Saltstack principle:
Saltstack consists of master and Minion. The master is a server, indicating a server; the minion is a client, indicating that multiple servers exist. Send the command to the qualified minion on the master, and the minion will execute the corresponding command. The master and Minion communicate through zero (Message Queue.
The master side of saltstack listens to ports 4505 and 4506, 4505 is the master and Minion authentication communication ports, and 4506 is the command used by the master to send or receive minion command execution and return information.
After the client is started, it will actively connect to the master for registration, and then keep the TCP connection, while the master controls the client through this TCP connection. If the connection is disconnected, the Master cannot control the client. However, when the client checks that the connection is disconnected, it regularly requests the master to register the connection.
MASTER: Control Center, salt Command run and resource status management end
Minions: the client machine to be managed. It will actively connect to the master, obtain the resource status from the master, and synchronize the resource management information.
Saltstack system architecture:
Three Functions of salt:
Remote Execution Configuration Management cloud Management
Three operating modes of salt:
Local Master Minion Salt SSH
Deploy saltstack
Deployment environment:
1. Disable the firewall of the three servers
[[email protected] ~]# systemctl stop firewalld.service[[email protected] ~]# setenforce 0
2. Change the host names and hosts files of the three hosts respectively.
[[Email protected] ~] # Hostnamectl set-hostname master.saltstack.com # change the master host name [email protected] ~] # Hostnamectl set-hostname web01.saltstack.com # change the Host Name of Node 1 [email protected] ~] # Hostnamectl set-hostname web02.saltstack.com # change the Host Name of Node 2 [email protected] ~] # Vim/etc/hosts # Add 192.168.199.129 master on the three servers. saltstack. com192.168.199.130 web01.saltstack. com192.168.199.131 web02.saltstack.com
3. download the required epel source from three servers
[[Email protected] ~] # Yum install epel-release-y
4. Install salt-master on the master, and install salt-minion on the node server.
[[Email protected] ~] # Yum install salt-master-y # note that the saltstack software installed on the master is master [[email protected] ~] # Yum install salt-Minion-y # The saltstack software installed on the two Controlled Terminals is minion [[email protected] ~] # Yum install salt-Minion-y
5. modify the configuration file of the master. Note that all the default master files are annotated.
[[Email protected] ~] # Vim/etc/salt/Master 15 interface: 192.168.199.129 # To ensure security, change the listening address to the local address 215 auto_accept: true # The Master end of row 215 will automatically authenticate the authentication of the controlled end, as long as the control end starts the service after setting the IP address of the control end, the control end will allow the control end to automatically authenticate, to avoid running salt-key every time to confirm that the certificate trust is 416 file_roots: # modify the location of the root directory of the slatstack file in row 416. Note that this directory does not exist by default. Create 417 base: 418-/srv/salt710 nodegroups: # modify the Group category of row 710, add the name of the controlled server to the corresponding group. 711 group1: 'web01 .saltstack.com '712 group2: 'web02 .saltstack.com' 552 pillar_opts: true # modify the pillar enabling function of row 552. 529 pillar_roots: # modify the main directory of row 529. Note that this directory does not exist. You need to create the 530 base: 531-/srv/pillar directory.
Use the command to view the content modified by the master.
[[Email protected] ~] # Cat/etc/salt/Master | grep-V ^ $ | grep-V ^ # This command filters out the interface: 192.168.199.129auto _ Accept: truefile_roots starting with an empty line in the file: base:-/srv/saltpillar_roots: Base:-/srv/pillarpillar_opts: truenodegroups: group1: 'web01 .saltstack.com 'group2: 'web02 .saltstack.com'
6. Create the root directory and pillar directory of the salt File
[[email protected] ~]# mkdir /srv/salt[[email protected] ~]# mkdir /srv/pillar
7. After completing the preceding operations, you can start the salt-master service.
[[Email protected] ~] # Systemctl start salt-master.service [[email protected] ~] # Netstat-ntap | egrep '4505 | 808080' # view two listening ports: TCP 0 0 192.168.199.129: 4506 0.0.0.0: * Listen 4505/Python TCP 0 0 192.168.199.129: 1848 0.0.0.0: * Listen 1860/Python
8. Configure two configuration files for the controlled end. The configuration files for the controlled end are also annotated by default.
[[Email protected] ~] # Vim/etc/salt/minion16 master: 192.168.199.129 # specify the master ip78 ID: web01.saltstack.com # specify the controlled host name [[email protected] ~] # Systemctl start salt-minion.service # enable service [[email protected] ~] # Vim/etc/salt/minion 16 master: 192.168.199.12978 ID: web02.saltstack.com [[email protected] ~] # Systemctl start salt-minion.service
9. Verification
Test the communication status between the master and the control. If the return value is true, the communication status is normal. Note that the ping command and ping command are different here. It is only a method under the test class to verify the communication status between the master and the control end. Here * indicates all authenticated Controlled Terminals. It also supports matching of many other regular expressions.
[[Email protected] ~] # Salt '*' test.pingweb02.saltstack.com: trueweb01.saltstack.com: true # You can see that the two controlled terminals are connected to the master terminal.
Centralized management platform saltstack-Principles and Installation