原因:有一次大数据平台NTP时间不对,发现是NTP客户端与内网NTP服务器时间有差异,几百台linux主机紧急敲命令更新配置,敲到手软。
场景:1,批量更新linux配置
2,批量安装软件。
为了节省虚机资源,我准备了一台资源利用率低且稳定的KMS兼做管理server,安装统一管理平台。
服务端主要准备:
cd /etc/yum.repos.d/
rm -f *.*
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sudo yum makecache
yum repolist
sudo yum clean all
sudo yum update
sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo
sudo yum install -y salt-master
sudo systemctl start salt-master
sudo systemctl enable --now salt-master
salt-master --version
rpm -qi salt-master
sudo yum -y install salt-ssh
sudo yum install salt-api
sudo vim /etc/salt/master
#===========================# for SaltStack 3006 and higher 末尾插入
external_auth:
pam:
saltuser1:
- .*
- '@runner'
- '@wheel'
- '@jobs'
netapi_enable_clients:
- local
- local_async
- runner
- wheel
rest_cherrypy:
port: 3333
host: 0.0.0.0
disable_ssl: true
app: /srv/SaltGUI-master/saltgui/index.html
static: /srv/SaltGUI-master/saltgui/static
static_path: /static
#======================================
sudo systemctl restart salt-master
systemctl enable salt-master
service salt-master start
sudo lsof -i:4505
ps aux|grep salt-master
#sudo firewall-cmd --permanent --zone=public --add-source=172.16.5.70
#sudo firewall-cmd --permanent --zone=public --add-port=4505/tcp
#sudo firewall-cmd --permanent --zone=public --add-port=4506/tcp
sudo firewall-cmd --permanent --add-service=salt-master
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
客户端安装:
cd /etc/yum.repos.d/
rm -f *.*
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sudo yum makecache
yum repolist
sudo yum clean all
sudo yum update
yum list | grep epel-release
sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
sudo curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo
yum install salt-minion -y
vim /etc/salt/minion 增加修改minion配置文件中的master地址172.16.5.68
master: 172.16.5.68
sudo systemctl restart salt-minion
chkconfig salt-minion on
sudo systemctl start salt-minion
netstat -antlp
cat /etc/salt/minion_id
服务端接收客户端操作
sudo salt-key -L #查看已纳管的
salt-key -A -y #接收等待的
sudo salt '*' cmd.run 'date' #试着统一执行命令
#sudo yumdownloader salt-minion 导出软件包给没外网的主机安装(内部无安装源服务器的)
#sudo find / -name 打包的软件名去找文件拷贝到没外网的主机安装