# [/ d2 `0 H
salt-minion-02:5 ~$ y5 ]- M7 _7 i0 \
3.10.0-327.el7.x86_642 l, |8 W( M; D& K7 `7 p, _; D9 f
8 f& ^4 |0 E' ]. `
|
|
发表于 2017-12-25 19:03:12