Salt Document学习笔记1

原文来自Salt Documentation，作者是 Thomas Hatch)，我摘抄部分可能今后会用到或适合入门到精通的一些原文段落，简单翻译后发上来，便于查阅和研究

一、原理方面：
The networking layer is built with the excellent ZeroMQ networking library, so the Salt daemon includes a viable and transparent AMQ broker. Salt uses public keys for authentication with the master daemon, then uses faster AES encryption 翻译：salt使用ZeroMQ网络库和AMQ 消息队列和AES加密方式

for payload communication; authentication and encryption are integral to Salt. Salt takes advantage of communication via msgpack, enabling fast and light network traffic.
翻译：salt采用加密与用户权限校验，由于使用msgpack通信所以网络快

Before commands can be sent to a Minion, its key must be accepted on the Master.
在master的命令被发送到minion前，相应的minion先前传送的key必须经过master校验且通过。（一种基于AES的权限校验方式，类似RSA）

Commands are run on the minions through the master, and minions send data back to the master (unless otherwise redirected with a returner).
翻译：命令由master发送给minion，minion发送数据给master，除非使用returner进行转向

By default a Salt Minion will try to connect to the DNS name “salt”;
翻译：Salt Minion默认会与名为salt的DNS连接

Note: Installing M2Crypto swig and libssl-dev are required to build M2Crypto. To fix the error command ’swig’ failed with exit status 1 while installing M2Crypto, try installing it with the following command: env SWIG_FEATURES="- cpperraswarn -includeall -D__‘uname -m‘__ -I/usr/include/openssl" pip install M2Crypto 翻译：安装M2Crypto时需要预先安装M2Crypto swig和libssl-dev模块，如果安装M2Crypto时出现’swig’ failed with exit status 1 这样的错误，在编译安装M2Crypto时带上参数，使用：env SWIG_FEATURES="- -cpperraswarn -includeall -D__‘uname -m‘__ -I/usr/include/openssl" pip install M2Crypto 
二、安装方面：
Here’s an example of using the silent installer: Salt-Minion-0.15.3-Setup-amd64.exe /S /master=yoursaltmaster /minion-name=yourminionname
翻译：静默安装的命令，直接在安装时把master和minion的名称给定义了：Salt-Minion-0.15.3-Setup-amd64.exe /S /master=yoursaltmaster /minion-name=yourminionname

三、配置方面：
The configuration files will be installed to /etc/salt and are named after the respective components, /etc/salt/master and /etc/salt/minion.
翻译：配置文件默认在/etc/salt，因其属性不同分别定义为/etc/salt/master 和/etc/salt/minion.

Make sure that the minion config file has the line ipc_mode: tcp
翻译：minion配置文档需要有ipc_mode: tcp这一行（默认是注释状态）

By default the Salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0).
翻译：Salt master默认在4505和4506上监听所有接口的数据

To bind Salt to a specific IP, redefine the “interface” directive in the master configuration file, typically /etc/salt/master, as follows: - #interface: 0.0.0.0 + interface: 10.0.0.1
翻译：若要salt监听一个特殊的ip，exp：在/etc/salt/master配置interface: 10.0.0.1

If the DNS name “salt” does not resolve to point to the correct location of the Master, redefine the “master” directive in the minion configuration file, typically /etc/salt/minion, as follows: - #master: salt + master: 10.0.0.1
翻译：如果名为salt的DNS没有指向正确的master的ip，在/etc/salt/minion配置文件里设置master: salt 并且设置 master: 10.0.0.1

四、命令方面
On the salt-master accept the new minion’s key sudo salt-key -A (This accepts all unaccepted keys. If you’re concerned about security just accept the key for this specific minion)
翻译：在salt-master机器上使用sudo salt-key -A命令可与所有无校验key的minion传送信息

Test that your minion is responding (a) On the salt-master run: sudo salt ’*’ test.ping You should get the following response: {‘your minion hostname’: True}
翻译：在salt-master机器上运行: sudo salt ’*’ test.ping命令，可接收到反馈{‘your minion hostname’: True}

Start the master in the foreground (to daemonize the process, pass the -d flag): # salt-master
翻译：若要以守护进程的方式启动master，直接salt-master，不需要/salt-master -d
若需要调试可以salt-master -log-level=debug

[ root@master ~]# salt-key -L 
Unaccepted Keys: alpha bravo charlie delta Accepted Keys:
以上命令用来列出已接收或未接收key的列表