SaltStack分布式架构
salt-syndic的优劣势
优势:
- 可以通过syndic实现更复杂的salt架构
- 减轻master的负担
劣势:
salt-syndic部署
环境
主机IP | 主机名 | 安装的应用 |
---|
192.168.136.132 | Master | salt-master | 192.168.136.133 | Syndic | salt-master salt-syndic | 192.168.136.134 | Minion1 | salt-minion | 192.168.136.135 | Minion2 | salt-minion |
关闭防火墙
[root@master ~]# systemctl stop firewalld.service
[root@master ~]# setenforce 0
#四个同
配置master
-
取消注释order_master -
将order_master的值设为True [root@master ~]# vim /etc/salt/master
# Set the order_masters setting to True if this master will command lower
# masters' syndic interfaces.
#order_masters: False #在下面加一行另外写,或者取消注释改为True
order_masters: True
[root@master ~]# systemctl enable salt-master
[root@master ~]# systemctl restart salt-master
配置syndic 修改syndic所在主机的master配置文件 取消注释syndic_master 将syndic_master的值设为master的IP
[root@syndic ~]# yum -y install salt-master salt-syndic #如果装过了就不用了
[root@syndic ~]# vim /etc/salt/master
# If this master will be running a salt syndic daemon, syndic_master tells
# this master where to receive commands from.
#syndic_master: masterofmasters #在下面加一行另外写,或者取消注释改为IP
syndic_master: 192.168.136.132
[root@syndic ~]# systemctl enable salt-master
[root@syndic ~]# systemctl enable salt-syndic
[root@syndic ~]# systemctl restart salt-master
[root@syndic ~]# systemctl restart salt-syndic
配置minion
[root@minion1 ~]# vim /etc/salt/minion
# resolved, then the minion will fail to start.
#master: salt
master: 192.168.136.133
[root@minion2 ~]# vim /etc/salt/minion
# resolved, then the minion will fail to start.
#master: salt
master: 192.168.136.133
[root@minion1 ~]# systemctl start salt-minion.service
[root@minion1 ~]# systemctl enable salt-minion.service
[root@minion2 ~]# systemctl start salt-minion.service
[root@minion2 ~]# systemctl enable salt-minion.service
在所有minion上做同样的操作
设置minion配置文件中的id参数
指向minion自身的ip地址或主机名
syndic上接受minion主机的key
[root@syndic ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion1
minion2
Rejected Keys:
[root@syndic ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
minion1
minion2
Key for minion minion1 accepted.
Key for minion minion2 accepted.
[root@syndic ~]# salt-key -L
Accepted Keys:
minion1
minion2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
master上接受syndic主机的key
[root@master ~]
Accepted Keys:
Denied Keys:
Unaccepted Keys:
syndic
Rejected Keys:
[root@master ~]
The following keys are going to be accepted:
Unaccepted Keys:
syndic
Key for minion syndic accepted.
[root@master ~]
Accepted Keys:
syndic
Denied Keys:
Unaccepted Keys:
Rejected Keys:
master上执行模块或状态检验有几个minion应答
[root@master ~]# salt '*' test.ping
minion2:
True
minion1:
True
[root@master ~]# salt '*' cmd.run 'date'
minion2:
Thu Jul 22 07:01:28 EDT 2021
minion1:
Thu Jul 22 07:01:28 EDT 2021
True
minion1:
True
[root@master ~]# salt '*' cmd.run 'date'
minion2:
Thu Jul 22 07:01:28 EDT 2021
minion1:
Thu Jul 22 07:01:28 EDT 2021
|