1.安装服务:
【server1】
[root@server1 yum.repos.d]# yum install salt-master-*
[root@server1 salt]# ls
cloud cloud.maps.d master minion.d proxy.d
cloud.conf.d cloud.profiles.d master.d pki roster
cloud.deploy.d cloud.providers.d minion proxy
[root@server1 salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
【server2】
[root@server2 yum.repos.d]# yum install -y salt-minion
[root@server2 yum.repos.d]# cd /etc/salt/
[root@server2 salt]# ls
cloud cloud.maps.d master minion.d proxy.d
cloud.conf.d cloud.profiles.d master.d pki roster
cloud.deploy.d cloud.providers.d minion proxy
[root@server2 salt]# vim minion ##添加master主机
[root@server2 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server2 daemon: OK
2.发送密钥,建立免密连接:
[root@server1 salt]# salt-key -L ##可以看出server2在连接server1,但没有免密
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] y
Key for minion server2 accepted.
[root@server1 salt]# salt-key -L ##已经添加免密,server2可以正常连接
【测试】尝试远程执行ping命令
[root@server1 salt]# salt server2 test.ping
server2:
True ##成功
【测试】尝试远程查看server2主机名
[root@server1 salt]# salt server2 cmd.run hostname
server2:
server2
【测试】尝试远程查看server2的储存情况
[root@server1 salt]# salt server2 cmd.run 'df -h'
server2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 972M 17G 6% /
tmpfs 499M 16K 499M 1% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot
3.查看两台主机的md5码是否相同:
【server1】
[root@server1 master]# pwd
/etc/salt/pki/master
[root@server1 master]# md5sum master.pub
7ffc5c2240c6a4d4ff2c36917df1a606 master.pub
【server2】
[root@server2 minion]# pwd
/etc/salt/pki/minion
[root@server2 minion]# md5sum minion_master.pub
7ffc5c2240c6a4d4ff2c36917df1a606 minion_master.pub
4.查看server1连接的minions主机:
[root@server1 minions]# pwd
/etc/salt/pki/master/minions
[root@server1 minions]# ls
server2
[root@server1 minions]# cd ..
[root@server1 master]# tree .
.
├── master.pem
├── master.pub
├── minions
│ └── server2
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
5 directories, 3 files
5.查看服务端口是否打开:
【server1】
[root@server1 minions]# netstat -antlp
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 1128/python2.6
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 1135/python2.6
[root@server1 minions]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1128 root 16u IPv4 14015 0t0 TCP *:4505 (LISTEN)
salt-mast 1128 root 18u IPv4 19744 0t0 TCP server1:4505->server2:39131 (ESTABLISHED)
[root@server1 minions]# lsof -i :4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1135 root 24u IPv4 14026 0t0 TCP *:4506 (LISTEN)
【server2】
[root@server2 salt]# netstat -antlp
tcp 0 0 172.25.39.2:39131 172.25.39.1:4505 ESTABLISHED 2183/python2.6 ##server2只是做了一个连接
6.安装python环境:
[root@server1 minions]# yum install -y python-setproctitle.x86_64
[root@server1 minions]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
7.server1远程连接server2下载安装服务:
【1】编辑master端主配置文件
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
【2】编辑下载安装服务时的执行脚本:
[root@server1 salt]# mkdir /srv/salt
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# vim install.sls
安装httpd和php服务
[root@server1 salt]# mv httpd/ /srv/salt/
【3】在server1上执行脚本,连接server2进行下载安装:
[root@server1 salt]# salt server2 state.sls httpd.install
server2:
ID: apache-install
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: httpd, php
Started: 11:57:23.964641
Duration: 10997.3 ms
Changes:
测试:
说明server2上已经自动安装
[root@server2 salt]# rpm -q httpd
httpd-2.2.15-29.el6_4.x86_64
[root@server2 salt]# rpm -q php
php-5.3.3-26.el6.x86_64
【4】再次编辑脚本,让服务安装好后自动启动:
[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# ls
install.sls
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# salt server2 state.sls httpd.install ##执行脚本
测试:
查看进程:
3001 ? S 0:00 /usr/sbin/httpd
3002 ? S 0:00 /usr/sbin/httpd
3003 ? S 0:00 /usr/sbin/httpd
3010 pts/0 R+ 0:00 ps ax
查看端口:
[root@server2 salt]# netstat -antlp
tcp 0 0 :::80 :::* LISTEN 2987/httpd
【5】直接部署开机打开服务:
提前查看server2端httpd服务是否打开:
[root@server2 salt]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# salt server2 state.sls httpd.install
测试:server2查看开机自动启动:
[root@server2 salt]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
【6】自动更改httpd服务端口:
【server1】
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# ls
install.sls
[root@server1 httpd]# mkdir files
[root@server1 httpd]# cd files/
【server2】
[root@server2 salt]# ll /etc/httpd/conf/httpd.conf
-rw-r--r-- 1 root root 34418 Aug 2 2013 /etc/httpd/conf/httpd.conf
[root@server2 salt]# scp /etc/httpd/conf/httpd.conf server1:/srv/salt/httpd/files
ssh: connect to host server1 port 22: Network is unreachable
lost connection
[root@server2 salt]# scp /etc/httpd/conf/httpd.conf 172.25.39.1:/srv/salt/httpd/files
The authenticity of host '172.25.39.1 (172.25.39.1)' can't be established.
RSA key fingerprint is ce:b7:35:21:60:9f:f3:8d:f4:25:af:73:ad:ad:bc:ab.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.39.1' (RSA) to the list of known hosts.
root@172.25.39.1's password:
httpd.conf 100% 34KB 33.6KB/s 00:00
【server1】更改端口
[root@server1 files]# ll
total 36
-rw-r--r-- 1 root root 34418 Aug 17 12:34 httpd.conf
[root@server1 files]# vim httpd.conf
[root@server1 files]# salt server2 state.sls httpd.install
测试:【server2】查看httpd服务端口
[root@server2 salt]# netstat -antlp
tcp 0 0 :::8080 :::* LISTEN 2987/httpd