1.还原环境:
【server1】
[root@server1 _modules]# salt-key -L
Accepted Keys:
server1
server2
server3
server4
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server1 _modules]# salt-key -d server4
The following keys are going to be deleted:
Accepted Keys:
server4
Proceed? [N/y] y
Key for minion server4 deleteed.
【server4】
[root@server4 modules]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server4 daemon: OK
[root@server4 modules]# chkconfig salt-minion off
[root@server4 modules]# /etc/init.d/haproxy stop
Stopping haproxy: [ OK ]
2.在【server4】中建立服务:
[root@server4 modules]# yum install -y salt-master
[root@server4 modules]# cd /etc/salt/
[root@server4 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
[root@server4 salt]# vim master
[root@server4 salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
3.在【server1】中建立服务:
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# yum install -y salt-syndic
[root@server1 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
[root@server1 salt]# vim master
[root@server1 salt]# /etc/init.d/salt-master stop
Stopping salt-master daemon: [ OK ]
[root@server1 salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server1 salt]# /etc/init.d/salt-syndic start
Starting salt-syndic daemon: [ OK ]
4.在【server1】给【server4】打开服务发送连接后,【server4】里会有【server1】的连接请求,然后在【server4】发送密钥与【server1】建立免密连接:
5.当【server4】topmaster端与【server1】syndic发送指令时,它可以把命令告知master主机,主机在命令minion端,完成指令,这样可以把master横向扩展
6.ssh命令控制主机进行操作,此主机不需要下载任何命令与配置:
(1)【server3】关闭salt-minion服务,使【server1】与【server3】断开连接
[root@server3 ~]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server3 daemon: OK
(2)在【server1】建立服务:
[root@server1 salt]# yum install -y salt-ssh
(3)添加控制主机信息:
[root@server1 salt]# vim /etc/salt/roster
(4)测试:
[root@server1 salt]# salt-ssh '*' test.ping
[root@server1 salt]# salt-ssh '*' test.ping