CentOS7.2系统环境中安装saltstack详细配置过程

admin

前期环境配置
% S, d8 P- l" d7 h6 dsalt-master                 192.168.1.131
salt-minion-01                192.168.1.132
salt-minion-02                192.168.1.133
#1、salt-master的配置安装准备工作
2 E! b2 p6 o+ S- p5 H#1.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
% s+ O) s* X9 @, k2 q/ n[root@salt-master ~]# cat /etc/redhat-release
0 }+ m- ?+ \3 y3 k0 y, Y- PCentOS Linux release 7.2.1511 (Core)
[root@salt-master ~]# uname -r
3.10.0-327.el7.x86_64
[root@salt-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo

#1.2、安装epel-release和salt-master工具包
[root@salt-master ~]# yum install epel-release -y
[root@salt-master ~]# yum install salt-master -y

8 j4 a# N; O) U#1.3、配置saltstack开机自启动服务
[root@salt-master ~]# systemctl enable salt-master.service
+ g* `/ ~; [+ f4 N6 p
#1.4、启动saltstack master 服务
7 o7 x2 k; J4 N, z. G  J[root@salt-master ~]# systemctl start salt-master.service

7 x1 K; h! m6 N- O* D" Q& w#1.5、检查saltstack端口及进程的运行状态，其中4505是saltstack管理服务器发送命令消息的端口，4506是消息返回时所用的端口。saltstack一般是会启动多个进程来进行不同工作的。
[root@salt-master ~]# netstat -tunlp | grep python
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      17112/python        
tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      17134/python        
: y3 R7 P& N8 `( i
[root@salt-master ~]# ps aux | grep salt-master | grep -v grep
root     17102  0.0  2.6 315128 26912 ?        Ss   19:14   0:00 /usr/bin/python /usr/bin/salt-master
root     17111  0.6  2.7 402032 27468 ?        Sl   19:14   0:05 /usr/bin/python /usr/bin/salt-master
; B9 Z1 Q  Z4 `8 xroot     17112  0.0  2.2 397056 22644 ?        Sl   19:14   0:00 /usr/bin/python /usr/bin/salt-master
2 |# T& M) t' }root     17113  0.0  2.4 397056 24800 ?        Sl   19:14   0:00 /usr/bin/python /usr/bin/salt-master
5 q/ h; e$ l- ~& B: ]root     17114  0.0  2.1 315128 22048 ?        S    19:14   0:00 /usr/bin/python /usr/bin/salt-master
root     17119  0.3  3.0 1056872 30892 ?       Sl   19:14   0:02 /usr/bin/python /usr/bin/salt-master
root     17120  0.3  3.0 1056872 30872 ?       Sl   19:14   0:02 /usr/bin/python /usr/bin/salt-master
( F& ]; U/ D" J& p: s* b- ~, }2 r" wroot     17125  0.3  3.0 1056876 30904 ?       Sl   19:14   0:02 /usr/bin/python /usr/bin/salt-master
' V/ ?& |7 N0 j: r0 g$ Jroot     17128  0.2  3.0 1056880 30904 ?       Sl   19:14   0:02 /usr/bin/python /usr/bin/salt-master
; p* ]/ M9 t% }2 ^6 u, X2 I. M( Lroot     17133  0.3  3.0 1056880 30852 ?       Sl   19:14   0:02 /usr/bin/python /usr/bin/salt-master
9 j' ^5 V& J8 w0 Rroot     17134  0.0  2.2 691984 22600 ?        Sl   19:14   0:00 /usr/bin/python /usr/bin/salt-master

( z4 k0 _% B# h6 k0 ~' D#1.6、关闭防火墙
, K' Q& S- O( D0 ]9 l1 k[root@salt-master ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@salt-master ~]# systemctl stop firewalld.service
/ X+ d4 h, ]# T) i: A' [
#1.7、修改selinux为Permissive模式
[root@salt-master ~]# setenforce 0
2 ]# _# G/ h) J, q9 x9 G" O[root@salt-master ~]# getenforce
Permissive


5 i. R" A' x; U: h9 v) L( }, F#2、salt-minion的配置安装
#2.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
0 C* X4 c+ k# V: }[root@salt-minion-01 ~]# cat /etc/redhat-release
9 m* M0 T+ D  A6 ^" L! Q7 SCentOS Linux release 7.2.1511 (Core)
6 A2 [" f+ z7 T& F: Q3 n' U$ N[root@salt-minion-01 ~]# uname -r
3.10.0-327.el7.x86_64
5 V3 N0 c- ~8 L+ \& f9 `/ f[root@salt-master ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

- x' ^. k. ^% L$ K$ c8 R% g6 f4 `#2.2、安装epel-release工具包和salt-minion客户端
[root@salt-minion-01 ~]# yum install epel-release -y
$ m/ \# x% s' F( S& e. i3 k[root@salt-minion-01 ~]# yum install salt-minion -y

#2.3、在minion端配置master的ip地址
#master: salt
master: 192.168.1.131

: E7 ?+ b$ b, ~. X#2.4、配置开机minion开启自启动服务
[root@salt-minion-01 ~]# systemctl enable salt-minion.service
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
8 B. K9 c6 o1 _8 s: q6 ^, \# z
#2.5、启动salt-minion服务
[root@salt-minion-01 ~]# systemctl start salt-minion.service

6 g4 ?& N" X- B$ e  o1 P: }#2.6、关闭防火墙服务
- v) c2 r: \: K0 s, l- O2 t[root@salt-minion-01 salt]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
! v! W9 m  x) l0 eRemoved symlink /etc/systemd/system/basic.target.wants/firewalld.service.
: ]' `& A! ~7 S[root@salt-minion-01 salt]# systemctl stop firewalld.service

#2.7、查看salt-minion进程的启动状况
. X; m9 @  {" d& K1 Z6 r[root@salt-minion-01 salt]# ps -ef | grep salt | grep -v grep
root     16674     1  0 20:41 ?        00:00:01 /usr/bin/python /usr/bin/salt-minion
root     16677 16674  1 20:41 ?        00:00:07 /usr/bin/python /usr/bin/salt-minion

/ {) L0 z; s! l0 ^7 W5 |/ j7 d#2.8、同理配置salt-minion-02客户机检查其启动状态
[root@salt-minion-02 ~]# ps -ef | grep salt
! i! E0 |3 U7 j* \% Xroot     16711     1  7 20:50 ?        00:00:02 /usr/bin/python /usr/bin/salt-minion
4 K; y! q$ Z: {" `root     16714 16711 16 20:50 ?        00:00:04 /usr/bin/python /usr/bin/salt-minion
root     16746  2941  0 20:50 pts/0    00:00:00 grep --color=auto salt


3 [0 z% I  _. F* U" @3、saltstack的具体操作
# p9 q, D. S5 {[root@salt-master ~]# salt-key -L
2 y2 a% L, ]; Y) `" _Accepted Keys:
! ~; s& C; s, R. ADenied Keys:
$ S4 @# p; l) d1 ^, l4 V8 [Unaccepted Keys:
; K' U4 m) g  l) E& X6 gsalt-minion-01
salt-minion-02
, I0 j$ E$ W, m, f+ tRejected Keys:
[root@salt-master ~]# cd /etc/salt/pki/master/
[root@salt-master master]# cd minions_pre/
[root@salt-master minions_pre]# ls
3 l; J# |; x* T* o5 V' m" |+ D$ {salt-minion-01  salt-minion-02
[root@salt-master minions_pre]# cat salt-minion-0*
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o
; y& i' K. J/ hg5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG
T0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F
10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe
: e$ F  B9 I, D' ZRxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk
" \1 o& h2 v$ j8 j4 D5 Y- EwyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA
) G. s& I) H! Z6 c2 Q& M* IEwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH
deciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu
9 E- J! [" u. W* k! O) K5 wL0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+
vWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1
1 q/ T/ B/ a3 [" a2 o) al/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET
# q9 m) x2 O8 C8 v- LiGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO
2 D! H) Z7 Z9 \fQIDAQAB
5 P/ l# ^5 k: ^5 ~2 ^-----END PUBLIC KEY-----
从上面的信息我们可以看出Unaccepted Keys:存放路径为：/etc/salt/pki/master/minions_pre
[root@salt-master salt]# salt-key -A -y                      #添加salt-key
The following keys are going to be accepted:
6 O# B; N$ F% I7 d, F% rUnaccepted Keys:
. P4 h& y/ v) I/ O) ~# k$ wsalt-minion-01
salt-minion-02
Key for minion salt-minion-01 accepted.
  F9 T6 `0 Y5 r$ q1 t6 T) Z' rKey for minion salt-minion-02 accepted.
6 \; C0 Z5 v5 U; _% q& Y5 A6 q7 U[root@salt-master salt]# salt-key -L                                #查看salt-key
  {' S$ J1 W# J# @# c  O+ pAccepted Keys:
salt-minion-01
: s- x8 a- b+ j2 g) ?5 D8 Zsalt-minion-02
9 t3 A  _0 H, y& F/ |6 WDenied Keys:
% a3 G# x& r, f% UUnaccepted Keys:
4 y* u0 N+ T' g. u$ W7 W; BRejected Keys:
[root@salt-master salt]# salt salt-minion* test.ping        #简单测试
salt-minion-01:
    True
salt-minion-02:
    True
[root@salt-master salt]# salt salt-minion* cmd.run 'uname -r'        #运行linux命令
salt-minion-01:
    3.10.0-327.el7.x86_64
- B" y. ?" x0 ~6 Y9 [salt-minion-02:
    3.10.0-327.el7.x86_64
& E) I3 B- _( q9 r+ t+ W
1 O$ \  f: ?# E) L% _& N9 |& A