Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

...

사전 점검

OS

CentOS 7 x86_64 기준

방화벽

...

점검 및 세팅

https://seversky.atlassian.net/wiki/spaces/CSHD/pages/217022681/Installing+Server+Node#CloudHub%EC%97%90%EC%84%9C-%EC%82%AC%EC%9A%A9%EB%90%98%EB%8A%94-Port 를 참고 하여 Firewall을 세팅합니다.

...

  1. SaltStack 저장소 등록

    Code Block
    languagebash
    $ yum install -y epel-release
    $ rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4/SALTSTACK-GPG-KEY.pub
    $ curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4.repo | sudo tee /etc/yum.repos.d/salt.repo
    $ yum clean expire-cache
  2. Salt-Master, Salt-API, Salt-Minion 설치

    Code Block
    languagebash
    $ yum install -y salt-master salt-api salt-minion
  3. snetsystems/salt 모듈로 overwrite
    Copy $(git cloned path)/salt/modules/*to standard installed Salt module path(usually, /usr/lib/python3.6/site-packages/salt/modules)

    Code Block
    languagebash
    $ git clone https://github.com/snetsystems/salt.git
    $ cp -rf salt/salt/modules/* /usr/lib/python3.6/site-packages/salt/modules/
  4. Config 설정

    1. Salt-Master의 Config 와 Salt-API의 Config 파일을 설정해야 합니다.

    2. Salt-Master : $ vim /etc/salt/master.d/master.conf

    3. Status
      colourRed
      title주의
      Host에 여러 Interface가 있을 경우 Salt-Minion과 연결 가능한 네트워크 Interface IP로 설정해야 합니다.
      ex) interface: 61.254.65.58
      아래 예와 같이 any(0.0.0.0)로 설정해도 master ↔︎ minion 간 통신은 문제가 없으나,
      CloudHub UI에서 원하지 않는 IP로 표시될 수 있습니다.

      Code Block
      languageyaml
      ## log_level ##
      # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'.
      log_level: info
      
      ##### Primary configuration settings #####
      ##########################################
      # The address of the interface to bind to:
      interface: 0.0.0.0
       
      # The tcp port used by the publisher:
      publish_port: 4505
       
      # Allow minions to push files to the master. This is disabled by default, for
      # security purposes.
      file_recv: True
       
      #####      State System settings     #####
      ##########################################
      # The state system uses a "top" file to tell the minions what environment to
      # use and what modules to use. The state_top file is defined relative to the
      # root of the base environment as defined in "File Server settings" below.
      state_top: top.sls
       
      #####      File Server settings      #####
      ##########################################
      # Salt runs a lightweight file server written in zeromq to deliver files to
      # minions. This file server is built into the master daemon and does not
      # require a dedicated port.
       
      # The file server works on environments passed to the master, each environment
      # can have multiple root directories, the subdirectories in the multiple file
      # roots cannot match, otherwise the downloaded files will not be able to be
      # reliably ensured. A base environment is required to house the top file.
      file_roots:
        base:
          - /srv/salt/prod
        qa:
          - /srv/salt/qa
          - /srv/salt/prod
        dev:
          - /srv/salt/dev
          - /srv/salt/qa
          - /srv/salt/prod
       
      # File Server Backend
      #
      # Salt supports a modular fileserver backend system, this system allows
      # the salt master to link directly to third party systems to gather and
      # manage the files available to minions. Multiple backends can be
      # configured and will be searched for the requested file in the order in which
      # they are defined here. The default setting only enables the standard backend
      # "roots" which uses the "file_roots" option.
      fileserver_backend:
        - roots
       
      #####        Security settings       #####
      ##########################################
      # The external auth system uses the Salt auth modules to authenticate and
      # validate users to access areas of the Salt system.
      external_auth:
        pam:
          saltdev:
            - .*
            - '@runner'
            - '@wheel'
            - '@jobs'
       
      # Allow eauth users to specify the expiry time of the tokens they generate.
      # A boolean applies to all users or a dictionary of whitelisted eauth backends
      # and usernames may be given.
      token_expire_user_override:
        pam:
          - saltdev
      
      #####        API Server settings     #####
      ##########################################
      rest_cherrypy:
        port: 8000
        disable_ssl: True
    4. Salt-Minion : $ vim /etc/salt/minion.d/minion.conf

      Code Block
      languageyaml
      ## log_level ##
      # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'.
      log_level: info
      master: <master ip address>
      id: <유일한 minion id 설정해야 하며, 생략 시, hostname = minion id>
  5. 계정 생성 및 패스워드 설정
    아래 추가된 password는 추후 salt-api authentication을 위한 pam_token를 발급 받는데 쓰이므로, 잘 기억해두어야 합니다.

    Code Block
    languagebash
    $ useradd saltdev
    $ passwd <password>
    Changing password for user saltdev.
    New password:
  6. 서비스 시작

    Code Block
    languagebash
    $ systemctl enable salt-master
    $ systemctl start salt-master
    
    $ systemctl enable salt-api
    $ systemctl start salt-api
    
    $ systemctl enable salt-minion
    $ systemctl start salt-minion
  7. Download telegraf into salt file_roots path on salt-master

    1. 아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.
      Download URL: https://github.com/snetsystems/telegraf/releases

    2. 아래 지정된 경로에 원하는 버전의 rpm 파일을 다운로드 합니다.

      Code Block
      languagebash
      $ mkdir -p /srv/salt/prod/telegraf          # Telegraf package path
      $ cd /srv/salt/prod/telegraf
      $ wget https://github.com/snetsystems/telegraf/releases/download/v1.19.3-snet/telegraf-1.19.3-snet-1_x86_64.rpm

...