salt也是一种批量管理工具,能够轻轻松管理同一网络下的所有机器。salt和ansiable不太一样,ansible不需要安装客户端,而salt需要安装,不过salt安装比较简单,我们可以使用expect批量操作,写一个脚本在salt客户端上批量安装。这里先学习一下salt的安装和用法:
salt环境
www.wulaoer.org master 10.211.55.143 wulaoer.org-master wulaoer.org client 10.211.55.145 wulaoer.org-01
如果多台机器,只需要按照wulaoer.org的方法安装即可。
salt安装
首先,我们需要安装salt的epel源,我这里是用的Centos7的源,如果你的不是Centos7,需要找相对应版本的源,客户端也一样,也需要安装相应的源
[root@www.wulaoer.org ~]# rpm -ivh http://mirrors.sohu.com/fedora-epel/epel-release-latest-7.noarch.rpm 获取http://mirrors.sohu.com/fedora-epel/epel-release-latest-7.noarch.rpm 警告:/var/tmp/rpm-tmp.3U6zZV: 头V3 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY 准备中... ################################# [100%] 正在升级/安装... 1:epel-release-7-12 ################################# [100%] 客户端 [root@wulaoer.org ~]# rpm -ivh http://mirrors.sohu.com/fedora-epel/epel-release-latest-7.noarch.rpm Retrieving http://mirrors.sohu.com/fedora-epel/epel-release-latest-7.noarch.rpm warning: /var/tmp/rpm-tmp.qI3PHb: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY Preparing... ################################# [100%] Updating / installing... 1:epel-release-7-12 ################################# [100%]
master端安装salt服务
[root@www.wulaoer.org ~]# yum -y install salt-master salt-minion
client端安装salt服务,这里根据服务就能区分,客户端和服务端的区别了。
[root@wulaoer.org ~]# yum -y install salt-minion
配置客户端和服务端
我这里为了方便,直接使用shell命令操作了,把配置信息写到network文件中,查看一下是否是自己想要的结果,shell里加了一个换行符"\n",下面是配置网络和计算机本地解析。
[root@www.wulaoer.org ~]# sed -i '$a NETWORKING=yes\nwulaoer.org-master' /etc/sysconfig/network [root@www.wulaoer.org ~]# cat /etc/sysconfig/network # Created by anaconda NETWORKING=yes HOSTNAME=wulaoer.org-master [root@www.wulaoer.org ~]# sed -i '$a 10.211.55.143 wulaoer.org-master\n10.211.55.145 wulaoer.org-01' /etc/hosts [root@www.wulaoer.org ~]# cat /etc/hosts 10.211.55.145 wulaoer.org-01 10.211.55.143 wulaoer.org-master
客户端配置
[root@wulaoer.org ~]# sed -i '$a NETWORKING=yes\wulaoer.org-01' /etc/sysconfig/network [root@wulaoer.org ~]# cat /etc/sysconfig/network # Created by anaconda NETWORKING=yes HOSTNAME=wulaoer.org-01 [root@wulaoer.org ~]# sed -i '$a 10.211.55.143 wulaoer.org-master\n10.211.55.145 wulaoer.org-01' /etc/hosts [root@wulaoer.org ~]# cat /etc/hosts 10.211.55.145 wulaoer.org-01 10.211.55.143 wulaoer.org-master
为了方便服务端和测试端通信,我这里先把防火墙关闭掉。
[root@www.wulaoer.org ~]# systemctl stop firewalld.service [root@www.wulaoer.org ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@wulaoer.org ~]# systemctl stop firewalld.service [root@wulaoer.org ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
启动salt服务
[root@www.wulaoer.org ~]# systemctl start salt-master.service [root@wulaoer.org ~]# systemctl start salt-minion.service
服务启动后,如果出现问题可以通过debug日志查看错误内容
[root@www.wulaoer.org ~]# salt-master -l debug [root@wulaoer.org ~]# salt-minion -l debug
如果服务启动后没有报错,我们使用master开始扫码客户端的秘钥
[root@www.wulaoer.org ~]# salt-key -L Accepted Keys: Denied Keys: Unaccepted Keys: wulaoer.org-01 Rejected Keys: [root@www.wulaoer.org ~]# salt-key -a wulaoer.org-01 //添加客户端的秘钥 The following keys are going to be accepted: Unaccepted Keys: wulaoer.org-01 Proceed? [n/Y] y Key for minion wulaoer.org-01 accepted.
客户端添加秘钥,我们就可以尝试使用salt来批量操作客户端服务了
[root@www.wulaoer.org ~]# salt '*' test.ping //客户端执行一下ping命令
wulaoer.org-01:
True
salt已经安装成功了,下面扩展一点知识点
salt-key [options] salt-key -L ##查看所有minion-key salt-key -a <key-name> ##接受某个minion-key salt-key -d <key-name> ##删除某个minion-key salt-key -A ##接受所有的minion-key salt-key -D ##删除所有的minion-key
针对salt的客户端增加删除操作,可以参考上面的信息。
扩展部分:
如果客户端已经安装好了,但是查看客户端日志的时候,还一直报错
[root@wulaoer.org-01 ~]# salt-minion -l debug [DEBUG ] Reading configuration from /etc/salt/minion [DEBUG ] Using cached minion ID from /etc/salt/minion_id: wulaoer.org-01 [DEBUG ] Configuration file path: /etc/salt/minion [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. [INFO ] Setting up the Salt Minion "wulaoer.org-01" [DEBUG ] Created pidfile: /var/run/salt-minion.pid [DEBUG ] Reading configuration from /etc/salt/minion [ERROR ] DNS lookup of 'salt' failed. [ERROR ] Master hostname: 'salt' not found. Retrying in 30 seconds [ERROR ] DNS lookup of 'salt' failed. [ERROR ] Master hostname: 'salt' not found. Retrying in 30 seconds
需要修改一下客户端的配置文件,客户端默认没有指定salt的服务端,需要手动设置一下。
[root@wulaoer.org-01 ~]# sed -i 's/#master: salt/master: 10.211.55.143/' /etc/salt/minion
在看salt客户端的日志就正常了。
[root@wulaoer.org-01 ~]# salt-minion -l debug
[DEBUG ] Reading configuration from /etc/salt/minion
[DEBUG ] Using cached minion ID from /etc/salt/minion_id: wulaoer.org-01
[DEBUG ] Configuration file path: /etc/salt/minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[INFO ] Setting up the Salt Minion "wulaoer.org-01 "
[DEBUG ] Created pidfile: /var/run/salt-minion.pid
[DEBUG ] Reading configuration from /etc/salt/minion
[DEBUG ] Attempting to authenticate with the Salt Master at 10.211.55.143
[DEBUG ] Initializing new SAuth for ('/etc/salt/pki/minion', 'wulaoer.org-01 ', 'tcp://10.211.55.143:4506')
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[INFO ] Waiting 10 seconds before retry.
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[INFO ] Waiting 10 seconds before retry.
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[INFO ] Waiting 10 seconds before retry.
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏