salt是一款功能强大的配置管理工具,采用CS模式,客户端和服务端使用高效的zmq进行通讯
0. salt 安装部署
1) 管理节点部署salt-master
# yum -y install salt-master
配置salt-master
syndic_master: 172.17.10.63
interface: 172.23.6.216
ipv6: False
publish_port: 4505
log_file: /var/log/salt/master
log_level: info
loop_interval: 180
fileserver_backend:
# - git
- roots
#gitfs_provider: gitpython
#gitfs_remotes:
# - git@code.uappo.ucloudadmin.com:sid.cao/uappo_salt.git
file_roots:
base:
- /data/uappo_salt
#pillar_roots:
# base:
# - /data/uappo_salt/pillar
job_cache: True
keep_jobs: 1
worker_threads: 5
file_ignore_regex:
- '/\.svn($|/)'
- '/\.git($|/)'
file_ignore_glob:
- '*.pyc'
- '*.swp'
fileserver_backend: 有两种git和roots,不建议使用git,因为master每执行一个target都会运行git pull导致master所在的机器负载升高
2) 服务器上部署salt-minion
# yum -y install salt-minion
配置salt-minion
minion配置文件/etc/salt/minion
id: 172.23.105.37
master: 172.23.6.216
master_port: 4506
user: root
pidfile: /var/run/salt-minion.pid
log_file: /var/log/salt/minion
log_level: warning
loop_interval: 10
ipv6: False
retry_dns: 10
rejected_retry: True
renderer: yaml_jinja
cache_jobs: True
backup_mode: minion
backup_mode: 文件备份模式,file.managed和file.recurse使用,将原文件备份至cachedir下面的file_backup,目前只有一种设置minion,默认关闭,此处还是要吐嘈一下salt的备份方式比较混乱
grains配置文件/etc/salt/grains
master: 172.23.6.216
role: pnat
region: yg
inner_net: 10.10.0.0/16
grains是可以在template中调用的机器一些信息,使用kv格式配置
1. 安装后启动
1) 启动master
# /etc/init.d/salt-master start
2) 启动minion
# /etc/init.d/salt-minion start
3) master和minion之间通讯通过key进行加密
列出master上的key
# salt-key -L
分四种,Accepted Keys,Denied Keys,Unaccepted Keys,Rejected Keys
在master上允许minion的key
# salt-key -a "172.23.105.37" -y
其中172.23.105.37是minion的id
4) minion的key更新操作
master上删除minion原有的key
# salt-key -d "172.23.105.37" -y
重启minion
# /etc/init.d/salt-minion restart
master上重新允许minion的key
# salt-key -a "172.23.105.37" -y
5) pycrypto版本过低导致minion启动失败
报错信息
2016-04-03 03:57:31,666 [salt.log.setup ][ERROR ][26055] An un-handled exception was caught by salt's global exception handler:
NameError: global name 'AES' is not defined
Traceback (most recent call last):
File "/usr/bin/salt-call", line 11, in <module>
salt_call()
File "/usr/lib/python2.6/site-packages/salt/scripts.py", line 227, in salt_call
client.run()
File "/usr/lib/python2.6/site-packages/salt/cli/call.py", line 59, in run
caller = salt.cli.caller.Caller.factory(self.config)
File "/usr/lib/python2.6/site-packages/salt/cli/caller.py", line 69, in factory
return ZeroMQCaller(opts, **kwargs)
File "/usr/lib/python2.6/site-packages/salt/cli/caller.py", line 92, in __init__
self.minion = salt.minion.SMinion(opts)
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 322, in __init__
self.gen_modules(initial_load=True)
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 334, in gen_modules
self.opts['environment']
File "/usr/lib/python2.6/site-packages/salt/pillar/__init__.py", line 83, in compile_pillar
dictkey='pillar',
File "/usr/lib/python2.6/site-packages/salt/transport/__init__.py", line 271, in crypted_transfer_decode_dictentry
ret = self.sreq.send('aes', self.auth.crypticle.dumps(load), tries, timeout)
File "/usr/lib/python2.6/site-packages/salt/crypt.py", line 835, in dumps
return self.encrypt(self.PICKLE_PAD + self.serial.dumps(obj))
File "/usr/lib/python2.6/site-packages/salt/crypt.py", line 803, in encrypt
cypher = AES.new(aes_key, AES.MODE_CBC, iv_bytes)
NameError: global name 'AES' is not defined
解决办法:通过pip更新,centos源里的python-crypto包版本过低
# pip install --upgrade pycrypto