Saltstack基本安装部署

配置环境
主节点 controller：172.16.100.10
监控节点 compute：172.16.100.20

---

主节点

#####安装软件包#####
# curl -o /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install salt-master salt-minion
# systemctl start salt-master.service 
# ^start^enable

#####修改minion配置文件#####
# vim /etc/salt/minion 
master: 172.16.100.10                主节点地址
id: FQDN                             不设置的话为默认主机名，存放位置/etc/salt/minion_id
# systemctl start salt-minion
# ^start^enable
# tree /etc/salt/pki/
/etc/salt/pki/
├── master
│   ├── master.pem
│   ├── master.pub
│   ├── minions
│   ├── minions_autosign
│   ├── minions_denied
│   ├── minions_pre                  存放监控节点公钥
│   │   ├── compute                
│   │   └── controller           
│   └── minions_rejected
└── minion
    ├── minion.pem
    └── minion.pub

监控节点

#####安装软件包#####
# curl -o /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install salt-minion

#####修改配置文件#####
# vim /etc/salt/minion
master: 172.16.100.10
# systemctl start salt-minion
# ^start^enable
# tree /etc/salt/pki/minion
/etc/salt/pki/minion
├── minion.pem
└── minion.pub                        服务启动生成的公钥会传输到主节点的/etc/salt/pki/master/minions_pre目录下

主节点

#####添加监控节点#####
# salt-key -a compute,controller     
# salt-key                             查看允许通信的监控主机
Accepted Keys:
compute
controller
Denied Keys:
Unaccepted Keys:
Rejected Keys:
# tree /etc/salt/pki
/etc/salt/pki
├── master
│   ├── master.pem
│   ├── master.pub
│   ├── minions                        公钥从minios_pre转到minios
│   │   ├── compute
│   │   └── controller
│   ├── minions_autosign
│   ├── minions_denied
│   ├── minions_pre
│   └── minions_rejected
└── minion
    ├── minion_master.pub
    ├── minion.pem
    └── minion.pub
# netstat -lpta |grep 4505           发送端口
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      67903/python        
tcp        0      0 172.16.100.10:52424     172.16.100.10:4505      ESTABLISHED 69995/python        
tcp        0      0 172.16.100.10:4505      172.16.100.20:60225     ESTABLISHED 67903/python        
tcp        0      0 172.16.100.10:4505      172.16.100.10:52424     ESTABLISHED 67903/python 
# netstat -lpta |grep 4506           接受端口
tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      67925/python        
tcp        0      0 172.16.100.10:4506      172.16.100.10:51547     ESTABLISHED 67925/python        
tcp        0      0 172.16.100.10:51547     172.16.100.10:4506      ESTABLISHED 69995/python        
tcp        0      0 172.16.100.10:4506      172.16.100.20:44469     ESTABLISHED 67925/python