一、实验环境:

1、salt版本:

[root@master master]# salt --versions-report

           Salt: 2015.5.10

         Python: 2.7.5 (default, Nov  6 2016, 00:28:07)

         Jinja2: 2.7.2

       M2Crypto: 0.21.1

 msgpack-python: 0.4.8

   msgpack-pure: Not Installed

       pycrypto: 2.6.1

        libnacl: Not Installed

         PyYAML: 3.10

          ioflo: Not Installed

          PyZMQ: 14.3.1

           RAET: Not Installed

            ZMQ: 3.2.5

           Mako: Not Installed

        Tornado: Not Installed

        timelib: Not Installed

       dateutil: Not Installed

2、系统版本:

[root@master master]# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

二、Salt搭建主备master

1、安装新的master server

2、copy master keys到新的master对应的目录(master.pem和master.pub)

3、启动新的master进程

4、配置minions配置文件

5、Restart minions

6、在新的master上accept keys

7、测试两个salt-master对salt-minion的test.ping

[root@master master]# salt -L 192.168.163.13 test.ping

192.168.163.13:

    True

[root@standby minions]# salt -L 192.168.163.13 test.ping

192.168.163.13:

    True
备注:
配置multi-master主要的问题是:每一个master使用相同的private key. Private key在master第一次启动时自动生成的(注意:配置multi-master时,一定要在启动新master前将老master的private key copy到对应目录)。
 
修改minion配置文件:
master
  -saltmaster1.example.com
  -saltmaster2.example.com
 
三、遇到的问题:
1、在minion端进行salt-call测试的时候(前提条件将主master stop),发现:
[root@standby salt]# salt-call test.ping

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 1 of 4)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 2 of 4)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 3 of 4)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 4 of 4)

[WARNING ] Attempted to authenticate with master 192.168.199.39 and failed

[WARNING ] Master ip address changed from 192.168.199.39 to 192.168.163.13

local:

    True

----以上测试结果是将minion中的auth_tries修改为4,默认值为7.

将值改成3次,并关闭主备master的测试结果:

[root@standby minion]# salt-call test.ping

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 1 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 2 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 3 of 3)

[WARNING ] Attempted to authenticate with master 192.168.199.39 and failed

[WARNING ] Master ip address changed from 192.168.199.39 to 192.168.163.13

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 1 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 2 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 3 of 3)

[WARNING ] Attempted to authenticate with master 192.168.163.13 and failed

[ERROR   ] An un-handled exception was caught by salt's global exception handler:

AttributeError: 'SMinion' object has no attribute 'functions'

Traceback (most recent call last):

  File "/usr/bin/salt-call", line 11, in <module>

    salt_call()

  File "/usr/lib/python2.7/site-packages/salt/scripts.py", line 227, in salt_call

    client.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/call.py", line 71, in run

    caller.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 236, in run

    ret = self.call()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 107, in call

    if fun not in self.minion.functions:

AttributeError: 'SMinion' object has no attribute 'functions'

Traceback (most recent call last):

  File "/usr/bin/salt-call", line 11, in <module>

    salt_call()

  File "/usr/lib/python2.7/site-packages/salt/scripts.py", line 227, in salt_call

    client.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/call.py", line 71, in run

    caller.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 236, in run

    ret = self.call()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 107, in call

    if fun not in self.minion.functions:

AttributeError: 'SMinion' object has no attribute 'functions'
2、master数据共享问题:
masters之间并不会共享信息,public keys需要在每台master上accept,文件共享需要手工完成,或者使用类似git工具确保file_roots目录文件一致。
具体需要同步的目录有:
Minion keys:
  • /etc/salt/pki/master/minions
  • /etc/salt/pki/master/minions_pre
  • /etc/salt/pki/master/minions_rejected
备注:直接共享/etc/salt/master目录是强烈反对的。允许外部访问master.pem key将带来严重的安全风险。
 
4、minion keys可以参考使用:
  方案一:
    */10 * * * * rsync -av --progress --delete --timeout=30 root@192.168.199.39:/etc/salt/pki/master/minions/ /etc/salt/pki/master/minions/
  方案二:修改salt-key的源代码:
    当主master有accept的时候同步给备master,在配置文件中配置备机IP,只有两边同步成功了才算成功;
    删除minion的时候只用通过salt-key -d的方式删除,或者配合rsync的方式,防止通过rm的方式删除minion。
 
5、file_roots和pillar_roots等文件可以放在git上。
 
需要提及的是,本实验的salt版本需要修改minion.py文件:
因为minion注册的时候会先往IP小的机器注册,而无法按你指定的IP顺序注册。
修改代码如下:
从minion.py代码中查看得到for master in set(self.opts['master']):中
class MultiMinion(MinionBase):

    '''

    Create a multi minion interface, this creates as many minions as are

    defined in the master option and binds each minion object to a respective

    master.

    '''

    # timeout for one of the minions to auth with a master

    MINION_CONNECT_TIMEOUT = 5

    def __init__(self, opts):

        super(MultiMinion, self).__init__(opts)

    def minions(self):

        '''

        Return a dict of minion generators bound to the tune_in method

        dict of master -> minion_mapping, the mapping contains:

            opts: options used to create the minion

            last: last auth attempt time

            auth_wait: time to wait for next auth attempt

            minion: minion object

            generator: generator function (non-blocking tune_in)

        '''

        if not isinstance(self.opts['master'], list):

            log.error(

                'Attempting to start a multimaster system with one master')

            sys.exit(salt.defaults.exitcodes.EX_GENERIC)

        ret = {}

        #在这里对master进行了一个排序

        for master in self.opts['master']:

        # for master in set(self.opts['master']):

            s_opts = copy.deepcopy(self.opts)

            s_opts['master'] = master

            s_opts['multimaster'] = True

            ret[master] = {'opts': s_opts,

                           'last': time.time(),

                           'auth_wait': s_opts['acceptance_wait_time']}

            try:

                minion = Minion(

                        s_opts,

                        self.MINION_CONNECT_TIMEOUT,

                        False,

                        'salt.loader.{0}'.format(master))

                ret[master]['minion'] = minion

                ret[master]['generator'] = minion.tune_in_no_block()

            except SaltClientError as exc:

                log.error('Error while bringing up minion for multi-master. Is master at {0} responding?'.format(master))

        return ret

Saltstack之multi-master的更多相关文章

  1. SaltStack之无Master和多Master(九)

    SaltStack之无Master和多Master Masterless架构,无Master 实现方式: 1)关闭minion进程 2)修改配置文件 vi /etc/salt/minion file_ ...

  2. 【SaltStack】通过Master给Minion安装MySQL

    一.IP信息说明 [Master] IP: 192.168.236.100 [Minion] IP: 192.168.236.101 二.配置SaltStack 关于SaltStack Master和 ...

  3. 【SaltStack】在Master上给Minion端安装zabbix

    一.IP信息说明 [Master] IP: 192.168.236.100 [Minion] IP: 192.168.236.101 二.配置SaltStack 关于SaltStack Master和 ...

  4. [SaltStack] salt-minion启动流程

    SaltStack源码阅读 前面理了下salt-master的启动流程, 这次来看看salt-minion的启动流程. 启动salt-minion方法: /etc/init.d/salt-minion ...

  5. saltstack手册(含官方pdf)

    官方手册 https://docs.saltstack.com/en/pdf/Salt-2019.2.1.pdf 快速入门 SALTSTACK是什么? Salt是一种和以往不同的基础设施管理方法,它是 ...

  6. 菜鸟玩云计算之廿二: saltstack 配置

    菜鸟玩云计算之廿二: saltstack 配置 要求环境: RHEL6.4+ >=Python2.6.6, < Python 3.0 关闭salt-master/minion服务:   # ...

  7. SaltStack说明文档

    SaltStack说明文档 master安装 # 安装 yum -y install salt-master salt-minion salt-ssh # 启动 systemctl start sal ...

  8. 自动化运维之Saltstack

    第三十八课 自动化运维之Saltstack 目录 一.自动化运维介绍 二. saltstack安装 三. 启动saltstack服务 四. saltstack配置认证 五. saltstack远程执行 ...

  9. centos7安装saltstack

    环境是Cenos7 saltstack-master:192.168.0.140 saltstack-minion:192.168.0.141 安装epel yum源 yum -y install e ...

  10. saltstack的封装和内网使用

    0.客户端使用 linux:把linux的ragent文件夹拷贝到内网linux /opt目录下,运行初始化脚本 salt服务端:# @Master:"/opt/ragent/python/ ...

随机推荐

  1. [不好分类]SD卡无法读取,显示RAW

    上周同事拿来了一个8G的SD卡,插入读卡器后显示“需要格式化”.无法读取.文件格式处显示“RAW”,磁盘大小显示0字节. 处理步骤如下: 1.按照提示,格式化,选择“快速格式化”. 2.采用数据恢复软 ...

  2. ExtJS笔记 Field

    Fields are used to define what a Model is. They aren't instantiated directly - instead, when we crea ...

  3. 总结-computer

    常见问题 1.任务栏位置:%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar 2.锁定到任务栏的图标不见了: ...

  4. ThinPHP基础

    注:约定([书写]规则)胜于配置 *测试连接是否成功:localhost/tp/index.php1.localhost/tp/index.php(入口文件)/Home(模块名)/Index(控制器名 ...

  5. 接口测试之基于LoadRunner的一个简单示例

    这几天一直在捣鼓接口测试,以下总结一下: 1.什么是接口测试:接口是指系统模块与模块之间或者系统与系统之间进行交互,一般我们用的多的是HTTP协议的接口.WebService协议的接口.还有RPC(R ...

  6. [原创]解决net-speeder与pptp不兼容的问题

    解决net-speeder与pptp不兼容的问题 终于受不了很多玩意儿都被墙了,每次FQ费半天劲,浪费时间,于是在搬瓦工搞了个VPS,年付19美元,挺便宜的,赶紧的VPN搭起,优化走起. VPN搭建很 ...

  7. linux io stack

  8. C# 与数据库中字段类型 Int16(short), Int32(int), Int64(long)的取值范围、区别 。string长度

    一开始看到Int16, Int32, Int64这三种类型就觉得有点怪, 为什么要整个数字结尾的, 挺怪的. 昨天互相想到, ms这么干就是想让大家一眼就知道这个数据类型占多大空间吧. Int8, 等 ...

  9. SqlServer数据库空间使用情况常用命令

    --最简单的办法就是使用SSM客户端,报表查看 --查询数据文件的空间情况 dbcc showfilestats --查询日志文件的空间情况 dbcc sqlperf(logspace) --查询te ...

  10. Scala:没有continue,break怎么办?

    scala自身是没有continue,break这两个语法关键词的. 但是实际上我们还是很希望有这两个语法,那么我们是否可以自己实现呢? 从官网上搜索,我们可以找到一下关于break的类相关资料: B ...