|
|
前期环境配置
8 D9 N% ~. _0 m9 I* F( @, Bsalt-master 192.168.1.131
, o/ x+ V4 [7 ]+ L0 U* isalt-minion-01 192.168.1.132
. P* Y7 ?) i% Csalt-minion-02 192.168.1.1335 |/ b% B: G& i8 G6 |& e. Q
#1、salt-master的配置安装准备工作( u$ {% |, J5 h
#1.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
' A% a. B5 J {8 s7 R7 A* y1 S5 [[root@salt-master ~]# cat /etc/redhat-release
3 R- f8 ^% q! H( j9 CCentOS Linux release 7.2.1511 (Core)
* |* B# \+ D$ Y4 C! d0 O- g[root@salt-master ~]# uname -r* M0 B, p+ n$ h$ ~ ?/ o
3.10.0-327.el7.x86_64; t- h7 N m' h
[root@salt-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo O2 O5 k; f' n0 w* I5 D1 H1 L& g
+ [: h$ s1 e" d7 T+ ]& P! U
#1.2、安装epel-release和salt-master工具包( a, X3 J5 P' |2 X5 {" T% ~
[root@salt-master ~]# yum install epel-release -y# E4 ~. x1 W& c: S4 n$ g2 `* O
[root@salt-master ~]# yum install salt-master -y
; e8 ?3 ]! @5 C9 p0 O/ z. q2 ?) s1 s) t `+ \" d3 X
#1.3、配置saltstack开机自启动服务
1 V# R& R$ V# W/ _[root@salt-master ~]# systemctl enable salt-master.service2 w: s% x* q1 s! @
P7 M2 \2 y F+ \& ^7 \8 s
#1.4、启动saltstack master 服务 1 {3 Y# a* s/ _; u, {
[root@salt-master ~]# systemctl start salt-master.service
4 U5 F7 B3 e- P. L9 s W
_8 `/ K# l- q% \+ p, T3 c7 a9 H#1.5、检查saltstack端口及进程的运行状态,其中4505是saltstack管理服务器发送命令消息的端口,4506是消息返回时所用的端口。saltstack一般是会启动多个进程来进行不同工作的。+ a3 |2 \7 P1 T% Y9 K, g8 f
[root@salt-master ~]# netstat -tunlp | grep python
" b, F! R' j2 f3 \- ptcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17112/python 6 W' q$ d6 k. x) U- J7 d( J* ?( P
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17134/python % }; {5 m) _9 l, n& H
) B' g% `8 F. d. b. Q3 M[root@salt-master ~]# ps aux | grep salt-master | grep -v grep
6 q9 R- f5 l* G) Groot 17102 0.0 2.6 315128 26912 ? Ss 19:14 0:00 /usr/bin/python /usr/bin/salt-master; S+ B1 X# W3 U. ]* r* b
root 17111 0.6 2.7 402032 27468 ? Sl 19:14 0:05 /usr/bin/python /usr/bin/salt-master* S! ^5 M( E; m; I/ H) d" y4 s
root 17112 0.0 2.2 397056 22644 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
& h4 ^7 R$ G" y& w; Q9 ]root 17113 0.0 2.4 397056 24800 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
3 P U1 w" B: broot 17114 0.0 2.1 315128 22048 ? S 19:14 0:00 /usr/bin/python /usr/bin/salt-master! B7 E' D; J; V
root 17119 0.3 3.0 1056872 30892 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master( k6 f6 @" J, i) E8 Q; V. F
root 17120 0.3 3.0 1056872 30872 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
: b* A8 ^, N9 r, M% uroot 17125 0.3 3.0 1056876 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
0 B/ p) o, ~( I" r( g+ [5 troot 17128 0.2 3.0 1056880 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master5 e" i- w& b+ f( X+ K9 Q# Y" T$ G
root 17133 0.3 3.0 1056880 30852 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
* S4 s/ }% N# u0 M* q# ^6 Yroot 17134 0.0 2.2 691984 22600 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
! ]. t6 ^" v0 A0 s% m+ B# g7 j1 G! Y7 M$ S6 ?* s. r+ |' h
#1.6、关闭防火墙
0 h, I" [- k a8 [9 q5 v8 J; ?[root@salt-master ~]# systemctl disable firewalld.service
G( C' [" m% pRemoved symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.$ }2 a2 _. _4 ^9 B# u
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
5 g4 \( B. I1 e. F[root@salt-master ~]# systemctl stop firewalld.service
9 J1 L; K1 q. g
% A5 z) @+ v) D#1.7、修改selinux为Permissive模式7 M: a9 | A8 Y$ O5 A2 I
[root@salt-master ~]# setenforce 0
8 L* W0 U- G5 D- }) U; Q[root@salt-master ~]# getenforce
Q6 N# p* |- ?" ePermissive2 P" `; V$ T d* y* }
V, t) }) m; h
4 u) C- O6 O: v/ R3 X, u1 N' A#2、salt-minion的配置安装
/ _4 H' e3 p. q; o#2.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
5 z! q! C) N: x7 G/ \[root@salt-minion-01 ~]# cat /etc/redhat-release
# V& ]/ w$ B7 o1 w( b @( _CentOS Linux release 7.2.1511 (Core) 3 `3 U. L6 i3 f. c M3 m7 o8 P
[root@salt-minion-01 ~]# uname -r
5 R9 H& b. W* X: z; H& G1 n% L. ~3.10.0-327.el7.x86_640 {8 `/ e$ { P+ \& y) I
[root@salt-master ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
# P* U1 M$ v, B7 u, t+ H B( o6 O, k" `- | E
#2.2、安装epel-release工具包和salt-minion客户端 D; @/ z* z3 Y9 ~6 H) B4 q
[root@salt-minion-01 ~]# yum install epel-release -y
' O) h6 l! l y3 D1 ^( n( s. }7 Z5 d[root@salt-minion-01 ~]# yum install salt-minion -y/ l* v! k" u( A( l/ V
* X1 e1 f9 w# Z' ^9 q/ s* ^6 N
#2.3、在minion端配置master的ip地址
! E; ]5 G/ [( d0 a, T#master: salt
5 G+ ~6 w3 L7 n* e: w' amaster: 192.168.1.131
1 V; W- }; x$ }6 ~
6 G8 x$ t* o9 q! ~$ `& A/ p#2.4、配置开机minion开启自启动服务2 l7 @& a+ u o6 s
[root@salt-minion-01 ~]# systemctl enable salt-minion.service ^6 _) L8 s; r$ S: |1 z! z
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.( @' @: ^$ a% m, X2 t4 i
* M. z) S, d; t" m# [#2.5、启动salt-minion服务! P* w/ b# ~% G( B2 g
[root@salt-minion-01 ~]# systemctl start salt-minion.service
, e# @. r' i( T$ S. c# I1 p
# J5 r: g2 A. x) _#2.6、关闭防火墙服务
3 f7 l, f5 o: F2 W2 ?' _9 w[root@salt-minion-01 salt]# systemctl disable firewalld.service
3 v8 g" d6 J1 u8 h* \Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
& V, y9 N9 g" ]: Q" M% MRemoved symlink /etc/systemd/system/basic.target.wants/firewalld.service.
. N, u9 {& Z/ |0 K$ k& |[root@salt-minion-01 salt]# systemctl stop firewalld.service
/ f8 ~. I4 P" U. S( }! R' A+ l. R5 {6 l/ p# S J% Q# X+ w* Q
#2.7、查看salt-minion进程的启动状况- A) G \ F* m" h5 E
[root@salt-minion-01 salt]# ps -ef | grep salt | grep -v grep* m1 G- p2 { q( {) s" o! c: p
root 16674 1 0 20:41 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion
- r4 X" e& g0 ?; P9 Qroot 16677 16674 1 20:41 ? 00:00:07 /usr/bin/python /usr/bin/salt-minion# d" J* x' A8 T5 ?( b( n3 y
6 z6 a( S% F8 j u! N
#2.8、同理配置salt-minion-02客户机检查其启动状态% J W5 U& e3 n8 b7 R
[root@salt-minion-02 ~]# ps -ef | grep salt0 ~( R' h& V) L4 F
root 16711 1 7 20:50 ? 00:00:02 /usr/bin/python /usr/bin/salt-minion& y9 ?8 I: ^2 c9 r& o
root 16714 16711 16 20:50 ? 00:00:04 /usr/bin/python /usr/bin/salt-minion5 b& B. G8 U' P: k3 q4 G& G, r
root 16746 2941 0 20:50 pts/0 00:00:00 grep --color=auto salt
5 @! K7 w+ s- t6 E7 v5 ^7 h$ d; G8 D1 ~# x* R1 `
' X0 `. R: q; ]6 e; }9 G
3、saltstack的具体操作
, N( l; |, X# Q! r/ d[root@salt-master ~]# salt-key -L
+ C$ a6 B- H6 oAccepted Keys:6 m4 U3 K, j1 b# |( G7 ]1 \
Denied Keys:
, q$ e( s. Z' Z) h/ u6 E+ GUnaccepted Keys:, y$ a {# q4 L# U7 l' r% F
salt-minion-010 k+ { V2 h2 K$ K3 ] ?, a5 I
salt-minion-02
) u6 y" d# p: Z: F( p. a& o/ yRejected Keys:/ h2 u' `8 t- R# R- Y; ?& u4 _
[root@salt-master ~]# cd /etc/salt/pki/master/4 K/ \" T6 c* _: @7 @
[root@salt-master master]# cd minions_pre/
+ O; M8 b3 F# F( X2 y[root@salt-master minions_pre]# ls7 B h6 }+ @3 \
salt-minion-01 salt-minion-02# {1 O. m# F7 Q+ H# N
[root@salt-master minions_pre]# cat salt-minion-0*: @' S0 N' w" q# B
-----BEGIN PUBLIC KEY-----
4 ?" h- U6 d) @& W" e$ l& C2 ?# W6 b2 mMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o
; S: l: M" l1 D- K: |g5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG. p/ k( N: t% C( B& l! P
T0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F# }$ G9 |* w' C: ~$ T) ~0 ]2 C
10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe7 S9 X B, g' r5 Z
RxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk
* Z4 u& u- V( }0 YwyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA
- w( A8 O5 P6 T7 p$ B; WEwIDAQAB C( @# x2 z s1 {3 u- }
-----END PUBLIC KEY-----
1 p3 ]$ o- ]# i7 @" r% y' q-----BEGIN PUBLIC KEY-----! o9 w1 _. E5 p& o0 F* j
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH( P) ~: t9 \1 A) L! V& M
deciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu8 i9 r7 g% ?! d# K. r
L0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+
8 `) a% W1 Z( \ I2 nvWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1+ Z; L6 {* M8 G+ l
l/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET
' w7 b! A0 S! ]( }# UiGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO
" \2 C; u: p$ w# sfQIDAQAB) q- H, N1 f3 o/ X. I* {1 x5 o# t
-----END PUBLIC KEY-----) `% C' ~2 D8 @# L8 ^4 n
从上面的信息我们可以看出Unaccepted Keys:存放路径为:/etc/salt/pki/master/minions_pre
0 J6 d" u* A' |. r# Y0 Z[root@salt-master salt]# salt-key -A -y #添加salt-key
0 z. l: |9 K! {/ A2 JThe following keys are going to be accepted:8 U) P' _7 o' p ^; C* ]: c" N
Unaccepted Keys:
6 K/ ]+ N/ H$ lsalt-minion-01
8 I: c, F. U' R b# n+ w/ ~salt-minion-02, t) C6 I7 }5 v
Key for minion salt-minion-01 accepted.
; Z( r0 B0 T$ e6 ~. BKey for minion salt-minion-02 accepted.
. r( |! m( @4 n7 l; N# S b[root@salt-master salt]# salt-key -L #查看salt-key6 z. ]+ Q; I s5 M& b
Accepted Keys:
/ [# |5 J/ W1 H' Lsalt-minion-014 O0 o# u- b# p5 O% e4 i6 X2 ]
salt-minion-02* p7 j' b; {9 V4 V
Denied Keys:4 i) F1 |. F% X7 @( R2 Q5 U' h
Unaccepted Keys:
+ n* F0 l! W# a' P6 k* w0 `- T+ n1 [Rejected Keys:9 U) _- O4 y ?6 a7 f. c5 y
[root@salt-master salt]# salt salt-minion* test.ping #简单测试6 U _ w/ I; B" w4 d
salt-minion-01:
5 G7 y% C2 z5 K l2 u) x* \ True8 C, V9 U& D* t% Q% s; e0 t2 ?
salt-minion-02:
1 F1 C1 R, G: I, u$ Q8 y- Q& U True
( e- [' d" d/ S: y: }* \+ V/ V[root@salt-master salt]# salt salt-minion* cmd.run 'uname -r' #运行linux命令
3 \: k( w" e% F3 J) Q# h X" wsalt-minion-01:
; l8 C" V9 M: l9 q" a# V6 H& c 3.10.0-327.el7.x86_64+ h# B3 A- _% ^4 |8 [4 b- f
salt-minion-02:
* s u6 S" Y8 E. W$ s/ v/ Z, x 3.10.0-327.el7.x86_64
4 I0 g* T( s1 Y L: d- A1 ]5 V# z. r; q9 c* b i
|
|
发表于 2017-12-25 19:03:12