Installation¶
- Salt 환경을 빠르게 구성 할 수 있는 Bootstrap과 다양한 Tutorial이 있습니다.
- 인터넷이 가능한 네트워크에서 Master와 Minion 각 1대 씩 Ubuntu 18.04 LTS 설치 후 Salt 구성을 진행합니다.
PLATFORM-SPECIFIC INSTALLATION INSTRUCTIONS
RHEL, CentOS, MacOS, Windows 등의 환경에서 설치하는 방법도 있습니다.
Nameserver¶
외부 Repository에서 패키지를 다운로드할 수 있는 환경을 구성합니다.
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=105 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=172 ms
cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
Repository¶
Salt 패키지 설치를 위한 Key와 Repository 정보를 가지고 있는 Sources List 파일을 생성합니다. Master, Minion 서버 모두 동일하게 구성합니다.
Download key & Create apt sources list file
sudo curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest/salt-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest focal main" | sudo tee /etc/apt/sources.list.d/salt.list
apt-get update
Get:1 http://us.archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:3 https://repo.saltproject.io/py3/ubuntu/18.04/amd64/latest bionic InRelease [2,126 B]
Get:4 https://repo.saltproject.io/py3/ubuntu/18.04/amd64/latest bionic/main amd64 Packages [4,170 B]
Get:5 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [1,627 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
<omitted>
Get:46 http://us.archive.ubuntu.com/ubuntu bionic-backports/universe i386 Packages [10.3 kB]
Get:47 http://us.archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [10.3 kB]
Get:48 http://us.archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [4,588 B]
Fetched 38.8 MB in 2min 44s (236 kB/s)
Reading package lists... Done
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://repo.saltproject.io/py3/ ubuntu/18.04/amd64/latest bionic InRelease' doesn't support architecture 'i386'
Install Packages¶
Master 서버는 salt-master 패키지, Minion 서버는 salt-minion 패키지를 각각 설치합니다.
Master
apt-get install salt-master
Minion
apt-get install salt-minion
Firewall Configuration¶
Master 서버와 Minion 서버 모두 ufw를 이용하여 4505, 4506포트를 개방합니다.
ufw allow proto tcp from any to any port 4505,4506
UFW
UFW - Uncomplicated Firewall The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.
# Enable UFW
ufw enable
# Disable UFW
ufw disable
# Allow and Deny
ufw allow <port>/<optional: protocol>
ufw deny <port>/<optional: protocol>
# Status
ufw status
# More
https://help.ubuntu.com/community/UFW
Configuration File¶
Master 서버에서 사용할 IP주소를 설정하고 데몬을 실행합니다.
Master
vim /etc/salt/master
14 # The address of the interface to bind to:
15 interface: 100.100.100.130
systemctl restart salt-master
Minion 서버에서 Master 서버의 IP주소를 설정하고 데몬을 실행합니다.
Minion
vim /etc/salt/minion
14 # Set the location of the salt master server. If the master server cannot be
15 # resolved, then the minion will fail to start.
16 # master: salt
17 master: 100.100.100.130
systemctl restart salt-master
Accept Key¶
Master 서버에 Minion Key를 등록하여 Salt 명령어 전달할 수 있도록 합니다.
Master
salt-key --list-all
Accepted Keys:
Denied Keys:
Unaccepted Keys:
ubuntu-131
Rejected Keys:
# ACCEPT A SPECIFIC KEY
# salt-key --accept=<key>
# ACCEPT ALL KEYS
# salt-key --accept-all
salt-key --accept=ubuntu-131
salt-key --list-all
Accepted Keys:
ubuntu-131
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Send a Command¶
모든 Minion 서버에 test.ping 모듈을 이용하여 통신 가능 여부를 확인합니다.
Master
salt '*' test.ping
ubuntu-13:
True