一、实验环境:

1、salt版本:

[root@master master]# salt --versions-report

           Salt: 2015.5.10

         Python: 2.7.5 (default, Nov  6 2016, 00:28:07)

         Jinja2: 2.7.2

       M2Crypto: 0.21.1

 msgpack-python: 0.4.8

   msgpack-pure: Not Installed

       pycrypto: 2.6.1

        libnacl: Not Installed

         PyYAML: 3.10

          ioflo: Not Installed

          PyZMQ: 14.3.1

           RAET: Not Installed

            ZMQ: 3.2.5

           Mako: Not Installed

        Tornado: Not Installed

        timelib: Not Installed

       dateutil: Not Installed

2、系统版本:

[root@master master]# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

二、Salt搭建主备master

1、安装新的master server

2、copy master keys到新的master对应的目录(master.pem和master.pub)

3、启动新的master进程

4、配置minions配置文件

5、Restart minions

6、在新的master上accept keys

7、测试两个salt-master对salt-minion的test.ping

[root@master master]# salt -L 192.168.163.13 test.ping

192.168.163.13:

    True

[root@standby minions]# salt -L 192.168.163.13 test.ping

192.168.163.13:

    True
备注:
配置multi-master主要的问题是:每一个master使用相同的private key. Private key在master第一次启动时自动生成的(注意:配置multi-master时,一定要在启动新master前将老master的private key copy到对应目录)。
 
修改minion配置文件:
master
  -saltmaster1.example.com
  -saltmaster2.example.com
 
三、遇到的问题:
1、在minion端进行salt-call测试的时候(前提条件将主master stop),发现:
[root@standby salt]# salt-call test.ping

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 1 of 4)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 2 of 4)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 3 of 4)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 4 of 4)

[WARNING ] Attempted to authenticate with master 192.168.199.39 and failed

[WARNING ] Master ip address changed from 192.168.199.39 to 192.168.163.13

local:

    True

----以上测试结果是将minion中的auth_tries修改为4,默认值为7.

将值改成3次,并关闭主备master的测试结果:

[root@standby minion]# salt-call test.ping

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 1 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 2 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 3 of 3)

[WARNING ] Attempted to authenticate with master 192.168.199.39 and failed

[WARNING ] Master ip address changed from 192.168.199.39 to 192.168.163.13

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 1 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 2 of 3)

[INFO    ] SaltReqTimeoutError: after 60 seconds. (Try 3 of 3)

[WARNING ] Attempted to authenticate with master 192.168.163.13 and failed

[ERROR   ] An un-handled exception was caught by salt's global exception handler:

AttributeError: 'SMinion' object has no attribute 'functions'

Traceback (most recent call last):

  File "/usr/bin/salt-call", line 11, in <module>

    salt_call()

  File "/usr/lib/python2.7/site-packages/salt/scripts.py", line 227, in salt_call

    client.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/call.py", line 71, in run

    caller.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 236, in run

    ret = self.call()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 107, in call

    if fun not in self.minion.functions:

AttributeError: 'SMinion' object has no attribute 'functions'

Traceback (most recent call last):

  File "/usr/bin/salt-call", line 11, in <module>

    salt_call()

  File "/usr/lib/python2.7/site-packages/salt/scripts.py", line 227, in salt_call

    client.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/call.py", line 71, in run

    caller.run()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 236, in run

    ret = self.call()

  File "/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 107, in call

    if fun not in self.minion.functions:

AttributeError: 'SMinion' object has no attribute 'functions'
2、master数据共享问题:
masters之间并不会共享信息,public keys需要在每台master上accept,文件共享需要手工完成,或者使用类似git工具确保file_roots目录文件一致。
具体需要同步的目录有:
Minion keys:
  • /etc/salt/pki/master/minions
  • /etc/salt/pki/master/minions_pre
  • /etc/salt/pki/master/minions_rejected
备注:直接共享/etc/salt/master目录是强烈反对的。允许外部访问master.pem key将带来严重的安全风险。
 
4、minion keys可以参考使用:
  方案一:
    */10 * * * * rsync -av --progress --delete --timeout=30 root@192.168.199.39:/etc/salt/pki/master/minions/ /etc/salt/pki/master/minions/
  方案二:修改salt-key的源代码:
    当主master有accept的时候同步给备master,在配置文件中配置备机IP,只有两边同步成功了才算成功;
    删除minion的时候只用通过salt-key -d的方式删除,或者配合rsync的方式,防止通过rm的方式删除minion。
 
5、file_roots和pillar_roots等文件可以放在git上。
 
需要提及的是,本实验的salt版本需要修改minion.py文件:
因为minion注册的时候会先往IP小的机器注册,而无法按你指定的IP顺序注册。
修改代码如下:
从minion.py代码中查看得到for master in set(self.opts['master']):中
class MultiMinion(MinionBase):

    '''

    Create a multi minion interface, this creates as many minions as are

    defined in the master option and binds each minion object to a respective

    master.

    '''

    # timeout for one of the minions to auth with a master

    MINION_CONNECT_TIMEOUT = 5

    def __init__(self, opts):

        super(MultiMinion, self).__init__(opts)

    def minions(self):

        '''

        Return a dict of minion generators bound to the tune_in method

        dict of master -> minion_mapping, the mapping contains:

            opts: options used to create the minion

            last: last auth attempt time

            auth_wait: time to wait for next auth attempt

            minion: minion object

            generator: generator function (non-blocking tune_in)

        '''

        if not isinstance(self.opts['master'], list):

            log.error(

                'Attempting to start a multimaster system with one master')

            sys.exit(salt.defaults.exitcodes.EX_GENERIC)

        ret = {}

        #在这里对master进行了一个排序

        for master in self.opts['master']:

        # for master in set(self.opts['master']):

            s_opts = copy.deepcopy(self.opts)

            s_opts['master'] = master

            s_opts['multimaster'] = True

            ret[master] = {'opts': s_opts,

                           'last': time.time(),

                           'auth_wait': s_opts['acceptance_wait_time']}

            try:

                minion = Minion(

                        s_opts,

                        self.MINION_CONNECT_TIMEOUT,

                        False,

                        'salt.loader.{0}'.format(master))

                ret[master]['minion'] = minion

                ret[master]['generator'] = minion.tune_in_no_block()

            except SaltClientError as exc:

                log.error('Error while bringing up minion for multi-master. Is master at {0} responding?'.format(master))

        return ret

Saltstack之multi-master的更多相关文章

  1. SaltStack之无Master和多Master(九)

    SaltStack之无Master和多Master Masterless架构,无Master 实现方式: 1)关闭minion进程 2)修改配置文件 vi /etc/salt/minion file_ ...

  2. 【SaltStack】通过Master给Minion安装MySQL

    一.IP信息说明 [Master] IP: 192.168.236.100 [Minion] IP: 192.168.236.101 二.配置SaltStack 关于SaltStack Master和 ...

  3. 【SaltStack】在Master上给Minion端安装zabbix

    一.IP信息说明 [Master] IP: 192.168.236.100 [Minion] IP: 192.168.236.101 二.配置SaltStack 关于SaltStack Master和 ...

  4. [SaltStack] salt-minion启动流程

    SaltStack源码阅读 前面理了下salt-master的启动流程, 这次来看看salt-minion的启动流程. 启动salt-minion方法: /etc/init.d/salt-minion ...

  5. saltstack手册(含官方pdf)

    官方手册 https://docs.saltstack.com/en/pdf/Salt-2019.2.1.pdf 快速入门 SALTSTACK是什么? Salt是一种和以往不同的基础设施管理方法,它是 ...

  6. 菜鸟玩云计算之廿二: saltstack 配置

    菜鸟玩云计算之廿二: saltstack 配置 要求环境: RHEL6.4+ >=Python2.6.6, < Python 3.0 关闭salt-master/minion服务:   # ...

  7. SaltStack说明文档

    SaltStack说明文档 master安装 # 安装 yum -y install salt-master salt-minion salt-ssh # 启动 systemctl start sal ...

  8. 自动化运维之Saltstack

    第三十八课 自动化运维之Saltstack 目录 一.自动化运维介绍 二. saltstack安装 三. 启动saltstack服务 四. saltstack配置认证 五. saltstack远程执行 ...

  9. centos7安装saltstack

    环境是Cenos7 saltstack-master:192.168.0.140 saltstack-minion:192.168.0.141 安装epel yum源 yum -y install e ...

  10. saltstack的封装和内网使用

    0.客户端使用 linux:把linux的ragent文件夹拷贝到内网linux /opt目录下,运行初始化脚本 salt服务端:# @Master:"/opt/ragent/python/ ...

随机推荐

  1. insert操作卡死的处理过程

    insert操作卡死的处理过程 先看看insert为什么被卡死 SQL> select sql_id from v$sql where sql_text like 'delete from st ...

  2. 为什么匿名内部类的参数必须为finalhttp://feiyeguohai.iteye.com/blog/1500108

    1)  从程序设计语言的理论上:局部内部类(即:定义在方法中的内部类),由于本身就是在方法内部(可出现在形式参数定义处或者方法体处),因而访问方法中的局部变量(形式参数或局部变量)是天经地义的.是很自 ...

  3. AI PRO I 第4章

    Behavior Selection Algorithms An Overview Michael Dawe, Steve Gargolinski, Luke Dicken, Troy Humphre ...

  4. Thinking in Java——笔记(15)

    Generics The term "generic" means "pertaining or appropriate to large groups of class ...

  5. 读懂UI设计的心理学

    好文转载,版权归原作者 作为UI设计师,对待用户就像对待婴儿,知道如何通过界面设计诱导用户非常重要,这就需要了解心理学方面的知识了.今天分享一篇日本设计师的好文,结合心理学与设计,教你读懂心理学,提高 ...

  6. json转bean对象

    一下为个人收藏,以便下次使用. 前端传的json格式为: [{"suppliercode":"gylhld_gycqlt3_gycqlt1","pro ...

  7. Quoit Design---hdu1007(最近点对问题 分治法)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=1007 题意:给你n(2<=n<=10^6)个点的坐标,然后找到两个点使得他们之间的距离最小 ...

  8. 移动端的传统click事件延迟和点透现象

    一.场景描述: 1.A/B两个层上下z轴重叠. 2.上层的A点击后消失或移开.(这一点很重要) 3.B元素本身有默认click事件(如a标签) 或 B绑定了click事件. 在以上情况下,点击A/B重 ...

  9. 给div加上背景图片

    <div class="panel-body" style="background:url('pages/upload/brief/img/bg.jpg');bac ...

  10. php常用关键字

    1.final关键字 <?php //final关键字修饰的类 是最终的类不能被继承 class demo{ //final关键字修饰的成员方法 是最终版本的方法不能被重写 final publ ...