Saltstack 简明教程

SaltStack - Installation

在进行安装之前,需要满足以下要求:

Before moving to installation, you need to have the following requirements −

  1. A Linux server (latest Ubuntu server).

  2. sudo or root access to this server.

  • 使用以下命令安装所有更新:

Install all the updates using the following command −

sudo apt-get update

Install SaltMaster

  • 使用以下 apt-get 命令从存储库安装 SaltMaster。

Install the SaltMaster from the repository with the following apt-get command.

sudo apt-get install salt-master

Install Salt Minion

  • 使用以下 apt-get 命令从存储库安装 Salt Minion。

Install the Salt minion from the repository with the following apt-get command.

sudo apt-get install salt-minion

Install Salt syndic

  • 使用以下 apt-get 命令从存储库安装 Salt Syndic。

Install the Salt syndic from the repository with the following apt-get command.

sudo apt-get install salt-syndic

Master Configuration

Salt 配置非常简单。大多数安装都适用主控的默认配置。配置文件安装在“/etc/salt”目录中,并且以它们各自的组件命名,例如:/etc/salt/master 和 /etc/salt/minion。

Salt configuration is very simple. The default configuration for the master will work for most installations. The configuration files are installed in the ‘/etc/salt’ directory and are named after their respective components, such as − /etc/salt/master and /etc/salt/minion.

#interface: 0.0.0.0
interface: <local ip address>

更新配置文件后,使用以下命令重新启动 Salt 主控。

After updating the configuration file, restart the Salt master using the following command.

sudo service salt-master restart

Minion Configuration

配置 Salt Minion 非常简单。默认情况下,Salt Minion 将尝试连接到 DNS 名称“salt”;如果 Minion 能够正确解析该名称,则不需要配置。重新定义 Minion 配置文件中的“主控”指令,它通常是 /etc/salt/minion ,如下面的代码所示:

Configuring a Salt Minion is very simple. By default a Salt Minion will try to connect to the DNS name “salt”; if the Minion is able to resolve that name correctly, no configuration is required. Redefine the “master” directive in the minion configuration file, which is typically /etc/salt/minion, as shown in the code below −

#master: salt
master: <local ip address>

更新配置文件后,使用以下命令重新启动 Salt Minion。

After updating the configuration file, restart the Salt minion using the command below.

sudo service salt-minion restart

Key Management

对于主控和 Minion 之间的所有通信,Salt 使用 AES Encryption 。主控和 Minion 之间的通信通过受信任的已接受密钥进行验证。

Salt uses AES Encryption for all the communication between the Master and the Minion. The communication between Master and Minion is authenticated through trusted, accepted keys.

salt-key -L

它将生成以下 output

It will produce the following output

Accepted Keys:
Denied Keys:
Unaccepted Keys:
<local system name>
Rejected Keys:

通过发布以下命令,接受所有密钥。

Accept all keys by issuing the command below.

sudo salt-key -A

它将生成以下 output

It will produce the following output

The following keys are going to be accepted:
Unaccepted Keys:
<local system name>
Proceed? [n/Y] y
Key for minion bala-Inspiron-N4010 accepted.

现在再次发布 salt key listing 命令,

Now again issue the salt key listing command,

salt-key -L

它将生成以下 output

It will produce the following output

Accepted Keys:
<local system name>
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Sending Commands

必须通过运行 test.ping 命令验证主控和 Minion 之间的通信。

The communication between the Master and a Minion must be verified by running the test.ping command.

sudo salt '*' test.ping

它将生成以下 output

It will produce the following output

<local system name>
   True

在此,“ ’ refers to all the minions. Since, we only have one minion – test.ping, it executes the *ping 命令并返回 ping 是否成功。

Here, ‘’ refers to all the minions. Since, we only have one minion – test.ping, it executes the *ping command and returns whether the ping is successful or not.