Saltstack 快速入門教程
1.介紹
Saltstack 比 Puppet 出來晚幾年,是基於Python 開發的,也是基於 C/S 架構,服務端 master 和客戶端 minions ;Saltstack 和 Puppet 很像,可以說 Saltstatck 整合了 Puppet 和 Chef 的功能,更加強大,更適合大規模批量管理伺服器,並且它比 Puppet 更容易配置。 三大功能: 遠端命令執行,配置管理(服務,檔案,cron,使用者,組),雲管理。
2.準備工作
準備兩臺機器,這兩臺機器都關閉 selinux,清空 iptables 規則並儲存。 master:192.168.1.160 slaver:192.168.1.161
更新軟體源
[[email protected] ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[[email protected] ~]# yum makecache fast
Loaded plugins: fastestmirror
HuaDongBD | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
os | 3.6 kB 00:00:00
updates | 3.4 kB 00:00:00
updates/7/x86_64/primary_db | 7.8 MB 00:00:07
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Metadata Cache Created
[[email protected] ~]#
3. 安裝
在SaltsStack架構中服務端叫作Master,客戶端叫作Minion,都是以守護程序的模式執行,一直監聽配置檔案中定義的ret_port(saltstack客戶端與服務端通訊的埠,負責接收客戶端傳送過來的結果,預設4506埠)和publish_port(saltstack的訊息釋出系統,預設4505埠)的埠。當Minion執行時會自動連線到配置檔案中定義的Master地址ret_port埠進行連線認證。
- Master:控制中心,salt命令執行和資源狀態管理
- Minion : 需要管理的客戶端機器,會主動去連線Mater端,並從Master端得到資源狀態資訊,同步資源管理資訊
- States:配置管理的指令集
- Modules:在命令列中和配置檔案中使用的指令模組,可以在命令列中執行
- Grains:minion端的變數,靜態的
- Pillar:minion端的變數,動態的比較私密的變數,可以通過配置檔案實現同步minions定義
- highstate:為minion端下發永久新增狀態,從sls配置檔案讀取.即同步狀態配置
- salt_schedule:會自動保持客戶端配置
3.1 服務端安裝
yum install -y epel-release
yum install -y salt-master salt-minion
[[email protected] ~]# yum install -y epel-release
[[email protected] ~]# yum install -y salt-master salt-minion
3.2 客戶端安裝
[[email protected] ~]# yum install -y epel-release
[[email protected] ~]# yum install -y salt-minion
4.配置
4.1 Salt minion配置
用vi/vim開啟/etc/salt/minion,找到配置選項master所在行,一般在第16行。修改內容,去掉#,冒號後有一個空格,將salt更改為master。
示例操作如下:
[[email protected] ~]# vi /etc/salt/minion
[[email protected] ~]# vi /etc/salt/minion
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: master
如果找不到master對應的行,可以直接在檔案尾部新增一行master: master
或master: 192.168.1.160
也可以使用sed命令直接修改配置檔案
[[email protected] ~]# sed -i 's/#master: salt/master: 192.168.1.160/g' /etc/salt/minion
5.啟動服務
(1)服務端
[[email protected] ~]# salt-master start
在後端執行
[[email protected] ~]# salt-master start &
[3] 35438
[[email protected] ~]#
(2)客戶端
[[email protected] ~]# salt-minion start &
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[[email protected] ~]# salt-minion start &
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[[email protected] ~]# salt-minion start
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
minion在第一次啟動時,會在/etc/salt/pki/minion/(該路徑在/etc/salt/minion裡面設定)下自動生成minion.pem(private key)和 minion.pub(public key),然後將 minion.pub傳送給master。master在接收到minion的public key後,通過salt-key命令accept minion public key,這樣在master的/etc/salt/pki/master/minions下的將會存放以minion id命名的 public key,然後master就能對minion傳送指令了。
6.配置認證
(1)在服務端上操作 新開啟一個nb0終端
[[email protected] ~]# salt-key -a nb0
The following keys are going to be accepted:
Unaccepted Keys:
nb0
Proceed? [n/Y] y
Key for minion nb0 accepted.
[[email protected] ~]#
[[email protected] ~]# salt-key -a nb1
The following keys are going to be accepted:
Unaccepted Keys:
nb1
Proceed? [n/Y]y
Key for minion nb1 accepted.
[[email protected] ~]#
[[email protected] ~]# salt-key -a nb2
The following keys are going to be accepted:
Unaccepted Keys:
nb2
Proceed? [n/Y] y
Key for minion nb2 accepted.
You have mail in /var/spool/mail/root
[[email protected] ~]#
[[email protected] ~]# salt-key
Accepted Keys:
nb0
nb1
nb2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[[email protected] ~]#
注意: 在==大規模部署Minion==的時候可以設定自動接受指定等待認證的 key
在修改/etc/salt/master前,先備份一下
[[email protected] ~]# cp /etc/salt/master /etc/salt/master.bak
通過vi開啟/etc/salt/master
[[email protected] ~]# vi /etc/salt/master
找到#auto_accept: False
一行,修改False為True
# Enable auto_accept, this setting will automatically accept all incoming
# public keys from the minions. Note that this is insecure.
#auto_accept: False
或者通過sed命令修改
[[email protected] ~]# sed -i 's/#auto_accept: False/auto_accept: True/g' /etc/salt/master
ctrl+c停止salt-master,然後再啟動
[[email protected] ~]# salt-master start
^C[WARNING ] Stopping the Salt Master
[WARNING ] Stopping the Salt Master
Exiting on Ctrl-c
[WARNING ] Stopping the Salt Master
Exiting on Ctrl-c
Exiting on Ctrl-c
[[email protected] ~]# salt-master start
(2)測試驗證
[[email protected] ~]# salt '*' test.ping
nb2:
True
nb1:
True
nb0:
True
[[email protected] ~]#
這裡的 * 必須是在 master 上已經被接受過的客戶端,可以通過 salt-key 查到
遠端執行命令
[[email protected] ~]# salt '*' cmd.run 'df -h'
nb0:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 26G 22G 55% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 16K 3.9G 1% /dev/shm
tmpfs 3.9G 402M 3.5G 11% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M 24G 1% /home
tmpfs 781M 0 781M 0% /run/user/0
/dev/loop0 7.8G 7.8G 0 100% /var/ftp/iso-home
nb1:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 4.3G 44G 9% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 12K 3.9G 1% /dev/shm
tmpfs 3.9G 377M 3.5G 10% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M