系统: CentOS 7
主机:
server1:saltstack-master 172.25.40.1
server2:saltstack-minion 172.25.40.2在【server1】【server2】同时添加yum源
[root@server1 ~]# cd /etc/yum.repos.d/
[root@server1 yum.repos.d]# vim rhel-source.repo
[salt]
name=saltstack
baseurl=http://172.25.40.250/rhel6
enabled=1
gpgcheck=0
[root@server1 yum.repos.d]# yum repolist【server1】
[root@server1 yum.repos.d]# cd
[root@server1 ~]# yum install -y salt-master
[root@server1 ~]# /etc/init.d/salt-master start【server2】
[root@server2 yum.repos.d]# yum install -y salt-minion
[root@server2 yum.repos.d]# cd /etc/salt/
[root@server2 salt]# vim minion
16 master: 172.25.40.1
[root@server2 salt]# /etc/init.d/salt-minion start【server1】
[root@server1 salt]# salt-key -L #查看 minion 列表(这时候 saltstack-minion是红色的)
[root@server1 salt]# salt-key -A #指定某台 minion 进行认证 key
[root@server1 salt]# salt-key -L #继续查看 minion 列表 (这时候saltstack-minion 已经变为绿色,说明 key 已被添加)
测试:
[root@server1 salt]# salt server2 test.ping
[root@server1 salt]# salt server2 cmd.run hostname
[root@server1 salt]# salt server2 cmd.run 'df -h'
saltstack的配置管理
【server1】查看master的公钥
[root@server1 salt]# cd pki/
[root@server1 pki]# cd master/
[root@server1 master]# md5sum master.pub #查看master的公钥
8c2756c64b143f98ec0d7789bab0ab06 master.pub【server2】查看公钥
root@server2 salt]# cd /etc/salt/
[root@server2 salt]# cd pki/
[root@server2 pki]# cd minion/
[root@server2 minion]# md5sum minion_master.pub #查看公钥
8c2756c64b143f98ec0d7789bab0ab06 minion_master.pub可以看到master和穿过去的minion_master的公钥一致
[root@server1 minion]# cd ..
[root@server1 pki]# cd master/
[root@server1 master]# yum install -y tree
[root@server1 master]# tree .
【server1】
[root@server1 master]# cd minions
[root@server1 minions]# md5sum server2 #可以看到minions端的公钥
6f4e62669fe4c2c01b4d5bd9b978f10f server2[root@server1 minions]# cd /etc/salt/
[root@server1 salt]# yum install -y lsof
[root@server1 salt]# netstat -antlp
[root@server1 salt]# lsof -i :4505
[root@server1 salt]# lsof -i :4506
[root@server1 salt]# yum install -y python-setproctitle.x86_64 -y
[root@server1 salt]# /etc/init.d/salt-master restart
[root@server1 salt]# vim master
534 file_roots:
535 base:
536 - /srv/salt
537
[root@server1 salt]# /etc/init.d/salt-master restart
自动下载httpd和php
[root@server1 salt]# mkdir /srv/salt
[root@server1 salt]# cd /srv/salt
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
[root@server1 httpd]# salt server2 state.sls httpd.install
在【server2】上可以看到httpd和php已经下载
开机自动启动httpd
[root@server2 ~]# chkconfig --list httpd
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# salt server2 state.sls httpd.install
【server2】查看
自动httpd更新端口
第一种:
[root@server1 httpd]# mkdir files
[root@server1 httpd]# vim install.sls
【server2】将/etc/httpd/conf/httpd.conf文件传给server1
[root@server2 ~]# scp /etc/httpd/conf/httpd.conf server1:/srv/salt/httpd/files 【server1】
[root@server1 httpd]# cd files
[root@server1 files]# vim httpd.conf
136 Listen 8080
[root@server1 files]# md5sum httpd.conf
b7ca7a0e786418ba7b5ad84efac70265 httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.install #执行状态管理脚本
【server2】
[root@server2 ~]# netstat -antlp
第二种:
[root@server1 httpd]# vim files/httpd.conf
136 Listen 80
[root@server1 httpd]# vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
[root@server1 httpd]# salt server2 state.sls httpd.install【server2】
第三种:
[root@server1 httpd]# vim files/httpd.conf
136 Listen 8080
[root@server1 httpd]# vim install.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
[root@server1 httpd]# salt server2 state.sls httpd.install【server2】查看端口为8080
