查看“Salt安装”的源代码
←
Salt安装
跳到导航
跳到搜索
因为以下原因,您没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
==pre== master 192.168.23.50 client 192.168.20.208 个人观点puppet最大缺点就是默认情况下Agent每隔30分钟向master同步状态,master主动推送功能比较薄弱(2.7版本),ansible基于SSH服务执行,如果服务器过多不建议使用,他是使用轮训的方式。Salt基于消息队列。性能相当好,适合大量生产环境。 [https://www.zhihu.com/question/22707761 SaltStack 与 Ansible 选择] [https://www.centos.bz/2016/12/saltstack-event-driven-watching-event/ SaltStack事件驱动(1) – 监视事件] ==第一 添加RPM源== <pre> #1.Run the following commands to install the SaltStack repository and key: #sudo yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm -y sudo yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest.el7.noarch.rpm -y #201912 yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm -y #官网 #yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm -y #yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm -y #2.Run sudo yum clean expire-cache yum clean expire-cache #3.Install the salt-minion, salt-master, or other Salt components: sudo yum install salt-master -y sudo yum install salt-minion -y sudo yum install salt-ssh -y sudo yum install salt-syndic -y sudo yum install salt-cloud -y sudo yum install salt-api -y ##ios old #7系列 wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm #6系列 rpm -ivh http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm #rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm #7系列 rpm -ivh http://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-7.noarch.rpm #5系列 wget http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm rpm -ivh epel-release-5-4.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL #导入密钥 yum info salt</pre> ==第二 on master== <pre>useradd salt yum install salt-master -y vi /etc/salt/master # The address of the interface to bind to interface: masterip #前面要有两个空格 # The tcp port used by the publisher publish_port: 4505#前面要有两个空格 #自动认证 auto_accept: True # The user to run the salt-master as. Salt will update all permissions to # allow the specified user to run the master. If the modified files cause # conflicts set verify_env to False. user: root # interface used for the file server, authentication, job returnes, etc. ret_port: 4506#前面要有两个空格 systemctl restart salt-master systemctl enable salt-master cat /etc/salt/master | grep -v ^# |sort -u #cento6 /sbin/chkconfig --add nginx /sbin/chkconfig --level 345 nginx on </pre> ==第三 client== <pre>useradd salt yum install salt-minion -y vi /etc/salt/minion #修改配置请见下面的非交互 #编辑11行:#master: salt master: masterip master: 192.168.23.50 103 id: ad_admin # Overwrite the default tcp ports used by the minion when in tcp mode tcp_pub_port: 4510 tcp_pull_port: 4511 cp /etc/salt/minion . #非交互 sed 's/#master: salt/master: 192.168.30.88/' -i /etc/salt/minion sed 's/#master: salt/master: 172.16.200.13/' -i /etc/salt/minion sed 's/#id:/id: you_name/' -i /etc/salt/minion sed 's/#tcp_pub_port: 4510/tcp_pub_port: 4510/' -i /etc/salt/minion sed 's/#tcp_pull_port: 4511/tcp_pull_port: 4511/' -i /etc/salt/minion systemctl restart salt-minion systemctl enable salt-minion CentOS5.6配置salt节点minion http://zhoulg.blog.51cto.com/48455/1140186</pre> === salt-ssh批量安装minion=== <pre> yum install salt-ssh 可以用key --key-deploy Set this flag to attempt to deploy the authorized ssh 但是必先 Are you sure you want to continue connecting (yes/no)? </pre> [https://www.cnblogs.com/dears/p/9138345.html saltstack之ssh批量安装minion] [https://blog.csdn.net/freshair_x/article/details/80296423 Salt-ssh批量自动安装被控端minion] [https://www.cnblogs.com/xiewenming/p/7716252.html SaltStack使用salt-ssh模式-第十一篇] [https://www.cnblogs.com/yanjieli/p/10912572.html salt-ssh ] ==防火墙规则 == 注意 这个才是对的 比较 安全的 在主控端添加(所有 minion)TCP 4505,TCP 4506 的规则,而在被控端无须配置防火墙,原理是被控端直接与主控端的zeromp建立链接接收 ===1.on master === #salt-master服务需要监听4045和4046端口,因此需要开放这两个端口 一般加这个就行了 小伙伴今天又加反了 哈哈 iptables -I INPUT -s minion_ip -p tcp -m multiport --dports 4505,4506 -j ACCEPT #Allow Salt to communicate with Master on the loopback interface iptables -A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT ===2.on minion=== iptables -I INPUT -s 192.168.30.94 -p tcp -m multiport --dports 4510,4511 -j ACCEPT <pre> #这个平时一般为了删除而查看 哈哈 iptables -L -n --line-number |grep 21 # //--line-number可以显示规则序号,在删除的时候比较方 iptables -D INPUT 3 # //删除input的第3条规则 iptables -R INPUT 3 -j DROP # //将规则3改成DROP ##官方的写得有点开放 不太好 为SALT开启防火墙配置 http://docs.saltstack.cn/topics/tutorials/firewall.html http://yango.iteye.com/blog/2264641 RHEL 6 / CENTOS 6 一些Linux发行版带有的``lokkit``命令行软件可以很简单的通过命令行打开iptables防火墙的端口。只是需要小心不要太粗心而关闭了ssh端口。 lokkit范例: lokkit -p 22:tcp -p 4505:tcp -p 4506:tcp #iptables iptables -A INPUT -m state --state new -m tcp -p tcp --dport 4505 -j ACCEPT iptables -A INPUT -m state --state new -m tcp -p tcp --dport 4506 -j ACCEPT MASTER端白名单 # Allow Minions from these networks iptables -I INPUT -s 192.168.1.0/22 -p tcp -m multiport --dports 4505,4506 -j ACCEPT -I INPUT -s 10.1.2.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT -I INPUT -s 10.1.3.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT # Allow Salt to communicate with Master on the loopback interface -A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT # Reject everything else -A INPUT -p tcp -m multiport --dports 4505,4506 -j REJECT</pre> ==配置key== <pre>在master端通过salt-key -L查看Keys如下: [root@vm1 test]# salt-key -L Accepted Keys: Unaccepted Keys: test1 Rejected Keys: [root@vm1 test]# salt-key -A Key for minion test1 accepted. [root@vm1 test]# salt 'test1' test.ping test1: True 显示所有minion的认证信息 salt-key -L 接受所有 Unaccepted Keys 状态的minion的认证信息 salt-key -A # 接受192.168.30.100的认证信息,不需要手动验证 salt-key -a 192.168.30.100 -y # 拒绝认证192.168.0.100 salt-key -d 192.168.0.100 #删除单个 有时minion 挂掉 是因为key 重名了 salt-key -d prod-web01 然后重启minion # 拒绝所有 Unaccepted Keys 状态的minion salt-key -D </pre> ==常用命令== <pre> 1)检查master与minion的连接状态:salt '*' test.ping or salt 'test1' test.ping 2)远程执行命令:salt '*' cmd.run 'ls /root' test1: anaconda-ks.cfg bootstrap-salt.sh install.log install.log.syslog vm2 3)从master上传文件至minion: salt-cp nodeid source_file target_file 例子:salt-cp 'vm01' /root/test/bootstrap-salt.sh /root 4)master同步命令: salt '*' state.highstate To have the Minion start automatically at boot time: chkconfig salt-minion on #7 systemctl enable salt-minion.service to start the Minion: #7 systemctl start salt-minion.service https://docs.saltstack.com/en/latest/topics/installation/rhel.html #所有内置模块 http://docs.saltstack.com/ref/modules/all/index.html http://wiki.saltstack.cn/modules/all 常用内置模块 [root@vm3 ~]# salt 'vm0' pkg.install w3m vm0: ———- gpg-pubkey: ———- new: 217521f6-45e8a532,e8562897-459f07a4 old: 217521f6-45e8a532 w3m: ———- new: 0.5.1-18.el5 分组相关 salt -N direct test.ping salt -L sdkredis,sdklog,ad_web,inlandgw,ad_admin,da test.ping </pre> ==遇到问题== <pre> 2017 [root@da ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [FAILED] Starting salt-master daemon: WARNING: Unable to bind socket 1.2.22.3:4505, error: [Errno 99] Cannot assign requested address; Is there another salt-master running? The salt master is shutdown. The ports are not available to bind [FAILED] 打开blind ip # The address of the interface to bind to: interface: 0.0.0.0 问题1 [root@localhost soft]# yum install python-jinja2 Loaded plugins: fastestmirror, security Determining fastest mirrors Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again 编辑/etc/yum.repos.d/epel.repo和/etc/yum.repos.d/epel-testing.repo 将mirrorlist注释,将baseurl打开 问题2: file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-29.el6_2.2.x86_64 64 conflicts with file from package python-2.6.6-36.el6.x86_64 Error Summary 升级下python版本 yum update python or yum install python 问题其一 minion 有这些log 加上 salt-key -L 为空 017-08-04 16:35:57,645 [salt.utils.parsers ][WARNING ][5761] Minion received a SIGTERM. Exiting. 记录配置 master ip on master 好搞笑 各种搞错了 笨蛋 [root@ ~]# cat /etc/salt/minion | grep -v \^# | grep -v \^$ master: 10.10.1.25 master_port: 4506 id: ad_web tcp_pub_port: 4510 tcp_pull_port: 4511 问题其二 To repair this issue, delete the public key for this minion on the Salt Master and restart this minion. Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit. 原因: 大概的意思就是,minion端拿到的key与master端的不符,验证无法通过。 解决方法是删除minion端的key,再重新与master进行连接和认证。 on master上删除key /etc/salt/pki/master/minions 如果实在不行 就把minion的也删除了 解决方法是删除minion端的key,再重新与master进行连接和认证 minion_master.pub </pre> ==trouble shooting== <pre> 一开始添加的是7 的源 ,导致不成功,后面一看 居然是6 --> 完成依赖关系计算 错误:Package: python-babel-0.9.6-8.el7.noarch (salt-latest) Requires: python(abi) = 2.7 已安装: python-2.6.6-66.el6_8.x86_64 (@base) python(abi) = 2.6 Available: python34-3.4.8-1.el6.i686 (epel) python(abi) = 3.4 错误:Package: python-msgpack-0.4.6-1.el7.x86_64 (salt-latest) Requires: libpython2.7.so.1.0()(64bit) rm /etc/yum.repos.d/salt-latest.repo </pre> == 参考== [http://devopstarter.info/xue-xi-saltyuan-ma-zhi-hui-zhi-pythonxin-hao-liang/ 学习Salt源码智慧之Python信号量] [http://www.diyoms.com/automation/1690.html saltstack学习—快速安装] [https://repo.saltstack.com/index.html 官方文档install] [http://debugo.com/saltstack-starter/ SaltStack之初窥门径] https://repo.saltstack.com/#rhel https://docs.saltstack.com/en/latest/ [http://docs.saltstack.com/topics/installation/rhel.html install] [http://docs.saltstack.com/topics/installation/index.html 总的文档] [http://docs.saltstack.com/topics/configuration.html configure] SaltStack installation on Centos 7 更加详细的配置 Configuring the Salt Master http://docs.saltstack.com/ref/configuration/master.html Configuring the Salt Minion http://docs.saltstack.com/ref/configuration/minion.html Saltstack系列3:Saltstack常用模块及API http://www.cnblogs.com/MacoLee/p/5753640.html CentOS7.2系统环境中安装saltstack详细配置过程讲解 Python自动化运维 ,这个不错,从用fabric 批量 salt开始呢 http://opython.com/?cat=4 http://blog.sina.com.cn/s/blog_7f1737720101ebzg.html 深入SaltStack(转) http://blog.sina.com.cn/s/blog_7f1737720101ebz9.html http://blog.halfss.com/blog/2013/06/15/saltxiang-guan-shi-yong/ Salt stack first sls 文件 http://blog.csdn.net/qingchn/article/details/8752004 Salt实战之自动安装部署MooseFS http://blog.csdn.net/shanliangliuxing/article/details/8986731 Centos 6.4安装SaltStack 有酷酷的防火墙写法 参考资料 salt的安装部署 http://zhengbin.blog.51cto.com/2989505/1229884 salt基础命令 http://zhengbin.blog.51cto.com/2989505/1229891 salt-minion,salt-master,multi master http://www.cnblogs.com/taosim/articles/3598919.html [[category:saltstack]]
返回至
Salt安装
。
导航菜单
个人工具
登录
名字空间
页面
讨论
变种
视图
阅读
查看源代码
查看历史
更多
搜索
导航
首页
我的导航
关于我
shell
python
ops
linuxchina.net
blog.linuxchina
最近更改
随机页面
帮助
工具
链入页面
相关更改
特殊页面
页面信息