前期環境配置
salt-master 192.168.1.131
salt-minion-01 192.168.1.132
salt-minion-02 192.168.1.133
#1、salt-master的配置安裝準備工作
#1.1、查看CentOS的版本和其內核的版本及安裝配置阿里雲yum源
[root@salt-master ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@salt-master ~]# uname -r
3.10.0-327.el7.x86_64
[root@salt-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#1.2、安裝epel-release和salt-master工具包
[root@salt-master ~]# yum install epel-release -y
[root@salt-master ~]# yum install salt-master -y
#1.3、配置saltstack開機自啓動服務
[root@salt-master ~]# systemctl enable salt-master.service
#1.4、啓動saltstack master 服務
[root@salt-master ~]# systemctl start salt-master.service
#1.5、檢查saltstack端口及進程的運行狀態,其中4505是saltstack管理服務器發送命令消息的端口,4506是消息返回時所用的端口。saltstack一般是會啓動多個進程來進行不同工作的。
[root@salt-master ~]# netstat -tunlp | grep python
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17112/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17134/python
[root@salt-master ~]# ps aux | grep salt-master | grep -v grep
root 17102 0.0 2.6 315128 26912 ? Ss 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17111 0.6 2.7 402032 27468 ? Sl 19:14 0:05 /usr/bin/python /usr/bin/salt-master
root 17112 0.0 2.2 397056 22644 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17113 0.0 2.4 397056 24800 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17114 0.0 2.1 315128 22048 ? S 19:14 0:00 /usr/bin/python /usr/bin/salt-master
root 17119 0.3 3.0 1056872 30892 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17120 0.3 3.0 1056872 30872 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17125 0.3 3.0 1056876 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17128 0.2 3.0 1056880 30904 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17133 0.3 3.0 1056880 30852 ? Sl 19:14 0:02 /usr/bin/python /usr/bin/salt-master
root 17134 0.0 2.2 691984 22600 ? Sl 19:14 0:00 /usr/bin/python /usr/bin/salt-master
#1.6、關閉防火牆
[root@salt-master ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@salt-master ~]# systemctl stop firewalld.service
#1.7、修改selinux爲Permissive模式
[root@salt-master ~]# setenforce 0
[root@salt-master ~]# getenforce
Permissive
#2、salt-minion的配置安裝
#2.1、查看CentOS的版本和其內核的版本及安裝配置阿里雲yum源
[root@salt-minion-01 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@salt-minion-01 ~]# uname -r
3.10.0-327.el7.x86_64
[root@salt-master ~]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#2.2、安裝epel-release工具包和salt-minion客戶端
[root@salt-minion-01 ~]# yum install epel-release -y
[root@salt-minion-01 ~]# yum install salt-minion -y
#2.3、在minion端配置master的ip地址
#master: salt
master: 192.168.1.131
#2.4、配置開機minion開啓自啓動服務
[root@salt-minion-01 ~]# systemctl enable salt-minion.service
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
#2.5、啓動salt-minion服務
[root@salt-minion-01 ~]# systemctl start salt-minion.service
#2.6、關閉防火牆服務
[root@salt-minion-01 salt]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@salt-minion-01 salt]# systemctl stop firewalld.service
#2.7、查看salt-minion進程的啓動狀況
[root@salt-minion-01 salt]# ps -ef | grep salt | grep -v grep
root 16674 1 0 20:41 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion
root 16677 16674 1 20:41 ? 00:00:07 /usr/bin/python /usr/bin/salt-minion
#2.8、同理配置salt-minion-02客戶機檢查其啓動狀態
[root@salt-minion-02 ~]# ps -ef | grep salt
root 16711 1 7 20:50 ? 00:00:02 /usr/bin/python /usr/bin/salt-minion
root 16714 16711 16 20:50 ? 00:00:04 /usr/bin/python /usr/bin/salt-minion
root 16746 2941 0 20:50 pts/0 00:00:00 grep --color=auto salt
3、saltstack的具體操作
[root@salt-master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion-01
salt-minion-02
Rejected Keys:
[root@salt-master ~]# cd /etc/salt/pki/master/
[root@salt-master master]# cd minions_pre/
[root@salt-master minions_pre]# ls
salt-minion-01 salt-minion-02
[root@salt-master minions_pre]# cat salt-minion-0*
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewvRhV5yLakqJXn5q1o
g5kMKMs1fyvJVzXf5pIUgIVvXeh4R912sj5JhdVeQT8L7mdg/U0bV5vMhulJvgbG
T0Ro8tIbPIeAXgpiJm8CwOchiMpW8C1zK2vc07z/W6sOl9eEt56CBhcvcGgFP++F
10h9nQKoXYMne9QEqab92un5OwW1rH5nA6iEk+0BIjDucHIVHiNfWAy4mGE8EaMe
RxrXMtaxuIzdNdRZccOWuKfupMC29KsD5FQLxYv+dBbBDZeisO9iHzlWf93bvsjk
wyGO84W02AmguzsqTopY/5l+wvbXfiLJOlhTxXL9sHAxm5flrTj8TwVmembtdCAA
EwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvmGvnjrXw0KJ8VVlBH
deciexJTuNmfs3aLrxRiQLUkQvAst16FZQeRMKaFhScswlsJlBPHWZxg4kvq89iu
L0igEVBNe6u/Nhpn2OHBWHs1n3OzhslTsZUGBvSUVP8bXXXlGeT+KoGoV6FdupY+
vWbkE2F93pDqFrZ82MgNuHn98uA/rHTWemJ6OPwuE+pFdY3gFQsRRZ7vORC20dJ1
l/BUqB11+h9eN9/Qd2EZYw5sPSlvK7mXIQA8xoNcuciRsZHpQbsNCEcsjRh2f3ET
iGYZbKWhfkRvNEO0MGFeCyNcmmKmezvUhofKgulg1A4fi8G3PF6t3D/nAL7m8MmO
fQIDAQAB
-----END PUBLIC KEY-----
從上面的信息我們可以看出Unaccepted Keys:存放路徑爲:/etc/salt/pki/master/minions_pre
[root@salt-master salt]# salt-key -A -y #添加salt-key
The following keys are going to be accepted:
Unaccepted Keys:
salt-minion-01
salt-minion-02
Key for minion salt-minion-01 accepted.
Key for minion salt-minion-02 accepted.
[root@salt-master salt]# salt-key -L #查看salt-key
Accepted Keys:
salt-minion-01
salt-minion-02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@salt-master salt]# salt salt-minion* test.ping #簡單測試
salt-minion-01:
True
salt-minion-02:
True
[root@salt-master salt]# salt salt-minion* cmd.run 'uname -r' #運行linux命令
salt-minion-01:
3.10.0-327.el7.x86_64
salt-minion-02:
3.10.0-327.el7.x86_64