salt 相对于ansible 、clush等批量工具的优势
- 对java 原生的支持,更适合运维平台的集成
架构图
image.png
1、 源安装
sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/3004/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/3004.repo | sudo tee /etc/yum.repos.d/salt.repo
2、安装
yum install salt-master
yum install salt-api
yum install salt-master
3、salt-master配置
default_include: master.d/*.conf
keep_jobs: 24
event_return: redis
event_return_blacklist:
- salt/auth
state_events: True
file_roots:
base:
- /data/ftp/repo/salt
pillar_roots:
base:
- /app/salt/pillar
return: redis #用来收集minion执行返回的信息
redis.db: '0'
redis.host: 127.0.0.1
redis.port: 6379
redis.password: asdasd
presence_events: True
runner_returns: True
master_job_cache: redis
4、salt-api配置
/etc/salt/master/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt #自行签发的证书,用于https
ssl_key: /etc/pki/tls/certs/localhost.key
/etc/salt/master/eauth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
5、salt-minion配置
/etc/salt/minion
master:
- 10.1111.1111.111
id: asd.com
troubleshooting
1. 节点添加
salt-key -L #查看汇报的节点
salt-key -A -y #接受所有节点
curl -ki https://127.0.0.1:8000/login -H "Accept: application/json" -d username="saltapi" -d password="saltapi#234" -d eauth="pam"
curl -k https://127.0.0.1:8000/ -H "Accept: application/x-yaml" -H "X-Auth-Token: e9bd09b1d106037b8d50aba0749fa2bfc57d5c14" -d client='local' -d tgt='*' -d fun='test.ping'
2、针对安装过的
1. 删除minion的/etc/salt/pki 文件
2. 修改minion的配置
3. 重启minion
网友评论