了解基础知识架构等,请点击上一篇博客
我的实验环境:
主机信息 主机功能
server1(172.25.9.1) master节点
server2(172.25.9.2) minion节点1
server3(172.25.9.3) minion节点2
安装
因为saltstack是基于python写的,所以对python版本和模块有要求
在server1上安装master节点:
yum install salt-master -y
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# ls
cloud cloud.deploy.d cloud.profiles.d master minion pki proxy.d
cloud.conf.d cloud.maps.d cloud.providers.d master.d minion.d proxy roster
开启msater服务
[root@server1 salt]# systemctl start salt-master
查看端口
[root@server1 salt]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 2207/redis-server 0
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 958/sshd
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2395/python
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1782/master
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 2401/python
tcp6 0 0 :::22 :::* LISTEN 958/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1782/master
##4505端口是master发布订阅的端口
##4506端口是master接受minion发送请求响应的端口
在server2.server3上安装minion节点
yum install salt-minion -y
在minion的配置文件里要指出谁是master
(server2和3一样,同样的操作只做一次)
[root@server2 ~]# vim /etc/salt/minion
16 master: 172.25.9.1
[root@server2 ~]# systemctl start salt-minion
添加连接密钥
salt-key -L #查看当前证书的签证情况(第一次客户端的证书在未验证Unaccepted Keys:的下面)
salt-key -A通过此证书的验证
salt-key -L #再次查看(发现出现在了Accepted Keys:下面表示已经通过了验证,可以建立通信
master 秘钥对默认存储在/etc/salt/pki/master/master.pub /etc/salt/pki/master/master.pem
master 端认证的公钥存储在:/etc/salt/pki/master/minions/
minion 秘钥对默认存储在/etc/salt/pki/minion/minion.pub /etc/salt/pki/minion/minion.pem
minion 存放的master公钥/etc/salt/pki/minion/minion_master.pub
minion_id 默认存储在/etc/salt/minion_id
测试:
[root@server1 salt]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 2395 root 15u IPv4 182566 0t0 TCP *:4505 (LISTEN)
salt-mast 2395 root 17u IPv4 194273 0t0 TCP server1:4505->server3:38966 (ESTABLISHED)
salt-mast 2395 root 18u IPv4 198517 0t0 TCP server1:4505->server2:33708 (ESTABLISHED)
[root@server1 salt]# lsof -i :4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 2401 root 23u IPv4 182575 0t0 TCP *:4506 (LISTEN)
可以看到4505端口有发布消息,4506没有,因为minion并没有执行任何命令