- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
前期环境配置 T I9 b5 p4 f0 q
salt-master 192.168.1.131
0 Y Y# K' {5 I' qsalt-minion-01 192.168.1.132+ d4 y3 h! K5 Z& S6 d
salt-minion-02 192.168.1.1338 B9 s" x+ `7 Y3 h7 ?9 ~) ^; L) R3 e( G
#1、salt-master的配置安装准备工作$ W9 `$ e- a4 V2 n3 H4 h
#1.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
% j, a- V' O, h& a* A- O+ N# s# c( V[root@salt-master ~]# cat /etc/redhat-release
9 v7 R$ Z( U$ ^( o2 s4 WCentOS Linux release 7.2.1511 (Core)
; m. a, M1 k) ~" q: B, U[root@salt-master ~]# uname -r6 O% W3 K% y) U
3.10.0-327.el7.x86_64
# Z6 [8 K9 \# x[root@salt-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo2 b8 n; f/ d) j1 s: ]0 i5 b& a! i
( Q. T- f( Q3 C) F#1.2、安装epel-release和salt-master工具包% ]; M: J" f% K0 F/ ~* H
[root@salt-master ~]# yum install epel-release -y
/ C5 V- i8 H o. z( y4 ?[root@salt-master ~]# yum install salt-master -y* c4 K6 n2 B! q& A+ e6 X* j7 T
. l7 U, c3 `' ?1 I
#1.3、配置saltstack开机自启动服务) G1 e U9 ~/ f% C/ U
[root@salt-master ~]# systemctl enable salt-master.service+ ~1 O5 I# W4 g
% o9 H7 m3 A' c8 T# g7 R, e
#1.4、启动saltstack master 服务
8 q$ A/ h, P, U3 {2 Z[root@salt-master ~]# systemctl start salt-master.service* E0 Q' }! B+ K3 m( y
0 h5 X; ]! s- l/ q5 Z- }( s#1.5、检查saltstack端口及进程的运行状态,其中4505是saltstack管理服务器发送命令消息的端口,4506是消息返回时所用的端口。saltstack一般是会启动多个进程来进行不同工作的。 Q! o* G& h& Z/ r* ]1 j& D
[root@salt-master ~]# netstat -tunlp | grep python+ @( ~, t3 n2 Y3 u I
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17112/python " e- P% @. ~# P$ h& [
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17134/python
% Z- U# J. K4 A, s( R
* h5 L7 p5 @5 S- \8 R9 t[root@salt-master ~]# ps aux | grep salt-master | grep -v grep
* B4 q# d; x+ L& \root 17102 0.0 2.6 315128 26912 ? Ss 19:14 0:00 /usr/bin/python /usr/bin/salt-master4 S8 g. U* N0 r- t7 c' X
root 17111 0.6 2.7 402032 27468 ? Sl 19:14 0:05 /usr/bin/python /usr/bin/salt-master* z% V2 G# }: x8 o
root 17112 0.0 2.2 397056 22644 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
' t: E |$ Z' D8 Froot 17113 0.0 2.4 397056 24800 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master0 |8 v% n( I" W3 Q) f1 s% g
root 17114 0.0 2.1 315128 22048 ? S 19:14 0:00 /usr/bin/python /usr/bin/salt-master
# ?3 U7 b; j" w8 M1 n/ y% \5 s+ |root 17119 0.3 3.0 1056872 30892 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
4 o+ k' C. C) I3 a( B( j Y5 O. nroot 17120 0.3 3.0 1056872 30872 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
7 e1 a: M9 K$ A+ xroot 17125 0.3 3.0 1056876 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master9 ?3 P' {7 O6 g# E4 f' p: x5 D
root 17128 0.2 3.0 1056880 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
' y0 V8 z7 _1 Y5 Y( ~7 e4 l( uroot 17133 0.3 3.0 1056880 30852 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master/ \( W$ c8 m* Q8 R
root 17134 0.0 2.2 691984 22600 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
$ c1 v4 K$ F7 X. u4 X' L/ |/ ^. z
" X& W+ x6 `5 @ j: G7 S#1.6、关闭防火墙7 A% x4 A0 `. |7 l
[root@salt-master ~]# systemctl disable firewalld.service8 q5 _3 z- [1 L! ^
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.% g- x' z& n1 P& q7 [; P
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
3 F7 u% d( D1 {- ?9 H9 P+ J: O# _' h[root@salt-master ~]# systemctl stop firewalld.service2 Y! A4 k4 [, I" g: R N* S( Z+ q
" i: K. Y" ^; \& d% e* f2 d% `
#1.7、修改selinux为Permissive模式
8 h7 u3 d- N9 {# D" n" J& p6 g[root@salt-master ~]# setenforce 0
+ N4 ?6 S+ w3 p. w; L[root@salt-master ~]# getenforce
0 R5 H: B( ^" L6 v- O, k3 VPermissive
% T2 i w3 _2 t4 l& ^1 {( U4 c# w1 t. d; p
# f% Y- ]3 q9 T$ A p#2、salt-minion的配置安装
$ @3 J8 Y" X5 t; p. W; J#2.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
0 Z" s7 n9 \; M: G/ J[root@salt-minion-01 ~]# cat /etc/redhat-release
& r8 k& {& m: i( o5 xCentOS Linux release 7.2.1511 (Core)
" y4 {% s S$ S7 ?[root@salt-minion-01 ~]# uname -r9 q& f* x ]% M4 K# X1 c+ C4 U
3.10.0-327.el7.x86_64" D; h6 A& k" t P) q
[root@salt-master ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo; a& V3 T6 D- @2 q! s
+ z$ b, q" f7 u9 ]; P
#2.2、安装epel-release工具包和salt-minion客户端! p' m) K* h: r- J
[root@salt-minion-01 ~]# yum install epel-release -y1 u4 q1 \& ]: |0 Z) e0 F
[root@salt-minion-01 ~]# yum install salt-minion -y
& F( h2 }, j% j, P. j$ z* e1 H* A9 F/ S
#2.3、在minion端配置master的ip地址
, l B9 ` S; u4 @1 R#master: salt" k( x. @# X+ q; K* v( r; e& X* R
master: 192.168.1.1319 X. x9 G: V+ r# q; I6 F/ Z
( k7 g# D1 u4 n, U
#2.4、配置开机minion开启自启动服务
8 ^; |6 Q& u3 ]8 p2 Y/ d; x8 ~[root@salt-minion-01 ~]# systemctl enable salt-minion.service
# k0 _ B) e% V! ^ VCreated symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
' }8 A+ E. I# B5 u7 t, O9 H& P, b& G
#2.5、启动salt-minion服务3 g6 S6 h8 S9 D
[root@salt-minion-01 ~]# systemctl start salt-minion.service
: `& p( z1 x7 c* s" C. ]1 y
u3 L7 q) `$ N; A! h' L( ^#2.6、关闭防火墙服务+ o& Z* ^0 b9 d# V
[root@salt-minion-01 salt]# systemctl disable firewalld.service9 T5 D# P2 [" \2 h# \
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
! v N' n0 _) ZRemoved symlink /etc/systemd/system/basic.target.wants/firewalld.service.
2 }/ `) o& j2 w6 {* R( v[root@salt-minion-01 salt]# systemctl stop firewalld.service' h5 ]5 L$ r: L8 X
( v5 |% V& c! K7 r) r1 l#2.7、查看salt-minion进程的启动状况/ M' I5 } I2 V, `6 S G/ y. X
[root@salt-minion-01 salt]# ps -ef | grep salt | grep -v grep9 c) x) E4 |" O% z9 n0 m
root 16674 1 0 20:41 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion' u: h V& F! p) y
root 16677 16674 1 20:41 ? 00:00:07 /usr/bin/python /usr/bin/salt-minion# p. \! n$ `, `; \! O1 N1 Q D# A( U
: |* I: Z: Y2 A8 ? A" w% o9 e6 q" F#2.8、同理配置salt-minion-02客户机检查其启动状态% I; j( s# s. d4 Z) A4 I* b; `
[root@salt-minion-02 ~]# ps -ef | grep salt
2 j2 R$ {' b; k. n( m) J" I- Eroot 16711 1 7 20:50 ? 00:00:02 /usr/bin/python /usr/bin/salt-minion7 k- X6 v) e% g" V/ f
root 16714 16711 16 20:50 ? 00:00:04 /usr/bin/python /usr/bin/salt-minion: G2 Y: {6 i& p* g( F
root 16746 2941 0 20:50 pts/0 00:00:00 grep --color=auto salt( E6 G5 A- o% ?' |
& k* j7 r z# h' y! P* Q
( J! M, |; j6 P! P' W3、saltstack的具体操作
& ?1 ?+ i8 u5 H+ A[root@salt-master ~]# salt-key -L
; w* E/ L$ b( ~- cAccepted Keys:' H5 p% ]; S1 D* l1 m$ F
Denied Keys:
2 F, ?% G0 r- u- g5 G) N6 U% U jUnaccepted Keys:2 p K0 q. z- i% \8 ]; c
salt-minion-019 n4 ]& {0 r0 Q8 {
salt-minion-024 b3 a u" B! m8 a) \# Z
Rejected Keys:: ^( c: ~2 M. Z0 }5 Y
[root@salt-master ~]# cd /etc/salt/pki/master/* E8 d# K7 c& b1 {
[root@salt-master master]# cd minions_pre/2 e0 d& k* F+ h
[root@salt-master minions_pre]# ls6 Z+ t" Q5 g% u3 |8 s; Y3 W* k
salt-minion-01 salt-minion-02
n! Z3 Y1 C, _[root@salt-master minions_pre]# cat salt-minion-0*; H3 e% M+ x" J9 k
-----BEGIN PUBLIC KEY-----
# ^+ d% W D3 I5 C+ n- d& SMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o
' A- l: s3 j! W: P) o' ^8 C. zg5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG
% @5 g9 Y- m9 eT0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F' ~ J* L4 q; Z( o% \% b) Y
10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe
N, X2 S* w/ p# p) \ ?RxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk4 ^8 h/ ]# W2 ^2 M B
wyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA
1 y* D# Z: a0 u. }- PEwIDAQAB
- `+ I+ s9 W; H& }4 l8 A/ _-----END PUBLIC KEY-----+ ~+ X5 {0 T, i& A6 g
-----BEGIN PUBLIC KEY-----
3 i6 t8 |. ?0 I& M- q0 CMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH
7 F8 _9 I1 w. i9 ?$ E( q" C! EdeciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu y& K! B( G: N, B$ I7 o4 z
L0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+$ m( A7 J" ]8 B- E7 ?4 O
vWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1
% b; E+ z) }2 \( Ll/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET
/ ~% A) E6 @* RiGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO
- Y/ D9 Z& ^/ l" KfQIDAQAB
0 _2 s) I$ r4 M' r4 _' C-----END PUBLIC KEY-----
/ P4 u! I [! ^) E! y从上面的信息我们可以看出Unaccepted Keys:存放路径为:/etc/salt/pki/master/minions_pre# Y# F% o& ~( j4 a+ A
[root@salt-master salt]# salt-key -A -y #添加salt-key
& G Q4 @& `* K, rThe following keys are going to be accepted:- U, K1 D) x. x- w2 p g
Unaccepted Keys:- I2 U* V U" U' O( e( E
salt-minion-01; E3 Y9 J0 y8 o! c5 ]4 E
salt-minion-02 V Y# V/ Z5 ]& i( s4 ?
Key for minion salt-minion-01 accepted.
( r, B l3 r$ E0 d) N- d' EKey for minion salt-minion-02 accepted.
- } r" i( M9 k7 o[root@salt-master salt]# salt-key -L #查看salt-key
; y5 T* {' A/ ?& j4 B, O$ r) IAccepted Keys:4 a& R9 q8 P q6 c( L' f
salt-minion-01
% K; j; U# b! S- Z Ssalt-minion-02
I) k3 C6 Q5 u/ t: ]. GDenied Keys:
* T( G* B- w7 B; f9 J% z% YUnaccepted Keys:7 |7 a3 g G/ i+ t- |" p
Rejected Keys:
- B* ^. e& x1 V3 G9 S3 ^[root@salt-master salt]# salt salt-minion* test.ping #简单测试; j1 Y2 V, P5 h9 ~# m
salt-minion-01:) @/ O0 G0 X, M2 |7 u+ C& e
True- K+ t! N6 }* v* Y* |1 A+ c
salt-minion-02:
( S' c! c$ k4 l* W* U q2 O4 x+ u/ I% D True
- m7 }- F( h7 ?' R! A0 T1 _[root@salt-master salt]# salt salt-minion* cmd.run 'uname -r' #运行linux命令
1 b, [# P! T; c( N. f/ Csalt-minion-01:' f& t0 D1 z8 J$ M* u8 b+ x4 {
3.10.0-327.el7.x86_646 r4 ~/ @- V+ L% z- y3 @: h
salt-minion-02:4 }8 b4 [. n( v8 P) Q+ f
3.10.0-327.el7.x86_64
; _3 [* j1 c6 ?" }: v! ]% @" A8 q, S: B$ P. ]( k) }
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2017-12-25 19:03:12
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜