什麼是SaltStack
SaltStack管理工具允許管理員對多個操作系統創建一個一致的管理系統實驗環境準備
| 名稱 | 角色 | 地址 |
|---|---|---|
| centos7-min | master | 192.168.142.172 |
| centos7-min2 | client | 192.168.142.110 |
實驗步驟
一、主服務器——控制節點
安裝epel源並安裝控制端
yum install -y epel-release //安裝epel源
yum -y install salt-master //安裝控制端修改控制端主配置文件
vi /etc/salt/master
//修改如下:
15行 interface: 192.168.142.172 //監聽地址
215行 auto_accept: True //避免要運行salt-key來確認證書認證
416行 file_roots:
base:
- /srv/salt //saltstack文件根目錄位置,目錄需要手動進行創建
710行組分類:(這裏實驗環境只有一臺客戶端,僅設置一個即可)
nodegroups:
group1: 'web01.saltstack.com'
552行 pillar_opts: True //開啓pillar功能,同步文件功能
529行
pillar_roots:
base:
- /srv/pillar //pillar的主目錄,需要手動進行創建建立salt&pillar目錄
mkdir /srv/salt
mkdir /srv/pillar啓動服務並關閉核心防護功能
systemctl start salt-master
systemctl enable salt-master
//關閉核心功能
setenforce 0檢測服務啓動狀況
netstat -anpt | egrep '4505|4506'
//4505爲salt的消息發佈專用端口;
//4506爲客戶端與服務端通信的端口
tcp 0 0 192.168.142.172:4505 0.0.0.0:* LISTEN 13692/python
tcp 0 0 192.168.142.172:4506 0.0.0.0:* LISTEN 13704/python
tcp 0 0 192.168.142.172:4506 192.168.142.110:36688 ESTABLISHED 13704/python
tcp 0 0 192.168.142.172:4505 192.168.142.110:57042 ESTABLISHED 13692/python
二、從服務器——被控制節點
安裝epel源並安裝被控制端
yum install -y epel-release //安裝epel源
yum -y install salt-minion //安裝被控制端修改被控端配置文件
vi /etc/salt/minion
//修改配置如下:
16行 master: 192.168.172.142 //指定主控端IP
78行 id: web01.saltstack.com //指定被控端主機名啓動服務
//啓動被控端服務
systemctl start salt-minion在主控端進行檢查
//在主控端測試與被控端的通信狀態(*號代表所有被控主機)
salt '*' test.ping
web01.saltstack.com:
True
//檢查密鑰情況
salt-key -L
Accepted Keys:
web01.saltstack.com
Denied Keys:
Unaccepted Keys:
web01.saltstack.com
Rejected Keys:注意:
檢查時出現以下情況:Salt request timed out. The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased.
請自行檢查配置文件格式或者重啓服務器。
三、批量部署Apache
以下所有操作均在master端進行
cd /srv/salt/
vim top.sls
//按下圖進行添加
base:
'*':
- apache
//在所有的客戶端執行apache模塊
vim apache.sls
//按下圖進行添加
apache-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
//重啓服務
systemctl restart salt-master.service
//執行批量部署命令
salt '*' state.highstate
//執行完成後出現以下信息即爲成功
web01.saltstack.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 15:04:51.323952
Duration: 40217.299 ms
Changes:
----------
apr:
----------
new:
1.4.8-5.el7
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-90.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-90.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 15:05:31.545046
Duration: 16876.92 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-gssapi:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-md5:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-plain:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-scram:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-90.el7.centos
old:
libdb:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
libdb-devel:
----------
new:
5.3.21-25.el7
old:
libdb-utils:
----------
new:
5.3.21-25.el7
old:
5.3.21-20.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-5.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 15:05:48.459684
Duration: 1822.995 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0四、檢查試驗結果
web01:
[root@web01 ~]# rpm -q httpd
httpd-2.4.6-90.el7.centos.x86_64
[root@web01 ~]# netstat -ntap | grep 80
tcp6 0 0 :::80 :::* LISTEN 6