常规运维工作涉及业务的配置管理和状态维护
基于状态(系统状态、代码状态、配置状态、进程状态)
saltstack基于C/S架构的服务模式
服务端:Master
客户端:Minion
消息队列中的发布与订阅(pub/sub)服务模式
Master和Minion都是已守护进程模式运行,一直监听配置文件里定义的ret_port(接受minion请求)和publish_port(发布消息)的端口
当Minion运行时会自动连接到配置文件里面定义的Master地址ret_port端口进行连接认证。默认客户端请求id是socket.getfqdn()取到的值,也可以在Minion启动之前修改Minion的id值
Master端;
#salt-master -l debug
#ss -a | egrep '4505|4506'
Minion端:
#salt-minion -l debug
saltstack 安装方法一:
步骤1:
#rpm -e --nodeps python2-pycryptodomex
#yum install python-crypto
步骤2:
#sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm
步骤3:选择安装
#sudo yum install salt-minion
#sudo yum install salt-master
#sudo yum install salt-ssh
#sudo yum install salt-syndic
#sudo yum install salt-cloud
#sudo yum install salt-api
步骤4:
#sudo service salt-minion restart
saltstack 安装方法二:
#wget https://repo.saltstack.com/yum/redhat/6.8/x86_64/saltstack-rhel6.repo
![FFTBTUND]OK%G7MF2``MHL1.png](https://img.haomeiwen.com/i6445752/74b2279f35f0f7ba.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
#######vim /etc/yum.repos.d/saltstack.repo
[root@localhost yum.repos.d]# cat saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1 gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
服务启动
#service salt-master start //服务器端启动
#netstat -antlp | egrep "4506|4506"
#ss -a | egrep "4505|4506"
#service salt-minion start //客户端启动
配置文件:
客户端配置:
vim /etc/salt/minion
# Set the location of the salt master server. If the master server cannot be
#master: salt
master: 192.168.0.67 //salt服务器的IP地址
#service salt-minion restart
服务器配置:
vim /etc/salt/master
[root@localhost salt]# cat master | grep interface
# The address of the interface to bind to:
#interface: 0.0.0.0
interface: 192.168.0.67
#service salt-master restart
开始saltstack之旅
证书管理
Master上:
[root@localhost yum.repos.d]# salt-key -L //查看当前证书签证情况
Accepted Keys:
Denied Keys:
Unaccepted Keys:
192.168.0.62
Rejected Keys:
#salt-key -A -y //同意签证所有没有接受的
[root@localhost salt]# salt-key -L
Accepted Keys:
192.168.0.62
Denied Keys:
Unaccepted Keys:
Rejected Keys
#salt '*' test.ping
[root@localhost salt]# rpm -ql salt-master
/etc/rc.d/init.d/salt-master
/etc/salt/master
/etc/salt/master.d
/etc/salt/pki/master
/usr/bin/salt
/usr/bin/salt-cp
/usr/bin/salt-key
/usr/bin/salt-master
/usr/bin/salt-run
/usr/bin/salt-unity
Master配置文件:
- max_open_files——可以根据Master将Minion数量进行适当的调整。
- timeout——可以根据Master和Minion的网络状况适当调整。
- auto_accept和autosign_file——在大规模部署Minion的时候可以设置自动签证。
- master_tops和所有以external开头的参数这些参数是SaltStack与外部系统进行整合的相关配置参数,
网友评论