saltstack常用网址:

官方网站:http://www.saltstack.com

官方文档:http://docs.saltstack.com

GitHub:http://github.com/saltstack

中国SaltStack用户组:http://www.saltstack.cn


saltstack运行方式:

local

mater/minion

salt ssh


saltstack三个功能:

远程执行

配置管理

云管理


master端:10.20.23.144

minion端:10.20.23.144   10.20.23.145


####所有主机名一定可以被解析,这里只列出了master端,minion端也一样###

[root@linux-node1 ~]# hostname

linux-node1

[root@linux-node1 ~]# ping linux-node1

PING linux-node1 (10.20.23.144) 56(84) bytes of data.

64 bytes from linux-node1 (10.20.23.144): icmp_seq=1 ttl=64 time=0.058 ms

64 bytes from linux-node1 (10.20.23.144): icmp_seq=2 ttl=64 time=0.034 ms

[root@linux-node1 ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.20.23.144 linux-node1

10.20.23.145 linux-node2



###服务端###

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install salt-master -y

chkconfig salt-master on

/etc/init.d/salt-master start


###客户端###

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install salt-minion -y

chkconfig salt-minion on

vim /etc/salt/minion

master: 10.20.23.144

##保存退出

/etc/init.d/salt-minion start



###服务端###

[root@linux-node1 salt]# lsof -i:4505

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 1107 root   12u  IPv4  12007      0t0  TCP *:4505 (LISTEN)

[root@linux-node1 salt]# lsof -i:4506

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 1126 root   20u  IPv4  12036      0t0  TCP *:4506 (LISTEN)


[root@linux-node1 ~]# salt-key

Accepted Keys:

Denied Keys:

Unaccepted Keys:

linux-node1

linux-node2

Rejected Keys:

[root@salt_master ~]# salt-key -A

The following keys are going to be accepted:

Unaccepted Keys:

linux-node1

linux-node2

Proceed? [n/Y] Y

Key for minion linux-node1 accepted.

[root@salt_master ~]# salt-key

Accepted Keys:

linux-node1

linux-node2

Denied Keys:

Unaccepted Keys:

Rejected Keys:


下面我们看下saltstack  minion端和master端的认证:

[root@salt_minion ~]# cd /etc/salt/

[root@salt_minion salt]# ll

总用量 36

-rw-r-----. 1 root root 26392 10月 23 00:37 minion

drwxr-xr-x. 2 root root  4096 10月 25 21:57 minion.d

drwxr-xr-x. 4 root root  4096 10月 22 23:19 pki

[root@salt_minion salt]# cd pki/

[root@salt_minion pki]# ls

master  minion

[root@salt_minion pki]# cd minion/

[root@salt_minion minion]# ll

总用量 12

-rw-r--r--. 1 root root  451 10月 25 21:57 minion_master.pub

-r--------. 1 root root 1679 10月 22 23:19 minion.pem

-rw-r--r--. 1 root root  451 10月 22 23:19 minion.pub

[root@salt_minion minion]# pwd

/etc/salt/pki/minion

###minion端在第一次启动时会在/etc/salt/pki/minion目录下生成两个key,一个私钥minion.pem,一个公钥minion.pub,会把公钥发给master


[root@salt_master states]# cd /etc/salt/

[root@salt_master salt]# ll

总用量 40

-rw-r-----. 1 root root 29435 10月 25 22:43 master

drwxr-xr-x. 3 root root  4096 10月 22 19:11 pki

drwxr-xr-x. 4 root root  4096 10月 25 23:19 states


[root@salt_master minions]# cat minion.saltstack.com 

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYHuuZiEwXQg9QFnoUOo

q8rQYLV8EZt2YgljEY8SUggJlN4Hp4gJQeTwGZASdpbh/sAaP8KH/zoxXa1cX+uf

qOObV8k7BY0Ug8NNPa5CByHgGbiAYPthQq7ASm8DZvAt3JAgBOVzwq6U8tle4u/i

vsR+uZ9X0oCZDH/dnuZG1qnaIPvRF+KYHPL1qGmIS1kfH8RizB1uXm2l6Kr1jMzN

nN+fjG5J1ofM/Ku4RcSud2IKXBLp6hrVjXgP1gddsgDFBd7VoClY2Ti3vA1EwpBL

ZoyIz1DuhP27pD4ZrxG7etx1ZsXGsy15gmteWQ09H/NQ1hvzRHpwuHAyvjaGGjNb

gwIDAQAB

-----END PUBLIC KEY-----

[root@salt_master minions]# pwd

/etc/salt/pki/master/minions


[root@salt_minion minion]# ll

总用量 12

-rw-r--r--. 1 root root  451 10月 25 21:57 minion_master.pub

-r--------. 1 root root 1679 10月 22 23:19 minion.pem

-rw-r--r--. 1 root root  451 10月 22 23:19 minion.pub

[root@salt_minion minion]# pwd

/etc/salt/pki/minion

[root@salt_minion minion]# cat minion.pub 

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYHuuZiEwXQg9QFnoUOo

q8rQYLV8EZt2YgljEY8SUggJlN4Hp4gJQeTwGZASdpbh/sAaP8KH/zoxXa1cX+uf

qOObV8k7BY0Ug8NNPa5CByHgGbiAYPthQq7ASm8DZvAt3JAgBOVzwq6U8tle4u/i

vsR+uZ9X0oCZDH/dnuZG1qnaIPvRF+KYHPL1qGmIS1kfH8RizB1uXm2l6Kr1jMzN

nN+fjG5J1ofM/Ku4RcSud2IKXBLp6hrVjXgP1gddsgDFBd7VoClY2Ti3vA1EwpBL

ZoyIz1DuhP27pD4ZrxG7etx1ZsXGsy15gmteWQ09H/NQ1hvzRHpwuHAyvjaGGjNb

gwIDAQAB

-----END PUBLIC KEY-----

###minion端的公钥会传递给master端,即minion.saltstack.com即为minion端传递过去的minion.pub 。



###master端公钥同时也会传递给minion端,即:

[root@salt_minion minion]# pwd

/etc/salt/pki/minion

[root@salt_minion minion]# cat minion_master.pub 

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS2k2LCyWaN4crvTziIH

vqpR47an/TPkzMMLLzZSfMcIED+2eYAAZ1HSO2HuifPrCuWaLIsV3iwL/gwPAfvF

kuwNyncz/mkJfCvB4ZupqTHKxWGlS3YM+uKxAT1pWMn44xMTK7OC22jsYfWpRYEY

feXYCmoLR7BRQi+1OaBSEoUSBkIkpGZDoHbucsKd9H2nUb+TmoDZDuxyZcs9CQPw

CCfRW6rl7a9iRgXbxZu0uwonon6xM2RL3bTDv9EdvO/N+pSYQEdkMGvrawxf8ThW

2mzdJVS+pxE1nL4gwpnVxxmoeEY4S41+tHVFwdZ5nhtxHtP+wdlHn5K+YQfxCZyM

sQIDAQAB

-----END PUBLIC KEY-----


[root@salt_master master]# ll

总用量 28

-r--------. 1 root root 1679 10月 22 19:11 master.pem

-rw-r--r--. 1 root root  451 10月 22 19:11 master.pub

drwxr-xr-x. 2 root root 4096 10月 25 21:57 minions

drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_autosign

drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_denied

drwxr-xr-x. 2 root root 4096 10月 25 21:57 minions_pre

drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_rejected

[root@salt_master master]# pwd

/etc/salt/pki/master

[root@salt_master master]# cat master.pub 

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS2k2LCyWaN4crvTziIH

vqpR47an/TPkzMMLLzZSfMcIED+2eYAAZ1HSO2HuifPrCuWaLIsV3iwL/gwPAfvF

kuwNyncz/mkJfCvB4ZupqTHKxWGlS3YM+uKxAT1pWMn44xMTK7OC22jsYfWpRYEY

feXYCmoLR7BRQi+1OaBSEoUSBkIkpGZDoHbucsKd9H2nUb+TmoDZDuxyZcs9CQPw

CCfRW6rl7a9iRgXbxZu0uwonon6xM2RL3bTDv9EdvO/N+pSYQEdkMGvrawxf8ThW

2mzdJVS+pxE1nL4gwpnVxxmoeEY4S41+tHVFwdZ5nhtxHtP+wdlHn5K+YQfxCZyM

sQIDAQAB

-----END PUBLIC KEY-----

###这样就实现了master端和minion端的认证###




[root@linux-node1 ~]# salt '*' test.ping

linux-node1:

True

linux-node2:

True

[root@linux-node1 ~]# salt '*' cmd.run 'uptime'

linux-node1:

21:48:22 up  2:49,  2 users,  load average: 0.00, 0.00, 0.00

linux-node2:

21:48:22 up  2:47,  1 user,  load average: 1.64, 1.56, 1.47


saltstack的配置管理:

salt-master端:

vim /etc/salt/master

416 file_roots:

417   base:

418     - /srv/salt

##保存退出


mkdir /srv/salt

/etc/init.d/salt-master restart


[root@linux-node1 ~]# cd /srv/salt

[root@linux-node1 salt]# vim apache.sls

apache-install:

pkg.installed:

- names:

- httpd

- httpd-devel

apache-service:

service.running:

- name: httpd

- enable: True

- reload: True


[root@linux-node1 salt]# salt '*' state.sls apache

##上条语句中的apache就是一个状态,,若是有多个状态呢 ??我们就可以使用高级状态salt '*' state.highstate,,高级状态有一个入口文件top.sls(必须放在base环境下),这个入口文件里写着这个机器有这些状态,,,那些机器有那些状态,,这样执行语句时就不用指定状态了,,直接写在top入口文件里即可。。