saltstack install for Centos7

1.安装salt-master, salt-minion基础环境

环境：

主机名	系统
192.168.118.130 master	Centos7
192.168.118.131 minion	Centos7

关闭防火墙，selinux

hostname 改名：

master:
[root@linux-node1 ~]# vim /etc/hostname 
linux-node1.example.com
[root@linux-node1 ~]# reboot

minion:
[root@linux-node2 ~]# vim /etc/hostname 
linux-node2.example.com
[root@linux-node2 ~]# reboot

Master端安装：

[root@localhost ~]# yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm 
[root@localhost ~]# yum install salt-master salt-minion -y
[root@localhost ~]# systemctl start salt-master
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]# systemctl enable salt-master
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[root@localhost ~]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.

配置hosts文件，master，minion添加使其互通ping通

[root@linux-node2 minion]# vim /etc/hosts
[root@linux-node2 minion]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.118.130 linux-node1.example.com
192.168.118.131 linux-node2.example.com

Minion端安装：

[root@linux-node1 ~]# yum install salt-minion -y
[root@linux-node1 ~]# systemctl start salt-minion
[root@linux-node1 ~]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.

修改master端interface

master: 192.168.118.130
[root@linux-node1 ~]# systemctl restart salt-master

修改minion端master配置：

[root@linux-node2 ~]# cat /etc/salt/minion | grep 'master: '
#master: salt
master: 192.168.118.130
#random_master: False
[root@linux-node2 ~]#
[root@linux-node2 ~]# systemctl restart salt-minion

---

2.查看证书：

master：

[root@linux-node1]# cd /etc/salt/pki/master/
[root@linux-node1 master]# ls
master.pem  master.pub  minions  minions_autosign  minions_denied  minions_pre  minions_rejected
[root@linux-node1 ~]# salt-key 
Accepted Keys:
Denied Keys:
Unaccepted Keys:
172.17.0.1
linux-node1.example.com
linux-node2.example.com
Rejected Keys:

minion：

[root@linux-node2 ~]# cd /etc/salt/pki/minion/
[root@linux-node2 minion]# ls
minion.pem  minion.pub
[root@linux-node2 minion]#

[root@linux-node1 ~]# systemctl start salt-minion
[root@linux-node1 ~]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-03-20 10:15:18 EDT; 5s ago
     Docs: man:salt-minion(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 12839 (salt-minion)
   CGroup: /system.slice/salt-minion.service
           ├─12839 /usr/bin/python /usr/bin/salt-minion
           ├─12842 /usr/bin/python /usr/bin/salt-minion
           └─12846 /usr/bin/python /usr/bin/salt-minion

Mar 20 10:15:18 linux-node1.example.com systemd[1]: Starting The Salt Minion...
Mar 20 10:15:18 linux-node1.example.com systemd[1]: Started The Salt Minion.
Mar 20 10:15:18 linux-node1.example.com salt-minion[12839]: /usr/lib/python2.7/site-packages/salt/scripts.py:198: Depre...ter.
Mar 20 10:15:19 linux-node1.example.com salt-minion[12839]: [ERROR   ] The Salt Master has cached the public key for th...cate
Hint: Some lines were ellipsized, use -l to show in full.

salt-key -a linux* 添加所有linux开头的证书

[root@linux-node1 ~]# salt-key -a linux*
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [n/Y] y
Key for minion linux-node1.example.com accepted.
Key for minion linux-node2.example.com accepted.
[root@linux-node1 ~]#

[root@linux-node2 ~]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-03-20 10:11:49 EDT; 10min ago
     Docs: man:salt-minion(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 7880 (salt-minion)
   CGroup: /system.slice/salt-minion.service
           ├─7880 /usr/bin/python /usr/bin/salt-minion
           ├─7883 /usr/bin/python /usr/bin/salt-minion
           └─7891 /usr/bin/python /usr/bin/salt-minion

Mar 20 10:20:21 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:20:31 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:20:41 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:20:51 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:01 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:11 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:21 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:31 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:41 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:51 linux-node2.example.com salt-minion[7880]: [ERROR   ] The Salt Master has cached the public key for thi...cate
Hint: Some lines were ellipsized, use -l to show in full.