- SaltStack的安装
- master主机
- node01主机
- SaltStack认证机制
| 主机名 | IP | 系统版本 | 硬件 |
|---|---|---|---|
| master | 192.168.164.133 | Redhat 8.2 | CPU4核、内存8G以上 |
| node01 | 192.168.164.128 | Centos 7.0 | CPU4核、内存5G以上 |
//第一步改主机名、关防火墙!!! [root@localhost]# hostnamectl set-hostname master [root@localhost]# bash [root@master ~]# [root@master ~]# systemctl disable --now firewalld.service [root@master ~]# setenforce 0 [root@master ~]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled //改为disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
下载系统相应版本的repo源和key,然后安装
saltstack官网repo源地址
master主机是Redhat8系统,所以下载的是Redhat8的key和repo源
//下载key和repo源 [root@master ~]# sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub [root@master ~]# curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo [root@master ~]# ll /etc/yum.repos.d/ 总用量 12 -rw-r--r--. 1 root root 2595 8月 1 14:12 Centos-8.repo -rw-r--r--. 1 root root 358 8月 1 14:12 redhat.repo -rw-r--r--. 1 root root 292 11月 1 22:36 salt.repo //下载过后就有了saltstack的repo源码 //有了repo源后就是安装saltstack,master主机需要安装salt-master 和 salt-minion [root@master ~]# yum -y install salt-master salt-minion 安装过程略,很快。
安装过后就是修改配置文件,然后重启即可
[root@master ~]# cd /etc/salt/ [root@master salt]# ls cloud cloud.profiles.d minion proxy cloud.conf.d cloud.providers.d minion.d proxy.d cloud.deploy.d master minion_id roster cloud.maps.d master.d pki [root@master salt]# vim minion //在#master:下一行添加内容 ...... # Set the location of the salt master server. If the master server cannot be # resolved, then the minion will fail to start. #master: salt master: 192.168.164.133 //添加内容,master指定master控主机的IP地址 # Set http proxy information for the minion when doing requests ...... //重启,然后就可以看见4405、4506端口 root@master ~]# systemctl enable --now salt-master Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service. [root@localhost ~]# systemctl enable --now salt-minion Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service. [root@master salt]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 0.0.0.0:4505 0.0.0.0:* //发布端口 LISTEN 0 128 0.0.0.0:4506 0.0.0.0:* //接受请求端口 LISTEN 0 128 [::]:22 [::]:*node01主机
//第一步改主机名、关防火墙!!! [root@localhost]# hostnamectl set-hostname node01 [root@localhost]# bash [root@node01 ~]# [root@node01 ~]# systemctl disable --now firewalld.service [root@node01 ~]# setenforce 0 [root@node01 ~]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled //改为disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
下载系统相应版本的repo源,然后安装
saltstack官网repo源地址
node01主机是Centos7系统,所以下载的Centos7的epo源。
注意:node01受控端不需要下载key,且只需要安装salt-minion!!!
[root@node01 ~]# curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo [root@node01 ~]# ll /etc/yum.repos.d/ 总用量 36 -rw-r--r--. 1 root root 1664 4月 29 2018 CentOS-base.repo -rw-r--r--. 1 root root 1309 4月 29 2018 CentOS-CR.repo -rw-r--r--. 1 root root 649 4月 29 2018 CentOS-Debuginfo.repo -rw-r--r--. 1 root root 314 4月 29 2018 CentOS-fasttrack.repo -rw-r--r--. 1 root root 630 4月 29 2018 CentOS-Media.repo -rw-r--r--. 1 root root 1331 4月 29 2018 CentOS-Sources.repo -rw-r--r--. 1 root root 4768 4月 29 2018 CentOS-Vault.repo -rw-r--r--. 1 root root 374 11月 1 22:36 salt.repo //下载repo后就有了repo源库 //下载了repo库后就是安装saltstack的salt-minion [root@node01 ~]# yum -y install salt-minion # 安装过程略,很快。
修改配置文件,然后启动服务即可
[root@node01 ~]# cd /etc/salt/
[root@node01 salt]# ls
cloud cloud.profiles.d minion proxy
cloud.conf.d cloud.providers.d minion.d proxy.d
cloud.deploy.d master minion_id roster
cloud.maps.d master.d pki
[root@node01 salt]# vim minion
......
# resolved, then the minion will fail to start.
#master: salt
master: 192.168.164.133 //添加内容,master指定master控主机的IP地址
# Set http proxy information for the minion when doing requests
......
//启动服务,并设置开机自启
[root@node01 salt]# systemctl enable --now salt-minion
[root@node01 salt]# ss -antl //受控端是没有端口启动的
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//用status查看是否启动
[root@node01 salt]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2021-11-01 22:40:12 CST; 34min ago //服务以启动
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltproject.io/en/latest/contents.html
Main PID: 8018 (salt-minion)
CGroup: /system.slice/salt-minion.service
├─8018 /usr/bin/python3 /usr/bin/salt-minion
├─8040 /usr/bin/python3 /usr/bin/salt-minion
└─8236 /usr/bin/python3 /usr/bin/salt-minion
SaltStack认证机制
