- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
前期环境配置. ~& h* B. ^4 {, R; u" r
salt-master 192.168.1.131* ]2 V" F6 u. e7 q
salt-minion-01 192.168.1.132
0 I+ G, s5 y+ n& ~: R6 Y3 P4 R$ qsalt-minion-02 192.168.1.1336 q1 Y }% A" x5 s$ }
#1、salt-master的配置安装准备工作- V3 w3 A8 T4 }0 p) J8 H" q0 L0 J" g
#1.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源' D( y; M. T+ Y8 I! J5 {
[root@salt-master ~]# cat /etc/redhat-release
5 u% s/ M3 b7 S, v6 @4 L5 w5 ]CentOS Linux release 7.2.1511 (Core) 5 w0 _' Q" A" I. c* {2 ?7 { {
[root@salt-master ~]# uname -r
4 s6 U) q9 y! c( \3.10.0-327.el7.x86_64
$ t: T* x' z b0 s/ {[root@salt-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo
0 S. p0 u0 | C/ W5 `6 A$ y* E# s+ S V8 B
#1.2、安装epel-release和salt-master工具包
7 h5 u, N3 _! c% h[root@salt-master ~]# yum install epel-release -y& w4 v% ]$ }1 X% R* o2 s) Y
[root@salt-master ~]# yum install salt-master -y
" x/ X/ K1 J# a7 Q$ O$ F" g o5 B5 p: R# O* Q0 H9 f4 O8 u+ Z
#1.3、配置saltstack开机自启动服务* A3 F7 \' ~4 q, G, J# D
[root@salt-master ~]# systemctl enable salt-master.service4 ~) I4 d. Q3 I* v, N; m7 O. e% ^& p
; [( V c+ m# F6 L2 U) o#1.4、启动saltstack master 服务
0 q* E% R, W* \/ F. T l# C1 M[root@salt-master ~]# systemctl start salt-master.service7 h( P* l& ^+ G# Q R- n/ R
2 z! f7 g: N2 ^# \6 k#1.5、检查saltstack端口及进程的运行状态,其中4505是saltstack管理服务器发送命令消息的端口,4506是消息返回时所用的端口。saltstack一般是会启动多个进程来进行不同工作的。" q k7 E! x' _0 ?8 F. q% t$ R! n3 K
[root@salt-master ~]# netstat -tunlp | grep python; {7 {8 z3 ?8 G2 M' { `
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17112/python ; ?( k! R( ^( T) I9 p
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17134/python
' m, [# c0 a) N$ U$ U& p
. I4 I3 W/ y. }& x& x& F K7 e, [7 P[root@salt-master ~]# ps aux | grep salt-master | grep -v grep
$ b# P4 R, v+ A2 L# r& _, t- [root 17102 0.0 2.6 315128 26912 ? Ss 19:14 0:00 /usr/bin/python /usr/bin/salt-master
) f6 I% z- r/ j, t) x$ H7 lroot 17111 0.6 2.7 402032 27468 ? Sl 19:14 0:05 /usr/bin/python /usr/bin/salt-master
. Z% x/ \: ^9 W& Z1 lroot 17112 0.0 2.2 397056 22644 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
/ _9 \ A6 D7 B6 wroot 17113 0.0 2.4 397056 24800 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
/ q0 }1 E& P7 E8 w6 O+ nroot 17114 0.0 2.1 315128 22048 ? S 19:14 0:00 /usr/bin/python /usr/bin/salt-master0 x: y, J' z3 I# x1 t/ I
root 17119 0.3 3.0 1056872 30892 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master+ k5 J7 j/ ]0 `
root 17120 0.3 3.0 1056872 30872 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
# K" J& M; G1 v- x3 broot 17125 0.3 3.0 1056876 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
, Y, T* Q8 j. F8 L# B4 V kroot 17128 0.2 3.0 1056880 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master# `) v8 L! ]* ]
root 17133 0.3 3.0 1056880 30852 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master/ {( ]0 M8 _3 u
root 17134 0.0 2.2 691984 22600 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master8 E% s3 ~+ ?, ?$ x& s! J1 w
L7 U; y. l& q3 _" e# H/ ?#1.6、关闭防火墙: `+ j# u& u" F' `$ M4 @
[root@salt-master ~]# systemctl disable firewalld.service
( C Z' z* ^3 L8 s9 @4 MRemoved symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
6 R1 n( E- J7 {: GRemoved symlink /etc/systemd/system/basic.target.wants/firewalld.service.+ I( ?7 R) t3 B% u2 s# r: D' Q
[root@salt-master ~]# systemctl stop firewalld.service
& {! ^ W7 S2 P8 F
* J4 v3 r2 _) V. C#1.7、修改selinux为Permissive模式
: @8 V7 L* M6 P2 l3 e# R[root@salt-master ~]# setenforce 0
; k4 r r/ S. `, `+ M- T" l9 x[root@salt-master ~]# getenforce
; }8 E+ K4 a0 y4 k1 ZPermissive! _, \( u4 P4 }# K4 c5 I
. e/ v; g% K; \1 w6 _: }
7 P& l; g2 J. T; o, n: w8 d#2、salt-minion的配置安装+ Y: b, {" v( M) x) N/ @7 f, y
#2.1、查看CentOS的版本和其内核的版本及安装配置阿里云yum源
0 S v5 u: q# c" }) r9 O[root@salt-minion-01 ~]# cat /etc/redhat-release
) C4 [" f( ?& O+ NCentOS Linux release 7.2.1511 (Core)
+ x8 T3 K7 e9 ?0 A ~[root@salt-minion-01 ~]# uname -r
4 n; m" h/ C- q% I$ M9 ?8 R3.10.0-327.el7.x86_64- i6 ~* L) x- V" \2 G
[root@salt-master ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo. t: r$ E# \) |$ l- C0 D
3 t9 r$ Z ` f# Y3 f6 P0 A
#2.2、安装epel-release工具包和salt-minion客户端
5 m# _* L3 O+ a; a- d[root@salt-minion-01 ~]# yum install epel-release -y
% }+ E6 K" b: Z$ e[root@salt-minion-01 ~]# yum install salt-minion -y
% j+ ]7 R7 i" w ], `# a# v3 @- i/ h) [" J
#2.3、在minion端配置master的ip地址9 o7 R* f$ w7 Q: M9 c# \; U
#master: salt" a3 [+ ^5 P" C; I/ {
master: 192.168.1.131
% A' F0 @- u1 k9 b( S1 ~ F" E# @' m3 G8 g
#2.4、配置开机minion开启自启动服务
$ G0 k4 g+ W7 T4 {5 Z% j[root@salt-minion-01 ~]# systemctl enable salt-minion.service
' i8 ^" s7 y# P& y0 |Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.9 t# A& a3 n: ~8 ?4 M4 ]) m: F
9 R: g' x# b. J9 u0 G3 r2 N, v#2.5、启动salt-minion服务
% f$ P3 x4 V3 D. Q" O; c[root@salt-minion-01 ~]# systemctl start salt-minion.service$ C. ?+ ]- T( \) F
, }1 ^8 K: R0 d# ]- @! c* V
#2.6、关闭防火墙服务
% N! _; x G5 u6 u[root@salt-minion-01 salt]# systemctl disable firewalld.service
$ t2 ]# C3 X r- }# fRemoved symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
7 P0 C+ I- Y0 [* }/ N uRemoved symlink /etc/systemd/system/basic.target.wants/firewalld.service.
. k+ y3 S' t$ }7 ?0 C1 b[root@salt-minion-01 salt]# systemctl stop firewalld.service
$ i) C" O: H0 Q4 M# J( m6 |% G4 O/ D
) K+ f8 M0 G7 q9 N9 F6 ]1 }#2.7、查看salt-minion进程的启动状况
6 C" s9 M1 m& P[root@salt-minion-01 salt]# ps -ef | grep salt | grep -v grep6 Q- } h5 F) Q* A p
root 16674 1 0 20:41 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion/ m8 z6 w- s) z. e' o
root 16677 16674 1 20:41 ? 00:00:07 /usr/bin/python /usr/bin/salt-minion: F! R) [! F; c6 k
9 B5 l# r. q0 k/ J- y+ J#2.8、同理配置salt-minion-02客户机检查其启动状态
$ G2 B1 N" n# D/ b2 Q( v[root@salt-minion-02 ~]# ps -ef | grep salt% m6 ^. h( |) v" }3 { h
root 16711 1 7 20:50 ? 00:00:02 /usr/bin/python /usr/bin/salt-minion
# O; d* i! v0 m' |: groot 16714 16711 16 20:50 ? 00:00:04 /usr/bin/python /usr/bin/salt-minion
5 d" ~, m7 R! k$ e: g* x p6 v8 [root 16746 2941 0 20:50 pts/0 00:00:00 grep --color=auto salt
0 ?& ]! @) I5 I. ?
& S& E# |4 @1 b7 t' ~* u3 h2 ^5 f5 T2 ?4 r" U2 d; G5 I$ J
3、saltstack的具体操作
: ?, ?/ z' p' z) }# p( t[root@salt-master ~]# salt-key -L
5 X: C% q$ G/ ~" o4 ^+ yAccepted Keys:
9 L7 i3 e7 ~ d; NDenied Keys:
' |$ ]+ \* Q" `1 [, B, {& |& H% I& e$ `Unaccepted Keys:
, {7 m6 g) V1 C5 M' ^/ Vsalt-minion-01- U2 V* h j3 m
salt-minion-02
& p9 b3 E3 l; h0 X2 S: J6 ]- [2 NRejected Keys:: l! P$ N( G. A( G9 X
[root@salt-master ~]# cd /etc/salt/pki/master/) O Y1 n2 R6 ]% r; P1 T
[root@salt-master master]# cd minions_pre/* R1 F: z* A2 [9 R# H6 B
[root@salt-master minions_pre]# ls4 F, Q) g9 ~( S
salt-minion-01 salt-minion-02
- r, G# |& I% {$ e" {8 Y[root@salt-master minions_pre]# cat salt-minion-0*9 L4 E. E* k) p
-----BEGIN PUBLIC KEY-----
8 N) \8 Z- |4 w6 `- ]* WMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o" ~9 { j, H2 P# y
g5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG! S- C3 ~4 O2 S X2 m* V
T0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F
$ q. L/ P( t3 r+ @% R9 m4 a10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe/ n: ^: @7 ^. K) F( T% t# N# u" b7 z
RxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk! n; c( z+ C k% U2 `7 K# U$ b4 K
wyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA
4 s1 L* S; c" x3 X+ }3 g, j+ c' XEwIDAQAB L" |0 s7 [* {
-----END PUBLIC KEY-----
3 d' B Q h# ~" ~: c-----BEGIN PUBLIC KEY-----! k9 ]1 _0 F* f9 z% X. r& ^7 K
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH a& X; R+ B/ \8 e" \
deciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu
1 g5 F: E7 Z2 c6 M4 c) v! [L0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+
1 B: @3 ~) F. G2 _) svWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1$ h J6 a- x8 p# L* m [
l/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET: a! i3 ~ B6 |) }# @3 U
iGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO" ^5 p0 O, t6 e! z; n9 H+ e
fQIDAQAB+ K1 v% ^, k2 h6 v
-----END PUBLIC KEY-----
1 m" X' ?2 o" a2 _: l从上面的信息我们可以看出Unaccepted Keys:存放路径为:/etc/salt/pki/master/minions_pre$ z3 U3 q9 A& K$ U
[root@salt-master salt]# salt-key -A -y #添加salt-key
( z: K& w$ a* E. u' mThe following keys are going to be accepted:
8 ?6 |0 c' F3 e( f( j' _9 JUnaccepted Keys:
* w3 d) ]% M4 K! v) `salt-minion-01
) l2 @ u, j$ a' P! Ksalt-minion-02
& D: l/ l% t! ?Key for minion salt-minion-01 accepted.
- I7 _0 f9 O3 N" m. T& o2 |3 YKey for minion salt-minion-02 accepted./ z* S. B0 t! I( M' {
[root@salt-master salt]# salt-key -L #查看salt-key
4 |1 c2 c4 v9 s2 o/ jAccepted Keys:
4 A4 R1 T# f* ^! ]5 v0 zsalt-minion-01; I* r6 Y9 c0 K# {0 @8 `$ ^
salt-minion-02
. w( ]* }5 |8 z. F6 W; r. F6 [Denied Keys:
0 a( M2 J( @& S* F3 {6 S; uUnaccepted Keys:
/ n& N* d, j( ]: z. KRejected Keys:
+ b4 E, f# B5 |" N[root@salt-master salt]# salt salt-minion* test.ping #简单测试8 o) u! v' w& h+ O" i& Z
salt-minion-01:
- ~0 U. S4 K5 E2 F True4 J9 [3 u+ _0 Y. B: Y# @( u
salt-minion-02:
8 |6 v- [8 b. l5 e& ~7 K3 n True
# ~% ] \* ^) S u6 g. _& Q; q% _4 \[root@salt-master salt]# salt salt-minion* cmd.run 'uname -r' #运行linux命令
* a. Z F* H: L( ]9 `4 E/ u/ Z& Zsalt-minion-01:
6 A6 l( S3 G6 q/ w9 Y% g/ d 3.10.0-327.el7.x86_643 m2 R7 w3 i! |0 H' s
salt-minion-02:
8 Y/ c3 a0 g, s; B: _/ f* s" r 3.10.0-327.el7.x86_64
0 ]2 a5 u5 L- S5 ]" L- [8 ?! K1 U) X }, ^
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2017-12-25 19:03:12
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜