参考saltStack官方文档
ON THE SALT MASTER
Run these commands on the system that you want to use as the central management point.
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M
Your Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.
ON EACH SALT MINION
Run these commands on each system that you want to manage using Salt.
[root@centos120 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 283k 100 283k 0 0 51683 0 0:00:05 0:00:05 --:--:-- 70732
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 3.10.0-957.el7.x86_64
* INFO: Distribution: CentOS 7.6
* INFO: Installing minion
* INFO: Installing master
* INFO: Found function install_centos_stable_deps
* INFO: Found function config_salt
* INFO: Found function preseed_master
* INFO: Found function install_centos_stable
* INFO: Found function install_centos_stable_post
* INFO: Found function install_centos_restart_daemons
* INFO: Found function daemons_running
* INFO: Found function install_centos_check_services
* INFO: Running install_centos_stable_deps()
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 3.10.0-957.el7.x86_64
* INFO: Distribution: CentOS 7.6
* INFO: Installing minion
* INFO: Found function install_centos_stable_deps
* INFO: Found function config_salt
* INFO: Found function preseed_master
* INFO: Found function install_centos_stable
* INFO: Found function install_centos_stable_post
* INFO: Found function install_centos_restart_daemons
* INFO: Found function daemons_running
* INFO: Found function install_centos_check_services
* INFO: Running install_centos_stable_deps()
.............
Installed:
salt-minion.noarch 0:3000-1.el7
2)master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。
[root@centos120 salt]# systemctl start salt-master
[root@centos120 salt]# systemctl status salt-master
● salt-master.service - The Salt Master Server
Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-03-08 13:13:55 CST; 1h 3min ago
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html
Main PID: 8295 (salt-master)
CGroup: /system.slice/salt-master.service
├─8295 /usr/bin/python /usr/bin/salt-master
├─8302 /usr/bin/python /usr/bin/salt-master
├─8321 /usr/bin/python /usr/bin/salt-master
├─8323 /usr/bin/python /usr/bin/salt-master
├─8326 /usr/bin/python /usr/bin/salt-master
├─8327 /usr/bin/python /usr/bin/salt-master
├─8328 /usr/bin/python /usr/bin/salt-master
├─8329 /usr/bin/python /usr/bin/salt-master
├─8330 /usr/bin/python /usr/bin/salt-master
├─8331 /usr/bin/python /usr/bin/salt-master
├─8332 /usr/bin/python /usr/bin/salt-master
├─8340 /usr/bin/python /usr/bin/salt-master
└─8342 /usr/bin/python /usr/bin/salt-master
Mar 08 13:13:53 centos120 systemd[1]: Starting The Salt Master Server...
Mar 08 13:13:54 centos120 salt-master[8295]: /usr/lib/python2.7/site-packages/salt/scripts.py:109: DeprecationWarni...ater.
Mar 08 13:13:55 centos120 systemd[1]: Started The Salt Master Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos120 salt]#
[root@centos122 salt]# systemctl start salt-minion
[root@centos122 salt]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-03-08 14:00:46 CST; 27min ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html
Main PID: 7563 (salt-minion)
CGroup: /system.slice/salt-minion.service
├─7563 /usr/bin/python /usr/bin/salt-minion
├─7567 /usr/bin/python /usr/bin/salt-minion
└─7573 /usr/bin/python /usr/bin/salt-minion
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos122 salt]# ll
[root@centos120 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
centos120
centos121
centos122
Proceed? [n/Y] Y
Key for minion centos120 accepted.
Key for minion centos121 accepted.
Key for minion centos122 accepted.
[root@centos120 salt]#
查看salt-minion端接受到的公钥:
[root@centos120 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub
-r-------- 1 root root 1674 Mar 8 14:42 minion.pem
-rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub
[root@centos120 salt]# ll /etc/salt/pki/master/
total 8
-r-------- 1 root root 1678 Mar 8 13:13 master.pem
-rw-r--r-- 1 root root 450 Mar 8 13:13 master.pub
drwxr-xr-x 2 root root 57 Mar 8 14:45 minions
drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_autosign
drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_denied
drwxr-xr-x 2 root root 6 Mar 8 14:45 minions_pre
drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_rejected
[root@centos120 salt]# cat /etc/salt/pki/minion/minion_master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTwWyV0gi7yFKKBt2tiS
thOEu6v1kn4OKM1TEcdIz7XzNUUS+ve/Jz51dH2X2ykW3lLkJqzM7AXunlWH0E5n
9vAzckMtXgjQ8/JrbRbIjDNiEAFqrJDMwDb5Zl4KUJUHZJW6LaT2WR5S9iCRNR+w
lK9SIpvCcBgfboUNt6u2ttIc4CW5UeIS7w6DGlrXv+9sD6djmjiWrmEjKJt0o9vR
myyJOQ3gXC9o/rv4HCmhJwSpqkDb93d4zs4M7jFssY2jfRKzY9paId/dgtkMcT1J
/J801mZv1DNV0mXZjEk8CqGFziO+8/UOFs/9yu1L3gDOQoysR5eAqOmTQN2pKgxL
FwIDAQAB
-----END PUBLIC KEY-----
[root@centos120 salt]#
查看生成的key:
[root@centos121 minion]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar 8 14:41 minion.pem
-rw-r--r-- 1 root root 450 Mar 8 14:41 minion.pub
[root@centos121 minion]#
[root@centos121 minion]#
[root@centos121 minion]# ll /etc/salt/pki/master/
total 0
[root@centos121 minion]#
[root@centos122 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar 8 14:42 minion.pem
-rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub
[root@centos122 salt]# ll /etc/salt/pki/master/
total 0
[root@centos122 salt]#
salt-master 和 salt-minion 证书认证配置到此完成。
测试批量处理
远程执行命令:
[root@centos120 salt]# salt 'centos121' test.ping
centos121:
True
[root@centos120 salt]# salt '*' test.ping
centos121:
True
centos122:
True
centos120:
True
[root@centos120 salt]#
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:38:32.908055
Duration: 760.4 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:38:33.668754
Duration: 16.474 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:38:33.686516
Duration: 46.938 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file updated
Started: 22:38:33.753042
Duration: 32.348 ms
Changes:
----------
diff:
New file
mode:
0644
Summary for centos121
------------
Succeeded: 4 (changed=1)
Failed: 0
------------
Total states run: 4
Total run time: 856.160 ms
[root@centos120 salt]#
查看结果
[root@centos121 ~]# ll /tmp/test.file
-rw-r--r-- 1 root root 23 Mar 8 22:38 /tmp/test.file
[root@centos121 ~]# cat !$
cat /tmp/test.file
test salt file managed
[root@centos121 ~]#
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:47:17.475869
Duration: 636.77 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:47:18.112930
Duration: 16.986 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:47:18.130854
Duration: 45.213 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file is in the correct state
Started: 22:47:18.179219
Duration: 21.548 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 22:47:18.200950
Duration: 86.558 ms
Changes:
----------
/tmp/testdir/index.php:
----------
diff:
New file
mode:
0644
Summary for centos121
------------
Succeeded: 5 (changed=1)
Failed: 0
------------
Total states run: 5
Total run time: 807.075 ms
[root@centos120 salt]#
客户端查看是否有/tmp/testdir 目录
[root@centos121 ~]# ls -ltr /tmp/testdir
total 4
-rw-r--r-- 1 root root 23 Mar 8 22:47 index.php
[root@centos121 ~]#
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:53:35.762137
Duration: 635.316 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:53:36.397764
Duration: 16.511 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:53:36.415052
Duration: 44.985 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file is in the correct state
Started: 22:53:36.463189
Duration: 21.523 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: The directory /tmp/testdir is in the correct state
Started: 22:53:36.484894
Duration: 29.106 ms
Changes:
----------
ID: cmd_test
Function: cmd.run
Name: touch /tmp/cmdfile.index
Result: True
Comment: Command "touch /tmp/cmdfile.index" run
Started: 22:53:36.522364
Duration: 31.084 ms
Changes:
----------
pid:
11407
retcode:
0
stderr:
stdout:
----------
ID: cmd_test
Function: cmd.run
Name: mkdir /tmp/cmd
Result: True
Comment: Command "mkdir /tmp/cmd" run
Started: 22:53:36.553711
Duration: 20.647 ms
Changes:
----------
pid:
11409
retcode:
0
stderr:
stdout:
Summary for centos121
------------
Succeeded: 7 (changed=2)
Failed: 0
------------
Total states run: 7
Total run time: 799.172 ms
[root@centos120 salt]#
查看客户端结果
[root@centos121 ~]# ls -ltr /tmp/ | tail -2
-rw-r--r-- 1 root root 0 Mar 8 22:53 cmdfile.index
drwxr-xr-x 2 root root 6 Mar 8 22:53 cmd
[root@centos121 ~]#