自动化运维工具 Saltstack安装配置

Saltstack是基于Python 开发的C/S 架构的自动化运维工具，包含服务端 master 和客户端 minions 。Saltstack可以实现远程命令执行，配置管理（服务，文件，cron，用户，组），云管理。

安装配置

一、 rhel7.2 x86_64bit 平台

主机环境：

master：192.168.0.151 lockey151
slaver：192.168.0.41 lockey41

1、软件安装
首先配置一下yum源

[saltstack-repo]
name=SaltStack repo for Red Hat Enterprise Linux $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
       https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7

2. 服务端安装

[root@lockey151 ~]# yum install salt-master salt-minion salt-ssh salt-syndic salt-cloud -y

3. 客户端安装

[root@lockey41 ~]# yum install salt-minion salt-ssh salt-syndic salt-cloud -y

4. 配置
服务端和客户端都要配置 master

# vim /etc/salt/minion                   //在第16行添加，冒号后有一个空格
master: 192.168.0.151

5. 启动服务

master

6. 测试 saltstack （接下来都在 salt-master 端操作）

查看 minion 列表

[root@lockey151 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
lockey151
lockey41
Rejected Keys:

认证所有 key，当然你也可以通过
salt-key -a saltstack-minion 指定某台 minion 进行认证 key

[root@lockey151 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
lockey151
lockey41
Proceed? [n/Y] y
Key for minion lockey151 accepted.
Key for minion lockey41 accepted.
[root@lockey151 salt]# salt-key -L
Accepted Keys:
lockey151
lockey41
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@lockey151 salt]# 

简单测试（通过 saltstack-master 进行检测）

[root@lockey151 salt]# salt lockey41 test.ping
lockey41:
    True
[root@lockey151 salt]# 

二、 rhel6.5 x86_64bit 平台

主机环境：

master：172.25.5.91 rhel65-lockey1
slaver：172.25.5.92 rhel65-lockey2

1. 首先配置yum源（可以联网情况下），也可以搭建本地仓库，所需rpm包本人已经上传到资源页面，可以下载下来直接使用，贴上本人的yum配置

[salt]
name=salt stack
baseurl=ftp://172.25.0.250/pub/docs/saltstack/rhel6
gpgcheck=0

2. yum安装

master：yum install salt-master -y
minion：yum install salt-minion -y

3. 修改minion的master指向

[root@rhel65-lockey2 minion]# cat /etc/salt/minion | grep 172.25.5.91
master: 172.25.5.91

4. 启动master与minion然后查看端口:

[root@rhel65-lockey1 master]# netstat -anltp | grep 50775
tcp        0      0 172.25.5.91:4505            172.25.5.92:50775           ESTABLISHED 1501/python2.6      


[root@rhel65-lockey2 minion]# netstat -anltp | grep 50775
tcp        0      0 172.25.5.92:50775           172.25.5.91:4505            ESTABLISHED 1872/python2.6  

5.添加minion的认证

[root@rhel65-lockey1 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
rhel65-lockey2
Rejected Keys:
[root@rhel65-lockey1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
rhel65-lockey2
Proceed? [n/Y] y
Key for minion rhel65-lockey2 accepted.
[root@rhel65-lockey1 salt]# salt-key -L
Accepted Keys:
rhel65-lockey2
Denied Keys:
Unaccepted Keys:
Rejected Keys:

6 .认证结果检验(检验两端认证key是否一致md5sum)

master

[root@rhel65-lockey1 master]# pwd
/etc/salt/pki/master
[root@rhel65-lockey1 master]# ls
master.pem  master.pub  minions  minions_autosign  minions_denied  minions_pre  minions_rejected
[root@rhel65-lockey1 master]# md5sum master.pub 
e5f2e5041208683d3f8dcfd77e881c95  master.pub

minion

[root@rhel65-lockey2 pki]# tree
.
├── master
└── minion
    ├── minion_master.pub
    ├── minion.pem
    └── minion.pub

2 directories, 3 files
[root@rhel65-lockey2 pki]# cd minion/
[root@rhel65-lockey2 minion]# ls
minion_master.pub  minion.pem  minion.pub
[root@rhel65-lockey2 minion]# md5sum minion_master.pub 
e5f2e5041208683d3f8dcfd77e881c95  minion_master.pub
[root@rhel65-lockey2 minion]# pwd
/etc/salt/pki/minion

7. 测试(master端)

[root@rhel65-lockey1 master]# salt rhel65-lockey2 test.ping
rhel65-lockey2:
    True
[root@rhel65-lockey1 master]# salt rhel65-lockey2 cmd.run 'df -h'
rhel65-lockey2:
    Filesystem                    Size  Used Avail Use% Mounted on
    /dev/mapper/VolGroup-lv_root   18G  2.1G   15G  13% /
    tmpfs                         499M   32K  499M   1% /dev/shm
    /dev/sda1                     485M   34M  426M   8% /boot

[root@rhel65-lockey1 master]# salt rhel65-lockey2 cmd.run 'cat /proc/version'
rhel65-lockey2:
    Linux version 2.6.32-431.el6.x86_64 (mockbuild@x86-023.build.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Sun Nov 10 22:19:54 EST 2013

查看linux系统的版本信息的方法

cat /proc/version
uname -a
lsb_release -a
cat /etc/redhat-release
cat /etc/issue

示例：

[root@rhel65-lockey1 master]# lsb_release -a
LSB Version:    :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer
Description:    Red Hat Enterprise Linux Server release 6.5 (Santiago)
Release:    6.5
Codename:   Santiago
[root@rhel65-lockey1 master]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)
[root@rhel65-lockey1 master]# cat /etc/issue
Red Hat Enterprise Linux Server release 6.5 (Santiago)
Kernel \r on an \m

[root@rhel65-lockey1 master]# uname -a
Linux rhel65-lockey1 2.6.32-431.el6.x86_64 #1 SMP Sun Nov 10 22:19:54 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@rhel65-lockey1 master]# cat /proc/version
Linux version 2.6.32-431.el6.x86_64 (mockbuild@x86-023.build.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Sun Nov 10 22:19:54 EST 2013
[root@rhel65-lockey1 master]#