配置环境:rhel6.5
- server1:172.25.12.1 master
- server2:172.25.12.2 minion
- server3:172.25.12.3 minion
- http://docs.saltstack.cn/ref/states/all #所有内置的state模块列表
配置yum 源
[source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.12.250/rhel6
enabled=1
gpgcheck=0
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.12.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
server1和server2分别安装salt-master和salt-minion
[root@server1 ~]# yum install -y salt-master
[root@server2 ~]# yum install -y salt-minion
[root@server3 ~]# yum install -y salt-minion
修改配置文件并启动服务
[root@server1 ~]# vim /etc/salt/master
15 interface: 172.25.12.1
[root@server1 ~]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server2 ~]# vim /etc/salt/minion
16 master: 172.25.12.1
[root@server2 ~]# /etc/init.d/salt-minion start
Starting salt-minion:root:server2 daemon: OK
[root@server3 ~]# vim /etc/salt/minion
16 master: 172.25.12.1
[root@server3 ~]# /etc/init.d/salt-minion start
Starting salt-minion:root:server2 daemon: OK
开启成功以后minion会开启4506端口,master会开启4505和4506两个接口,4505端口负责推送消息给minion,4506负责接受minion的报告
建立关联
[root@server1 ~]# salt-key -L ##查看
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
server3
Rejected Keys:
[root@server1 ~]# salt-key -a server2 ##-a 指定关联
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] Y
Key for minion server2 accepted.
[root@server1 ~]# salt-key -L
Accepted Keys:
server2
Denied Keys:
Unaccepted Keys:
server3
Rejected Keys:
[root@server1 ~]# salt-key -A ##-A 全部关联
The following keys are going to be accepted:
Unaccepted Keys:
server3
Proceed? [n/Y] Y
Key for minion server3 accepted.
[root@server1 ~]# salt-key -L
Accepted Keys:
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
master和minion做了公钥相互交换
[root@server1 pki]# pwd
/etc/salt/pki
[root@server1 pki]# tree .
.
|-- master
| |-- master.pem
| |-- master.pub
| |-- minions
| | |-- server2
| | `-- server3
| |-- minions_autosign
| |-- minions_denied
| |-- minions_pre
| `-- minions_rejected
`-- minion
7 directories, 4 files
[root@server2 pki]# pwd
/etc/salt/pki
[root@server2 pki]# tree .
.
|-- master
`-- minion
|-- minion_master.pub
|-- minion.pem
`-- minion.pub
2 directories, 3 files
[root@server1 pki]# cd master/
[root@server1 master]# md5sum master.pub
d8a543c10f67fc2e182205d2192e031d master.pub
[root@server2 pki]# cd minion/
[root@server2 minion]# md5sum minion_master.pub
d8a543c10f67fc2e182205d2192e031d minion_master.pub
[root@server3 minion]# md5sum minion_master.pub
d8a543c10f67fc2e182205d2192e031d minion_master.pub
[root@server1 minions]# md5sum server2
49152938d957088de9b2964f8967f09f server2
[root@server1 minions]# md5sum server3
68bf95c16c5b0d46d9e1c165c57bce91 server3
[root@server2 minion]# md5sum minion.pub
49152938d957088de9b2964f8967f09f minion.pub
[root@server3 minion]# md5sum minion.pub
68bf95c16c5b0d46d9e1c165c57bce91 minion.pub
[root@server1 minions]# lsof -i :4505 ##查看4505端口占用情况
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1083 root 16u IPv4 13907 0t0 TCP server1:4505 (LISTEN)
salt-mast 1083 root 18u IPv4 17408 0t0 TCP server1:4505->server2:50794 (ESTABLISHED)
salt-mast 1083 root 19u IPv4 17470 0t0 TCP server1:4505->server3:46534 (ESTABLISHED)
[root@server1 salt]# salt '*' test.ping ##调用python内置test模块中的ping方法
server3:
True
server2:
True
[root@server1 minions]# yum install python-setproctitle -y ##安装辅助模块
[root@server1 minions]# /etc/init.d/salt-master restart
查看相关信息
给server2推送http
[root@server1 salt]# vim /etc/salt/master
534 file_roots:
535 base:
536 - /srv/salt #基础位置
[root@server1 ~]# mkdir /srv/salt
[root@server1 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# mkdir httpd
httpd安装模块
[root@server1 ~]# salt server2 state.sls httpd.install test=true #测试方法
server2:
----------
ID: httpd-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 16:56:39.530820
Duration: 390.114 ms
Changes:
Summary for server2
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 390.114 ms
[root@server1 httpd]# salt server2 state.sls httpd.install #正式推送
server2:
----------
ID: httpd-install
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: httpd
Started: 16:35:40.692072
Duration: 10858.103 ms
Changes:
----------
apr:
----------
new:
1.3.9-5.el6_2
old:
apr-util:
----------
new:
1.3.9-3.el6_0.1
old:
apr-util-ldap:
----------
new:
1.3.9-3.el6_0.1
old:
httpd:
----------
new:
2.2.15-29.el6_4
old:
httpd-tools:
----------
new:
2.2.15-29.el6_4
old:
mailcap:
----------
new:
2.1.31-2.el6
old:
Summary for server2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 10.858 s
自定义模块
[root@server1 salt]# cd httpd/
[root@server1 salt]# vim install.sls
apache-install:
pkg.installed:
- pkgs: #安装的包
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf #客户端的文件位置
- source: salt://httpd/files/httpd.conf #更新的文件内容
- mode: 644 #权限
- user: root #用户
service.running:
- name: httpd #服务名称
- enable: True #设置开机自动启动
- reload: True #重新加载
- watch:
- file: apache-install #监控的文件
可以在服务端将salt://httpd/files/httpd.conf中的文件端口更改为8080以后推送
vim /srv/salt/httpd/fileshttpd.conf
136 Listen 8080
[root@server1 files]# salt server2 state.sls httpd.install
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 11:13:14.413743
Duration: 365.913 ms
Changes:
----------
ID: apache-install
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 11:13:14.781818
Duration: 71.623 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-install
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 11:13:14.884047
Duration: 76.63 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 514.166 ms #推送成功
在客户端查看,端口已经被更改
[root@server2 conf]# netstat -nutl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::8080 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
源码安装nginx
配置
server1:172.25.12.1 master
server3:172.25.12.3 minion
mkdir /srv/salt/nginx/file -p
cd /srv/salt/nginx
vim make.sls #源码安装nginx
nginx-install:
pkg.installed:
- pkgs: #依赖性包安装
- pcre-devel
- gcc
- openssl-devel
file.managed: #文件管理
- name: /mnt/nginx-1.14.0.tar.gz #将文件推送到客户端的目录
- source: salt://nginx/file/nginx-1.14.0.tar.gz #服务端文件
cmd.run: #在客户端执行的命令,编译的一些基础操作,利用shell脚本编写
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &>/dev/null
- creates: /usr/local/nginx #如果存在这个文件则不继续执行安装
cd /srv/salt/nginx
vim service.sls #用户创建,安装,运行
include: #包含的其他脚本
- nginx.make
- users.nginx
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/file/nginx.conf #源文件位置
nginx-service:
file.managed:
- name: /etc/init.d/nginx #放在客户端的指定位置
- source: salt://nginx/file/nginx #源启动脚本位置,需要自己编写启动脚本
- mode: 755
- name: nginx #服务名称
- reload: True
- watch: #监控文件的内容
- file: /usr/local/nginx/conf/nginx.conf
mkdir /srv/salt/users
cd /srv/salt/users
vim nginx.sls #nginx用户添加脚本
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
- shell: /sbin/nologin
- createhome: False
- home: /usr/local/nginx
salt server3 state.sls nginx.service #推送给server3