multi在英文中是多,多种,多面的意思,具体解释我们已官方为准:
As of Salt 0.16.0, the ability to connect minions to multiple masters has been made available. The multi-master system allows for redundancy of Salt masters and facilitates multiple points of communication out to minions. When using a multi-master setup, all masters are running hot, and any active master can be used to send commands out to the minions.
一、环境介绍
服务器系统 | IP | 主机名 |
---|---|---|
CentOS7.2 x86_64 | salt-master | 192.168.56.11 |node01 |
CentOS7.2 x86_64 | salt-minion | 192.168.56.12 |node02 |
说明因测试机器数量有限 ,2台服务器做Master也做Minion
,当2个Master启动时候都要处于可用状态
二、部署步骤
2.1 在2个节点上面分别安装Master和Minion
[root@node02 ~]# yum install salt-master salt-minion -y
2.2 同步Master配置文件和状态文件
[root@node01 home]# scp /etc/salt/master 192.168.56.12:/etc/salt/
The authenticity of host '192.168.56.12 (192.168.56.12)' can't be established.
ECDSA key fingerprint is SHA256:0jUMCsox6XJwbJq69kZHAJWzoRABOGnUXFfqGetqANk.
ECDSA key fingerprint is MD5:71:bc:92:e5:20:1c:c1:95:18:1a:50:97:60:ae:0c:8a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.12' (ECDSA) to the list of known hosts.
root@192.168.56.12's password:
master 100% 50KB 3.0MB/s 00:00
[root@node01 home]# scp -r /srv/salt/ 192.168.56.12:/srv/
root@192.168.56.12's password:
apache-tomcat-8.0.46.tar.gz 100% 9134KB 45.9MB/s 00:00
tomcat.sls 100% 561 14.2KB/s 00:00
lamp.sls 100% 1016 1.2MB/s 00:00
apache.sls 100% 123 55.0KB/s 00:00
top.sls 100% 64 10.2KB/s 00:00
zabbix_agentd.conf.bak 100% 7446 689.4KB/s 00:00
zabbix_agentd.conf 100% 7436 6.2MB/s 00:00
zabbix-agent.sls 100% 903 96.9KB/s 00:00
epel-7.repo 100% 664 43.5KB/s 00:00
yum-repo.sls 100% 141 8.9KB/s 00:00
redis-install.sls 100% 50 4.2KB/s 00:00
redis-master.conf 100% 46KB 17.9MB/s 00:00
redis-master.sls 100% 401 577.4KB/s 00:00
redis-install.sls
2.3 同步master秘钥对
[root@linux-node2 pki]# mkdir master -p && chmod 700 master/ #在node2节点上创建master文件并修改权限
[root@linux-node1 master]# scp /etc/salt/pki/master/master.pem master.pub 192.168.56.12:/etc/salt/pki/master/ #在node1上面scp
2.4 重启Master和Minion服务节点,生效Master和Minion配置文件
[root@linux-node2 pki]# systemctl restart salt-minion
2.5 在node2的master节点重新接受一下Minion认证
[root@linux-node2 master]# salt-key #查看发送申请的minon id
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Rejected Keys:
[root@linux-node2 master]# salt-key -A #接受申请,下面输入Y
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [n/Y] Y
Key for minion linux-node1.example.com accepted.
Key for minion linux-node2.example.com accepted.
2.6 在2个Master节点执行命令都可以正常工作
[root@linux-node1 master]# salt '*' test.ping #node1 Master节点
linux-node1.example.com:
True
linux-node2.example.com:
True
[root@linux-node2 master]# salt '*' test.ping #node2 Master节点
linux-node2.example.com:
True
linux-node1.example.com:
True
三、总结
Master配置文件要一样
Master file_root路径及状态文件要一样
Master 公钥和私钥要一样
修改Minion配置中指定Master为列表形式
Master接受的minion_id key要保持同步,增删保持一致
生产环境可以用nginx做多个master的api负载均衡
Master上的key要考虑安全性问题
生产环境的状态文件管理可以用git管理
还可以通过 failover配置多个multiple masters,相对复杂一些
- QQ精品交流群
-
- 微信公众号
-