一.實驗環境
| 角色 | IP地址 | 主機名稱 | 軟件包 |
| master | 192.168.43.108 | master.saltstack.com | epel-release、salt-master |
| minion | 192.168.43.109 | web01.saltstack.com | epel-release、salt-minion |
| minion | 192.168.43.110 | web02.saltstack.com | epel-release、salt-minion |
-
由於再master中的配置文件裏,管理minion組的主機名稱格式,如下:
二.部署Saltstack(master-minions)
- 基礎環境配置,三臺服務器都操作
#修改主機名
[root@localhost ~]# hostnamectl set-hostname master.saltstack.com
[root@localhost ~]# hostnamectl set-hostname web01.saltstack.com
[root@localhost ~]# hostnamectl set-hostname web02.saltstack.com
#編輯地址映射文件
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.43.108 master.saltstack.com
192.168.43.109 web01.saltstack.com
192.168.43.110 web02.saltstack.com
#關閉防火牆(或者情況防火牆規則),且關閉SElinux功能
systemctl stop firewalld
setenforce 0
##安裝epel源
yum install -y epel-release
部署master
- 安裝salt-master
yum install -y salt-master
- 編輯master的配置文件
[root@master ~]# cd /etc/salt/
[root@master salt]# ls
master
[root@master salt]# mv master master.bak #將原來的配置備份
[root@master salt]# vi master #創建新的master
interface: 192.168.43.108 ##監聽本機地址
auto_accept: True ##避免要運行saly-key來確定證書認證
file_roots: ##開啓saltstack文件根目錄位置,此目錄需要自行創建
base:
- /srv/salt
nodegroups: ##開啓組,設置組分類和成員
group1: 'web01.saltstack.com'
group2: 'web02.saltstack.com'
pillar_opts: True ##開啓pillar功能,同步文件
pillar_roots: ##開啓pillar主目錄,此目錄需要創建
base:
- /srv/pillar
- 創建所需目錄
[root@master ~]# cd /srv/
[root@master srv]# mkdir pillar
[root@master srv]# mkdir salt
[root@master srv]# ls
pillar salt
-
開啓salt-master服務
[root@master ~]# systemctl start salt-master.service
[root@master ~]# netstat -natp | egrep '4505|4506'
tcp 0 0 192.168.43.108:4505 0.0.0.0:* LISTEN 2065/python
tcp 0 0 192.168.43.108:4506 0.0.0.0:* LISTEN 2079/python
[root@master ~]#
部署minions
- 編輯minion主配置文件
##第一臺minion
vi /etc/salt/minion
master: 192.168.43.108 ##指定控制端的地址
id: web01.saltstack.com ##指定被控制端的主機名
//開啓服務
systemctl start salt-minion.service
##第二臺minion
vi /etc/salt/minion
master: 192.168.43.108 ##指定控制端的地址
id: web02.saltstack.com ##指定被控制端的主機名
//開啓服務
systemctl start salt-minion.service
控制端測試與被控端的通信狀態
- 查看通信狀態
[root@master ~]# salt '*' test.ping
web02.saltstack.com:
True
web01.saltstack.com:
True
[root@master ~]#
-
查看所有被管理端的內存使用情況
[root@master ~]# salt '*' cmd.run 'free -m'
web01.saltstack.com:
total used free shared buff/cache available
Mem: 976 292 115 7 568 472
Swap: 2045 0 2045
web02.saltstack.com:
total used free shared buff/cache available
Mem: 976 620 63 2 291 137
Swap: 2045 111 1934
[root@master ~]#
-
查看在master上被接受、拒絕的客戶端
[root@master ~]# salt-key
Accepted Keys:
web01.saltstack.com
web02.saltstack.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
-
查看被監控主機上的grains所有值,獲取靜態數據
[root@master ~]# salt 'web01.saltstack.com' grains.items
-
查看被監控主機上pillar的所有值,獲取動態數據
[root@master ~]# salt 'web01.saltstack.com' pillar.items
三.批量安裝Apache
- 在master上編輯Apache模板文件
[root@master ~]# cd /srv/salt/
[root@master salt]# ls
[root@master salt]# vi top.sls
base:
'*': ##表示在所有客戶端執行apache模塊
- apache
##base、dev表示開發環境
##test表示測試環境
##prod表示生成環境
[root@master salt]# vi apache.sls
apache-service: ##自定義的id名
pkg.installed: ##指定安裝包函數
- names: ##如果只有一個服務,可以寫成 -name: httpd
- httpd
- httpd-devel
service.running: ##服務啓動函數
- name: httpd
- enable: True ##確定開機啓動
- 重啓salt-master服務,使得salt識別上述模板
[root@master salt]# systemctl restart salt-master.service
[root@master salt]#
- 執行刷新state配置命令
[root@master salt]# salt '*' state.highstate
web02.saltstack.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 23:11:09.657630
Duration: 52341.81 ms
Changes:
----------
apr:
----------
new:
1.4.8-5.el7
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-93.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-93.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 23:12:02.010259
Duration: 22944.439 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-gssapi:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-md5:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-plain:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-scram:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
expat:
----------
new:
2.1.0-11.el7
old:
2.1.0-10.el7_3
expat-devel:
----------
new:
2.1.0-11.el7
old:
httpd-devel:
----------
new:
2.4.6-93.el7.centos
old:
libdb:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
libdb-devel:
----------
new:
5.3.21-25.el7
old:
libdb-utils:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-5.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 23:12:25.044275
Duration: 1406.362 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
web01.saltstack.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 23:11:10.144096
Duration: 50772.634 ms
Changes:
----------
apr:
----------
new:
1.4.8-5.el7
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-93.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-93.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 23:12:00.932459
Duration: 29261.523 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-gssapi:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-md5:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-plain:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-scram:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
expat:
----------
new:
2.1.0-11.el7
old:
2.1.0-10.el7_3
expat-devel:
----------
new:
2.1.0-11.el7
old:
httpd-devel:
----------
new:
2.4.6-93.el7.centos
old:
libdb:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
libdb-devel:
----------
new:
5.3.21-25.el7
old:
libdb-utils:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-5.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 23:12:30.213323
Duration: 1552.064 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
[root@master salt]#
- 在minions中查看是否安裝httpd服務
