saltstack 简介
Saltstack使用Python开发,是一个非常简单易用和轻量级的管理工具。由Master和Minion构成,通过ZeroMQ进行通信,速度快
Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口
salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制
部署服务
准备两台Centos7 虚拟机
关掉防火墙 setenforce
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
获取saltstack源
[root@localhost ~]# yum -y install wget
[root@localhost ~]# wget -P /etc/yum.repos.d https://mirrors.aliyun.com/saltstack/yum/redhat/7.2/x86_64/saltstack-rhel7.repo
主服务操作
[root@localhost ~]# yum -y install salt-master salt-minion
[root@localhost ~]# vim /etc/salt/minion
master: 192.168.27.137 #改成本机ip
[root@localhost ~]# systemctl start salt-minion salt-master
[root@localhost ~]# netstat -nlput |egrep "4505|4506"
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 13645/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 13653/python
客户端操作
[root@localhost ~]# yum -y install salt-minion
[root@localhost ~]# vim /etc/salt/minion
master: 192.168.27.137 服务端ip
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]#
salt-key常用参数
- -a 添加指定ID 的key
- -A 添加全部
- -R 拒绝全部
- -d 删除指定ID的
- -D 删除全部
- -L 查询所有接收到的证书
指定查看认证
[root@localhost ~]# salt-key -a 192.168.27.138
The following keys are going to be accepted:
Unaccepted Keys:
192.168.27.138
Proceed? [n/Y] y
Key for minion 192.168.27.138 accepted.
[root@localhost ~]# salt-key -a 192.168.27.137
The following keys are going to be accepted:
Unaccepted Keys:
192.168.27.137
Proceed? [n/Y] y
Key for minion 192.168.27.137 accepted.
[root@localhost ~]# salt-key -L
Accepted Keys: #已经接受的key
192.168.27.137
192.168.27.138
Denied Keys: #拒绝的key
Unaccepted Keys: #未加入的key
Rejected Keys: #吊销的key
测试ping 连接
[root@localhost ~]# salt '*' test.ping
192.168.27.138:
True
192.168.27.137:
True
[root@localhost ~]# salt 192.168.27.138 cmd.run 'hostname'
192.168.27.138:
localhost.localdomain
来源:oschina
链接:https://my.oschina.net/u/4275665/blog/4716684