I. Overview of Saltstack Architecture
Saltstack is based on the C/S architecture, Server master and client minions, which consists of the following parts:
Second, the installation configuration of Saltstack
1. master installation
The code is as follows |
Copy Code |
RPM-IVH http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm Yum Install Salt-master |
The default profile is in/etc/salt/master, and you do not need to change the profile by default. Two ports on Master end required to be released on Iptables
4505 (publish_port): Salt's Message publishing system
4506 (Ret_port): The port on which the salt client communicates with the server
Startup method:/etc/init.d/salt-master Start
2, the installation of Minion client
The code is as follows |
Copy Code |
RPM-IVH http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm Yum Install Salt-minion |
The client's configuration file is/etc/salt/minion, and there are two items that must be configured to open the file. First, find the downside
# Resolved, then the Minion would fail to start.
#master: Salt
To increase the configuration of the master host
The code is as follows |
Copy Code |
# Resolved, then the Minion would fail to start. #master: Salt master:192.168.10.16 |
I am directly configured here is the IP address, can also be configured as a host name, if configured as a host name, need to be in the/etc/hosts file master host corresponding to the IP, if the exception of internal DNS, can be in the internal DNS unified configuration.
Secondly, find the following section
The code is as follows |
Copy Code |
# Since Salt uses detached IDs it is possible to run multiple minions on the # same machine but with different IDs, this can is useful for salt compute # clusters. #id: |
Add one line below it to the following:
id:host174
Here is the ID number of the current host specified, which is displayed after the master authentication and master Invoke command execution, and can be filled in according to the actual identification. Also note that the above two configuration of the colon after the need for a space, or you will report the following error:
The code is as follows |
Copy Code |
Starting salt-minion daemon: [ERROR] Error parsing configuration file:/etc/salt/minion-while scanning a simple key In ' <string> ', line, column 1: id:host172 ^ Could not found expected ': ' In ' <string> ', line, column 1: # Append a domain to a hostname ... ^ |
In addition to the two items that must be configured, the client has many other configurable items, such as user (default is root), Root_dir (the default is the root), and so on, which controls the permissions at the master end.
After the configuration file configuration is complete, you can start the Minion with the/etc/init.d/salt-minion Start command.
Third, c/s Certification
Like Puppet, the Master and minions of Salt are communicated through certificates, and there is a trust issue with certificates.
At the master end: Salt-key-l View the keys that are currently being accepted (both master and minions need to open the service).
The code is as follows |
Copy Code |
[Root@localhost]# Salt-key-l Accepted Keys: host174 unaccepted Keys: Rejected Keys: |
Here you can see that I have authenticated a host with ID host174. I'm going to add another 172 host:
The code is as follows |
Copy Code |
[Root@localhost conf]# Salt-key-l Accepted Keys: host174 unaccepted Keys: host172 Rejected Keys: [Root@localhost conf]# Salt-key-a The following keys are going to be accepted: unaccepted Keys: host172 Proceed? [n/y] Y Key for Minion host172 accepted. [Root@localhost conf]# Salt-key-l Accepted Keys: host172 host174 unaccepted Keys: Rejected Keys: |
I used the-a parameter, which means to accept the authentication of all certified hosts, or to only authenticate individual hosts using the-a ID name. When the default authentication is complete, a file with the ID name command is found in the/etc/salt/pki/master/minions directory, where the key file is stored.
If you trust the client, you can have master automatically accept the request and configure the/etc/salt/master at the master end
The code is as follows |
Copy Code |
Auto_accept:true |
Note: Certification here ZEROMQ2 version has a bug--minion with Master's disconnect, will not automatically reconnect the problem, zeromq3 Normal, this mainly in centos5 often encountered. Specific versions can be confirmed by the following methods:
code is as follows |
copy code |
[root@localhost minions]# Salt ' * ' Test.versions_report host172: salt:2014.1.0 python:2.6.6 (r266:84292, June 18 2012, 14:18 : jinja2:2.2.1 m2crypto:0.20.2 msgpack-python:0.1.13 Msgpack-pure:not installed pycrypto:2.0. 1 pyyaml:3.10 pyzmq:2.2.0.1 zmq:3.2.4 host174: salt:2014.1.0 python:2.6.6 (r266:84292, Feb 22 2013, 00:00:18) Jinja2:unknown m2crypto:0.20.2 msgpack-python:0.1.13 msgpack-pure:not Installed P ycrypto:2.0.1 pyyaml:3.10 pyzmq:2.2.0.1 zmq:3.2.4 |
If the replacement version, you can download http://download.opensuse.org/repositories/home:/fengshuo:/zeromq/CentOS_CentOS-5/x86_64/here, CENTOS6 version of the Epel source, can also be found here, just change the centos-5 to centos-6 on the line.
Iv. Enforcement of Orders
1. Test whether the communication between master and Minion is normal
The code is as follows |
Copy Code |
[Root@localhost minions]# Salt ' * ' test.ping host172: True host174: True |
True is normal, * on behalf of all hosts, can also select a single station or by group and regular matching, etc., this can refer to the official relevant documents. The default execution is a shell regular, or you can use other regular or group, as follows:
The code is as follows |
Copy Code |
Salt ' shell regular ' command Salt-e ' Prel regular ' Salt-n $group Command Salt-l ' server_id1,server_id2,server_id3 ' command |
2. Perform command operation
Common operations are similar to the following
The code is as follows |
Copy Code |
Salt ' * ' Cmd.run "ab-n 10-c 2 http://www.111cn.net/" Salt ' * ' grains.ls View grains category Salt ' * ' grains.items view grains All information Salt ' * ' grains.item osrelease view grains a message Salt ' * ' Cmd.run "/app/nginx/sbin/nginx-v" |
Command execution uses the Cmd.run parameter, because the output content is more, no longer lists, here only one view Nginx version:
code is as follows |
copy code |
[root@localhost minions]# Salt ' * ' cmd.run '/app/nginx/sbin/nginx-v ' host174: tengine version:tengine/1.5.2 (nginx/1.2.9) H ost172: Tengine version:tengine/1.4.6 (nginx/1.2.9) |