centos6.5上部署集中化管理平台Saltstack！！！

centos6.5的系统下

Saltstack服务器：ip：194.168.0.233 防火墙关闭 setenforce 0

Saltstck被控端： ip：194.168.0.231 防火墙关闭 setenforce 0

一、安装包含软件包Saltstack的epel源

1、Saltstack服务器端安装：

[root@real_server01 ~]# rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Retrieving http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Preparing... ########################################### [100%]

package epel-release-6-8.noarch is already installed

2、Saltstack被监控端安装：

[root@ansible ~]# rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

二、Saltstack服务器端软件安装

之前要安装依赖包

安装依赖包
yum -y install python python-dateutil python-jinja2 python-apt python-yaml python-pkg-resources python-six ca-certificates python-chardet openssl python-m2crypto python-crypto msgpack-python python-zmq python-support libgmp10 python-git python-gitdb git libjs-jquery libzmq1 libcurl3-gnutls perl-modules liberror-perl git-man dctrl-tools

[root@real_server01 ~]# yum install -y salt-master -y

三、Saltstack被控端软件安装

[root@ansible ~]# yum install -y salt-minion

[root@ansible ~]# yum install -y salt-minion

四、Saltstack服务器端配置文件设置

/etc/salt/master

1、绑定master通信IP

# The address of the interface to bind to:
interface: 194.168.0.233

2、自动认证

# Enable auto_accept,this setting will automatically accept all incoming
# public keys from the minions. Note that this is insecure.
auto_accept: True

3、指定Saltstack文件根目录

# reliably ensured. A base environment is required to house the top file.
# Example:
file_roots:
base:
- /srv/salt/
# dev:

# - /srv/salt/dev/services
# - /srv/salt/dev/states

五、Saltstack被控端配置文件设置

1、指定master主机IP

# resolved,then the minion will fail to start.
#master: salt
master: 194.168.0.233

2、修改被控端主机识别ID

# Since salt uses detached ids it is possible to run multiple minions on the
# same machine but with different ids,this can be useful for salt compute
# clusters.
id: qiruyi

六，启动服务

1、服务器端启动

[root@localhost ~]# service salt-master restart
Stopping salt-master daemon: [失败]
Starting salt-master daemon: [确定]

2、被控端启动

[root@localhost ~]# service salt-minion restart
Stopping salt-minion daemon: [确定]
Starting salt-minion daemon: [确定]

七、设置ssh信任

Linux下scp去掉密码提示的方法（建立信任关系方法）

1. 在主机A上执行如下命令来生成配对密钥：
#ssh-keygen -t rsa

2. 为 ~/.ssh 目录设置权限：
#chmod -R 700 .ssh(A/B主机都做)

将 .ssh 目录中的 id_rsa.pub 文件复制到 主机B 的 ~/.ssh/ 目录中，并改名为 authorized_keys ，同样给该目录设置权限。
#.chmod 600 ~/.ssh/id_rsa(在A上操作)
这一步至关重要，不然操作不会生效
3. 到主机A中执行命令和主机B建立信任，例（假设主机B的IP为:192.168.0.3）：
#scp ~/.ssh/id_rsa.pub 192.168.0.3:/root/.ssh/authorized_keys

八、测试安装设置是否正确

九、利用Saltstack远程执行命令

在服务端194.168.0.233

[root@localhost ~]# salt 'qiruyi' test.ping
qiruyi:
True

[root@localhost ~]# salt 'qiruyi' cmd.run 'ifconfig|grep eth0'
qiruyi:
eth0 Link encap:Ethernet HWaddr 00:0C:29:7E:41:72
[root@localhost ~]# salt 'qiruyi' cmd.run 'ifconfig'
qiruyi:
eth0 Link encap:Ethernet HWaddr 00:0C:29:7E:41:72
inet addr:194.168.0.231 Bcast:194.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe7e:4172/64 Scope:Link
UP broADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2974615 errors:0 dropped:0 overruns:0 frame:0
TX packets:793475 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1178206015 (1.0 GiB) TX bytes:341120066 (325.3 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:524628 errors:0 dropped:0 overruns:0 frame:0
TX packets:524628 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30474723 (29.0 MiB) TX bytes:30474723 (29.0 MiB)

十、查看你主机支持的Saltstack模块和API

[root@localhost ~]# salt '*' sys.list_modules
qiruyi:
- acl
- aliases
- alternatives
- archive
- artifactory
- at
- blockdev
- bridge
- btrfs
- buildout
- cloud
- cmd
- composer
- config
- container_resource
- cp
- cron
- data
- defaults
- devmap
- dig
- disk
- django
- dnsmasq
- dnsutil
- drbd
- elasticsearch
- environ
- etcd
- event
- extfs
- file
- gem
- genesis
- git
- grains
- group
- grub
- hashutil
- hg
- hipchat
- hosts
- http
- img
- incron
- ini
- introspect
- ip
- iptables
- jboss7
- jboss7_cli
- key
- kmod
- locale
- locate
- logrotate
- lowpkg
- lvm
- match
- mine
- modjk
- mount
- network
- nfs3
- Nginx
- openstack_config
- pagerduty
- partition
- pecl
- pillar
- pip
- pkg
- pkg_resource
- publish
- pyenv
- quota
- raid
- random
- random_org
- rbenv
- ret
- rsync
- runit
- rvm
- s3
- saltutil
- schedule
- scsi
- sdb
- seed
- serverdensity_device
- service
- shadow
- slack
- smtp
- sqlite3
- ssh
- state
- status
- supervisord
- sys
- sysctl
- syslog_ng
- system
- test
- timezone
- user
- vBox_guest
- virtualenv
- xfs

十一、获取被控端ip地址信息

[root@localhost ~]# salt 'qiruyi' network.ip_addrs
qiruyi:
- 194.168.0.231

十二、为所以的被控端安装nmap

[root@localhost ~]# salt '*' pkg.install nmap
qiruyi:
----------
nmap:
----------
new:
2:5.51-4.el6
old:

十三、grains详解

grains是Saltstack的一个重要组件，用来收集被控端主机的基本信息

1、获取所有主机的grains信息

[root@localhost ~]# salt '*' grains.ls
qiruyi:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gpus
- host
- hwaddr_interfaces
- id

可以看到的主机信息特别多。

2、获取主机单项grains数据

[root@localhost ~]# salt '*' grains.item os
qiruyi:
----------
os:
CentOS
[root@localhost ~]# salt '*' grains.item host
qiruyi:
----------
host:
localhost

十四、pillar组件

1、修改配置文件/et/salt/master，开启pillar

pillar_opts: ture

2、重启服务

[root@localhost ~]# service salt-master restart
Stopping salt-master daemon: [确定]
Starting salt-master daemon: [确定]

3、查看主机的pillar信息

[root@localhost ~]# salt 'qiruyi' pillar.dataqiruyi: ---------- master: ---------- __role: master auth_mode: 1 auto_accept: True cache_sreqs: True cachedir: /var/cache/salt/master cli_summary: False client_acl: ---------- client_acl_blacklist: ---------- cluster_masters: cluster_mode: