一、配置epel源并yum安装salt:
配置salt的epel源(可根据自己的操作系统和salt版本去官网找适合的eple源:http://repo.saltstack.com/)
yum install https://repo.saltstack.com/yum/redhat/salt-repo-2016.3-2.el7.noarch.rpm 国内因为网络原因可能官方epel源报"Failed connect to repo.saltstack.com:443; Operation now in progress";
如果官方不行可尝试阿里等国内的源;
[root@linux-node1 yum.repos.d]# yum -y install salt-master salt-minion #其他机器只安装minion即可
[root@linux-node1 yum.repos.d]# rpm -qa salt*
salt-repo-2016.3-2.el7.noarch
salt-master-2015.5.10-2.el7.noarch
salt-2015.5.10-2.el7.noarch
salt-minion-2015.5.10-2.el7.noarch
二、配置启动salt服务
[root@linux-node1 yum.repos.d]# systemctl start salt-master
[root@linux-node1 yum.repos.d]# cd /etc/salt/
[root@linux-node1 salt]# ls
master minion pki
[root@linux-node1 salt]# tree
.
├── master
├── minion
└── pki
└── master
├── master.pem #私钥
├── master.pub #公钥
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
7 directories, 4 files
#minion配置
[root@linux-node2 salt]# vim /etc/salt/minion
master: 192.168.1.131 #master ip #id: #默认取主机名作为ID
#minion配置完成后启动服务
[root@linux-node1 ~]# systemctl start salt-minion
#查看minion目录
[root@linux-node2 salt]# tree
.
├── minion
├── minion.d
├── minion_id #存mid的文件,不建议修改mid
└── pki
└── minion
├── minion.pem #私钥
└── minion.pub #公钥
3 directories, 4 files
#通过salt-key命令管理minion key
[root@linux-node1 salt]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node1
linux-node2
Rejected Keys:
#-A是同意所有秘钥
[root@linux-node1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1
linux-node2
Proceed? [n/Y] y
Key for minion linux-node1 accepted.
Key for minion linux-node2 accepted.
[root@linux-node1 salt]# salt-key
Accepted Keys:
linux-node1
linux-node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@linux-node1 salt]# tree
.
├── master
├── minion
├── minion.d
│ └── _schedule.conf
├── minion_id
└── pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ │ ├── linux-node1
│ │ └── linux-node2
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre
│ └── minions_rejected
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
9 directories, 11 files
[root@linux-node2 salt]# cat minion_id
linux-node2[root@linux-node2 salt]# tree
.
├── minion
├── minion.d
│ └── _schedule.conf
├── minion_id
└── pki
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
3 directories, 6 files
#通过test.ping测试master与minion之间通信是否正常
[root@linux-node1 salt]# salt '*' test.ping
linux-node2:
True
linux-node1:
True
#salt通信原理
salt-master有两个端口(4505、4506)
[root@linux-node1 salt]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 19335/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 19349/python
salt-minion没有端口
salt-master通过zeromq消息队列发布消息;
所有的minion连接master的4505端口接收消息;通过4506端口返回消息
[root@linux-node1 salt]# lsof -n -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 19335 root 13u IPv4 36115 0t0 TCP *:4505 (LISTEN)
salt-mast 19335 root 15u IPv4 44049 0t0 TCP 192.168.1.131:4505->192.168.1.132:39301 (ESTABLISHED)
salt-mast 19335 root 16u IPv4 44129 0t0 TCP 192.168.1.131:4505->192.168.1.131:41005 (ESTABLISHED)
salt-mini 20271 root 25u IPv4 44128 0t0 TCP 192.168.1.131:41005->192.168.1.131:4505 (ESTABLISHED)
#所有salt-minion执行“w”命令
[root@linux-node1 salt]# salt '*' cmd.run 'w'
linux-node2:
06:50:24 up 6:50, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 00:59 5:50m 0.05s 0.05s -bash
root pts/0 192.168.1.9 02:57 2:59m 0.01s 0.01s -bash
linux-node1:
06:50:24 up 6:53, 2 users, load average: 0.00, 0.02, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 00:58 5:51m 0.07s 0.07s -bash
root pts/0 192.168.1.9 02:57 0.00s 0.31s 0.28s /usr/bin/python /usr/bin/salt * cmd.run w
* 参考oldboy视频整理