Table of Contents | ||||
---|---|---|---|---|
|
...
사전 점검
OS
CentOS 7 x86_64 기준
방화벽
...
점검 및 세팅
https://seversky.atlassian.net/wiki/spaces/CSHD/pages/217022681/Installing+Server+Node#CloudHub%EC%97%90%EC%84%9C-%EC%82%AC%EC%9A%A9%EB%90%98%EB%8A%94-Port 를 참고 하여 Firewall을 세팅합니다.
...
SaltStack 저장소 등록
Code Block language bash $ yum install -y epel-release $ rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4/SALTSTACK-GPG-KEY.pub $ curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4.repo | sudo tee /etc/yum.repos.d/salt.repo $ yum clean expire-cache
Salt-Master, Salt-API, Salt-Minion 설치
Code Block language bash $ yum install -y salt-master salt-api salt-minion
snetsystems/salt 모듈로 overwrite
Copy $(git cloned path)/salt/modules/*to standard installed Salt module path(usually,/usr/lib/python3.6/site-packages/salt/modules
)Code Block language bash $ git clone https://github.com/snetsystems/salt.git $ cp -rf salt/salt/modules/* /usr/lib/python3.6/site-packages/salt/modules/
Config 설정
Salt-Master의 Config 와 Salt-API의 Config 파일을 설정해야 합니다.
Salt-Master :
$ vim /etc/salt/master.d/master.conf
Host에 여러 Interface가 있을 경우 Salt-Minion과 연결 가능한 네트워크 Interface IP로 설정해야 합니다.Status colour Red title 주의
ex) interface: 61.254.65.58
아래 예와 같이 any(0.0.0.0)로 설정해도 master ↔︎ minion 간 통신은 문제가 없으나,
CloudHub UI에서 원하지 않는 IP로 표시될 수 있습니다.Code Block language yaml ## log_level ## # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'. log_level: info ##### Primary configuration settings ##### ########################################## # The address of the interface to bind to: interface: 0.0.0.0 # The tcp port used by the publisher: publish_port: 4505 # Allow minions to push files to the master. This is disabled by default, for # security purposes. file_recv: True ##### State System settings ##### ########################################## # The state system uses a "top" file to tell the minions what environment to # use and what modules to use. The state_top file is defined relative to the # root of the base environment as defined in "File Server settings" below. state_top: top.sls ##### File Server settings ##### ########################################## # Salt runs a lightweight file server written in zeromq to deliver files to # minions. This file server is built into the master daemon and does not # require a dedicated port. # The file server works on environments passed to the master, each environment # can have multiple root directories, the subdirectories in the multiple file # roots cannot match, otherwise the downloaded files will not be able to be # reliably ensured. A base environment is required to house the top file. file_roots: base: - /srv/salt/prod qa: - /srv/salt/qa - /srv/salt/prod dev: - /srv/salt/dev - /srv/salt/qa - /srv/salt/prod # File Server Backend # # Salt supports a modular fileserver backend system, this system allows # the salt master to link directly to third party systems to gather and # manage the files available to minions. Multiple backends can be # configured and will be searched for the requested file in the order in which # they are defined here. The default setting only enables the standard backend # "roots" which uses the "file_roots" option. fileserver_backend: - roots ##### Security settings ##### ########################################## # The external auth system uses the Salt auth modules to authenticate and # validate users to access areas of the Salt system. external_auth: pam: saltdev: - .* - '@runner' - '@wheel' - '@jobs' # Allow eauth users to specify the expiry time of the tokens they generate. # A boolean applies to all users or a dictionary of whitelisted eauth backends # and usernames may be given. token_expire_user_override: pam: - saltdev ##### API Server settings ##### ########################################## rest_cherrypy: port: 8000 disable_ssl: True
Salt-Minion :
$ vim /etc/salt/minion.d/minion.conf
Code Block language yaml ## log_level ## # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'. log_level: info master: <master ip address> id: <유일한 minion id 설정해야 하며, 생략 시, hostname = minion id>
계정 생성 및 패스워드 설정
아래 추가된 password는 추후 salt-api authentication을 위한pam_token
를 발급 받는데 쓰이므로, 잘 기억해두어야 합니다.Code Block language bash $ useradd saltdev $ passwd <password> Changing password for user saltdev. New password:
서비스 시작
Code Block language bash $ systemctl enable salt-master $ systemctl start salt-master $ systemctl enable salt-api $ systemctl start salt-api $ systemctl enable salt-minion $ systemctl start salt-minion
Download telegraf into salt
file_roots
path on salt-master아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.
Download URL: https://github.com/snetsystems/telegraf/releases아래 지정된 경로에 원하는 버전의 rpm 파일을 다운로드 합니다.
Code Block language bash $ mkdir -p /srv/salt/prod/telegraf # Telegraf package path $ cd /srv/salt/prod/telegraf $ wget https://github.com/snetsystems/telegraf/releases/download/v1.19.3-snet/telegraf-1.19.3-snet-1_x86_64.rpm
...