I. Overview of Saltstack Architecture
Saltstack is based on the C/S architecture, Server master and client minions, which consists of the following parts:
Second, the installation configuration of Saltstack
1. master installation
| The code is as follows | Copy Code |
RPM-IVH http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm |
|
The default profile is in/etc/salt/master, and you do not need to change the profile by default. Two ports on Master end required to be released on Iptables
4505 (publish_port): Salt's Message publishing system
4506 (Ret_port): The port on which the salt client communicates with the server
Startup method:/etc/init.d/salt-master Start
2, the installation of Minion client
| The code is as follows | Copy Code |
RPM-IVH http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm |
|
The client's configuration file is/etc/salt/minion, and there are two items that must be configured to open the file. First, find the downside
# Resolved, then the Minion would fail to start.
#master: Salt
To increase the configuration of the master host
| The code is as follows | Copy Code |
# Resolved, then the Minion would fail to start. |
|
I am directly configured here is the IP address, can also be configured as a host name, if configured as a host name, need to be in the/etc/hosts file master host corresponding to the IP, if the exception of internal DNS, can be in the internal DNS unified configuration.
Secondly, find the following section
| The code is as follows | Copy Code |
# Since Salt uses detached IDs it is possible to run multiple minions on the |
|
Add one line below it to the following:
id:host174
Here is the ID number of the current host specified, which is displayed after the master authentication and master Invoke command execution, and can be filled in according to the actual identification. Also note that the above two configuration of the colon after the need for a space, or you will report the following error:
| The code is as follows | Copy Code |
Starting salt-minion daemon: [ERROR] Error parsing configuration file:/etc/salt/minion-while scanning a simple key |
|
In addition to the two items that must be configured, the client has many other configurable items, such as user (default is root), Root_dir (the default is the root), and so on, which controls the permissions at the master end.
After the configuration file configuration is complete, you can start the Minion with the/etc/init.d/salt-minion Start command.
Third, c/s Certification
Like Puppet, the Master and minions of Salt are communicated through certificates, and there is a trust issue with certificates.
At the master end: Salt-key-l View the keys that are currently being accepted (both master and minions need to open the service).
| The code is as follows | Copy Code |
[Root@localhost]# Salt-key-l |
|
Here you can see that I have authenticated a host with ID host174. I'm going to add another 172 host:
| The code is as follows | Copy Code |
[Root@localhost conf]# Salt-key-l |
|
I used the-a parameter, which means to accept the authentication of all certified hosts, or to only authenticate individual hosts using the-a ID name. When the default authentication is complete, a file with the ID name command is found in the/etc/salt/pki/master/minions directory, where the key file is stored.
If you trust the client, you can have master automatically accept the request and configure the/etc/salt/master at the master end
| The code is as follows | Copy Code |
Auto_accept:true |
|
Note: Certification here ZEROMQ2 version has a bug--minion with Master's disconnect, will not automatically reconnect the problem, zeromq3 Normal, this mainly in centos5 often encountered. Specific versions can be confirmed by the following methods:
| code is as follows | copy code |
| [root@localhost minions]# Salt ' * ' Test.versions_report |
|
If the replacement version, you can download http://download.opensuse.org/repositories/home:/fengshuo:/zeromq/CentOS_CentOS-5/x86_64/here, CENTOS6 version of the Epel source, can also be found here, just change the centos-5 to centos-6 on the line.
Iv. Enforcement of Orders
1. Test whether the communication between master and Minion is normal
| The code is as follows | Copy Code |
[Root@localhost minions]# Salt ' * ' test.ping |
|
True is normal, * on behalf of all hosts, can also select a single station or by group and regular matching, etc., this can refer to the official relevant documents. The default execution is a shell regular, or you can use other regular or group, as follows:
| The code is as follows | Copy Code |
Salt ' shell regular ' command |
|
2. Perform command operation
Common operations are similar to the following
| The code is as follows | Copy Code |
Salt ' * ' Cmd.run "ab-n 10-c 2 http://www.111cn.net/" |
|
Command execution uses the Cmd.run parameter, because the output content is more, no longer lists, here only one view Nginx version:
| code is as follows | copy code |
| [root@localhost minions]# Salt ' * ' cmd.run '/app/nginx/sbin/nginx-v ' |
|
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
