SaltStack Connects to Linux&Windows Machines

Posted by zack45668 on Sun, 09 Jun 2019 19:02:40 +0200

Setting up the Saltstack environment, we found in the process that it is very different from ansible, the functions are divided into module s and state s, which become more complex.First, you need to install master, minion, and get the fqdn of the machine because of the Zeromq used in the communication mode. This virtual machine is easy to tread on because of the network card problem. Then there are hostname, port access and other issues. Generally speaking, it is much stricter than ansible, since ansible only needs ssh OK.The errors and solutions encountered are recorded below.

Linux environment

1. pkg is available in the official repo of salt because it cannot be connected to an external network.
Official repo link [version: centos7.1/saltstack 2017.7.0]:
https://repo.saltstack.com/yum/redhat/7.1/x86_64/latest/

Note: The following vagrant1 is at the salt-master end and vagrant4 is at the salt-minion end.

[root@vagrant1 latest]# rpm -ivh salt-2017.7.0-1.el7.noarch.rpm
warning: salt-2017.7.0-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID de57bfbe: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:salt-2017.7.0-1.el7              ################################# [100%]
[root@vagrant1 latest]# rpm -ivh salt-master-2017.7.0-1.el7.noarch.rpm
warning: salt-master-2017.7.0-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID de57bfbe: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:salt-master-2017.7.0-1.el7       ################################# [100%]
[root@vagrant1 latest]# salt --version
salt 2017.7.0 (Nitrogen)

Note: Dependent packages may be required in the middle, which can be found in the official repo. minion side installations are similar, not to mention here.

2. Configure config files on the master and minion ends

#salt-master end
[root@vagrant1 ~]# grep -E -v '^$|#' /etc/salt/master
interface: 10.11.12.13          #Bind master ip
auto_accept: True               #Set up automatic certificate issuance
log_file: /var/log/salt/master
key_logfile: /var/log/salt/key

#salt-minion end
[root@vagrant4 ~]# cat /etc/hostname
vagrant4

[root@vagrant4 ~]# grep -E -v '^$|#' /etc/salt/minion
master: 10.11.12.13             #Set master ip
id: vagrant4                    #Set hostname for minion
log_file: /var/log/salt/minion
key_logfile: /var/log/salt/key

Troubleshooting: The ID in the minion configuration should be the same as the hostname of the machine. You can modify the hostname of the machine in /etc/hostname. If the ID is written incorrectly, you need to empty the contents of / etc/salt/minion_id after that (you do not need to delete the file) and restart the minion.Because if you've already started it will read the / etc/salt/minion_id cache directly.

3. Get minion-side key on the master side

[root@vagrant1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

When both salt-master and minion start up, or get does not reach key, start troubleshooting.
Start minion in debug mode:

[root@vagrant4 ~]#salt-minion -l debug
#Barabara shows a bunch on this side, with key errors picked below
SaltReqTimeoutError  while bringing up minion for multi-master.

Error while bringing up minion for multi-master. Is master at 10.11.12.13 responding?

Looking at the error, the master machine should not be connected, but my two machines can ping.

Error 1: Check if the machine's hostname and fqdn are configured correctly

[root@vagrant1 ~]# cat test.py
#!/usr/bin/python env
import socket
myname = socket.getfqdn(socket.gethostname())
myaddr = socket.gethostbyname(myname)
print"myname= %s"% myname
print"myaddr= %s"% myaddr
[root@vagrant1 ~]#
[root@vagrant1 ~]# python test.py
myname= vagrant1
myaddr= 10.11.12.13

Run python code on the master side to verify that the machine's fqdn is consistent with the master set in the minion configuration file; run on the minion side to verify that the name is consistent with the ID set in the minion configuration file; if the ID is inconsistent, remember to empty/etc/salt/minion_id and restart.

Error 2: Use the telnet command to detect that the salt port [4505&4506] on the master side is not open. A firewall needs to be set to open the master port.

[root@vagrant1 ~]# netstat -anp | grep 4506
tcp        0      0 10.167.223.21:4506      0.0.0.0:*               LISTEN      15388/python
[root@vagrant1 ~]# netstat -anp | grep 4505
tcp        0      0 10.167.223.21:4505      0.0.0.0:*               LISTEN      15382/python

#View Firewall Open Ports
[root@vagrant1 ~]# firewall-cmd --list-ports
80/tcp 10051/tcp
#Set open salt port
[root@vagrant1 ~]# firewall-cmd --zone=public --add-port=4505/tcp --permanent
success
[root@vagrant1 ~]# firewall-cmd --zone=public --add-port=4506/tcp --permanent
success
#Reload Firewall
[root@vagrant1 ~]# firewall-cmd --reload
success
[root@vagrant1 ~]# firewall-cmd --list-ports
4505/tcp 80/tcp 4506/tcp 10051/tcp

Restart salt-master, get and auto-sign minion-key successfully:

[root@vagrant1 ~]# salt-key -L
Accepted Keys:
vagrant4
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@vagrant1 ~]# salt vagrant4 test.ping
vagrant4:
    True

Windows Environment

If the above troubleshooting is done, windows is very simple to set up. My environment is windows7.
1. Install minion side
In the Official repo https://repo.saltstack.com/#windows , find the appropriate version of the installation package, and then install it as normal software, note that you need to set master [ip set to master] and minion id [host name set to windows] in the interface.It doesn't matter if the settings are not correct on this side. You can modify them in the minion configuration file, because you can't upload the screenshot, so you can grope for it yourself.
Note: If you are not sure about the hostname of windows, you can also run the python command in the cmd with the test.py script from the Linux environment above to see the hostname.

2. The last step of installation is to start the minion service directly by clicking on it, and then you can see the salt-minion in the Control Panel= Administrative Tools= service.

3. ping can also succeed if the master side confirms whether the get to the key on the windows minion side.

[root@vagrant1 ~]# salt-key -L
Accepted Keys:
windows.local       #windows machine name
vagrant4
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@vagrant1 ~]# salt-key '*' test.ping
Accepted Keys:
windows.local       #windows machine name
vagrant4
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@vagrant1 ~]#

Above, the saltstack environment is set up, and I will study hard later, putting on the reference link that I use when troubleshooting errors.
https://segmentfault.com/a/1190000000505397
https://github.com/saltstack/salt/issues/39490
http://www.cnblogs.com/binyue/p/4701262.html
http://blog.csdn.net/jack85986370/article/details/51169203

Topics: Windows firewall RPM saltstack

Hot Topics

©2024 Programmer Think