官方文档:https://docs.saltstack.com/en/latest/contents.html
什么是saltstack?
Salt是一个基于Python的开源配置管理软件和远程执行引擎。
二、组件:
- master:中央管理系统\服务端。发布命令给minion端
- minion:客户端,接收master的命令和配置
- 执行模块:对一个或多个命令执行管理
- states(规则):声明或命令时表示一个系统的配置
- Grains:系统变量,定义在minion端
- Pillar:用户定义的变量,定义和存储在Salt Master,分配到一个或多个Minion
![](https://i-blog.csdnimg.cn/blog_migrate/a6702cb554bfe2b83adea7ecdeba1a40.jpeg)
![](https://i-blog.csdnimg.cn/blog_migrate/d1e28e789d966853642d688856e59afc.jpeg)
三、初始配置
环境设置
名称 | IP |
---|---|
saltstack-master | 192.168.85.129 |
node1 | 192.168.85.130 |
步骤:
[root@saltstack01 salt]# systemctl stop firewalld.service
[root@saltstack01 salt]# setenforce 0
[root@saltstack01 ~]# vim /etc/hosts
[root@saltstack01 ~]# ping saltstack02
PING saltstack02 (192.168.85.130) 56(84) bytes of data.
64 bytes from saltstack02 (192.168.85.130): icmp_seq=1 ttl=64 time=31.2 ms
............
[root@saltstack02 salt]# systemctl stop firewalld.service
[root@saltstack02 salt]# setenforce 0
[root@saltstack02 ~]# vim /etc/hosts
......
1.安装epel-release源,saltstack软件【master】
[root@saltstack01 ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!
[root@saltstack01 ~]# yum -y install salt-master salt-minion
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!
[root@saltstack02 ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!
[root@saltstack02 ~]# yum -y install salt-master salt-minion
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!
2.启动master,查看目录结构 【master】
[root@saltstack01 ~]# systemctl start salt-master
[root@saltstack01 ~]# cd /etc/salt/
[root@saltstack01 salt]# ls
master minion pki
[root@saltstack01 salt]# tree pki/
pki/
└── master
├── master.pem
├── master.pub
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
6 directories, 2 files
[minion]
3.修改minion配置文件
[root@saltstack02 ~]# vim /etc/salt/minion
[root@saltstack02 ~]# grep -v ^# /etc/salt/minion
master: saltstack01
id: saltstack02
4.密钥接收【master】
[root@saltstack01 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
saltstack02
Rejected Keys:
[root@saltstack01 salt]# salt-key -A #master上面接受minion加入
The following keys are going to be accepted:
Unaccepted Keys:
saltstack02
Proceed? [n/Y] Y
Key for minion saltstack02 accepted.
[root@saltstack01 salt]# tree pki #秘钥接受后,查看pki的密码变化
pki
└── master
├── master.pem
├── master.pub
├── minions
│ └── saltstack02 #已经进入到master的minion
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
6 directories, 3 files
[root@saltstack01 salt]# salt-key -L
Accepted Keys:
saltstack02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
5.测试【master】
[root@saltstack01 ~]# salt "*" test.ping #master和minion之间通信是否正常
saltstack02:
True
6.删除minon key
[root@saltstack01 ~]# salt-key -D
The following keys are going to be deleted:
Accepted Keys:
saltstack02
Proceed? [N/y] y
Key for minion saltstack02 deleted.
[root@saltstack01 ~]# cd /etc/salt/
[root@saltstack01 salt]# tree pki
pki
└── master
├── master.pem
├── master.pub
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
6 directories, 2 files