saltstack部署配置

共计使用三台虚拟机进行部署实验，系统环境：centos7.3

在master上进行部署配置：

配置主机名

[root@localhost ~]# hostname salt-master

[root@localhost ~]# cat /etc/sysconfig/network

# Created by anaconda

HOSTNAME=salt-master

配置hosts

cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

salt-master     192.168.143.19

salt-minion-01  192.168.143.28

salt-minion-02  192.168.143.35

关闭防火墙

[root@localhost ~]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@localhost ~]#  systemctl stop firewalld.service

修改selinux为Permissive模式

[root@localhost ~]# setenforce 0

[root@localhost ~]# getenforce

Permissive

安装配置阿里云yum源

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

安装epel-release和salt-master工具包

[root@localhost ~]#  yum install epel-release –y

[root@localhost ~]#  yum install salt-master –y

配置saltstack开机自启动服务

[root@localhost ~]# systemctl enable salt-master.service

至此，Master部署配置完成！

在第一个minion端部署配置：

配置主机名

[root@localhost ~]# hostname salt-minion-01

[root@localhost ~]# cat /etc/sysconfig/network

# Created by anaconda

HOSTNAME=salt-minion-01

配置hosts

cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

salt-master     192.168.143.19

salt-minion-01  192.168.143.28

salt-minion-02  192.168.143.35

关闭防火墙

[root@localhost ~]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@localhost ~]#  systemctl stop firewalld.service

修改selinux为Permissive模式

[root@localhost ~]# setenforce 0

[root@localhost ~]# getenforce

Permissive

安装配置阿里云yum源

[root@localhost ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

安装epel-release工具包和salt-minion客户端

[root@localhost ~]# yum install epel-release -y

[root@localhost ~]# yum install salt-minion -y

在minion端配置master的ip地址和ID

[root@localhost ~]# cat /etc/salt/minion

##### Primary configuration settings #####

##########################################

# This configuration file is used to manage the behavior of the Salt Minion.

# With the exception of the location of the Salt Master Server, values that are

# commented out but have an empty line after the comment are defaults that need

# not be set in the config. If there is no blank line after the comment, the

# value is presented as an example and is not the default.

# Per default the minion will automatically include all config files

# from minion.d/*.conf (minion.d is a directory in the same directory

# as the main minion config file).

#default_include: minion.d/*.conf

# Set the location of the salt master server. If the master server cannot be

# resolved, then the minion will fail to start.

#master: salt

maser: 192.168.143.19

# If multiple masters are specified in the 'master' setting, the default behavior

# is to always try to connect to them in the order they are listed. If random_master is

# set to True, the order will be randomized instead. This can be helpful in distributing

# the load of many minions executing salt-call requests, for example, from a cron job.

# If only one master is listed, this setting is ignored and a warning will be logged.

# NOTE: If master_type is set to failover, use master_shuffle instead.

#random_master: False

# Use if master_type is set to failover.

#master_shuffle: False

# Minions can connect to multiple masters simultaneously (all masters

# are "hot"), or can be configured to failover if a master becomes

# unavailable.  Multiple hot masters are configured by setting this

# value to "str".  Failover masters can be requested by setting

# to "failover".  MAKE SURE TO SET master_alive_interval if you are

# using failover.

# master_type: str

# Poll interval in seconds for checking if the master is still there.  Only

# respected if master_type above is "failover". To disable the interval entirely,

# set the value to -1. (This may be necessary on machines which have high numbers

# of TCP connections, such as load balancers.)

# master_alive_interval: 30

# Set whether the minion should connect to the master via IPv6:

#ipv6: False

# Set the number of seconds to wait before attempting to resolve

# the master hostname if name resolution fails. Defaults to 30 seconds.

# Set to zero if the minion should shutdown and not retry.

# retry_dns: 30

# Set the port used by the master reply and authentication server.

#master_port: 4506

# The user to run salt.

#user: root

# Setting sudo_user will cause salt to run all execution modules under an sudo

# to the user given in sudo_user.  The user under which the salt minion process

# itself runs will still be that provided in the user config above, but all

# execution modules run by the minion will be rerouted through sudo.

#sudo_user: saltdev

# Specify the location of the daemon process ID file.

#pidfile: /var/run/salt-minion.pid

# The root directory prepended to these options: pki_dir, cachedir, log_file,

# sock_dir, pidfile.

#root_dir: /

# The directory to store the pki information in

#pki_dir: /etc/salt/pki/minion

# Explicitly declare the id for this minion to use, if left commented the id

# will be the hostname as returned by the python call: socket.getfqdn()

# Since salt uses detached ids it is possible to run multiple minions on the

# same machine but with different ids, this can be useful for salt compute

# clusters.

id: salt-minion-01

配置开机minion开启自启动服务

[root@localhost ~]# systemctl enable salt-minion.service

Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.

至此，第一个minion配置部署完毕，第二个minion部署配置同理第一个minion部署配置！

启动salt-master服务: systemctl start salt-master.service

启动salt-minion服务：systemctl start salt-minion.service

测试master和minion之间的通信是否正常

salt "*" test.ping

查看 minion 列表:

salt-key –L

认证所有 key，当然你也可以通过 
salt-key -a saltstack-minion 指定某台 minion
进行认证 key

说明：-a ：accept ，-A：accept-all，-d：delete，-D：delete-all。可以使用 salt-key 命令查看到已经签名的客户端。此时我们在客户端的
/etc/salt/pki/minion 目录下面会多出一个minion_master.pub 文件。