文章目录
salt-stack使用
- 服务端安装:salt-master,salt-api
yum install -y salt-master
yum install -y salt-api pyOpenSSL
pip install salt-api
pip install cherrypy==3.2.3
cd /etc/pki/tls/certs/
make testcert
-->设置秘钥密码,(3次) ,剩下回车
cd ../private/
openssl rsa -in localhost.key -out localhost_nopass.key
chmod 755 /etc/pki/tls/certs/localhost.crt
chmod 755 /etc/pki/tls/private/localhost.key
chmod 755 /etc/pki/tls/private/localhost_nopass.key
useradd -M -s /sbin/nologin saltapi
passwd saltapi
sed -i '/#default_include/s/#default/default/g' /etc/salt/master
mkdir -p /etc/salt/master.d
cd /etc/salt/master.d
#vim api.conf
rest_cherrypy:
port: 8001
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost_nopass.key
#vim eauch.conf
external_auth:
pam:
saltapi: # 用户
- .* # 该配置文件给予saltapi用户所有模块使用权限,出于安全考虑一般只给予特定模块使用权限
- '@runner'
- '@wheel'
systemctl restart salt-master
systemctl start salt-api
- 客户端安装:salt-minion
yum install -y salt-minion
#vim /etc/salt/minion,新增两行,位置随意
master: master_ip
id:本机在master上面显示的名称
- 注意:最好是有外网,yum安装比较方便
