1.安装salt-master, salt-minion基础环境
环境:
主机名 | 系统 |
---|---|
192.168.118.130 master | Centos7 |
192.168.118.131 minion | Centos7 |
关闭防火墙,selinux
hostname 改名:
master:
[root@linux-node1 ~]# vim /etc/hostname
linux-node1.example.com
[root@linux-node1 ~]# reboot
minion:
[root@linux-node2 ~]# vim /etc/hostname
linux-node2.example.com
[root@linux-node2 ~]# reboot
Master端安装:
[root@localhost ~]# yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm
[root@localhost ~]# yum install salt-master salt-minion -y
[root@localhost ~]# systemctl start salt-master
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]# systemctl enable salt-master
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[root@localhost ~]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
配置hosts文件,master,minion添加使其互通ping通
[root@linux-node2 minion]# vim /etc/hosts
[root@linux-node2 minion]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.118.130 linux-node1.example.com
192.168.118.131 linux-node2.example.com
Minion端安装:
[root@linux-node1 ~]# yum install salt-minion -y
[root@linux-node1 ~]# systemctl start salt-minion
[root@linux-node1 ~]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
修改master端interface
master: 192.168.118.130
[root@linux-node1 ~]# systemctl restart salt-master
修改minion端master配置:
[root@linux-node2 ~]# cat /etc/salt/minion | grep 'master: '
#master: salt
master: 192.168.118.130
#random_master: False
[root@linux-node2 ~]#
[root@linux-node2 ~]# systemctl restart salt-minion
2.查看证书:
master:
[root@linux-node1]# cd /etc/salt/pki/master/
[root@linux-node1 master]# ls
master.pem master.pub minions minions_autosign minions_denied minions_pre minions_rejected
[root@linux-node1 ~]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
172.17.0.1
linux-node1.example.com
linux-node2.example.com
Rejected Keys:
minion:
[root@linux-node2 ~]# cd /etc/salt/pki/minion/
[root@linux-node2 minion]# ls
minion.pem minion.pub
[root@linux-node2 minion]#
[root@linux-node1 ~]# systemctl start salt-minion
[root@linux-node1 ~]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-03-20 10:15:18 EDT; 5s ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 12839 (salt-minion)
CGroup: /system.slice/salt-minion.service
├─12839 /usr/bin/python /usr/bin/salt-minion
├─12842 /usr/bin/python /usr/bin/salt-minion
└─12846 /usr/bin/python /usr/bin/salt-minion
Mar 20 10:15:18 linux-node1.example.com systemd[1]: Starting The Salt Minion...
Mar 20 10:15:18 linux-node1.example.com systemd[1]: Started The Salt Minion.
Mar 20 10:15:18 linux-node1.example.com salt-minion[12839]: /usr/lib/python2.7/site-packages/salt/scripts.py:198: Depre...ter.
Mar 20 10:15:19 linux-node1.example.com salt-minion[12839]: [ERROR ] The Salt Master has cached the public key for th...cate
Hint: Some lines were ellipsized, use -l to show in full.
salt-key -a linux* 添加所有linux开头的证书
[root@linux-node1 ~]# salt-key -a linux*
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [n/Y] y
Key for minion linux-node1.example.com accepted.
Key for minion linux-node2.example.com accepted.
[root@linux-node1 ~]#
[root@linux-node2 ~]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-03-20 10:11:49 EDT; 10min ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 7880 (salt-minion)
CGroup: /system.slice/salt-minion.service
├─7880 /usr/bin/python /usr/bin/salt-minion
├─7883 /usr/bin/python /usr/bin/salt-minion
└─7891 /usr/bin/python /usr/bin/salt-minion
Mar 20 10:20:21 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:20:31 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:20:41 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:20:51 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:01 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:11 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:21 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:31 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:41 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Mar 20 10:21:51 linux-node2.example.com salt-minion[7880]: [ERROR ] The Salt Master has cached the public key for thi...cate
Hint: Some lines were ellipsized, use -l to show in full.