140.1. 安装 Salt Stack
yum install salt-master chkconfig salt-master on service salt-master start
cp /etc/salt/master{,.original}
yum install salt-minion chkconfig salt-minion on
配置 master
cp /etc/salt/minion{,.original} sed -i '12,12imaster: salt.example.org' /etc/salt/minion cat >> /etc/hosts <<'EOF' 192.168.2.1 salt.example.org EOF
service salt-minion start
登陆master服务器,输入 salt-key 查看接入的 minion 客户端。
# salt-key Accepted Keys: Unaccepted Keys: haproxy Rejected Keys:
接受客户端 key
# salt-key -a haproxy The following keys are going to be accepted: Unaccepted Keys: haproxy Proceed? [n/Y] y Key for minion haproxy accepted.
至此,master 与 minion 已经建立了信任关系
你可以运行下面命令测试你的 minion
salt '*' test.arg 1 "two" 3.1 txt="hello" wow='{a: 1, b: "hello"}' salt '*' test.arg_repr 1 "two" 3.1 txt="hello" wow='{a: 1, b: "hello"}' salt '*' test.collatz 3 salt '*' test.conf_test salt '*' test.cross_test file.gid_to_group 0 salt '*' test.echo 'foo bar baz quo qux' salt '*' test.fib 3 salt '*' test.get_opts salt '*' test.kwarg num=1 txt="two" env='{a: 1, b: "hello"}' salt '*' test.not_loaded salt '*' test.outputter foobar salt '*' test.ping salt '*' test.provider service salt '*' test.providers salt '*' test.rand_sleep 60 salt '*' test.retcode 42 salt '*' test.sleep 20 salt '*' test.tty tty0 'This is a test' salt '*' test.tty pts3 'This is a test' salt '*' test.version salt '*' test.versions_information salt '*' test.versions_report
我通常只作ping测试
# salt '*' test.ping haproxy: True # salt '*' test.versions_information haproxy: ---------- Jinja2: unknown M2Crypto: 0.20.2 PyYAML: 3.09 PyZMQ: 2.2.0.1 Python: 2.6.6 (r266:84292, Feb 22 2013, 00:00:18) Salt: 0.16.0 ZMQ: 3.2.3 msgpack-pure: None msgpack-python: 0.1.13 pycrypto: 2.0.1 # salt '*' test.versions_report haproxy: Salt: 0.16.0 Python: 2.6.6 (r266:84292, Feb 22 2013, 00:00:18) Jinja2: unknown M2Crypto: 0.20.2 msgpack-python: 0.1.13 msgpack-pure: Not Installed pycrypto: 2.0.1 PyYAML: 3.09 PyZMQ: 2.2.0.1 ZMQ: 3.2.3
单独测试某一节点
salt 'haproxy' test.ping
这里为你掩饰的是,将iptables文件推送到所有的服务器上。
# vim /srv/salt/top.sis
base: '*': - iptables
# vim /srv/salt/iptables.sls
/etc/sysconfig/iptables: file: - managed - source: salt://iptables - user: root - group: root - mode: 644 - backup: minion
# vim /srv/salt/iptables
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
单独部署iptables
# salt '*' state.sls iptables
按照 top.sls 的设置执行
salt '*' state.highstate -v
转载请注明:爱开源 » SaltStack iptables