One of the saltstack series-Installation

Recently, I talked a lot with a person with technology from blizzard in China. They are testing salt, but currently puppet is used, and the number of servers is about to exceed 1000. So why do they consider testing salt and looking for another method? There must be some advantages of salt.

In fact, my reputation for puppet has long been known for more than a year, although I have not studied it yet .... We also know the existence of saltstack, a similar open-source product. However, puppet is written in ruby, while saltstack is written in Python. After the synthesis, salt is selected.

Domestic blogs are all kinds of plagiarism and various moves... I can't find several useful documents or materials. It's still the same. The official website and QQ Group share the data. Let's take a two-pronged approach. (Fortunately, the first experience of salt gave me the feeling that it was not as painful as rabbitmq .... I have read the official English documents for nearly two days and have a preliminary understanding of Salt's working model.) not to mention, let's go to our topic today and install salt:

1) Ubuntu Installation

1. Add warehouse
   

sudo add-apt-repository ppa:saltstack/salt

If the prompt is:

add-apt-repository: command not found?

Enter:

sudo apt-get install python-software-properties

Note: From ubuntu12.10 (raring ringtail), add-Apt-repository can be found in the software-properies-common package and is part of base install.

2. Update apt-Get

After adding a warehouse, We need to update the package management database.

sudo apt-get update

3. aptget install salt-master, salt-Minion, and salt-syndic

Sudo apt-Get install salt-master # required

Sudo apt-Get install salt-Minion # required

Sudo apt-Get install salt-syndic # distributed

Ii) centos Installation

1. Install epel Source

# cd /usr/local/src/ # wget http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm# rpm -ivh epel-release-6-8.noarch.rpm

2. Install python-jinjia2

# wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm# rpm -Uvh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

3. Install the dependency package

# yum install python-jinja2

4. Install saltstack-master and saltstack-minion

# yum -y install salt-master enablerepr=epel-testing

# yum -y install salt-minion enablerepr=epel-testing

3) Configuration

1. Minion end

Although you can see many configuration options in the/etc/salt/minion configuration file, it is very easy to start the master. By default, salt-minion will go to the DNS name of the default connection "salt". If minion can be connected successfully, no other configuration needs to be changed; otherwise, we need to manually specify the IP address of a master.

-# Master: salt + master: 10.0.0.1 # Note: a space is required after the colon; otherwise, an error is reported. This is related to the salt specialized language, generally master IP + ID: salt-minion1.org # also need to pay attention to the space after the colon, but this is not necessary, representing the alias of this server

2. Master end

Salt-master listens to port 4505 and port 4506 and all network segments by default. We need to specify a specific IP address in/etc/salt/master.

-# Interface: 0.0.0.0 + Interface: 10.0.0.1 # Pay Attention to the space problem. The IP address here is usually the master's Intranet or Internet IP address.

3. Start salt

service salt-master startservice salt-minion start

4. How to troubleshooting

The simplest troubleshooting method is to set the log level after the corresponding deamon is started. The Code is as follows:

salt-master --log-level=debug

5. Key managerment

[[email protected] salt]# salt-key -LAccepted Keys:Unaccepted Keys:192.168.139.128-centos192.168.139.130-ubuntuRejected Keys:

You can see two new minion-side keys. However, it is unaccepted, and we need to accept the relevant keys (in fact, we can also set auto_accept in/etc/salt/master, which depends on your own situation ~)

 salt-key -A

Now, let's take another look:

[[email protected] salt]# salt-key -LAccepted Keys:192.168.139.128-centos192.168.139.130-ubuntuUnaccepted Keys:Rejected Keys:

6. send command Test

Here, we can use the simplest built-in command test. Ping

[[email protected] salt]# salt ‘*‘ test.ping192.168.139.128-centos:    True192.168.139.130-ubuntu:    True

4) iptables

The iptables of salt only needs to implement the policy on the master. Different OS may be added in different ways.

Here is an example of the master end (pay special attention to the loopback ):

# Allow Minions from these networks-I INPUT -s 10.1.2.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT-I INPUT -s 10.1.3.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT# Allow Salt to communicate with Master on the loopback interface-A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT# Reject everything else-A INPUT -p tcp -m multiport --dports 4505,4506 -j REJECT

Note: For Ubuntu, add one to/etc/UFW/applications. d/salt. UFW:

ufw allow salt

Next we can use NC to check the connectivity. (If not, run Yum install NC)

[[email protected] ~]# nc -v -z 192.168.139.131 4505Connection to 192.168.139.131 4505 port [tcp/*] succeeded![[email protected] ~]# nc -v -z 192.168.139.131 4506Connection to 192.168.139.131 4506 port [tcp/*] succeeded!

Here, the basic installation has been completed, followed by webui integration, simple httpd automated Yum configuration installation, source code installation, and so on. It won't be updated soon, because I also want to learn the most attractive part of python... salt, which is SLS.

This article is from the "Aaron" blog, please be sure to keep this source http://qishiding.blog.51cto.com/3381613/1531683