├── README.md ├── host_ip.txt ├── ip.sh └── srv └── salt └── minions ├── 5 └── README.md ├── 6 └── README.md └── 7 ├── conf ├── SALTSTACK-GPG-KEY.pub ├── minion └── saltstack.repo └── install.sls /README.md: -------------------------------------------------------------------------------- 1 | # Saltstack? # 2 | Salt 一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。 3 | 4 | salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等. 5 | 6 | # 批量部署salt-minion客户端 # 7 | 8 | 大规模部署salt的时候,为了减轻运维工作,需要批量来安装salt-minion客户端。 9 | 10 | salt-ssh是Saltstack的另一种管理方式,无需安装minion端,可以运用Salt的一切功能,管理和使用方式和基本和Salt一样。但是执行效率会比有minion端慢很多,不适合大规模批量操作 11 | 12 | ## 环境: ## 13 | ``` 14 | 192.168.1.14 服务端:salt-ssh salt-master salt-minion 15 | 192.168.1.15 客户端:salt-minion 16 | 192.168.1.16 客户端:salt-minion 17 | 192.168.1.17 客户端:salt-minion 18 | ``` 19 | 20 | # 一、salt-ssh安装(master端) # 21 | 22 | ### 1、克隆代码: ### 23 | ``` 24 | $ git clone https://github.com/BigbigY/salt-ssh-install-salt-minion.git 25 | ``` 26 | 27 | ### 2、导入SaltStack存储密钥: ### 28 | ``` 29 | $ rpm --import SALTSTACK-GPG-KEY.pub 30 | ``` 31 | 32 | ### 3、将saltstack.repo拷贝到/etc/yum.repos.d/ ### 33 | 34 | ### 4、Run sudo yum clean expire-cache. ### 35 | 36 | ### 5、Run sudo yum update. ### 37 | 38 | ### 6、安装salt-ssh ### 39 | 提示:salt-ssh不需要启动服务,只需要启动下salt-master服务 40 | ``` 41 | $ yum -y install salt-ssh salt-master 42 | $ systemctl start salt-master 43 | ``` 44 | 45 | 46 | # 二、配置salt-ssh客户端信息,通信 # 47 | 48 | ### 1、ip文件: ### 49 | 把所有minion_ip放到文件中,格式如下: 50 | ``` 51 | $ cat host_ip.txt 52 | 192.168.1.14 53 | 192.168.1.15 54 | 192.168.1.16 55 | 192.168.1.17 56 | ``` 57 | 58 | ### 2、批量添加脚本: ### 59 | USERNAME是客户端用户名,PASSWORD是客户端密码,这里的话客户端账号密码都相同,所有我写了个批量添加的脚本 60 | ``` 61 | $ cat ip.sh 62 | #!/bin/bash 63 | USERNAME="root" 64 | PASSWORD="123" 65 | for i in `cat /root/host_ip.txt` 66 | do 67 | echo "$i:" >> /etc/salt/roster ##$i表示取文件的每行内容 68 | echo " host: $i" >> /etc/salt/roster 69 | echo " user: $USERNAME" >>/etc/salt/roster 70 | echo " passwd: $PASSWORD" >>/etc/salt/roster 71 | # echo " sudo: True" >>/etc/salt/roster 72 | echo " timeout: 10" >>/etc/salt/roster 73 | done 74 | ``` 75 | 76 | ### 3、执行,查看 ### 77 | ``` 78 | $ cat /etc/salt/roster 79 | # Sample salt-ssh config file 80 | #web1: 81 | # host: 192.168.42.1 # The IP addr or DNS hostname 82 | # user: fred # Remote executions will be executed as user fred 83 | # sudo: True # Whether to sudo to root, not enabled by default 84 | #web2: 85 | # host: 192.168.42.2 86 | 192.168.1.14: 87 | host: 192.168.1.14 88 | user: root 89 | passwd: 123 90 | timeout: 10 91 | 192.168.1.15: 92 | host: 192.168.1.15 93 | user: root 94 | passwd: 123 95 | timeout: 10 96 | 192.168.1.16: 97 | host: 192.168.1.16 98 | user: root 99 | passwd: 123 100 | timeout: 10 101 | 192.168.1.17: 102 | host: 192.168.1.17 103 | user: root 104 | passwd: 123 105 | timeout: 10 106 | ``` 107 | 108 | ### 4、测试 ### 109 | ``` 110 | $ salt-ssh -i '*' test.ping 111 | 192.168.1.17: 112 | True 113 | 192.168.1.14: 114 | True 115 | 192.168.1.16: 116 | True 117 | 192.168.1.15: 118 | True 119 | ``` 120 | 121 | # 三、批量安装salt-minion # 122 | 123 | ### 1、目录结构: ### 124 | ``` 125 | $ pwd 126 | /srv/salt 127 | $ tree minions/ 128 | minions/ 129 | ├── 5 130 | │   └── README.md 131 | ├── 6 132 | │   └── README.md 133 | └── 7 134 | ├── conf 135 | │   ├── minion 136 | │   ├── SALTSTACK-GPG-KEY.pub 137 | │   └── saltstack.repo 138 | └── install.sls 139 | 140 | 4 directories, 6 files 141 | ``` 142 | 143 | ### 2、需要在控制端/etc/hosts文件增加Host解析(master) ### 144 | ``` 145 | $ cat /etc/hosts 146 | 192.168.1.14 salt.node1.com 147 | 192.168.1.15 salt.node2.com 148 | 192.168.1.16 salt.node3.com 149 | 192.168.1.17 salt.node4.com 150 | ``` 151 | 152 | 153 | ### 3、执行: ### 154 | minion配置文件根据自己master_ip修改,id根据自身情况获取 155 | 156 | ``` 157 | $ pwd 158 | /srv/salt 159 | salt-ssh -i '*' state.sls minions.7.install 160 | ``` 161 | 162 | ### 4、查看需要授权的主机: ### 163 | ``` 164 | $ salt-key 165 | Accepted Keys: 166 | Denied Keys: 167 | Unaccepted Keys: 168 | 192.168.1.14 169 | 192.168.1.15 170 | 192.168.1.16 171 | 192.168.1.17 172 | Rejected Keys: 173 | ``` 174 | 175 | ### 5、授权要管理的主机: ### 176 | ``` 177 | $ salt-key -A 178 | The following keys are going to be accepted: 179 | Unaccepted Keys: 180 | 192.168.1.14 181 | 192.168.1.15 182 | 192.168.1.16 183 | 192.168.1.17 184 | Proceed? [n/Y] y 185 | Key for minion 192.168.1.14 accepted. 186 | Key for minion 192.168.1.15 accepted. 187 | Key for minion 192.168.1.16 accepted. 188 | Key for minion 192.168.1.17 accepted. 189 | ``` 190 | 191 | ### 查看 ### 192 | ``` 193 | $ salt-key 194 | Accepted Keys: 195 | 192.168.1.14 196 | 192.168.1.15 197 | 192.168.1.16 198 | 192.168.1.17 199 | Denied Keys: 200 | Unaccepted Keys: 201 | Rejected Keys: 202 | ``` 203 | 204 | ### 6、salt测试 ### 205 | ``` 206 | $ salt '*' test.ping 207 | 192.168.1.14: 208 | True 209 | 192.168.1.15: 210 | True 211 | 192.168.1.16: 212 | True 213 | 192.168.1.17: 214 | True 215 | ``` 216 | 217 | ### 7、取消salt-ssh: ### 218 | 在/etc/salt/roster清除添加的认证主机 219 | 220 | ### 8、测试 ### 221 | ``` 222 | $ salt '*' test.ping 223 | 192.168.1.14: 224 | True 225 | 192.168.1.15: 226 | True 227 | 192.168.1.16: 228 | True 229 | 192.168.1.17: 230 | True 231 | ``` 232 | 233 | 234 | 温馨提示: 235 | 此篇以ip为minion_id,如果需要根据主机名,可以先把主机名写命名好,然后改写install.sls grains获取改成host主机名就可以了。 236 | 或者可以自己编写个grains模块来获取。 237 | -------------------------------------------------------------------------------- /host_ip.txt: -------------------------------------------------------------------------------- 1 | 192.168.1.14 2 | 192.168.1.15 3 | 192.168.1.16 4 | 192.168.1.17 5 | -------------------------------------------------------------------------------- /ip.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BigbigY/salt-ssh-install-salt-minion/f97e6b98212e811b6cd63232677046e0af9eb999/ip.sh -------------------------------------------------------------------------------- /srv/salt/minions/5/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BigbigY/salt-ssh-install-salt-minion/f97e6b98212e811b6cd63232677046e0af9eb999/srv/salt/minions/5/README.md -------------------------------------------------------------------------------- /srv/salt/minions/6/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BigbigY/salt-ssh-install-salt-minion/f97e6b98212e811b6cd63232677046e0af9eb999/srv/salt/minions/6/README.md -------------------------------------------------------------------------------- /srv/salt/minions/7/conf/SALTSTACK-GPG-KEY.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9 5 | m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW 6 | tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw 7 | WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts 8 | kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA 9 | gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr 10 | YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT 11 | qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q 12 | WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1 13 | yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o 14 | nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU 15 | 4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA 16 | /NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q 17 | 9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb 18 | 9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx 19 | uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ 20 | zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr 21 | GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E 22 | PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ 23 | AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK 24 | WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4 25 | vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f 26 | T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N 27 | 1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx 28 | fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS 29 | MA== 30 | =dtMN 31 | -----END PGP PUBLIC KEY BLOCK----- 32 | -------------------------------------------------------------------------------- /srv/salt/minions/7/conf/minion: -------------------------------------------------------------------------------- 1 | master: 10.1.250.95 2 | id: {{ minion_id }} 3 | -------------------------------------------------------------------------------- /srv/salt/minions/7/conf/saltstack.repo: -------------------------------------------------------------------------------- 1 | [saltstack-repo] 2 | name=SaltStack repo for RHEL/CentOS $releasever 3 | baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest 4 | enabled=1 5 | gpgcheck=1 6 | gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub 7 | -------------------------------------------------------------------------------- /srv/salt/minions/7/install.sls: -------------------------------------------------------------------------------- 1 | minion_key: 2 | file.managed: 3 | - name: /tmp/SALTSTACK-GPG-KEY.pub 4 | - source: salt://minions/7/conf/SALTSTACK-GPG-KEY.pub 5 | - user: root 6 | - group: root 7 | - mode: 644 8 | cmd.run: 9 | - name: rpm --import /tmp/SALTSTACK-GPG-KEY.pub 10 | minion_yum: 11 | file.managed: 12 | - name: /etc/yum.repos.d/saltstack.repo 13 | - source: salt://minions/7/conf/saltstack.repo 14 | - user: root 15 | - group: root 16 | - mode: 644 17 | cmd.run: 18 | - name: yum clean expire-cache && yum -y update 19 | minion_install: 20 | pkg.installed: 21 | - pkgs: 22 | - salt-minion 23 | - require: 24 | - file: minion_yum 25 | - unless: rpm -qa | grep salt-minion 26 | minion_conf: 27 | file.managed: 28 | - name: /etc/salt/minion 29 | - source: salt://minions/7/conf/minion 30 | - user: root 31 | - group: root 32 | - mode: 644 33 | - template: jinja 34 | - defaults: 35 | minion_id: {{ grains['fqdn_ip4'][0] }} 36 | - require: 37 | - pkg: minion_install 38 | minion_service: 39 | service.running: 40 | - name: salt-minion 41 | - enable: True 42 | - require: 43 | - file: minion_conf 44 | 45 | --------------------------------------------------------------------------------