Salt Install

安装

直接看官方说明就好:)

https://repo.saltstack.com/

或者直接执行下面命令

salt-master

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M

salt-minion

curl -L https://bootstrap.saltstack.com -o install_salt.sh;sudo sh install_salt.sh -P;echo >> /etc/hosts; echo '58.87.127.31 salt' >> /etc/hosts; echo >> /etc/hosts;systemctl start salt-minion;systemctl enable salt-minion;

配置

salt的配置很简单。

对于master，不需要配置。只需要开放4505、4506两个端口

firewall-cmd --add-port 4505-4506/tcp --permanent
firewall-cmd --add-port 4505-4506/tcp

一键执行脚本

bash <(curl -s http://www.daimon.cc/bin/open-salt-port.sh)

对于minion，仅需要加入salt的域名解析。

vi /etc/hosts

10.0.0.1 salt

然后重启minion

systemctl restart salt-minion

然后在master节点就可以看到连接申请，通过即可。

salt-key -L # 看所有申请
salt-key -A # 接受所有申请

FAQ

• The master key has changed, the salt master could have been subverted, verify salt master's public key

  说明salt-master换过服务器了。这时需要手工补充操作。

  rm /etc/salt/pki/minion/minion_master.pub
  systemctl restart salt-minion
  

  一键执行脚本

  bash <(curl -s http://www.daimon.cc/bin/delete-salt-minion-master-pki.sh)
  

• node group

node group可以给node分组。

nodegroups:
  f12: 'l-py* or py*'
  tencent: 'happ* or hdb*'
  dmn: 'l-v1 or l-sg'
  tencent-public: 'N@f12 or N@dmn'

https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html#targeting-nodegroups https://docs.saltstack.com/en/latest/topics/targeting/compound.html#targeting-compound

• 自定义grains

如果要在master给minions定义grain，则在 /srv/salt/_grains/ 目录下写python。 示例

# coding: utf-8

def roles():
    grains = {}
    import socket
    hostname = socket.gethostname()
    if hostname and hostname.startswith('h'):
        grains['roles'] = ['internal']
    else:
        grains['roles'] = ['public']
    return grains

https://docs.saltstack.com/en/latest/topics/grains/