Centos7 saltstack简介 服务部署

saltstack 简介

Saltstack使用Python开发，是一个非常简单易用和轻量级的管理工具。由Master和Minion构成，通过ZeroMQ进行通信,速度快

Saltstack的master端监听4505与4506端口，4505为salt的消息发布系统，4506为salt客户端与服务端通信的端口

salt客户端程序不监听端口，客户端启动后，会主动连接master端注册，然后一直保持该TCP连接，master通过这条TCP连接对客户端控制

部署服务

准备两台Centos7 虚拟机

关掉防火墙 setenforce

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0

获取saltstack源

[root@localhost ~]# yum -y install wget
[root@localhost ~]# wget -P /etc/yum.repos.d https://mirrors.aliyun.com/saltstack/yum/redhat/7.2/x86_64/saltstack-rhel7.repo

主服务操作

[root@localhost ~]# yum -y install salt-master salt-minion
[root@localhost ~]# vim /etc/salt/minion
master: 192.168.27.137  #改成本机ip
[root@localhost ~]# systemctl start salt-minion salt-master
[root@localhost ~]# netstat -nlput |egrep "4505|4506"
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      13645/python        
tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      13653/python        

客户端操作

[root@localhost ~]# yum -y install salt-minion
[root@localhost ~]# vim /etc/salt/minion
master: 192.168.27.137 服务端ip
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]# 

salt-key常用参数

• -a 添加指定ID 的key
• -A 添加全部
• -R 拒绝全部
• -d 删除指定ID的
• -D 删除全部
• -L 查询所有接收到的证书

指定查看认证

[root@localhost ~]# salt-key -a 192.168.27.138
The following keys are going to be accepted:
Unaccepted Keys:
192.168.27.138
Proceed? [n/Y] y
Key for minion 192.168.27.138 accepted.

[root@localhost ~]# salt-key -a 192.168.27.137
The following keys are going to be accepted:
Unaccepted Keys:
192.168.27.137
Proceed? [n/Y] y
Key for minion 192.168.27.137 accepted.

[root@localhost ~]# salt-key -L
Accepted Keys:  #已经接受的key
192.168.27.137
192.168.27.138
Denied Keys:   #拒绝的key
Unaccepted Keys:  #未加入的key
Rejected Keys:  #吊销的key

测试ping 连接

[root@localhost ~]# salt '*' test.ping
192.168.27.138:
    True
192.168.27.137:
    True
[root@localhost ~]# salt 192.168.27.138 cmd.run 'hostname' 
192.168.27.138:
    localhost.localdomain