1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
[root@bogon salt]
# cat master
file_roots:
base:
-
/
srv
/
salt
/
base
prod:
-
/
srv
/
salt
/
prod
interface:
192.168
.
88.3
reactor:
-
'salt/auth'
:
-
/
srv
/
reactor
/
Minion.sls
-
'salt/minion/*/start'
:
-
/
srv
/
reactor
/
auto.sls
[root@bogon salt]
# cat roster
m10:
host:
192.168
.
88.6
user: root
passwd:
123456
/
srv
/
salt目录结构
conf install.sls yum.repos.d
[root@bogon minions]
# cat install.sls
minion_yum:
file
.recurse:
-
name:
/
etc
/
yum.repos.d
-
source: salt:
/
/
minions
/
yum.repos.d
-
user: root
-
group: root
-
file_mode:
644
-
dir_mode:
755
-
include_empty:
True
minion_install:
pkg.installed:
-
pkgs:
-
salt
-
minion
-
require:
-
file
: minion_yum
-
unless: rpm
-
qa | grep salt
-
minion
minion_conf:
file
.managed:
-
name:
/
etc
/
salt
/
minion
-
source: salt:
/
/
minions
/
conf
/
minion
-
user: root
-
group: root
-
mode:
640
-
require:
-
pkg: minion_install
minion_service:
service.running:
-
name: salt
-
minion
-
enable:
True
-
require:
-
file
: minion_conf
[root@bogon minions]
# cat conf/minion
master:
192.168
.
88.3
id
: m10
这样可以完成自动验证
[root@bogon salt]
# cat master
file_roots:
base:
-
/
srv
/
salt
/
base
prod:
-
/
srv
/
salt
/
prod
interface:
192.168
.
88.3
reactor:
-
'salt/auth'
:
-
/
srv
/
reactor
/
Minion.sls
-
'salt/minion/*/start'
:
-
/
srv
/
reactor
/
auto.sls
[root@bogon salt]
# cat /srv/reactor/Minion.sls
{
%
if
'act'
in
data
and
data[
'act'
]
=
=
'pend'
%
}
minion_add:
wheel.key.accept:
-
match: {{ data[
'id'
] }}
{
%
endif
%
}
[root@bogon salt]
# cat /srv/reactor/auto.sls
run_state:
local.state.sls:
-
tgt: {{ data[
'id'
] }}
-
arg:
-
shencan
run_init:
local.cmd.run:
-
tgt: {{ data[
'id'
] }}
-
arg:
-
echo initsok >>
/
tmp
/
cpis
|
salt-ssh -i '*' state.sls minions.install
总是研究一个东西,被很多东西诱惑,搞到最后目标都没了。靠。
参考 http://zkhylt.blog.51cto.com/3638719/1782990
salt升级
https://repo.saltstack.com/yum
yum install salt-minion python26-zmq -y
#yum install --downloadonly --downloaddir=/home salt-2016
先决条件,全部在master操作
vim /etc/hosts
172.1.1.2 id1
vim /etc/salt/roster
id1:
host: 172.1.1.2
user: root
passwd: xx
master 172.1.1.1
1
2
3
4
5
6
7
8
|
[root@nginx minions]
# tree
.
├── conf
│ └── minion
├── install.sls
└── yum.repos.d
├── Centos
-
Base
-
6.repo
└── salt
-
latest.repo
|
[root@nginx minions]# cat /etc/salt/master
file_roots:
base:
- /srv/salt
prod:
- /srv/salt/prod
minion:
- /srv/salt/minions
interface: 172.1.1.1
nodegroups:
mysql: 'id1'
cd /srv/salt/minions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@nginx minions]
# cat install.sls
minion_yum:
file
.recurse:
-
name:
/
etc
/
yum.repos.d
-
source: salt:
/
/
minions
/
yum.repos.d
-
user: root
-
group: root
-
file_mode:
644
-
dir_mode:
755
-
include_empty:
True
minion_install:
pkg.installed:
-
pkgs:
-
salt
-
minion
-
require:
-
file
: minion_yum
-
unless: rpm
-
qa | grep salt
-
minion
minion_conf:
file
.managed:
-
name:
/
etc
/
salt
/
minion
-
source: salt:
/
/
minions
/
conf
/
minion
-
user: root
-
group: root
-
mode:
640
-
template: jinja
-
defaults:
minion_id: {{ grains[
'fqdn_ip4'
][
0
]}}
-
require:
-
pkg: minion_install
minion_service:
service.running:
-
name: salt
-
minion
-
enable:
True
-
require:
-
file
: minion_conf
|
cat /srv/salt/minions/conf/minion
master: 172.1.1.1
id: id1
写完后,运行命令
任何目录 salt-ssh -i '*' state.sls minions.install
salt-ssh -ir '*' 'ps aux | grep salt' | grep salt | grep -v grep| wc -l ##查看安装minion端的salt-minion进程是否运行,一个客户端运行一个salt-minion服务
完毕。