-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
229 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
#!/bin/bash | ||
## SaltStack安装 2017-07-03 | ||
## http://www.aqzt.com | ||
## email: [email protected] | ||
## robert yu | ||
## centos 7 | ||
|
||
##安装基础: | ||
##参考文档:https://docs.saltstack.com/en/latest/topics/installation/rhel.html | ||
##1.导入SaltStack仓库key: | ||
wget https://repo.saltstack.com/yum/rhel7/SALTSTACK-GPG-KEY.pub | ||
rpm --import SALTSTACK-GPG-KEY.pub | ||
#rm -f SALTSTACK-GPG-KEY.pub | ||
##2.创建新的YUM源文件并“/etc/yum.repos.d/saltstack.repo”编辑如下内容 | ||
#################### | ||
# Enable SaltStack's package repository | ||
[saltstack-repo] | ||
name=SaltStack repo for RHEL/CentOS 7 | ||
baseurl=https://repo.saltstack.com/yum/rhel7 | ||
enabled=1 | ||
gpgcheck=1 | ||
gpgkey=https://repo.saltstack.com/yum/rhel7/SALTSTACK-GPG-KEY.pub | ||
##3.安装SaltStack软件 | ||
#yum clean expire-cache | ||
#yum update | ||
##安装salt-minion, salt-master | ||
yum install salt-master | ||
yum install salt-minion | ||
##4.修改配置文件 | ||
minion: | ||
vi /etc/salt/minion | ||
master: 192.168.56.101 | ||
|
||
cat /etc/salt/minion | grep "^ master" | ||
master: 192.168.56.101 | ||
|
||
##在master: | ||
vi /etc/salt/master | ||
interface: 192.168.56.101 | ||
cat /etc/salt/master | grep "^ interface" | ||
interface: 192.168.56.101 | ||
##注意:master和interface前面有两个空格,如果没有启动的时候回出现错误; | ||
##5.启动服务: | ||
Master | ||
chkconfig salt-master on | ||
systemctl restart salt-master.service | ||
Minion | ||
chkconfig salt-minion on | ||
systemctl restart salt-minion.service | ||
##6,测试saltstack | ||
##查看minion列表: | ||
salt-key -L | ||
Accepted Keys: | ||
Denied Keys: | ||
Unaccepted Keys: | ||
Docker | ||
Rejected Keys: | ||
##接收所有key: | ||
salt-key -A | ||
##在这个过程中会提示Y确认,确认即可; | ||
##显示结果: | ||
Accepted Keys: | ||
Docker | ||
Denied Keys: | ||
Unaccepted Keys: | ||
Rejected Keys: | ||
##简单ping测试: | ||
salt 'Docker' test.ping | ||
Docker: | ||
True | ||
常见问题: | ||
minion无法连接master | ||
解决问题方法: | ||
##查看debug信息: | ||
salt-minion -l debug | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,153 @@ | ||
#!/bin/bash | ||
## SaltStack安装 2017-07-03 | ||
## http://www.aqzt.com | ||
## email: [email protected] | ||
## robert yu | ||
## centos 7 | ||
|
||
|
||
##安装必备软件 | ||
yum -y install mariadb mariadb-devel mariadb-server wget epel-release python-devel gcc c++ make openssl openssl-devel passwd libffi libffi-devel | ||
yum -y install salt-master salt-minion salt-api nginx | ||
wget https://bootstrap.pypa.io/get-pip.py | ||
python get-pip.py | ||
|
||
##配置salt-api | ||
pip install pyOpenSSL==0.15.1 -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com | ||
useradd -M -s /sbin/nologin saltapi && echo "password"|/usr/bin/passwd saltapi --stdin | ||
salt-call --local tls.create_self_signed_cert | ||
|
||
##配置salt-master 我这里把soms解压到了/data/wwwroot下 | ||
cat > /etc/salt/master <<EOF | ||
interface: 0.0.0.0 | ||
external_auth: | ||
pam: | ||
saltapi: | ||
- .* | ||
- '@wheel' | ||
- '@runner' | ||
- '@jobs' | ||
rest_cherrypy: | ||
port: 8000 | ||
ssl_crt: /etc/pki/tls/certs/localhost.crt | ||
ssl_key: /etc/pki/tls/certs/localhost.key | ||
file_recv: True | ||
include: /data/wwwroot/soms/saltconfig/*.conf | ||
EOF | ||
|
||
##配置好后,把服务启起来,并测试salt-api | ||
systemctl start salt-master salt-api | ||
curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=password -d eauth=pam | ||
|
||
|
||
################## 另一套配置 #################################################################################### | ||
################################################################################################################ | ||
|
||
##安装salt api | ||
yum -y install salt-api pyOpenSSL | ||
chkconfig salt-api on | ||
|
||
##创建用户,saltapi认证使用 | ||
useradd -M -s /sbin/nologin kbson | ||
echo 'kbson' | passwd kbson --stdin | ||
|
||
##添加salt api配置 | ||
[root@operation ops]# cat /etc/salt/master.d/api.conf | ||
rest_cherrypy: | ||
port: 8000 | ||
ssl_crt: /etc/pki/tls/certs/localhost.crt | ||
ssl_key: /etc/pki/tls/certs/localhost.key | ||
external_auth: | ||
pam: | ||
kbson: | ||
- .* | ||
- '@wheel' | ||
- '@runner' | ||
|
||
|
||
##生成自签名证书 | ||
[root@operation ops]# salt-call tls.create_self_signed_cert | ||
local: | ||
Certificate "localhost" already exists | ||
##提示已经存在时,可以删除/etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs/localhost.key重新生成 | ||
|
||
##获取token | ||
[root@operation ops]# curl -k https://192.168.56.102:8000/login -H "Accept: application/x-yaml" -d username='kbson' -d password='kbson' -d eauth='pam' | ||
return: | ||
- eauth: pam | ||
expire: 1480714218.787106 | ||
perms: | ||
- .* | ||
- '@wheel' | ||
- '@runner' | ||
start: 1480671018.787106 | ||
token: ab3749a9a0fe83386b8a5d558d10e346c252e336 | ||
user: kbson | ||
|
||
##重启salt-api后token会改变 | ||
##执行models,test.ping测试minion连通性 | ||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='test.ping' | ||
return: | ||
- operation: true | ||
|
||
##远程执行命令 | ||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='free -m' | ||
return: | ||
- operation: ' total used free shared buffers cached | ||
Mem: 988 932 56 1 19 107 | ||
-/+ buffers/cache: 805 182 | ||
Swap: 1983 382 1601' | ||
|
||
远程执行多个minion命令 | ||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='operation,slave01' -d expr_form='list' -d fun='cmd.run' -d arg='free -m' | ||
return: | ||
- operation: ' total used free shared buffers cached | ||
Mem: 988 925 63 1 21 81 | ||
-/+ buffers/cache: 821 166 | ||
Swap: 1983 393 1590' | ||
slave01: ' total used free shared buffers cached | ||
Mem: 1870 622 1248 6 79 300 | ||
-/+ buffers/cache: 242 1628 | ||
Swap: 2047 0 2047' | ||
[root@operation ops]# | ||
执行wheel | ||
查看minion key状态 | ||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='wheel' -d fun='key.list_all' | ||
return: | ||
- data: | ||
_stamp: '2016-12-02T09:30:35.235660' | ||
fun: wheel.key.list_all | ||
jid: '20161202173034905379' | ||
return: | ||
local: | ||
- master.pem | ||
- master.pub | ||
minions: | ||
- operation | ||
- slave01 | ||
minions_denied: [] | ||
minions_pre: [] | ||
minions_rejected: [] | ||
success: true | ||
tag: salt/wheel/20161202173034905379 | ||
user: kbson | ||
tag: salt/wheel/20161202173034905379 |