153 lines
4.9 KiB
Bash
153 lines
4.9 KiB
Bash
#!/bin/bash
|
||
## SaltStack安装 2017-07-03
|
||
## http://www.aqzt.com
|
||
## email: ppabc@qq.com
|
||
## robert yu
|
||
## centos 7
|
||
|
||
|
||
##安装必备软件
|
||
yum -y install mariadb mariadb-devel mariadb-server wget epel-release python-devel gcc c++ make openssl openssl-devel passwd libffi libffi-devel
|
||
yum -y install salt-master salt-minion salt-api nginx
|
||
wget https://bootstrap.pypa.io/get-pip.py
|
||
python get-pip.py
|
||
|
||
##配置salt-api
|
||
pip install pyOpenSSL==0.15.1 -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
|
||
useradd -M -s /sbin/nologin saltapi && echo "password"|/usr/bin/passwd saltapi --stdin
|
||
salt-call --local tls.create_self_signed_cert
|
||
|
||
##配置salt-master 我这里把soms解压到了/data/wwwroot下
|
||
cat > /etc/salt/master <<EOF
|
||
interface: 0.0.0.0
|
||
|
||
external_auth:
|
||
pam:
|
||
saltapi:
|
||
- .*
|
||
- '@wheel'
|
||
- '@runner'
|
||
- '@jobs'
|
||
|
||
rest_cherrypy:
|
||
port: 8000
|
||
ssl_crt: /etc/pki/tls/certs/localhost.crt
|
||
ssl_key: /etc/pki/tls/certs/localhost.key
|
||
|
||
file_recv: True
|
||
|
||
include: /data/wwwroot/soms/saltconfig/*.conf
|
||
EOF
|
||
|
||
##配置好后,把服务启起来,并测试salt-api
|
||
systemctl start salt-master salt-api
|
||
curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=password -d eauth=pam
|
||
|
||
|
||
################## 另一套配置 ####################################################################################
|
||
################################################################################################################
|
||
|
||
##安装salt api
|
||
yum -y install salt-api pyOpenSSL
|
||
chkconfig salt-api on
|
||
|
||
##创建用户,saltapi认证使用
|
||
useradd -M -s /sbin/nologin kbson
|
||
echo 'kbson' | passwd kbson --stdin
|
||
|
||
##添加salt api配置
|
||
[root@operation ops]# cat /etc/salt/master.d/api.conf
|
||
rest_cherrypy:
|
||
port: 8000
|
||
ssl_crt: /etc/pki/tls/certs/localhost.crt
|
||
ssl_key: /etc/pki/tls/certs/localhost.key
|
||
external_auth:
|
||
pam:
|
||
kbson:
|
||
- .*
|
||
- '@wheel'
|
||
- '@runner'
|
||
|
||
|
||
##生成自签名证书
|
||
[root@operation ops]# salt-call tls.create_self_signed_cert
|
||
local:
|
||
Certificate "localhost" already exists
|
||
##提示已经存在时,可以删除/etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs/localhost.key重新生成
|
||
|
||
##获取token
|
||
[root@operation ops]# curl -k https://192.168.56.102:8000/login -H "Accept: application/x-yaml" -d username='kbson' -d password='kbson' -d eauth='pam'
|
||
return:
|
||
- eauth: pam
|
||
expire: 1480714218.787106
|
||
perms:
|
||
- .*
|
||
- '@wheel'
|
||
- '@runner'
|
||
start: 1480671018.787106
|
||
token: ab3749a9a0fe83386b8a5d558d10e346c252e336
|
||
user: kbson
|
||
|
||
##重启salt-api后token会改变
|
||
##执行models,test.ping测试minion连通性
|
||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='test.ping'
|
||
return:
|
||
- operation: true
|
||
|
||
##远程执行命令
|
||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='free -m'
|
||
return:
|
||
- operation: ' total used free shared buffers cached
|
||
|
||
Mem: 988 932 56 1 19 107
|
||
|
||
-/+ buffers/cache: 805 182
|
||
|
||
Swap: 1983 382 1601'
|
||
|
||
远程执行多个minion命令
|
||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='operation,slave01' -d expr_form='list' -d fun='cmd.run' -d arg='free -m'
|
||
return:
|
||
- operation: ' total used free shared buffers cached
|
||
|
||
|
||
Mem: 988 925 63 1 21 81
|
||
|
||
|
||
-/+ buffers/cache: 821 166
|
||
|
||
|
||
Swap: 1983 393 1590'
|
||
slave01: ' total used free shared buffers cached
|
||
|
||
|
||
Mem: 1870 622 1248 6 79 300
|
||
|
||
|
||
-/+ buffers/cache: 242 1628
|
||
|
||
|
||
Swap: 2047 0 2047'
|
||
[root@operation ops]#
|
||
执行wheel
|
||
查看minion key状态
|
||
[root@operation ops]# curl -k https://192.168.56.102:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='wheel' -d fun='key.list_all'
|
||
return:
|
||
- data:
|
||
_stamp: '2016-12-02T09:30:35.235660'
|
||
fun: wheel.key.list_all
|
||
jid: '20161202173034905379'
|
||
return:
|
||
local:
|
||
- master.pem
|
||
- master.pub
|
||
minions:
|
||
- operation
|
||
- slave01
|
||
minions_denied: []
|
||
minions_pre: []
|
||
minions_rejected: []
|
||
success: true
|
||
tag: salt/wheel/20161202173034905379
|
||
user: kbson
|
||
tag: salt/wheel/20161202173034905379 |