Saltstack是基于Python 开发的C/S 架构的自动化运维工具,包含服务端 master 和客户端 minions 。Saltstack可以实现远程命令执行,配置管理(服务,文件,cron,用户,组),云管理。
安装配置
一、 rhel7.2 x86_64bit 平台
主机环境:
master:192.168.0.151 lockey151
slaver:192.168.0.41 lockey41
1、软件安装
首先配置一下yum源
[saltstack-repo]
name=SaltStack repo for Red Hat Enterprise Linux $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7
2. 服务端安装
[root@lockey151 ~]# yum install salt-master salt-minion salt-ssh salt-syndic salt-cloud -y
3. 客户端安装
[root@lockey41 ~]# yum install salt-minion salt-ssh salt-syndic salt-cloud -y
4. 配置
服务端和客户端都要配置 master
# vim /etc/salt/minion //在第16行添加,冒号后有一个空格
master: 192.168.0.151
5. 启动服务
master
6. 测试 saltstack (接下来都在 salt-master 端操作)
查看 minion 列表
[root@lockey151 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
lockey151
lockey41
Rejected Keys:
认证所有 key,当然你也可以通过
salt-key -a saltstack-minion 指定某台 minion 进行认证 key
[root@lockey151 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
lockey151
lockey41
Proceed? [n/Y] y
Key for minion lockey151 accepted.
Key for minion lockey41 accepted.
[root@lockey151 salt]# salt-key -L
Accepted Keys:
lockey151
lockey41
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@lockey151 salt]#
简单测试(通过 saltstack-master 进行检测)
[root@lockey151 salt]# salt lockey41 test.ping
lockey41:
True
[root@lockey151 salt]#
二、 rhel6.5 x86_64bit 平台
主机环境:
master:172.25.5.91 rhel65-lockey1
slaver:172.25.5.92 rhel65-lockey2
1. 首先配置yum源(可以联网情况下),也可以搭建本地仓库,所需rpm包本人已经上传到资源页面,可以下载下来直接使用,贴上本人的yum配置
[salt]
name=salt stack
baseurl=ftp://172.25.0.250/pub/docs/saltstack/rhel6
gpgcheck=0
2. yum安装
master:yum install salt-master -y
minion:yum install salt-minion -y
3. 修改minion的master指向
[root@rhel65-lockey2 minion]# cat /etc/salt/minion | grep 172.25.5.91
master: 172.25.5.91
4. 启动master与minion然后查看端口:
[root@rhel65-lockey1 master]# netstat -anltp | grep 50775
tcp 0 0 172.25.5.91:4505 172.25.5.92:50775 ESTABLISHED 1501/python2.6
[root@rhel65-lockey2 minion]# netstat -anltp | grep 50775
tcp 0 0 172.25.5.92:50775 172.25.5.91:4505 ESTABLISHED 1872/python2.6
5.添加minion的认证
[root@rhel65-lockey1 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
rhel65-lockey2
Rejected Keys:
[root@rhel65-lockey1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
rhel65-lockey2
Proceed? [n/Y] y
Key for minion rhel65-lockey2 accepted.
[root@rhel65-lockey1 salt]# salt-key -L
Accepted Keys:
rhel65-lockey2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
6 .认证结果检验(检验两端认证key是否一致md5sum)
master
[root@rhel65-lockey1 master]# pwd
/etc/salt/pki/master
[root@rhel65-lockey1 master]# ls
master.pem master.pub minions minions_autosign minions_denied minions_pre minions_rejected
[root@rhel65-lockey1 master]# md5sum master.pub
e5f2e5041208683d3f8dcfd77e881c95 master.pub
minion
[root@rhel65-lockey2 pki]# tree
.
├── master
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
2 directories, 3 files
[root@rhel65-lockey2 pki]# cd minion/
[root@rhel65-lockey2 minion]# ls
minion_master.pub minion.pem minion.pub
[root@rhel65-lockey2 minion]# md5sum minion_master.pub
e5f2e5041208683d3f8dcfd77e881c95 minion_master.pub
[root@rhel65-lockey2 minion]# pwd
/etc/salt/pki/minion
7. 测试(master端)
[root@rhel65-lockey1 master]# salt rhel65-lockey2 test.ping
rhel65-lockey2:
True
[root@rhel65-lockey1 master]# salt rhel65-lockey2 cmd.run 'df -h'
rhel65-lockey2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 18G 2.1G 15G 13% /
tmpfs 499M 32K 499M 1% /dev/shm
/dev/sda1 485M 34M 426M 8% /boot
[root@rhel65-lockey1 master]# salt rhel65-lockey2 cmd.run 'cat /proc/version'
rhel65-lockey2:
Linux version 2.6.32-431.el6.x86_64 (mockbuild@x86-023.build.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Sun Nov 10 22:19:54 EST 2013
查看linux系统的版本信息的方法
cat /proc/version
uname -a
lsb_release -a
cat /etc/redhat-release
cat /etc/issue
示例:
[root@rhel65-lockey1 master]# lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 6.5 (Santiago)
Release: 6.5
Codename: Santiago
[root@rhel65-lockey1 master]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)
[root@rhel65-lockey1 master]# cat /etc/issue
Red Hat Enterprise Linux Server release 6.5 (Santiago)
Kernel \r on an \m
[root@rhel65-lockey1 master]# uname -a
Linux rhel65-lockey1 2.6.32-431.el6.x86_64 #1 SMP Sun Nov 10 22:19:54 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@rhel65-lockey1 master]# cat /proc/version
Linux version 2.6.32-431.el6.x86_64 (mockbuild@x86-023.build.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Sun Nov 10 22:19:54 EST 2013
[root@rhel65-lockey1 master]#