SaltStack分布式架构
salt-syndic的优劣势
优势:
- 可以通过syndic实现更复杂的salt架构
- 减轻master的负担
劣势:
-
syndic的/srv目录下的salt和pillar目录内容要与最顶层的master下的一致,所以要进行数据同步,同步方案同salt-master高可用
-
最顶层的master不知道自己有几个syndic,它只知道自己有多少个minion,并不知道这些minion是由哪些syndic来管理的
salt-syndic部署
环境
| 主机IP | 主机名 | 安装的应用 |
|---|---|---|
| 192.168.136.132 | Master | salt-master |
| 192.168.136.133 | Syndic | salt-master salt-syndic |
| 192.168.136.134 | Minion1 | salt-minion |
| 192.168.136.135 | Minion2 | salt-minion |
关闭防火墙
[root@master ~]# systemctl stop firewalld.service
[root@master ~]# setenforce 0
#四个同
配置master
-
取消注释order_master
-
将order_master的值设为True
[root@master ~]# vim /etc/salt/master # Set the order_masters setting to True if this master will command lower # masters' syndic interfaces. #order_masters: False #在下面加一行另外写,或者取消注释改为True order_masters: True [root@master ~]# systemctl enable salt-master [root@master ~]# systemctl restart salt-master配置syndic
修改syndic所在主机的master配置文件
取消注释syndic_master
将syndic_master的值设为master的IP
[root@syndic ~]# yum -y install salt-master salt-syndic #如果装过了就不用了
[root@syndic ~]# vim /etc/salt/master
# If this master will be running a salt syndic daemon, syndic_master tells
# this master where to receive commands from.
#syndic_master: masterofmasters #在下面加一行另外写,或者取消注释改为IP
syndic_master: 192.168.136.132
[root@syndic ~]# systemctl enable salt-master
[root@syndic ~]# systemctl enable salt-syndic
[root@syndic ~]# systemctl restart salt-master
[root@syndic ~]# systemctl restart salt-syndic
配置minion
[root@minion1 ~]# vim /etc/salt/minion
# resolved, then the minion will fail to start.
#master: salt
master: 192.168.136.133
[root@minion2 ~]# vim /etc/salt/minion
# resolved, then the minion will fail to start.
#master: salt
master: 192.168.136.133
[root@minion1 ~]# systemctl start salt-minion.service
[root@minion1 ~]# systemctl enable salt-minion.service
[root@minion2 ~]# systemctl start salt-minion.service
[root@minion2 ~]# systemctl enable salt-minion.service
在所有minion上做同样的操作
设置minion配置文件中的id参数
指向minion自身的ip地址或主机名
syndic上接受minion主机的key
[root@syndic ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion1
minion2
Rejected Keys:
[root@syndic ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
minion1
minion2
Key for minion minion1 accepted.
Key for minion minion2 accepted.
[root@syndic ~]# salt-key -L
Accepted Keys:
minion1
minion2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
master上接受syndic主机的key
[root@master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
syndic
Rejected Keys:
[root@master ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
syndic
Key for minion syndic accepted.
[root@master ~]# salt-key -L
Accepted Keys:
syndic
Denied Keys:
Unaccepted Keys:
Rejected Keys:
master上执行模块或状态检验有几个minion应答
[root@master ~]# salt '*' test.ping
minion2:
True
minion1:
True
[root@master ~]# salt '*' cmd.run 'date'
minion2:
Thu Jul 22 07:01:28 EDT 2021
minion1:
Thu Jul 22 07:01:28 EDT 2021
True
minion1:
True
[root@master ~]# salt '*' cmd.run 'date'
minion2:
Thu Jul 22 07:01:28 EDT 2021
minion1:
Thu Jul 22 07:01:28 EDT 2021