環(huán)境配置
master 192.168.198.134
slave1 192.168.198.135
slave2 192.168.198.136
slave3 192.168.198.137
master的配置安裝
查看CentOS版本和其內核版本及安裝配置阿里云yum源
[root@master ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@master ~]# uname -r
3.10.0-862.el7.x86_64
[root@master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
安裝epel-release和salt-master工具包
[root@master ~]# yum install epel-release -y
[root@master ~]# yum install salt-master -y
配置saltstack開機自啟動服務
[root@master ~]# systemctl enable salt-master.service
啟動saltstack master 服務
[root@master ~]# systemctl start salt-master.service
檢查saltstack端口及進程的運行狀態(tài)澎剥,其中4505是saltstack管理服務器發(fā)送命令消息的端口想虎,4506是消息返回時所用的端口妓布。saltstack一般是會啟動多個進程來進行不同工作的。
[root@master ~]# netstat -tunlp | grep python
tcp 0 0 192.168.198.134:4505 0.0.0.0:* LISTEN 1278/python
tcp 0 0 192.168.198.134:4506 0.0.0.0:* LISTEN 1300/python
[root@master ~]# ps aux | grep salt-master | grep -v grep
root 1004 0.0 2.7 318144 27188 ? Ss 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1277 0.4 2.8 408736 28740 ? Sl 11:05 0:01 /usr/bin/python /usr/bin/salt-master
root 1278 0.0 2.3 400072 23048 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1279 0.0 2.5 400072 25372 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1280 0.0 2.2 318144 22412 ? S 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1285 0.1 3.2 998156 32172 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1286 0.1 3.2 998160 32264 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1287 0.1 3.2 998160 32284 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1288 0.1 3.2 998160 32168 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1289 0.1 3.2 998164 32188 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
root 1300 0.0 2.3 695000 22996 ? Sl 11:05 0:00 /usr/bin/python /usr/bin/salt-master
關閉防火墻
[root@master ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
修改selinux為Permissive模式
[root@master ~]# setenforce 0
[root@master ~]# getenforce
Permissive
minion的配置安裝
查看CentOS版本和其內核版本及安裝配置阿里云yum源
(同master)
安裝epel-release和salt-master工具包
[root@slave1 ~]# yum install epel-release -y
[root@slave1~]# yum install salt-minion-y
在minion端配置master
[root@slave1 ~]# vi /etc/salt/minion
master: master (大概再17行的位置)
配置開機minion開啟自啟動服務
[root@slave1 ~]# systemctl enable salt-minion.service
啟動salt-minion服務
[root@slave1 ~]# systemctl start salt-minion.service
關閉防火墻服務
[root@slave1 ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@slave1 ~]# systemctl stop firewalld.service
查看salt-minion進程的啟動狀況
[root@slave1 ~]# ps -ef | grep salt | grep -v grep
root 1360 1 0 10:55 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 1967 1360 0 11:10 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
按照以上方法配置slave2, slave3...
具體操作
設置auto_accept為True
[root@master ~]# vi /etc/salt/master
auto_accept: True (位置比較靠中間应结,多搜索幾下)
[root@master ~]# salt-key -L
Accepted Keys:
slave1
slave2
slave3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@master ~]# cd /etc/salt/pki/master/
[root@master master]# ls
master.pem master.pub minions minions_autosign minions_denied minions_pre minions_rejected
[root@master master]# cd minions
[root@master minions]# ls
slave1 slave2 slave3
[root@master minions]# cat slave1
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYoKM0/d22fPHLcyxCnY
gqvWj/pNEBAKvg9b4U0IZM+/PlSeTZa9QKT9sjdc9KzxpMNW9PpWT9i6vvo8YH6a
EENSQ+eKWQLHhlhECsPO+vJ5eXgRyFC6k8dyueTK5be+RZhRRSw4/DagXb6YQhTT
Uc39C76oac3S+crLooDxwjfptTwvlCEXeGp/2SZoO8N3Sn5wUpniGZa6jk3NQb+8
/oz2V3BPWilfXTM7DVhzDSB2gfqmVCqaEbT0qIBx/TBF28NiDhcvzfklJalw0A3o
vFiUfAMR79XT7vuswH7A3BT6upUYF3nBit5/O/QE0z4uykZf3o7+SxjI02KyaYUT
BQIDAQAB
-----END PUBLIC KEY-----
[root@master minions]# cd ~
[root@master ~]# salt slave1 test.ping
slave1:
True
