saltstack 多master && 权限控制
=============================================================================================================================
场景:192.168.163.129(我们的主master)
192.168.163.130(客户需要自己的master)
192.168.163.131(小毛驴的minion)
192.168.163.132(在思考的minion)
所有服务器都添加防火墙
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 4505 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 4506 -j ACCEPT
=============================================================================================================================
192.168.163.129(我们的主master)
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
yum install salt-master -y
[root@localhost ~]# less /etc/salt/master | grep -vP "^$|^#"
client_acl:
zhaocc:
- xml-*:
- .*
jiankong:
- zsk-*:
nodegroups:
zhaocc: 'E@xml-*'
jiankong: 'E@zsk-*'
chmod +r /etc/salt/master
chmod +x /var/run/salt
chmod +x /var/cache/salt
192.168.163.130(客户需要自己的master)
/etc/init.d/salt-master start
/etc/init.d/salt-master stop
复制192.168.163.129(我们的主master)中的
/etc/salt/pki/master/master.pem
etc/salt/pki/master/master.pub
到此服务器的相对应的目录,文件的权限保持和192.168.163.129(我们的主master)的权限一致。
192.168.163.131(小毛驴的minion)
yum install salt-minion -y
[root@localhost ~]# less /etc/salt/minion | grep -vP "^$|^#"
master:
- 192.168.163.129
- 192.168.163.130
id: xml-web-01
/etc/init.d/salt-minion restart
192.168.163.132(在思考的minion)
id: zsk-db-01
由于分组分用户控制,minion名字的规则为:项目名-应用名-编号 例如:xml-web-01(小毛驴-网站-01) zsk-db-01(在思考-数据库-01)
主配置文件分组的作用,可以对自己的项目做一个全部的在线检查:
[root@localhost ~]# su - zhaocc
[zhaocc@localhost ~]$ salt -N zhaocc test.ping
xml-web-01:
True
[zhaocc@localhost ~]$ logout
[root@localhost ~]# su - jiankong
[jiankong@localhost ~]$ salt -N jiankong test.ping
zsk-db-01:
[jiankong@localhost ~]$
本文转自 freeterman 51CTO博客,原文链接:http://blog.51cto.com/myunix/1706447,如需转载请自行联系原作者
![【MySQL数据库】数据库索引事务1.索引2.事务[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)