SaltStack高可用multi-master-[十三]

2018年8月12日18:37:25 发表评论 2,266 views
广告也精彩

multi在英文中是多,多种,多面的意思,具体解释我们已官方为准:

As of Salt 0.16.0, the ability to connect minions to multiple masters has been made available. The multi-master system allows for redundancy of Salt masters and facilitates multiple points of communication out to minions. When using a multi-master setup, all masters are running hot, and any active master can be used to send commands out to the minions.

一、环境介绍

服务器系统 IP 主机名
CentOS7.2 x86_64 salt-master 192.168.56.11 |node01
CentOS7.2 x86_64 salt-minion 192.168.56.12 |node02

说明因测试机器数量有限 ,2台服务器做Master也做Minion,当2个Master启动时候都要处于可用状态

二、部署步骤

2.1 在2个节点上面分别安装Master和Minion

[root@node02 ~]# yum install salt-master salt-minion -y

2.2 同步Master配置文件和状态文件

[root@node01 home]# scp /etc/salt/master 192.168.56.12:/etc/salt/
The authenticity of host '192.168.56.12 (192.168.56.12)' can't be established.
ECDSA key fingerprint is SHA256:0jUMCsox6XJwbJq69kZHAJWzoRABOGnUXFfqGetqANk.
ECDSA key fingerprint is MD5:71:bc:92:e5:20:1c:c1:95:18:1a:50:97:60:ae:0c:8a.
Are you sure you want to continue connecting (yes/no)? yes   
Warning: Permanently added '192.168.56.12' (ECDSA) to the list of known hosts.
root@192.168.56.12's password: 
master                                                                                                                  100%   50KB   3.0MB/s   00:00    
[root@node01 home]# scp -r /srv/salt/ 192.168.56.12:/srv/
root@192.168.56.12's password: 
apache-tomcat-8.0.46.tar.gz                                                                                             100% 9134KB  45.9MB/s   00:00    
tomcat.sls                                                                                                              100%  561    14.2KB/s   00:00    
lamp.sls                                                                                                                100% 1016     1.2MB/s   00:00    
apache.sls                                                                                                              100%  123    55.0KB/s   00:00    
top.sls                                                                                                                 100%   64    10.2KB/s   00:00    
zabbix_agentd.conf.bak                                                                                                  100% 7446   689.4KB/s   00:00    
zabbix_agentd.conf                                                                                                      100% 7436     6.2MB/s   00:00    
zabbix-agent.sls                                                                                                        100%  903    96.9KB/s   00:00    
epel-7.repo                                                                                                             100%  664    43.5KB/s   00:00    
yum-repo.sls                                                                                                            100%  141     8.9KB/s   00:00    
redis-install.sls                                                                                                       100%   50     4.2KB/s   00:00    
redis-master.conf                                                                                                       100%   46KB  17.9MB/s   00:00    
redis-master.sls                                                                                                        100%  401   577.4KB/s   00:00    
redis-install.sls

2.3 同步master秘钥对

[root@linux-node2 pki]# mkdir master -p && chmod 700 master/ #在node2节点上创建master文件并修改权限
[root@linux-node1 master]# scp /etc/salt/pki/master/master.pem master.pub 192.168.56.12:/etc/salt/pki/master/  #在node1上面scp

2.4 重启Master和Minion服务节点,生效Master和Minion配置文件

[root@linux-node2 pki]# systemctl restart salt-minion

2.5 在node2的master节点重新接受一下Minion认证

[root@linux-node2 master]# salt-key  #查看发送申请的minon id
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Rejected Keys:

[root@linux-node2 master]# salt-key -A  #接受申请,下面输入Y
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [n/Y] Y
Key for minion linux-node1.example.com accepted.
Key for minion linux-node2.example.com accepted.

2.6 在2个Master节点执行命令都可以正常工作

[root@linux-node1 master]# salt '*' test.ping  #node1 Master节点
linux-node1.example.com:
    True
linux-node2.example.com:
    True

[root@linux-node2 master]# salt '*' test.ping #node2 Master节点
linux-node2.example.com:
    True
linux-node1.example.com:
    True

三、总结

Master配置文件要一样

Master file_root路径及状态文件要一样

Master 公钥和私钥要一样

修改Minion配置中指定Master为列表形式

Master接受的minion_id key要保持同步,增删保持一致

生产环境可以用nginx做多个master的api负载均衡

Master上的key要考虑安全性问题

生产环境的状态文件管理可以用git管理

还可以通过 failover配置多个multiple masters,相对复杂一些
  • QQ精品交流群
  • weinxin
  • 微信公众号
  • weinxin
广告也精彩
admin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: