saltstack常用网址:
官方网站:http://www.saltstack.com
官方文档:http://docs.saltstack.com
GitHub:http://github.com/saltstack
中国SaltStack用户组:http://www.saltstack.cn
saltstack运行方式:
local
mater/minion
salt ssh
saltstack三个功能:
远程执行
配置管理
云管理
master端:10.20.23.144
minion端:10.20.23.144 10.20.23.145
####所有主机名一定可以被解析,这里只列出了master端,minion端也一样###
[root@linux-node1 ~]# hostname
linux-node1
[root@linux-node1 ~]# ping linux-node1
PING linux-node1 (10.20.23.144) 56(84) bytes of data.
64 bytes from linux-node1 (10.20.23.144): icmp_seq=1 ttl=64 time=0.058 ms
64 bytes from linux-node1 (10.20.23.144): icmp_seq=2 ttl=64 time=0.034 ms
[root@linux-node1 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.20.23.144 linux-node1
10.20.23.145 linux-node2
###服务端###
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install salt-master -y
chkconfig salt-master on
/etc/init.d/salt-master start
###客户端###
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install salt-minion -y
chkconfig salt-minion on
vim /etc/salt/minion
master: 10.20.23.144
##保存退出
/etc/init.d/salt-minion start
###服务端###
[root@linux-node1 salt]# lsof -i:4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1107 root 12u IPv4 12007 0t0 TCP *:4505 (LISTEN)
[root@linux-node1 salt]# lsof -i:4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1126 root 20u IPv4 12036 0t0 TCP *:4506 (LISTEN)
[root@linux-node1 ~]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node1
linux-node2
Rejected Keys:
[root@salt_master ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1
linux-node2
Proceed? [n/Y] Y
Key for minion linux-node1 accepted.
[root@salt_master ~]# salt-key
Accepted Keys:
linux-node1
linux-node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
下面我们看下saltstack minion端和master端的认证:
[root@salt_minion ~]# cd /etc/salt/
[root@salt_minion salt]# ll
总用量 36
-rw-r-----. 1 root root 26392 10月 23 00:37 minion
drwxr-xr-x. 2 root root 4096 10月 25 21:57 minion.d
drwxr-xr-x. 4 root root 4096 10月 22 23:19 pki
[root@salt_minion salt]# cd pki/
[root@salt_minion pki]# ls
master minion
[root@salt_minion pki]# cd minion/
[root@salt_minion minion]# ll
总用量 12
-rw-r--r--. 1 root root 451 10月 25 21:57 minion_master.pub
-r--------. 1 root root 1679 10月 22 23:19 minion.pem
-rw-r--r--. 1 root root 451 10月 22 23:19 minion.pub
[root@salt_minion minion]# pwd
/etc/salt/pki/minion
###minion端在第一次启动时会在/etc/salt/pki/minion目录下生成两个key,一个私钥minion.pem,一个公钥minion.pub,会把公钥发给master
[root@salt_master states]# cd /etc/salt/
[root@salt_master salt]# ll
总用量 40
-rw-r-----. 1 root root 29435 10月 25 22:43 master
drwxr-xr-x. 3 root root 4096 10月 22 19:11 pki
drwxr-xr-x. 4 root root 4096 10月 25 23:19 states
[root@salt_master minions]# cat minion.saltstack.com
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYHuuZiEwXQg9QFnoUOo
q8rQYLV8EZt2YgljEY8SUggJlN4Hp4gJQeTwGZASdpbh/sAaP8KH/zoxXa1cX+uf
qOObV8k7BY0Ug8NNPa5CByHgGbiAYPthQq7ASm8DZvAt3JAgBOVzwq6U8tle4u/i
vsR+uZ9X0oCZDH/dnuZG1qnaIPvRF+KYHPL1qGmIS1kfH8RizB1uXm2l6Kr1jMzN
nN+fjG5J1ofM/Ku4RcSud2IKXBLp6hrVjXgP1gddsgDFBd7VoClY2Ti3vA1EwpBL
ZoyIz1DuhP27pD4ZrxG7etx1ZsXGsy15gmteWQ09H/NQ1hvzRHpwuHAyvjaGGjNb
gwIDAQAB
-----END PUBLIC KEY-----
[root@salt_master minions]# pwd
/etc/salt/pki/master/minions
[root@salt_minion minion]# ll
总用量 12
-rw-r--r--. 1 root root 451 10月 25 21:57 minion_master.pub
-r--------. 1 root root 1679 10月 22 23:19 minion.pem
-rw-r--r--. 1 root root 451 10月 22 23:19 minion.pub
[root@salt_minion minion]# pwd
/etc/salt/pki/minion
[root@salt_minion minion]# cat minion.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYHuuZiEwXQg9QFnoUOo
q8rQYLV8EZt2YgljEY8SUggJlN4Hp4gJQeTwGZASdpbh/sAaP8KH/zoxXa1cX+uf
qOObV8k7BY0Ug8NNPa5CByHgGbiAYPthQq7ASm8DZvAt3JAgBOVzwq6U8tle4u/i
vsR+uZ9X0oCZDH/dnuZG1qnaIPvRF+KYHPL1qGmIS1kfH8RizB1uXm2l6Kr1jMzN
nN+fjG5J1ofM/Ku4RcSud2IKXBLp6hrVjXgP1gddsgDFBd7VoClY2Ti3vA1EwpBL
ZoyIz1DuhP27pD4ZrxG7etx1ZsXGsy15gmteWQ09H/NQ1hvzRHpwuHAyvjaGGjNb
gwIDAQAB
-----END PUBLIC KEY-----
###minion端的公钥会传递给master端,即minion.saltstack.com即为minion端传递过去的minion.pub 。
###master端公钥同时也会传递给minion端,即:
[root@salt_minion minion]# pwd
/etc/salt/pki/minion
[root@salt_minion minion]# cat minion_master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS2k2LCyWaN4crvTziIH
vqpR47an/TPkzMMLLzZSfMcIED+2eYAAZ1HSO2HuifPrCuWaLIsV3iwL/gwPAfvF
kuwNyncz/mkJfCvB4ZupqTHKxWGlS3YM+uKxAT1pWMn44xMTK7OC22jsYfWpRYEY
feXYCmoLR7BRQi+1OaBSEoUSBkIkpGZDoHbucsKd9H2nUb+TmoDZDuxyZcs9CQPw
CCfRW6rl7a9iRgXbxZu0uwonon6xM2RL3bTDv9EdvO/N+pSYQEdkMGvrawxf8ThW
2mzdJVS+pxE1nL4gwpnVxxmoeEY4S41+tHVFwdZ5nhtxHtP+wdlHn5K+YQfxCZyM
sQIDAQAB
-----END PUBLIC KEY-----
[root@salt_master master]# ll
总用量 28
-r--------. 1 root root 1679 10月 22 19:11 master.pem
-rw-r--r--. 1 root root 451 10月 22 19:11 master.pub
drwxr-xr-x. 2 root root 4096 10月 25 21:57 minions
drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_autosign
drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_denied
drwxr-xr-x. 2 root root 4096 10月 25 21:57 minions_pre
drwxr-xr-x. 2 root root 4096 10月 22 19:11 minions_rejected
[root@salt_master master]# pwd
/etc/salt/pki/master
[root@salt_master master]# cat master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS2k2LCyWaN4crvTziIH
vqpR47an/TPkzMMLLzZSfMcIED+2eYAAZ1HSO2HuifPrCuWaLIsV3iwL/gwPAfvF
kuwNyncz/mkJfCvB4ZupqTHKxWGlS3YM+uKxAT1pWMn44xMTK7OC22jsYfWpRYEY
feXYCmoLR7BRQi+1OaBSEoUSBkIkpGZDoHbucsKd9H2nUb+TmoDZDuxyZcs9CQPw
CCfRW6rl7a9iRgXbxZu0uwonon6xM2RL3bTDv9EdvO/N+pSYQEdkMGvrawxf8ThW
2mzdJVS+pxE1nL4gwpnVxxmoeEY4S41+tHVFwdZ5nhtxHtP+wdlHn5K+YQfxCZyM
sQIDAQAB
-----END PUBLIC KEY-----
###这样就实现了master端和minion端的认证###
[root@linux-node1 ~]# salt '*' test.ping
linux-node1:
True
linux-node2:
True
[root@linux-node1 ~]# salt '*' cmd.run 'uptime'
linux-node1:
21:48:22 up 2:49, 2 users, load average: 0.00, 0.00, 0.00
linux-node2:
21:48:22 up 2:47, 1 user, load average: 1.64, 1.56, 1.47
saltstack的配置管理:
salt-master端:
vim /etc/salt/master
416 file_roots:
417 base:
418 - /srv/salt
##保存退出
mkdir /srv/salt
/etc/init.d/salt-master restart
[root@linux-node1 ~]# cd /srv/salt
[root@linux-node1 salt]# vim apache.sls
apache-install:
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
[root@linux-node1 salt]# salt '*' state.sls apache
##上条语句中的apache就是一个状态,,若是有多个状态呢 ??我们就可以使用高级状态salt '*' state.highstate,,高级状态有一个入口文件top.sls(必须放在base环境下),这个入口文件里写着这个机器有这些状态,,,那些机器有那些状态,,这样执行语句时就不用指定状态了,,直接写在top入口文件里即可。。