2017-03-20

salt install

saltstack 安装

基础软件安装

[root@saltstack ~]# yum -y install epel-release
[root@saltstack ~]# yum -y install gcc gcc-c++ make cmake bison libtool autoconf automake zip unzip bzip2 zlib zlib-devel openssl openssl-devel openssl-static pcre pcre-devel bison-devel ncurses-devel tcl tcl-devel perl-Digest-SHA1 GeoIP GeoIP-devel gperftools gperftools-devel libatomic_ops-devel gtest gtest-devel glibc-devel unixODBC-devel fop libperl libpython readline readline-devel python2-pip readline readline-devel readline-static sqlite-devel bzip2-devel bzip2-libs openldap-devel
[root@saltstack ~]# yum -y install git lftp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat

[root@saltstack ~]# rpm -e --nodeps python2-pycryptodomex
[root@saltstack ~]# yum -y install python-crypto

salt yum repo

[root@saltstack ~]# yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@saltstack ~]# yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm

[root@saltstack ~]# yum clean expire-cache
[root@saltstack ~]# yum makecache

salt master install

1
2
3

[root@saltstack ~]# yum -y install salt-master
[root@saltstack ~]# yum -y install salt-cloud salt-api salt-repo salt-ssh salt-syndic
[root@saltstack ~]# pip install raet

salt minion install

1	[root@saltstack ~]# yum -y install salt-minion

salt-master 配置文件

[root@localhost ~]# ls -1d /etc/salt/master*
/etc/salt/master
/etc/salt/master.d

[root@saltstack salt]# vim /etc/salt/master
default_include: master.d/*.conf
interface: 0.0.0.0
publish_port: 4505
user: root
ret_port: 4506

salt-minion 配置文件

[root@localhost ~]# ls -1d /etc/salt/minion*
/etc/salt/minion
/etc/salt/minion.d

[root@localhost ~]# vim /etc/salt/minion

salt-master 启动

1 2	[root@saltstack ~]# systemctl start salt-master [root@saltstack ~]# systemctl enable salt-master

salt-minion 启动

1 2	[root@localhost ~]# systemctl start salt-minion [root@localhost ~]# systemctl enable salt-minion

错误信息

[root@localhost ~]# yum -y install salt-minion
... ...
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-9.noarch (@wisdom_CentOS_7_extras)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Retrieving key from file:///etc/pki/rpm-gpg/saltstack-signing-key

The GPG keys listed for the "SaltStack Latest Release Channel for RHEL/Centos 7" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

 Failing package is: python-jinja2-2.7.2-2.el7.noarch
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/saltstack-signing-key


解决方法:
[root@localhost ~]# wget https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[root@localhost ~]# rpm --import RPM-GPG-KEY-CentOS-7

salt minion config

1
2
3

echo 'default_include: minion.d/*.conf'|tee -a /etc/salt/minion
echo 'master: 10.0.1.90'|tee /etc/salt/minion.d/minion.conf
echo 'id: 10.0.3.39'|tee -a /etc/salt/minion.d/minion.conf

systemctl start salt-minion

systemctl enable salt-master.service
systemctl start salt-master.service

systemctl enable salt-minion.service
systemctl start salt-minion.service

slat-key -L
slat-key -A
salt-key -a key

salt “*” test.ping

---

---
### salt install(多master + syndic架构)
1. 基础环境初始化
```text
192.168.13.217 saltserver1
192.168.13.218 saltserver2
192.168.13.212 saltsyndic

//修改主机名
hostname saltserver1 && echo saltserver1 |tee /etc/hostname
hostname saltserver2 && echo saltserver1 |tee /etc/hostname
hostname saltsyndic  && echo saltsyndic  |tee /etc/hostname

//修改hosts文件
echo '192.168.13.217 saltserver1' |tee -a /etc/hosts
echo '192.168.13.218 saltserver2' |tee -a /etc/hosts
echo '192.168.13.212 saltsyndic'  |tee -a /etc/hosts

//格式化磁盘
mkfs.xfs /dev/vdb
echo '/dev/vdb /mnt xfs defaults 0 0' |tee -a /etc/fstab
mount -a

//修改最大文件描述符
echo '* - nproc  65535' | tee -a /etc/security/limits.conf
echo '* - nofile 65535' | tee -a /etc/security/limits.conf
ls /etc/security/limits.d/|xargs rm -f

//修改yum源
mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
rpm --import http://yum.jwops.cn/wisdom/centos/RPM-GPG-KEY-CentOS-7
yum -y install epel-release
yum clean all && yum makecache

yum -y install gcc gcc-c++ make cmake bison libtool autoconf automake zip unzip bzip2 zlib zlib-devel openssl openssl-devel openssl-static pcre pcre-devel bison-devel ncurses-devel tcl tcl-devel perl-Digest-SHA1 GeoIP GeoIP-devel gperftools gperftools-devel libatomic_ops-devel gtest gtest-devel glibc-devel unixODBC-devel fop libperl libpython readline readline-devel python-devel python-pip python-crypto readline readline-devel readline-static sqlite-devel bzip2-devel bzip2-libs openldap-devel gdk-pixbuf2 gdk-pixbuf2-devel libffi libffi-devel libcurl libcurl-devel http-parser http-parser-devel libssh2 libssh2-devel git lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat

//关闭selinux
setenforce 0
sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config

//关闭防火墙
systemctl stop firewalld && systemctl disable firewalld

//时间设置
[ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock
[ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone
[ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd

ntpdate cn.pool.ntp.org

cp -f /etc/{ntp.conf,ntp.conf.bak}
cat > /etc/ntp.conf <<EOF
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server cn.pool.ntp.org prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
EOF

cp -f /etc/ntp/{step-tickers,step-tickers.bak}
cat > /etc/ntp/step-tickers <<EOF
cn.pool.ntp.org
0.centos.pool.ntp.org
1.centos.pool.ntp.org
2.centos.pool.ntp.org
3.centos.pool.ntp.org
EOF

systemctl start ntpd && systemctl enable ntpd

//创建基础目录
mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}

//挂载一块共享存储(nfs)
mkdir /mnt/data/salt
yum -y install nfs-utils
echo '192.168.13.201:/mnt/data/nfs /mnt/data/salt  nfs  nfsvers=3 0 0' | tee -a /etc/fstab
mount -a

//pip更新源和升级
mkdir ~/.pip
cat > ~/.pip/pip.conf <<EOF
[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/
[list]
format=columns
EOF
pip install --upgrade pip
pip install urllib urllib3

salt-master install

//salt源安装
CentOS 7:
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
CentoS 6:
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm

yum clean expire-cache
yum makecache

//安装pygit2
wget https://codeload.github.com/libgit2/libgit2/tar.gz/v0.26.0
tar xzf v0.26.0
cd libgit2-0.26.0/
cmake .
make
make install
echo '/usr/local/lib' | tee /etc/ld.so.conf.d/libgit2.conf
ldconfig
pip install pygit2

//安装raet
pip install raet

//salt-master 和 salt-syndic 安装
yum -y install salt-master salt salt-repo
yum -y install salt-api salt-ssh salt-syndic salt-cloud

[root@saltserver1 ~]# salt --versions-report
Salt Version:
           Salt: 2017.7.0

Dependency Versions:
           cffi: 1.6.0
       cherrypy: unknown
       dateutil: Not Installed
      docker-py: Not Installed
          gitdb: 0.6.4
      gitpython: Not Installed
          ioflo: 1.6.9
         Jinja2: 2.7.2
        libgit2: 0.26.0
        libnacl: 1.5.2
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.4.8
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: 0.26.0
         Python: 2.7.5 (default, Nov  6 2016, 00:28:07)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: 0.6.8
          smmap: 0.9.0
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4

System Versions:
           dist: centos 7.0.1406 Core
         locale: UTF-8
        machine: x86_64
        release: 3.10.0-123.el7.x86_64
         system: Linux
        version: CentOS Linux 7.0.1406 Core

//saltserver1配置启动
[root@saltserver1 ~]# mkdir -p /mnt/data/salt/conf
[root@saltserver1 ~]# mkdir -p /mnt/data/salt/pki/master
[root@saltserver1 ~]# mkdir -p /mnt/data/salt/file/{base,dev,prod}
[root@saltserver1 ~]# mkdir -p /mnt/data/salt/pillar/{base,dev,prod}
[root@saltserver1 ~]# mkdir -p /mnt/data/salt-master
[root@saltserver1 ~]# mkdir -p /mnt/log/salt

[root@saltserver1 ~]# cp /etc/salt/master /mnt/data/salt/conf/master.conf
[root@saltserver1 ~]# ln -sf /mnt/data/salt/conf/master.conf /etc/salt/master.d/master.conf

[root@saltserver1 ~]# vim /etc/salt/master.d/master.conf
conf_file: /etc/salt/master
pki_dir: /mnt/data/salt/pki/master
file_roots:
   base:
     - /mnt/data/salt/file/base
   dev:
     - /mnt/data/salt/file/dev
   prod:
     - /mnt/data/salt/file/prod
pillar_roots:
   base:
     - /mnt/data/salt/pillar/base
   dev:
     - /mnt/data/salt/pillar/dev
   prod:
     - /mnt/data/salt/pillar/prod
[root@saltserver1 ~]# systemctl start salt-master
[root@saltserver1 ~]# systemctl enable salt-master

//saltserver2配置启动(将saltserver1配置文件同步到saltserver2上)
[root@saltserver2 ~]# systemctl start salt-master
[root@saltserver2 ~]# systemctl enable salt-master

saltsyndic安装
1
2

smallasa

I known what i do !

salt install

saltstack 安装