140.1. 安装 Salt Stack
yum install salt-master chkconfig salt-master on service salt-master start
cp /etc/salt/master{,.original}
yum install salt-minion chkconfig salt-minion on
配置 master
cp /etc/salt/minion{,.original}
sed -i '12,12imaster: salt.example.org' /etc/salt/minion
cat >> /etc/hosts <<'EOF'
192.168.2.1 salt.example.org
EOF
service salt-minion start
登陆master服务器,输入 salt-key 查看接入的 minion 客户端。
# salt-key Accepted Keys: Unaccepted Keys: haproxy Rejected Keys:
接受客户端 key
# salt-key -a haproxy The following keys are going to be accepted: Unaccepted Keys: haproxy Proceed? [n/Y] y Key for minion haproxy accepted.
至此,master 与 minion 已经建立了信任关系
你可以运行下面命令测试你的 minion
salt '*' test.arg 1 "two" 3.1 txt="hello" wow='{a: 1, b: "hello"}'
salt '*' test.arg_repr 1 "two" 3.1 txt="hello" wow='{a: 1, b: "hello"}'
salt '*' test.collatz 3
salt '*' test.conf_test
salt '*' test.cross_test file.gid_to_group 0
salt '*' test.echo 'foo bar baz quo qux'
salt '*' test.fib 3
salt '*' test.get_opts
salt '*' test.kwarg num=1 txt="two" env='{a: 1, b: "hello"}'
salt '*' test.not_loaded
salt '*' test.outputter foobar
salt '*' test.ping
salt '*' test.provider service
salt '*' test.providers
salt '*' test.rand_sleep 60
salt '*' test.retcode 42
salt '*' test.sleep 20
salt '*' test.tty tty0 'This is a test'
salt '*' test.tty pts3 'This is a test'
salt '*' test.version
salt '*' test.versions_information
salt '*' test.versions_report
我通常只作ping测试
# salt '*' test.ping
haproxy:
True
# salt '*' test.versions_information
haproxy:
----------
Jinja2:
unknown
M2Crypto:
0.20.2
PyYAML:
3.09
PyZMQ:
2.2.0.1
Python:
2.6.6 (r266:84292, Feb 22 2013, 00:00:18)
Salt:
0.16.0
ZMQ:
3.2.3
msgpack-pure:
None
msgpack-python:
0.1.13
pycrypto:
2.0.1
# salt '*' test.versions_report
haproxy:
Salt: 0.16.0
Python: 2.6.6 (r266:84292, Feb 22 2013, 00:00:18)
Jinja2: unknown
M2Crypto: 0.20.2
msgpack-python: 0.1.13
msgpack-pure: Not Installed
pycrypto: 2.0.1
PyYAML: 3.09
PyZMQ: 2.2.0.1
ZMQ: 3.2.3
单独测试某一节点
salt 'haproxy' test.ping
这里为你掩饰的是,将iptables文件推送到所有的服务器上。
# vim /srv/salt/top.sis
base:
'*':
- iptables
# vim /srv/salt/iptables.sls
/etc/sysconfig/iptables:
file:
- managed
- source: salt://iptables
- user: root
- group: root
- mode: 644
- backup: minion
# vim /srv/salt/iptables
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
单独部署iptables
# salt '*' state.sls iptables
按照 top.sls 的设置执行
salt '*' state.highstate -v
转载请注明:爱开源 » SaltStack iptables