Salt-Syndic
理论介绍一个基本的salt配置方式是一个master指挥一群minion,为了不再有假设使用任何单一拓扑结构,考虑多种布局的情况下,主控master可以控制一群master,通过syndic将操作命令传输给受控master,受控master来完成对自己旗下minion的管理,并将结果传回主控master,从而实现了主控master对所有minion的间接管理。
注意:
Syndic上得master配置文件里得file_roots,pillar_roots与主master一致
Syndic 必须运行在master上,并且连接到另一个master(比他更高级)
syndic有点类似于代理,本质上对与主master来说还是minion
数据走向 主master-------syndic-----syndic-master---------minion
salt-minion--------syndic--------主master
实验结构图:
主机说明:
Host IP salt类型
node1192.168.10.129 salt-master
node2192.168.10.128 salt-syndic(salt-master)
node1192.168.10.129 salt-minion
node2192.168.10.128 salt-minion
编辑主master配置文件以支持syndic
1
2
3
# vim /etc/salt/master
order_masters: True
# /etc/init.d/salt-master restart
编辑syndic上的master
1
2
3
4
5
# yum install -y salt-master salt-syndic
# vim /etc/salt/master
syndic_master: 192.168.10.129 #指定主master地址
# /etc/init.d/salt-master start
# /etc/init.d/salt-syndic start
由于之前搭过master-minion的环境,现在将其key删除(没有的搭过的可以跳过这步)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# /etc/init.d/salt-minion stop
# /etc/init.d/salt-minion stop
# salt-key -D
The following keys are going to be deleted:
Accepted Keys:
node1
node2
Proceed? y
Key for minion node1 deleted.
Key for minion node2 deleted.
# salt-key
# cd /etc/salt/pki/minion/
# ll
total 12
-rw-r--r--. 1 root root451 Aug 22 20:22 minion_master.pub
-r--------. 1 root root 1679 Aug 22 20:21 minion.pem
-rw-r--r--. 1 root root451 Aug 22 20:21 minion.pub
# rm -rf ./*
# cd /etc/salt/pki/minion/
# ll
total 16
-rw-r--r--. 1 root root451 Aug 22 20:22 minion_master.pub
-r--------. 1 root root 1675 Aug 22 20:21 minion.pem
-rw-r--r--. 1 root root451 Aug 22 20:21 minion.pub
-rw-r--r--. 1 root root451 Aug 23 02:15 syndic_master.pub
# rm -rf ./*
给minion指定master(这里指定的是syndic)
1
2
3
4
5
6
# vim /etc/salt/minion
master: 192.168.10.128
# vim /etc/salt/minion
master: 192.168.10.128
# /etc/init.d/salt-minion start
# /etc/init.d/salt-minion start
通过key建立minion和master的联系
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
node1 #syndic接收node1上的minion的key
node2 #syndic接收node2上的minion的key
Proceed? y
Key for minion node1 accepted.
Key for minion node2 accepted.
# salt-key -L
Accepted Keys:
node1
node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
1
2
3
4
5
6
7
8
9
10
11
12
13
# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
node2 #接收node2syndic的key
Proceed? y
Key for minion node2 accepted.
# salt-key -L
Accepted Keys:
node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[iyunv@node1 salt
主master和syndic-master都管理两个minion
1
2
3
4
5
6
7
8
9
10
11
# salt '*' test.ping
node1:
True
node2:
True
# salt '*' test.ping
node1:
True
node2:
True
页:
[1]