• CentOS 7 版本配置salt-master salt-minion

    • 下载saltshaker_api.git

      [root@linux-node1 salt]# cd $HOME
[root@linux-node1 salt]# git clone https://github.com/saltshaker-plus/saltshaker_api.git
    • saltstack利用AES加密

       [root@linux-node1 salt]#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
       [root@linux-node1 salt]#yum install salt-master salt-minion salt-api -y

       [root@linux-node2 salt]#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm

       [root@linux-node2 salt]#yum install salt-minion -y

    • 配置Salt Master
        [root@linux-node1 salt]# systemctl start salt-master
    • 配置Salt Minion
      [root@linux-node2 salt# vim /etc/salt/minion
        master: 192.168.2.187  #设置master的IP
      [root@linux-node2 salt# systemctl start salt-minion
       
       
    • [root@linux-node1 salt]# tree ./pki/
      ./pki/
      ├── master
      │   ├── master.pem
      │   ├── master.pub
      │   ├── minions
      │   ├── minions_autosign
      │   ├── minions_denied
      │   ├── minions_pre
      │   │   └── linux-node2
      │   └── minions_rejected
      └── minion
          ├── minion_master.pub
          ├── minion.pem
          └── minion.pub
      •  
    • [root@linux-node1 salt]# salt-key
      Accepted Keys:
      Denied Keys:
      Unaccepted Keys:
      linux-node2
      Rejected Keys:
      •  
    • salt master 注册 node
      [root@linux-node1 salt]# salt-key -a linux-node2
    • [root@linux-node1 salt]# salt-key
      Accepted Keys:
      linux-node2
      Denied Keys:
      Unaccepted Keys:
      Rejected Keys:
     

    • 创建salt api 认证用户名密码,使用pam认证方式

      [root@linux-node1 salt]# sudo useradd admin          # 必须是admin,如果是其他用户,需要对应修改$HOME/saltshaker_api/saltapi.conf里面的admin
[root@linux-node1 salt]# sudo passwd admin           # 记住admin的密码,稍后配置产品线的时候需要填写

    • 配置saltstack api 拷贝 saltshaker_api/saltapi.conf 到 master配置文件下,开启salt-api的Restful接口(端口为8000)

      sudo cp $HOME/saltshaker_api/saltapi.conf /etc/salt/master.d/

      sudo systemctl restart salt-master

      sudo systemctl restart salt-api

    • salt-api认证确认

      生成token
      curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=saltapi -d eauth=pam
      tooken:57dc38ed5ca40e6efe4b4b8636af71df654a5166

      curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=admin -d password=admin -d eauth=pam
      tooken:be81ae5c449222b5dfcf9ae1501585e862d6469a



      携带token进行测试
      curl -sSk http://localhost:8000
          -H 'Accept: application/x-yaml'
          -H 'X-Auth-Token:be81ae5c449222b5dfcf9ae1501585e862d6469a'
          -d client=local
          -d tgt='*'
          -d fun=test.ping
  • 相关阅读:
    一次优化web项目的经历记录(一)
    自己做的萌萌哒的js宠物挂件~
    最近的两个小项目,2:Python webapp的docker镜像
    最近的两个小项目,1:在Vscode里写C/C++
    Markdown写接口文档,自动添加TOC
    使用SqlAlchemy时如何方便的取得dict数据、dumps成Json
    【漏洞预警】SaltStack远程命令执行(CVE-2020-11651、CVE-2020-11652) 植入挖矿木马的应急响应 salt-minions salt-store挖矿程序跑满cpu
    pycharm 常用配置
    gitlab + jenkins + docker + k8s
    Microservice 概念
  • 原文地址:https://www.cnblogs.com/netflix/p/12106214.html
Copyright © 2020-2023  润新知