saltstack 多master && 權限控制
=============================================================================================================================
場景:192.168.163.129(我們的主master)
192.168.163.130(客戶需要自己的master)
192.168.163.131(小毛驢的minion)
192.168.163.132(在思考的minion)
所有伺服器都添加防火牆
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 4505 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 4506 -j ACCEPT
=============================================================================================================================
192.168.163.129(我們的主master)
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
yum install salt-master -y
[root@localhost ~]# less /etc/salt/master | grep -vP "^$|^#"
client_acl:
zhaocc:
- xml-*:
- .*
jiankong:
- zsk-*:
nodegroups:
zhaocc: 'E@xml-*'
jiankong: 'E@zsk-*'
chmod +r /etc/salt/master
chmod +x /var/run/salt
chmod +x /var/cache/salt
192.168.163.130(客戶需要自己的master)
/etc/init.d/salt-master start
/etc/init.d/salt-master stop
複制192.168.163.129(我們的主master)中的
/etc/salt/pki/master/master.pem
etc/salt/pki/master/master.pub
到此伺服器的相對應的目錄,檔案的權限保持和192.168.163.129(我們的主master)的權限一緻。
192.168.163.131(小毛驢的minion)
yum install salt-minion -y
[root@localhost ~]# less /etc/salt/minion | grep -vP "^$|^#"
master:
- 192.168.163.129
- 192.168.163.130
id: xml-web-01
/etc/init.d/salt-minion restart
192.168.163.132(在思考的minion)
id: zsk-db-01
由于分組分使用者控制,minion名字的規則為:項目名-應用名-編号 例如:xml-web-01(小毛驢-網站-01) zsk-db-01(在思考-資料庫-01)
主配置檔案分組的作用,可以對自己的項目做一個全部的線上檢查:
[root@localhost ~]# su - zhaocc
[zhaocc@localhost ~]$ salt -N zhaocc test.ping
xml-web-01:
True
[zhaocc@localhost ~]$ logout
[root@localhost ~]# su - jiankong
[jiankong@localhost ~]$ salt -N jiankong test.ping
zsk-db-01:
[jiankong@localhost ~]$
本文轉自 freeterman 51CTO部落格,原文連結:http://blog.51cto.com/myunix/1706447,如需轉載請自行聯系原作者
![【MySQL資料庫】資料庫索引事務1.索引2.事務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)