Saltstack基本安装部署
配置环境
主节点 controller:172.16.100.10
监控节点 compute:172.16.100.20
主节点
#####安装软件包#####
# curl -o /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install salt-master salt-minion
# systemctl start salt-master.service
# ^start^enable
#####修改minion配置文件#####
# vim /etc/salt/minion
master: 172.16.100.10 主节点地址
id: FQDN 不设置的话为默认主机名,存放位置/etc/salt/minion_id
# systemctl start salt-minion
# ^start^enable
# tree /etc/salt/pki/
/etc/salt/pki/
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre 存放监控节点公钥
│ │ ├── compute
│ │ └── controller
│ └── minions_rejected
└── minion
├── minion.pem
└── minion.pub
监控节点
#####安装软件包#####
# curl -o /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install salt-minion
#####修改配置文件#####
# vim /etc/salt/minion
master: 172.16.100.10
# systemctl start salt-minion
# ^start^enable
# tree /etc/salt/pki/minion
/etc/salt/pki/minion
├── minion.pem
└── minion.pub 服务启动生成的公钥会传输到主节点的/etc/salt/pki/master/minions_pre目录下
主节点
#####添加监控节点#####
# salt-key -a compute,controller
# salt-key 查看允许通信的监控主机
Accepted Keys:
compute
controller
Denied Keys:
Unaccepted Keys:
Rejected Keys:
# tree /etc/salt/pki
/etc/salt/pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions 公钥从minios_pre转到minios
│ │ ├── compute
│ │ └── controller
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre
│ └── minions_rejected
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
# netstat -lpta |grep 4505 发送端口
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 67903/python
tcp 0 0 172.16.100.10:52424 172.16.100.10:4505 ESTABLISHED 69995/python
tcp 0 0 172.16.100.10:4505 172.16.100.20:60225 ESTABLISHED 67903/python
tcp 0 0 172.16.100.10:4505 172.16.100.10:52424 ESTABLISHED 67903/python
# netstat -lpta |grep 4506 接受端口
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 67925/python
tcp 0 0 172.16.100.10:4506 172.16.100.10:51547 ESTABLISHED 67925/python
tcp 0 0 172.16.100.10:51547 172.16.100.10:4506 ESTABLISHED 69995/python
tcp 0 0 172.16.100.10:4506 172.16.100.20:44469 ESTABLISHED 67925/python