1.导入安装源

centos5

rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

centos6

rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

2.安装salt软件包

master端

yum install salt-master

minion端（俗称的client端）

yum install salt-minion

3.配置修改

master端

[root@ldap ~]# sed -e 's/#.*//' -e '/^$/ d' /etc/salt/master

interface: 0.0.0.0

publish_port: 4505

user: root

max_open_files: 100000

ret_port: 4506

pidfile: /var/run/salt-master.pid

syndic_log_file: syndic.log

log_file: /var/log/salt/master

key_logfile: /var/log/salt/key

log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'

minion端

[root@monitor ~]# sed -e 's/#.*//' -e '/^$/ d' /etc/salt/minion

master: salt.server.365dw.cn

master_port: 4506

pidfile: /var/run/salt-minion.pid

pki_dir: /etc/salt/pki/minion

id: client01.server.365dw.cn

cachedir: /var/cache/salt/minion

4.重启服务端及客户端

master端：

/etc/init.d/iptables stop

/etc/init.d/salt-master restart

minion端:

/etc/init.d/iptables stop

/etc/init.d/salt-minion restart

5.证书认证

slat-key -L 查看后发现Unaccepted keys

[root@ldap ~]# salt-key -L

Accepted Keys:

Unaccepted Keys:

client01.server.365dw.cn

Rejected Keys:

salt-key -A 认证，Proceed输入Y

[root@ldap ~]# salt-key -A

The following keys are going to be accepted:

Unaccepted Keys:

client01.server.365dw.cn

Proceed? [n/Y] Y

Key for minion client01.server.365dw.cn accepted.

再次salt-key -L查看，Unaccepted Keys未认证的客户端变成了accept的客户端。

[root@ldap ~]# salt-key -L

Accepted Keys:

client01.server.365dw.cn

Unaccepted Keys:

Rejected Keys:

6.测试，使用salt内置的cmd.run命令进行ping 测试。

[root@ldap ~]# salt '*' cmd.run 'ping -c1 www.365dw.cn'

client01.server.365dw.cn:

    PING www.365dw.cn (112.124.43.79) 56(84) bytes of data.

    64 bytes from 112.124.43.79: icmp_seq=1 ttl=128 time=12.5 ms

    --- www.365dw.cn ping statistics ---

    1 packets transmitted, 1 received, 0% packet loss, time 0ms

    rtt min/avg/max/mdev = 12.534/12.534/12.534/0.000 ms