Architect growth path 5.1-Saltstack Installation and Getting Started

(Installation, configuration, start)

Configuration management tools:

Pupper :.. 1 using ruby programming language; 2 installation environment is relatively complex; 3 does not support remote execution tool configuration can require FUNC.
Ansible .: 1 using python programming language; 2 acquired by Red Hat; 3 lightweight; 4, the work does not have the ability to block the deployment of batch-based, real-Volume Deployment module ansible is running....
Saltstack : using python programming language that supports API (currently the highest corporate usage)

Saltstack three basic functions:

Remote execution Remote execution: simultaneously execute commands in a batch of hundreds of thousands of machines
Configuration management Configuration management: management state (a condition described, but this is difficult to roll back state)
Event-Driven infrastucture event-driven infrastructure: the listener object state change event capture event generates automatic scheduling, self-healing
Salt cloud cloud management: can manage almost all public and private clouds

Saltstack components:

Master Salt component: for sending commands to configure and run on Salt Salt Minion Device Manager.
Salt Minion components: management systems. This system runs Salt minion, it receives commands and configuration from Salt master.
Execution Modules components: the command line for a particular command or more managed systems. For: real-time monitoring, status and inventory; one-time commands and scripts; deploy critical updates.
Formulas (status) components: declarative or imperative expression system configuration.
Grains components: system variables. Grain is static information about the underlying trusteeship system, including the operating system, memory, and many other system properties. You can also customize any system-defined Grain.
Pillar components: user-defined variables. These security variables are defined and stored on Salt Master, then the target "assigned" to one or more Salt Minion. Salt Pillar data storage port, the file path, and a password equivalent configuration parameters.
Top File components: Salt Pillar and the formula Salt Minion data match.
Runners components: execution module to perform support tasks in Salt Master. Salt runner job status report, the connected state, reads data from an external api, connection query Salt minions like.
Returners components: Salt minions transmits return data to another system, such as databases. Salt Returners can run on Salt minions or Salt Master.
Reactor components: a trigger event occurs in response to your Saltstack environment.
Salt Cloud / Salt Virt components: providing system in the cloud provider / manager, and immediately manage.
Salt SSH components:
Salt minion in the absence of a system run by Salt SSH command.

Saltstack operates in four ways:

local: a local self-running
Minion / Master: is the C / S model
Syndic management proxy component (as will be appreciated zabbix proxy mode)
Salt SSH: do not install the agent, also gather information through SSH

1. Saltstack installation

Configure two devices, one mounted named Saltstack01 (172.18.20.226): Installation salt-master and salt-minion; a named Saltack02 (172.18.20.227) is mounted only salt-minion.

Saltstack provide their own official repo warehouse Click on the presence of each version of the system installation steps inside

yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm

Recommend installing a local repository, I used aliyun, as follows:

 yum install -y salt-master salt-minion

2. Saltstack configuration

2.1 Starting Saltstack01 of salt-master

systemctl start salt-master # to enable the salt-master

Saltstack01 directory

Saltstack02 directory

2.2 Configuration Saltstack01 and Saltsta CK0 2 of minion profile and start salt-minion

cd / etc / Salt 
vi Minion Minion # configuration file (one more space can be given, the master configuration ip address or domain name, provided that there must be DNS)

The default configuration master can be, there is an ID options: If you do not set the Id, then, to get the default host name: socket.getfqdn ().

systemctl start salt-minion

Id not set the time, the default is to look minion_id FQDN name is Saltstack02.

minion_id value generation process:

minion default in the following order, trying to find a value as not localhost ID:

1.1 Python函数socket.getfqdn() 获取的值；
1.2 /etc/hostname 定义的值(仅限于非Windows系统)；
1.3 /etc/hosts (%WINDIR%\system32\drivers\etc\hosts on Windows hosts) 中定义的任何映射 127.0.0.0/8 的主机名做ID值

如果以上都能够产生一个ID，并且不是localhost，then a sorted list of IP addresses on the minion (excluding any within 127.0.0.0/8) is inspected. The first publicly-routable IP address is used, if there is one.Otherwise, the first privately-routable IP address is used.如果一切都失败了，那么则使用localhost作为备用，最终获取的ID将记录在/etc/salt/minion_id文件中，该文件可以手动更改，重启服务后不会被重新覆盖。

注意：如果minion端主配置文件 /etc/salt/minion 中启用了 id: xxxx , 那么这个ID值将覆盖 /etc/salt/minion_id 中记录的ID数值.

此时Saltstack01的目录

此时Saltstack02的目录（启动minion之后就有了pki目录，并生成两个公钥和私钥文件）

2.3 Salt minion和Salt master如何通信？？？

通信之前需要认证，采用公钥和私钥。

2.2.1 未配置minion的时候：Saltack02的pki--minion下面没有任何目录

2.2.2 配置完minion的时候：Saltack02的pki--minion下面会多出两个文件minion.pem私钥和minion.pub公钥。

2.2.3 Saltack02的公钥会发给Saltack01（Master），Saltack01（Master）收到以后放置在

总结：

当初始化安装 minion 启动服务启动后：
1.1 minion端生成一个秘钥对，并产生一个ID值，minion服务会安装ID值命名的公钥发送给 master ,直到接受为止;
1.2 master认证完毕后，会将minion 端发送来的，以ID值命名的公钥存放在 /etc/salt/pki/master/minions_pre 目录中(无ID值默认就是FQDN名);
1.3 master认证完毕后，会将自身的公钥发送给 minion，并存储为 /etc/salt/pki/minion/minion_master.pub。

扩展：

master 秘钥对默认存储在/etc/salt/pki/master/master.pub  /etc/salt/pki/master/master.pem
master 端认证的公钥存储在：/etc/salt/pki/master/minions/
minion 秘钥对默认存储在/etc/salt/pki/minion/minion.pub  /etc/salt/pki/minion/minion.pem
minion 存放的master公钥/etc/salt/pki/minion/minion_master.pub
minion_id 默认存储在/etc/salt/minion_id

......