salt master syndic install
服务器信息
1
2
3
4192.168.13.217 CentOS 7.3.1611 master
192.168.13.218 CentOS 7.3.1611 master+syndic
192.168.13.187 CentOS 6.5 minion
192.168.13.188 CentOS 7.0.1406 minion查看系统版本
1
2[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)设置主机名
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21//salt-master
[root@localhost ~]# hostname salt-master && echo salt-master | tee /etc/hostname
[root@localhost ~]# echo '192.168.13.217 salt-master' |tee -a /etc/hosts
[root@localhost ~]# $SHELL
//salt-syndic
[root@localhost ~]# hostname salt-syndic && echo salt-syndic | tee /etc/hostname
[root@localhost ~]# echo '192.168.13.218 salt-syndic' |tee -a /etc/hosts
[root@localhost ~]# $SHELL
/salt-minion
CentOS-6:
[root@localhost ~]# hostname salt-minion-187 && echo salt-minion-187 | tee /etc/hostname
[root@localhost ~]# echo '192.168.13.187 salt-minion-187' |tee -a /etc/hosts
[root@localhost ~]# sed -i /'HOSTNAME'/d /etc/sysconfig/network
[root@localhost ~]# echo 'HOSTNAME=salt-minion-187'|tee -a /etc/sysconfig/network
[root@localhost ~]# $SHELL
CentOS-7:
[root@localhost ~]# hostname salt-minion-188 && echo salt-minion-188 | tee /etc/hostname
[root@localhost ~]# echo '192.168.13.188 salt-minion-188' |tee -a /etc/hosts
[root@localhost ~]# $SHELL硬盘格式化挂载
1
2
3[root@[x] ~]# mkfs.xfs /dev/vdb
[root@[x] ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab
[root@[x] ~]# mount -a设置打开最大文件数
1
2
3[root@[x] ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf
[root@[x] ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf
[root@[x] ~]# ls /etc/security/limits.d/*|xargs rm -f设置yum源
1
2
3
4
5
6[root@[x] ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup}
[root@[x] ~]# rpm --import http://yum.jwops.cn/epel/RPM-GPG-KEY-EPEL-7
[root@[x] ~]# curl -o /etc/yum.repos.d/epel.repo http://yum.jwops.cn/epel-7.repo
[root@[x] ~]# rpm --import http://yum.jwops.cn/centos/RPM-GPG-KEY-CentOS-7
[root@[x] ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://yum.jwops.cn/centos-7.repo
[root@[x] ~]# yum clean all && yum makecache安装基础依赖库和常用工具包
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34[root@[x] ~]# yum -y groupinstall "Development Tools"
[root@[x] ~]# yum -y install \
make cmake \
bison-devel \
bzip2-devel \
zlib zlib-devel \
openssl openssl-devel openssl-libs openssl-static \
pcre pcre-devel pcre-static \
ncurses ncurses-devel ncurses-libs \
curl-devel \
expat-devel \
gettext-devel \
openldap openldap-devel \
readline readline-devel readline-static \
libssh2 libssh2-devel \
unixODBC unixODBC-devel \
sqlite sqlite-devel \
tcl tcl-devel \
perl-Digest-SHA1 \
python-libs python-devel python2-pip python-crypto \
perl-libs \
perl-ExtUtils-MakeMaker \
GeoIP GeoIP-devel \
gperftools gperftools-devel gperftools-libs \
libatomic_ops-devel \
gtest gtest-devel \
gdk-pixbuf2 gdk-pixbuf2-deve \
libffi libffi-devel \
libcurl libcurl-devel \
http-parser http-parser-devel \
libxml2* \
libmcrypt* \
libtool-ltdl-devel*
[root@[x] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc关闭selinux
1
2[root@[x] ~]# setenforce 0
[root@[x] ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config关闭防火墙
1
[root@[x] ~]# systemctl stop firewalld && systemctl disable firewalld
设置系统时区
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33[root@[x] ~]# ntpdate cn.pool.ntp.org
[root@[x] ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@[x] ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock
[root@[x] ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone
[root@[x] ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd
[root@[x] ~]# cp -f /etc/{ntp.conf,ntp.conf.bak}
[root@[x] ~]# cat > /etc/ntp.conf <<EOF
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server cn.pool.ntp.org prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
EOF
[root@[x] ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak}
[root@[x] ~]# cat > /etc/ntp/step-tickers <<EOF
cn.pool.ntp.org
0.centos.pool.ntp.org
1.centos.pool.ntp.org
2.centos.pool.ntp.org
3.centos.pool.ntp.org
EOF
[root@[x] ~]# systemctl start ntpd && systemctl enable ntpd安装python,并设置python源
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21[root@[x] ~]# git clone https://github.com/yyuu/pyenv.git /usr/local/pyenv
[root@[x] ~]# echo 'export PYENV_ROOT="/usr/local/pyenv"' | tee /etc/profile.d/pyenv.sh
[root@[x] ~]# echo 'export PATH="$PYENV_ROOT/bin:$PATH"' | tee -a /etc/profile.d/pyenv.sh
[root@[x] ~]# echo 'eval "$(pyenv init -)"' | tee -a /etc/profile.d/pyenv.sh
[root@[x] ~]# source /etc/profile
[root@[x] ~]# mkdir -p ${PYENV_ROOT}/cache
[root@[x] ~]# ls ${PYENV_ROOT}/cache/Python-2.7.13.tar.xz 将源码包放到这里
[root@[x] ~]# pyenv install 2.7.13
[root@[x] ~]# pyenv local 2.7.13
[root@[x] ~]# pyenv rehash
[root@[x] ~]# mkdir ~/.pip
[root@[x] ~]# cat > ~/.pip/pip.conf <<EOF
[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/
[list]
format=columns
EOF设置开机启动文件权限
1
[root@[x] ~]# chmod +x /etc/rc.d/rc.local
创建常见目录
1
[root@[x] ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}
salt安装
1
[root@[x] ~]# pip install salt
salt-master配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84[root@salt-master ~]# mkdir -p /etc/salt
[root@salt-master ~]# mkdir -p /mnt/data/salt/base/{dev,prod}
[root@salt-master ~]# mkdir -p /mnt/data/salt/pillar/{dev,prod}
[root@salt-master ~]# cat > /etc/salt/master <<EOF
interface: 0.0.0.0
ipv6: False
publish_port: 4505
ret_port: 4506
user: root
order_masters: True
file_roots:
base:
- /mnt/data/salt/base
dev:
- /mnt/data/salt/base/dev
prod:
- /mnt/data/salt/base/prod
pillar_roots:
base:
- /mnt/data/salt/pillar
dev:
- /mnt/data/salt/pillar/dev
prod:
- /mnt/data/salt/pillar/prod
EOF
[root@salt-master ~]# salt-master -c /etc/salt -d
[root@salt-master ~]# pkill salt-master
[root@salt-master ~]# cat > /usr/lib/systemd/system/salt-master.service <<EOF
[Unit]
Description=salt-master
Documentation=https://docs.saltstack.com/en/latest/
After=network.target
[Service]
LimitNOFILE=65535
Type=simple
NotifyAccess=all
ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-master
PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
EOF
[root@salt-master ~]# systemctl daemon-reload
[root@salt-master ~]# systemctl start salt-master
[root@salt-master ~]# systemctl enable salt-master
[root@salt-master ~]# cp -f /etc/{rsyncd.conf,rsyncd.conf.bak}
[root@salt-master ~]# cat > /etc/rsyncd.conf <<EOF
uid = root
gid = root
port = 873
use chroot = yes
read only = no
write only = no
hosts allow = 192.168.13.218
hosts deny = *
max connections = 5
exclude = lost+found/
transfer logging = yes
timeout = 900
ignore nonreadable = yes
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[salt]
path = /mnt/data/salt
list = yes
auth users = saltsync
secrets file = /etc/rsyncd.secrets
read only = yes
exclude = test1/ test2/
comment = salt file_roots and pillor_roots
EOF
[root@salt-master ~]# echo 'saltsync:EcZufi9eoIdUR6X' |tee /etc/rsyncd.secrets
[root@salt-master ~]# chmod 600 /etc/rsyncd.secrets
[root@salt-master ~]# systemctl start rsyncd
[root@salt-master ~]# systemctl enable rsyncdsalt-syndic配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79[root@salt-syndic ~]# echo 'EcZufi9eoIdUR6X' |tee /etc/rsyncd.passwd
[root@salt-syndic ~]# chmod 600 /etc/rsyncd.passwd
[root@salt-syndic ~]# echo '*/1 * * * * rsync -avzP --delete --password-file=/etc/rsyncd.passwd saltsync@192.168.13.217::salt /mnt/data/salt' |tee /var/spool/cron/root
[root@salt-syndic ~]# mkdir -p /etc/salt
[root@salt-syndic ~]# cat > /etc/salt/master <<EOF
interface: 0.0.0.0
ipv6: False
publish_port: 4505
ret_port: 4506
user: root
syndic_master:
- 192.168.13.217
syndic_master_port: 4506
syndic_failover: random
syndic_wait: 20
auto_accept: True
file_roots:
base:
- /mnt/data/salt/base
dev:
- /mnt/data/salt/base/dev
prod:
- /mnt/data/salt/base/prod
pillar_roots:
base:
- /mnt/data/salt/pillar
dev:
- /mnt/data/salt/pillar/dev
prod:
- /mnt/data/salt/pillar/prod
EOF
[root@salt-syndic ~]# salt-master -c /etc/salt -d
[root@salt-syndic ~]# salt-syndic -c /etc/salt -d
[root@salt-syndic ~]# pkill salt-master
[root@salt-syndic ~]# pkill salt-syndic
[root@salt-syndic ~]# cat > /usr/lib/systemd/system/salt-master.service <<EOF
[Unit]
Description=salt-master
Documentation=https://docs.saltstack.com/en/latest/
After=network.target
[Service]
LimitNOFILE=65535
Type=simple
NotifyAccess=all
ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-master
PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
EOF
[root@salt-syndic ~]# cat > /usr/lib/systemd/system/salt-syndic.service <<EOF
[Unit]
Description=salt-syndic
Documentation=https://docs.saltstack.com/en/latest/
After=network.target
[Service]
LimitNOFILE=65535
Type=simple
NotifyAccess=all
ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-syndic
PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
EOF
[root@salt-syndic ~]# systemctl daemon-reload
[root@salt-syndic ~]# systemctl start salt-master
[root@salt-syndic ~]# systemctl start salt-syndic
[root@salt-syndic ~]# systemctl enable salt-master
[root@salt-syndic ~]# systemctl enable salt-syndicsalt-minion配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72CentOS-6:
[root@salt-minion-187 ~]# mkdir -p /etc/salt/
[root@salt-minion-187 ~]# cat > /etc/salt/minion <<EOF
master: 192.168.13.218
ipv6: False
master_port: 4506
user: root
id: salt-minion-187
EOF
[root@salt-minion-187 ~]# salt-minion -c /etc/salt -d
[root@salt-minion-187 ~]# cat > /etc/init.d/salt-minion <<EOF
# chkconfig: 2345 15 20
# description: salt-minion
case "\$1" in
start)
echo "Starting salt-minion..."
/usr/local/pyenv/versions/2.7.13/bin/salt-minion -d
;;
stop)
echo "Stop salt-minion..."
kill -HUP $(cat /var/run/salt-minion.pid)
;;
restart)
echo "Stop salt-minion..."
kill -HUP $(cat /var/run/salt-minion.pid)
sleep 1
echo "Starting salt-minion..."
/usr/local/pyenv/versions/2.7.13/bin/salt-minion -d
;;
status)
echo "salt-minion status:"
ps -ef|grep salt-minion|grep -v grep|grep -v status
;;
esac
EOF
[root@salt-minion-187 ~]# chmod +x /etc/init.d/salt-minion
[root@salt-minion-187 ~]# chkconfig --add salt-minion
[root@salt-minion-187 ~]# chkconfig salt-minion on
CentOS-7:
[root@salt-minion-188 ~]# mkdir -p /etc/salt/
[root@salt-minion-188 ~]# cat > /etc/salt/minion <<EOF
master: 192.168.13.218
ipv6: False
master_port: 4506
user: root
id: salt-minion-188
EOF
[root@salt-minion-188 ~]# salt-minion -c /etc/salt -d
[root@salt-minion-188 ~]# cat > /usr/lib/systemd/system/salt-minion.service <<EOF
[Unit]
Description=salt-minion
Documentation=https://docs.saltstack.com/en/latest/
After=network.target
[Service]
LimitNOFILE=65535
Type=simple
NotifyAccess=all
ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-minion
PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
EOF
[root@salt-minion-188 ~]# systemctl daemon-reload
[root@salt-minion-188 ~]# systemctl start salt-minion
[root@salt-minion-188 ~]# systemctl enable salt-minion