saltStack运维工具的部署及master迁移实现的过程详解

服务器端：192.168.3.87
客户端：192.168.3.86、192.168.3.108


1.salt服务器端安装 192.168.3.87

rpm -Uvh http://mirrors.yun-idc.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm
yum install -y salt-master

2.安装minion客户端
rpm -Uvh http://mirrors.yun-idc.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm
yum install -y salt-minion


报错：
--> Finished Dependency Resolution
Error: Package: salt-2015.5.10-2.el6.noarch (epel)
           Requires: PyYAML
Error: Package: salt-2015.5.10-2.el6.noarch (epel)
           Requires: m2crypto
Error: Package: salt-2015.5.10-2.el6.noarch (epel)
           Requires: python-requests
Error: Package: salt-2015.5.10-2.el6.noarch (epel)
           Requires: python-jinja2
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest


解决办法：
将所有的本地源删除，只保留系统和epel源，重新安装即可

3.客户端配置salt master dns解析
echo "192.168.3.87 salt" >>/etc/hosts

启动服务端
service salt-master start


可以将服务端debug功能打开
vim /etc/salt/master
log_level: debug


netstat -lnt
可以看到4506和4505两个端口已经开始监听
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:57718               0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:10050               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN 


客户端的salt文件列表
tree /etc/salt
/etc/salt
├── minion
├── minion.d
│   └── _schedule.conf
├── minion_id
└── pki
    └── minion
        ├── minion_master.pub
        ├── minion.pem
        └── minion.pub




列出所有的客户端
salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
centossz008
Rejected Keys:
添加指定客户端
[root@node2 test]# salt-key -a centossz008 
The following keys are going to be accepted:
Unaccepted Keys:
centossz008
Proceed? [n/Y] y
Key for minion centossz008 accepted.


添加指定客户端无需确认
salt-key -A 192.168.3.108 -y
The following keys are going to be accepted:
Unaccepted Keys:
192.168.3.108
Key for minion 192.168.3.108 accepted.


测试连通性
salt '*' test.ping
192.168.3.108:
    True
centossz008:
    True


批量执行命令：
查看时间
salt '*' cmd.run date
时间同步
salt '*' cmd.run 'ntpdate -u ntp.org'


举例
1.修改客户端的主机名由centossz008更名为minion_client01
hostname minion_client01


vim /etc/sysconfig/network
HOSTNAME=minion_client01


删除客户端之前保存的相关认证信息
rm -rf minion_id pki


服务端删除原有认证
salt-key -d centossz008 -y
Deleting the following keys:
Accepted Keys:
centossz008
Key for minion centossz008 deleted.


重启客户端后在服务端重新认证
salt-key -A -y
The following keys are going to be accepted:
Unaccepted Keys:
minion_client01.DHCP
Key for minion minion_client01.DHCP accepted.


salt '*' cmd.run 'grep salt /etc/hosts'
minion_client01.DHCP:
    192.168.3.87 salt
192.168.3.108:
    192.168.3.87 salt


2.更换salt-master主机
当master主机性能承载不了大批量机器的的时候，需要更换主机
原有主机：192.168.3.87
目标主机：192.168.3.54


①在目标master主机3.54上安装salt-master


rpm -Uvh http://mirrors.yun-idc.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm
yum install -y salt-master
Loaded plugins: fastestmirror, security
Determining fastest mirrors


报错：
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again


执行：
yum-config-manager --disable epel-testing
把epel-testing这个库从yum库里面禁用掉
发现是启用了/etc/yum.conf中的代理，取消即可


②将原主机中/etc/salt下的pki目录打包拷贝到目标机3.54的/etc/salt目录下
tar zcvf pki.tar.gz pki
scp pki.tar.gz root@192.168.3.54:/etc/salt


③目标master中解压pki目录
tar -zxvf pki.tar.gz


tree pki
pki
└── master
    ├── master.pem
    ├── master.pub
    ├── minions
    │   ├── 192.168.3.108
    │   └── minion_client01.DHCP
    ├── minions_autosign
    ├── minions_denied
    ├── minions_pre
    └── minions_rejected


启动服务
service salt-master star


④在原master主机中执行命令将minion客户端中的hosts文件改为新的master主机
# salt '*' cmd.run "grep salt /etc/hosts"
minion_client01.DHCP:
    192.168.3.87 salt
192.168.3.108:
    192.168.3.87 salt


salt '*' cmd.run "sed -i 's#192.168.3.87#192.168.3.54#' /etc/hosts"
minion_client01.DHCP:
192.168.3.108:


重启minion服务
salt '*' service.restart salt-minion
此时发现原主机已经无法执行命令了
[root@node2 salt]# salt '*' cmd.run "grep salt /etc/hosts"
192.168.3.108:
    Minion did not return. [No response]
minion_client01.DHCP:
    Minion did not return. [No response]


在新的master上执行命令测试，发现ok，说明主机成功迁移


salt '*' cmd.run date
192.168.3.108:
    Sun Aug  7 10:43:04 CST 2016
minion_client01.DHCP:
    Sun Aug  7 10:43:04 CST 2016


服务器端修改端口


syndic_master_port: 8506
publish_port: 9036