01 SaltStack-SSH 安装Salt-minion

发表于 | 分类于


为什么这是第一步?

当我们来到一个新环境,需要使用配置管理服务器,我们需要先让客户端安装Salt-minion

安装安装 salt-master salt-ssh

1
2
3
4
* For RHEL/CentOS 7:
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm
wget https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm
yum install salt-master salt-ssh
1
2
3
4
# 启动master
systemctl enable salt-master 
systemctl start salt-master
systemctl status salt-master

修改配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 修改/etc/salt/roster的配置文件
# target的信息
    host:           # 远端主机的ip地址或者dns域名
    user:           # 登录的用户
    passwd:         # 用户密码,如果不使用此选项,则默认使用秘钥方式
# 可选的部分
    port:           # ssh端口
    sudo:           # 可以通过sudo
    tty:            # 如果设置了sudo,设置这个参数为true
    priv:           # ssh秘钥的文件路径
    timeout:        # 当建立链接时等待响应时间的秒数
    minion_opts:    # minion的位置路径
    thin_dir:       # target系统的存储目录,默认是/tmp/salt-<hash>
    cmd_umask:      # 使用salt-call命令的umask值
1
2
3
4
5
6
7
8
9
10
# 定义配置主机: salt-ssh是串行,没有C/S 快
liunx-node2:
  host: 10.0.0.151
  user: root
  password: 222222
  port: 22

# 测试远程执行命令
salt-ssh '*' -r 'ip a'
salt-ssh 'liunx-node2' -r 'free -m'

创建状态配置文件目录

  • 告诉 master 状态文件放在哪个位置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 编辑master配置文件
# 搜索: /file_roots 
# base基础环境 dev开发环境  test测试环境  prod生产环境

[root@linux-node1 ~]# vim /etc/salt/master
file_roots:
  base:
    - /srv/salt/base
  dev:
    - /srv/salt/dev
  test:
    - /srv/salt/test
  prod:
    - /srv/salt/prod
1
2
3
4
5
6
7
8
9
10
11
12
# 创建目录
mkdir -p /srv/salt/{base,dev,test,prod}
tree /srv/salt/
/srv/salt/
├── base    # 必须有
├── dev     # 开发环境
├── prod    # 生产环境
└── test    # 测试环境

# 重启master,改完配置就要重启
systemctl restart salt-master
systemctl status salt-master

创建 minions 目录

1
2
3
4
5
6
7
mkdir -p /srv/salt/prod/minions             
mkdir -p /srv/salt/prod/minions/files       # minion 文件目录

[root@salt yum.repos.d]# tree /srv/salt/prod/
/srv/salt/prod/
└── minions             # minion 状态目录
    └── files           # minion 文件目录

编写 minion-install.sls

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
cd /srv/salt/prod/minions/
vim minions-install.sls

include:
  - init.yum-repo

minions-init:
  file.managed:
    - name: /etc/yum.repos.d/salt-repo-latest.el7.noarch.rpm
    - source: salt://minions/files/salt-repo-latest.el7.noarch.rpm
    - user: root
    - group: root
    - mode: 644

  cmd.run:
    - name: cd /etc/yum.repos.d/ && rpm -ivh salt-repo-latest.el7.noarch.rpm
    - require:
      - file: minions-init
    - unless: rpm -qa|grep salt-repo

minions-install:
  pkg.installed:
    - name: salt-minion
    - require:
      - cmd: minions-init
    - unless: rpm -qa|grep salt-minion

  file.managed:
    - name: /etc/salt/minion
    - source: salt://minions/files/minion
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - defaults:
      MASTER_IP: 10.0.0.150
    - require:
      - pkg: minions-install

minions_service:
  service.running:
    - name: salt-minion
    - enable: True
    - require:
      - file: minions-install

文件管理

1
2
3
4
5
6
[root@salt files]# tree /srv/salt/prod/minions/
/srv/salt/prod/minions/
├── files
│   ├── minion
│   └── salt-repo-latest.el7.noarch.rpm
└── minions-install.sls
1
2
3
# 模板文件
[root@salt files]# vim minion 
master: {{ MASTER_IP }}

执行

1
2
[root@salt minions]#  salt-ssh 'liunx-node2' -i state.sls minions.minions-install saltenv=prod test=True
[root@salt minions]#  salt-ssh 'liunx-node2' -i state.sls minions.minions-install saltenv=prod

添加minion 和 测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# 查看
[root@salt minions]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node2
Rejected Keys:

# 添加
[root@salt minions]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node2
Proceed? [n/Y] y
Key for minion linux-node2 accepted.

[root@salt minions]# salt-key
Accepted Keys:
linux-node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:

# 远程执行命令测试
[root@salt minions]# salt '*' cmd.run 'w'
linux-node2:
     15:33:23 up 9 min,  3 users,  load average: 0.13, 0.13, 0.06
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     tty1                      11:04    4:28m  0.20s  0.20s -bash
    root     pts/0    10.0.0.1         15:30    3:04   0.00s  0.00s -bash
    root     pts/1    10.0.0.1         11:06    4:26m  0.01s  0.01s -bash

当前的目录结构:

  1. 安装salt-minion
  2. 下一步 初始化安装 - 包括yum源 和 初始化命令vim wget net-tools等…
1
2
3
4
5
6
7
[root@salt prod]# tree /srv/salt/prod/
/srv/salt/prod/
└── minions
    ├── files
    │   ├── minion
    │   └── salt-repo-latest.el7.noarch.rpm
    └── minions-install.sls