saltstack部署文档

2017/4/15 posted in  Linux

安装部署自动化管理工具SaltStack.在管理多台服务器上,这个工具还是非常好使的,另外由于是 Python写的,也可以很方便的对其进行个性化修改.

机器

IP hosts 角色
10.211.55.4 master salt-master/salt-minion
10.211.55.5 minion salt-minion

master 端配置防火墙(没有配置,直接把防火墙关了)

[root@master ~]# vim /etc/sysconfig/iptables
#加入
-A INPUT -m state --state new -m tcp -p tcp --dport 4505 -j ACCEPT
-A INPUT -m state --state new -m tcp -p tcp --dport 4506 -j ACCEPT

安装 epel 源

[root@master ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@minion ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

关闭防火墙

[root@master ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: nat mangle filte[  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]

[root@minion ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: nat mangle filte[  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]

安装配置

master 端安装

[root@master ~]# yum -y install salt-master

minion 端安装

[root@minion ~]# yum -y install salt-minion

master 端配置

# 备份
[root@master ~]# cp /etc/salt/master /etc/salt/master.bak
[root@master ~]# vim /etc/salt/master
# 去掉这几行的注释
405 # Example:
406 # file_roots:
407 #   base:
408 #     - /srv/salt/
409 #   dev:
410 #     - /srv/salt/dev/services
411 #     - /srv/salt/dev/states
412 #   prod:
413 #     - /srv/salt/prod/services
414 #     - /srv/salt/prod/states
415 #
416 file_roots:
417   base:
418     - /srv/salt
419
# 去掉这几行的注释
529 pillar_roots:
530   base:
531     - /srv/pillar

接着启动 saltmaster 服务

[root@master ~]# /etc/init.d/salt-master start
Starting salt-master daemon:                               [  OK  ]

minion 端配置

# 备份
[root@minion ~]# cp /etc/salt/minion /etc/salt/minion.bak 
[root@minion ~]# vim /etc/salt/minion
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: master #改成 master 的主机或者 IP


 76 # same machine but with different ids, this can be useful for salt compute
 77 # clusters.
 78 id: salt-minion #定义个名字(建议起个有意义的名字如:nfs、nginx等)
 79


接着启动 saltminion 服务

[root@minion ~]# /etc/init.d/salt-minion start
Starting salt-minion daemon:                               [  OK  ]

验证

master 端

[root@master ~]# salt-key -L#显示所有minion认证信息
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion
Rejected Keys:
[root@master ~]# salt-key -a salt-minion #接受salt-minion的认证信息;可跟参数 -y
The following keys are going to be accepted:
Unaccepted Keys:
salt-minion
Proceed? [n/Y] y
Key for minion salt-minion accepted.

[root@master ~]# salt-key
Accepted Keys:
salt-minion
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@master ~]# salt-key -A #接受所有Unaccepted状态的minion认证信息

一些简单命令介绍

[root@master ~]# salt '*' test.ping
salt-minion:
    True
[root@master ~]# salt 'salt-minion' test.ping
salt-minion:
    True
[root@master ~]# salt '*' cmd.run 'df -h'
salt-minion:
    Filesystem                    Size  Used Avail Use% Mounted on
    /dev/mapper/VolGroup-lv_root   31G  3.4G   26G  12% /
    tmpfs                         497M   96K  497M   1% /dev/shm
    /dev/sda1                     485M   35M  426M   8% /boot
    /dev/mapper/VolGroup-lv_home   31G  178M   29G   1% /home
    Home                          233G   99G  134G  43% /media/psf/Home
    iCloud                        233G   99G  134G  43% /media/psf/iCloud
    /dev/sr1                      4.2G  4.2G     0 100% /media/CentOS_6.5_Final
    /dev/sr0                       98M   98M     0 100% /media/CDROM

在 master 上也安装上 minion

这样就有两个 minion