saltstack基础认识与配置

---

官方文档：https://docs.saltstack.com/en/latest/contents.html

什么是saltstack?

Salt是一个基于Python的开源配置管理软件和远程执行引擎。

---

二、组件：

• master:中央管理系统\服务端。发布命令给minion端
  
• minion：客户端，接收master的命令和配置
• 执行模块：对一个或多个命令执行管理
• states(规则)：声明或命令时表示一个系统的配置
• Grains：系统变量，定义在minion端
  
• Pillar：用户定义的变量，定义和存储在Salt Master，分配到一个或多个Minion

- Top File：数据匹配 - Returners：Minion返回的数据发送到另一个系统，如数据库，Returners可以运行在Minion

---

三、初始配置

环境设置

名称	IP
saltstack-master	192.168.85.129
node1	192.168.85.130

步骤：

[root@saltstack01 salt]# systemctl stop firewalld.service 
[root@saltstack01 salt]# setenforce 0
[root@saltstack01 ~]# vim /etc/hosts
[root@saltstack01 ~]# ping saltstack02
PING saltstack02 (192.168.85.130) 56(84) bytes of data.
64 bytes from saltstack02 (192.168.85.130): icmp_seq=1 ttl=64 time=31.2 ms
............
[root@saltstack02 salt]# systemctl stop firewalld.service 
[root@saltstack02 salt]# setenforce 0
[root@saltstack02 ~]# vim /etc/hosts
......

1.安装epel-release源，saltstack软件【master】

[root@saltstack01 ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!
[root@saltstack01 ~]# yum -y install salt-master salt-minion
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!

[root@saltstack02 ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!
[root@saltstack02 ~]# yum -y install salt-master salt-minion
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
...................
Complete!

2.启动master，查看目录结构 【master】

[root@saltstack01 ~]# systemctl start salt-master
[root@saltstack01 ~]# cd /etc/salt/
[root@saltstack01 salt]# ls
master  minion  pki
[root@saltstack01 salt]# tree pki/
pki/
└── master
    ├── master.pem
    ├── master.pub
    ├── minions
    ├── minions_autosign
    ├── minions_denied
    ├── minions_pre
    └── minions_rejected
    
 6 directories, 2 files   

[minion]
3.修改minion配置文件

[root@saltstack02 ~]# vim /etc/salt/minion
[root@saltstack02 ~]# grep -v ^# /etc/salt/minion
master: saltstack01
id: saltstack02

4.密钥接收【master】

[root@saltstack01 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
saltstack02
Rejected Keys:
[root@saltstack01 salt]# salt-key -A   #master上面接受minion加入
The following keys are going to be accepted:
Unaccepted Keys:
saltstack02
Proceed? [n/Y] Y
Key for minion saltstack02 accepted.
[root@saltstack01 salt]# tree pki   #秘钥接受后，查看pki的密码变化
pki
└── master
    ├── master.pem
    ├── master.pub
    ├── minions
    │   └── saltstack02  #已经进入到master的minion
    ├── minions_autosign
    ├── minions_denied
    ├── minions_pre
    └── minions_rejected

6 directories, 3 files
[root@saltstack01 salt]# salt-key -L
Accepted Keys:
saltstack02
Denied Keys:
Unaccepted Keys:
Rejected Keys:

5.测试【master】

[root@saltstack01 ~]# salt "*" test.ping   #master和minion之间通信是否正常
saltstack02:
    True

6.删除minon key

[root@saltstack01 ~]# salt-key -D
The following keys are going to be deleted:
Accepted Keys:
saltstack02
Proceed? [N/y] y
Key for minion saltstack02 deleted.
[root@saltstack01 ~]# cd /etc/salt/
[root@saltstack01 salt]# tree pki
pki
└── master
    ├── master.pem
    ├── master.pub
    ├── minions
    ├── minions_autosign
    ├── minions_denied
    ├── minions_pre
    └── minions_rejected

6 directories, 2 files