What is SaltStack
SaltStack management tool allows administrators to create a consistent management system for multiple operating systems
Preparation of experimental environment
| Name | role | address |
|---|---|---|
| centos7-min | master | 192.168.142.172 |
| centos7-min2 | client | 192.168.142.110 |
Experimental steps
1, Master server - control node
Install epel source and control terminal
yum install -y epel-release //Install epel source yum -y install salt-master //Install the control end
Modify control side master profile
vi /etc/salt/master //Amend to read: 15That's ok interface: 192.168.142.172 //Monitor address 215That's ok auto_accept: True //Avoid running salt key to confirm certificate authentication 416That's ok file_roots: base: - /srv/salt //The root directory of saltstack file, which needs to be created manually 710Row group classification: (there is only one client in the experimental environment, only one can be set) nodegroups: group1: 'web01.saltstack.com' 552That's ok pillar_opts: True //Enable pillar function and synchronize file function 529That's ok pillar_roots: base: - /srv/pillar //The home directory of pillar needs to be created manually
Set up salt & pillar directory
mkdir /srv/salt mkdir /srv/pillar
Start the service and turn off the core protection function
systemctl start salt-master systemctl enable salt-master //Turn off core functions setenforce 0
Detect service startup status
netstat -anpt | egrep '4505|4506' //4505 is a special port for salt to publish messages; //4506 is the communication port between the client and the server tcp 0 0 192.168.142.172:4505 0.0.0.0:* LISTEN 13692/python tcp 0 0 192.168.142.172:4506 0.0.0.0:* LISTEN 13704/python tcp 0 0 192.168.142.172:4506 192.168.142.110:36688 ESTABLISHED 13704/python tcp 0 0 192.168.142.172:4505 192.168.142.110:57042 ESTABLISHED 13692/python
2, Slave - controlled node
Install the epel source and the controlled end
yum install -y epel-release //Install epel source yum -y install salt-minion //Install the controlled end
Modify the configuration file of the controlled end
vi /etc/salt/minion //Modify the configuration as follows: 16That's ok master: 192.168.172.142 //Specify master IP 78That's ok id: web01.saltstack.com //Specify the host name of the controlled end
Startup service
//Start the controlled end service systemctl start salt-minion
Check at the main control end
//Test the communication status with the controlled terminal at the main control terminal (* represents all controlled hosts) salt '*' test.ping web01.saltstack.com: True //Check key status salt-key -L Accepted Keys: web01.saltstack.com Denied Keys: Unaccepted Keys: web01.saltstack.com Rejected Keys:
Be careful:
The following conditions occurred during the inspection:
Salt request timed out. The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased.
Please check the configuration file format or restart the server.
Three. Batch deployment of Apache
All the following operations are carried out at the master end
cd /srv/salt/ vim top.sls //Add as follows base: '*': - apache //Executing apache modules on all clients vim apache.sls //Add as follows apache-service: pkg.installed: - names: - httpd - httpd-devel service.running: - name: httpd - enable: True //Restart service systemctl restart salt-master.service //Execute bulk deployment command salt '*' state.highstate //The following message appears after the execution is completed web01.saltstack.com: ---------- ID: apache-service Function: pkg.installed Name: httpd Result: True Comment: The following packages were installed/updated: httpd Started: 15:04:51.323952 Duration: 40217.299 ms Changes: ---------- apr: ---------- new: 1.4.8-5.el7 old: apr-util: ---------- new: 1.5.2-6.el7 old: httpd: ---------- new: 2.4.6-90.el7.centos old: httpd-tools: ---------- new: 2.4.6-90.el7.centos old: mailcap: ---------- new: 2.1.41-2.el7 old: ---------- ID: apache-service Function: pkg.installed Name: httpd-devel Result: True Comment: The following packages were installed/updated: httpd-devel Started: 15:05:31.545046 Duration: 16876.92 ms Changes: ---------- apr-devel: ---------- new: 1.4.8-5.el7 old: apr-util-devel: ---------- new: 1.5.2-6.el7 old: cyrus-sasl: ---------- new: 2.1.26-23.el7 old: 2.1.26-21.el7 cyrus-sasl-devel: ---------- new: 2.1.26-23.el7 old: cyrus-sasl-gssapi: ---------- new: 2.1.26-23.el7 old: 2.1.26-21.el7 cyrus-sasl-lib: ---------- new: 2.1.26-23.el7 old: 2.1.26-21.el7 cyrus-sasl-md5: ---------- new: 2.1.26-23.el7 old: 2.1.26-21.el7 cyrus-sasl-plain: ---------- new: 2.1.26-23.el7 old: 2.1.26-21.el7 cyrus-sasl-scram: ---------- new: 2.1.26-23.el7 old: 2.1.26-21.el7 expat-devel: ---------- new: 2.1.0-10.el7_3 old: httpd-devel: ---------- new: 2.4.6-90.el7.centos old: libdb: ---------- new: 5.3.21-25.el7 old: 5.3.21-20.el7 libdb-devel: ---------- new: 5.3.21-25.el7 old: libdb-utils: ---------- new: 5.3.21-25.el7 old: 5.3.21-20.el7 openldap: ---------- new: 2.4.44-21.el7_6 old: 2.4.44-5.el7 openldap-devel: ---------- new: 2.4.44-21.el7_6 old: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 15:05:48.459684 Duration: 1822.995 ms Changes: ---------- httpd: True Summary ------------ Succeeded: 3 (changed=3) Failed: 0
4, Inspection test results
web01:
[root@web01 ~]# rpm -q httpd httpd-2.4.6-90.el7.centos.x86_64 [root@web01 ~]# netstat -ntap | grep 80 tcp6 0 0 :::80 :::* LISTEN 6
