saltstack安裝
一、常見自動化工具
1. Puppet (www.puppetlabs.com)基於rubby開發,c/s架構,支持多平臺,可管理配置文件、用戶、cron任務、軟件包、系統服務等。 分為社區版(免費)和企業版(收費),企業版支持圖形化配置。
2. Saltstack(官網 https://saltstack.com,文檔docs.saltstack.com )基於python開發,c/s架構,支持多平臺,比puppet輕量,在遠程執行命令時非常快捷,因為Saltstack有一個消息隊列。Saltstack配置和使用比puppet容易,能實現puppet幾乎所有的功能。
3. Ansible (www.ansible.com )更加簡潔的自動化運維工具,不需要在客戶端上安裝agent,基於python開發。可以實現批量操作系統配置、批量程序的部署、批量運行命令。
二、saltstack安裝
2.1、準備工作
在客戶端和服務端關閉防火墻和selinux
[root@saltserver ~]# systemctl stop firewalld [root@saltserver ~]# setenforce 0 [root@saltserver ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2.2、配置hosts解析
服務端
[root@saltserver ~]# echo -e "192.168.3.119 saltserver\n192.168.3.125 saltclient" >>/etc/hosts
客戶端
[root@saltclient ~]# echo -e "192.168.3.119 saltserver\n192.168.3.125 saltclient" >>/etc/hosts
2.3、安裝saltstack
服務端
[root@saltserver ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@saltserver ~]# yum install salt-master salt-minion
客戶端
[root@saltclient ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@saltclient ~]# yum install salt-minion
2.4、更改客戶端minion配置文件
服務端
[root@saltserver salt]# sed -i 's/master: server/master: saltserver/g' /etc/salt/minion
客戶端
[root@saltclient salt]# sed -i 's/master: server/master: saltserver/g' /etc/salt/minion
2.5、啟動saltstack
服務端
master在第一次啟動時會在/etc/salt/pki/master下生成秘鑰對,當master通過salt-key工具接收到minion傳過來的公鑰後,就會在/etc/salt/pki/master/minions/目錄裏存放剛剛接受的公鑰,同時客戶端也會接收master傳過去的 公鑰,把它放在/etc/salt/pki/minion目錄下,並命名為minion_master.pub。
[root@saltserver ~]# systemctl start salt-master [root@saltserver ~]# systemctl start salt-minion [root@saltserver salt]# ps -ef |grep salt avahi 1071 1 0 11:57 ? 00:00:05 avahi-daemon: running [saltserver.local] root 3237 1 0 12:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 3240 3237 0 12:00 ? 00:00:10 /usr/bin/python /usr/bin/salt-minion root 3248 3240 0 12:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 17557 1 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17562 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17567 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17568 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17571 17557 0 14:35 ? 00:00:25 /usr/bin/python /usr/bin/salt-master root 17572 17557 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17573 17572 0 14:35 ? 00:00:00 /usr/bin/python /usr/bin/salt-master root 17578 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17581 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17582 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17583 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master root 17584 17557 0 14:35 ? 00:00:07 /usr/bin/python /usr/bin/salt-master root 17585 17572 0 14:35 ? 00:00:02 /usr/bin/python /usr/bin/salt-master [root@saltserver salt]# netstat -tlunp |grep python tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 17567/python tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 17573/python
4505是用來發布消息的,4506是與客戶端通信,傳輸數據的。
客戶端
minion在第一次啟動時會在/etc/salt/pki/minion/下生成minion.perm和minion.pub,其中.pub是公鑰,我們需要把公鑰傳輸給master
[root@saltclient ~]# systemctl start salt-minion
2.6、為salt配置認證
[root@saltserver ~]# salt-key -a saltserver The following keys are going to be accepted: Unaccepted Keys: saltserver Proceed? [n/Y] y Key for minion saltserver accepted. [root@saltserver ~]# salt-key -a saltclient The following keys are going to be accepted: Unaccepted Keys: saltclient Proceed? [n/Y] y Key for minion saltclient accepted. [root@saltserver salt]# salt-key -L Accepted Keys: saltclient saltserver Denied Keys: Unaccepted Keys: Rejected Keys: [root@saltserver salt]#
2.7、執行命令測試
[root@saltserver salt]# salt '*' test.ping saltclient: True saltserver: True
說明:以上安裝內容參考自“http://blog.51cto.com/zero01/2064247”
saltstack安裝