一,saltstack简介:
SaltStack是一种新的基础设施管理方法开发软件,简单易部署,可伸缩的足以管理成千上万的服务器,和足够快的速度控制,与他们交流,以毫秒为单位。
SaltStack提供了一个动态基础设施通信总线用于编排,远程执行、配置管理等等。SaltStack基于python开发,项目于2011年启动,年增长速度较快,五年期
固定基础设施编制和配置管理的开源项目。SaltStack社区致力于保持盐项目集中、友好、健康、开放。
(网上摘抄的,说白了saltStack就是一个自动化工具,可以实现对服务器的批量操作)
二、安装环境
saltstack支持大部分UNIX/Linux及Windows环境。本次安装的环境采用centos6
host A:192.168.163.229:master
host B:192.168.163.152:slaver
三,安装
host A:
[root@master ~]# yum install salt-master
[root@master ~]# yum install salt-minion
host B:
[root@slave ~]# yum install salt-minion
如果发现yum 源没有这个包,则需要配置yum 源。
[saltstack-repo] name=SaltStack repo for RHEL/CentOS $releasever baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/2016.11 enabled=1 gpgcheck=1 gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/2016.11/SALTSTACK-GPG-KEY.pub
至此,master和slaver安装完成(因为是测试,所以只安装了2台slaver,正式环境,每天机器都需要安装slaver)
四、master和slaver配置
master配置文件路径:/etc/salt/master
vim /etc/salt/master #修改第16行 interface: 192.168.163.229
注意interface:后面有一个空格,后面再跟本机(master)的ip地址即可。保存文件,启动master。
[root@master ~]# /etc/init.d/salt-master start Starting salt-master daemon: [确定] [root@master ~]#
用ps命令查看进程,可以看到master启动成功
[root@master ~]# ps -ef| grep salt root 91637 1 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91638 91637 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91639 91637 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91640 91637 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91641 91637 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91646 91641 1 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91647 91641 1 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91653 91641 1 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91655 91641 1 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91660 91641 1 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91661 91641 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 92056 2971 0 18:02 pts/0 00:00:00 grep salt
修改slaver配置:
[root@master ~]# vim /etc/salt/minion 12 #default_include: minion.d/*.conf 13 14 # Set the location of the salt master server. If the master server cannot be 15 # resolved, then the minion will fail to start. 16 #master: salt 17 master: 192.168.163.229 18 19 # If multiple masters are specified in the 'master' setting, the default behavior 20 # is to always try to connect to them in the order they are listed. If random_master is 21 # set to True, the order will be randomized instead. This can be helpful in distributing 22 # the load of many minions executing salt-call requests, for example, from a cron job. 23 # If only one master is listed, this setting is ignored and a warning will be logged. 24 # NOTE: If master_type is set to failover, use master_shuffle instead. 25 #random_master: False 26 27 # Use if master_type is set to failover. 28 #master_shuffle: False 29 30 # Minions can connect to multiple masters simultaneously (all masters 31 # are "hot"), or can be configured to failover if a master becomes 32 # unavailable. Multiple hot masters are configured by setting this 33 # value to "str". Failover masters can be requested by setting 34 # to "failover". MAKE SURE TO SET master_alive_interval if you are 35 # using failover. 36 # master_type: str 37 38 # Poll interval in seconds for checking if the master is still there. Only 39 # respected if master_type above is "failover". To disable the interval entirely, 40 # set the value to -1. (This may be necessary on machines which have high number
修改这个文件的第16行为 master: 192.168.163.229 。同样的master:后面有一个空格,后面的ip地址即为master的ip地址,这个很好理解。
修改id为 id: 192.168.163.229 。(在文件的第78行左右)
77 # same machine but with different ids, this can be useful for salt compute 78 # clusters. 79 id: 192.168.163.229 80 81 # Append a domain to a hostname in the event that it does not exist. This is 82 # useful for systems where socket.getfqdn() does not actually result in a 83 # FQDN (for instance, Solaris). 84 #append_domain:
id即是slaver的"身份证" ,可以自定义,也可以使用ip地址,但需要全局唯一。
保存文件后,启动slaver进程。
[root@master ~]# /etc/init.d/salt-minion start Starting salt-minion daemon: [确定] [root@master ~]# [root@master ~]# [root@master ~]# ps -ef |grep salt root 91637 1 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91638 91637 0 18:01 ? 00:00:01 /usr/bin/python2.6 /usr/bin/salt-master -d root 91639 91637 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91640 91637 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91641 91637 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91646 91641 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91647 91641 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91653 91641 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91655 91641 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91660 91641 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 91661 91641 0 18:01 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d root 92243 1 2 18:09 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-minion -d root 92264 2971 0 18:09 pts/0 00:00:00 grep salt
另一台host 只安装了slaver,因此只需要配置和启动slaver即可,方法和前面一样。
五,认证
master和slaver启动后,用命令salt-key查看
[root@master ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: 192.168.163.152 192.168.163.229 Rejected Keys: [root@master ~]# [root@master ~]# [root@master ~]# [root@master ~]#
可以发现 Accepted Keys里面没有内容,Unaccpted Keys 里面有两条记录。刚好就是我们两台slaver,因为现在还没有认证过,所以需要先认证,才会变成Accepted状态。
[root@master minion]# salt-key -a 192.168.163.152 The following keys are going to be accepted: Unaccepted Keys: 192.168.163.152 Proceed? [n/Y] Y Key for minion 192.168.163.152 accepted. [root@master minion]#
[root@master minion]# salt-key -a 192.168.163.229
The following keys are going to be accepted:
Unaccepted Keys:
192.168.163.229
Proceed? [n/Y] Y
Key for minion 192.168.163.229 accepted.
[root@master minion]#
[root@master minion]#
[root@master minion]#
[root@master minion]# salt-key
Accepted Keys:
192.168.163.152
192.168.163.229
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@master minion]#
到此完成了认证。
六,简单的salt命令
查看远程主机ip地址
root@master minion]# salt '192.168.163.152' cmd.run 'ifconfig' 192.168.163.152: eth1 Link encap:Ethernet HWaddr 00:0C:29:70:1E:A6 inet addr:192.168.163.152 Bcast:192.168.163.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe70:1ea6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:498824 errors:0 dropped:0 overruns:0 frame:0 TX packets:10915 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:47223551 (45.0 MiB) TX bytes:844785 (824.9 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:50 errors:0 dropped:0 overruns:0 frame:0 TX packets:50 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:11658 (11.3 KiB) TX bytes:11658 (11.3 KiB) virbr0 Link encap:Ethernet HWaddr 52:54:00:CA:B4:D1 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@master minion]#
查看远程主机连通性
[root@master minion]# salt '192.168.163.152' test.ping 192.168.163.152: True [root@master minion]#
好了,本次安装部署介绍完毕,其他salt命令以后再详细介绍。