SaltStack进阶

最新推荐文章于 2024-10-03 08:44:33 发布

koreyoshiiiii

最新推荐文章于 2024-10-03 08:44:33 发布

阅读量69

点赞数

文章标签：运维自动化 apache

本文链接：https://blog.csdn.net/a512153770/article/details/121629799

版权

本文详细介绍了在SaltStack中如何配置masterless模式，以便在网络不稳定或仅有一台主机时，能在minion端直接执行状态。此外，还探讨了salt-master的高可用性设置，包括在多台master之间进行负载均衡。最后，讲解了salt-syndic的部署和优势，以及如何通过syndic实现更复杂的架构，减轻master的负担。

摘要由CSDN通过智能技术生成

masterless

应用场景

master 与 minion 网络不通或通信有延迟，即网络不稳定
想在 minion 端直接执行状态

传统的 SaltStack 是需要通过 master 来执行状态控制 minion 从而实现状态的管理，但是当网络不稳定的时候，当想在minion本地执行状态的时候，当在只有一台主机的时候，想执行状态该怎么办呢？这就需要用到 masterless 了。

有了masterless，即使你只有一台主机，也能玩saltstack，而不需要你有N台主机架构。

masterless配置

修改配置文件minion

注释master行
取消注释file_client并设其值为local
设置file_roots
设置pillar_roots

// 修改配置文件minion
// 注释master行
// 取消注释file_client并设其值为local
// 设置file_roots
// 设置pillar_roots

[root@minion ~]# vim /etc/salt/minion
17 # master: 192.168.147.129

609 file_client: local

626 file_roots:
627   base:
628     - /srv/salt/base

664 pillar_roots:
665   base:
666     - /srv/pillar/base
[root@minion ~]# mkdir -p /srv/{salt,pillar}/base

// 关闭salt-minion服务,使用 masterless 模式时是不需要启动任何服务的，包括salt-master和salt-minion。

[root@minion ~]# systemctl disable --now salt-minion


// salt-call,masterless模式执行模块或状态时需要使用salt-call命令，而不再是salt或者salt-ssh。需要注意的是要使用salt-call的–local选项。

[root@minion ~]# salt-call --local cmd.run 'date'
local:
    Tue Nov 30 12:29:59 CST 2021
[root@minion ~]# salt-call --local state.sls init.history.main
[WARNING ] State for file: /etc/profile - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
local:
----------
          ID: /etc/profile
    Function: file.managed
      Result: True
     Comment: File /etc/profile exists with proper permissions. No changes made.
     Started: 18:18:42.062970
    Duration: 10.034 ms
     Changes:   

Summary for local
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time:  9.264 ms

salt-master高可用

// 安装minion
[root@minion ~]# yum -y install salt-minion
[root@minion ~]# vi /etc/salt/minion
     16 #master: salt
     17 master: 192.168.147.129     ## 添加master端IP
[root@minion ~]# systemctl enable --now salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /usr/lib/systemd/system/salt-minion.service.
[root@minion ~]# tree /etc/salt/pki/
/etc/salt/pki/
├── master
└── minion
    ├── minion.pem
    └── minion.pub

2 directories, 2 files
[root@master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion
Rejected Keys:
[root@master ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
minion
Key for minion minion accepted.
[root@master ~]# salt-key -L
Accepted Keys:
minion
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@master ~]# salt '*' test.ping
minion:
    True

// 安装master2
[root@master2 ~]# yum -y install salt-master
[root@master ~]# scp /etc/salt/pki/master/master.p* 192.168.147.130:/etc/salt/pki/master/
root@192.168.147.130's password: 
master.pem                        100% 1679     2.1MB/s   00:00    
master.pub                        100%  451   905.3KB/s   00:00    
[root@master2 ~]# tree /etc/salt/pki/
/etc/salt/pki/
├── master
│   ├── master.pem
│   └── master.pub
└── minion
[root@master2 ~]# systemctl enable --now salt-master
[root@minion ~]# vim /etc/salt/minion
 16 #master: salt
 17 master: 192.168.147.133     ##把这里的IP修改为master2的IP
 [root@master2 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion
Rejected Keys:
[root@master2 ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
minion
Key for minion minion accepted.
[root@master2 ~]# salt-key -L
Accepted Keys:
minion
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@master2 ~]# salt '*' test.ping
minion:
    True

#salt-syndic分布式架构
salt-syndic架构图

请添加图片描述

salt-syndic的优劣势

优势：

可以通过syndic实现更复杂的salt架构
减轻master的负担

劣势：

syndic的/srv目录下的salt和pillar目录内容要与最顶层的master下的一致，所以要进行数据同步，同步方案同salt-master高可用
最顶层的master不知道自己有几个syndic，它只知道自己有多少个minion，并不知道这些minion是由哪些syndic来管理的

salt-syndic部署

环境说明

主机IP	角色	安装的应用
192.168.147.129	master	salt-master
192.168.147.133	syndic	salt-master salt-syndic
192.168.147.130	minion	salt-minion

安装salt-master与salt-syndic

在192.168.147.133上安装salt-master与salt-syndic，安装前请自行配置yum源

[root@syndic ~]# ls /etc/yum.repos.d/
CentOS-Base.repo       CentOS-fasttrack.repo  CentOS-Vault.repo
CentOS-CR.repo         CentOS-Media.repo      salt.repo
CentOS-Debuginfo.repo  CentOS-Sources.repo
[root@syndic ~]# yum -y install salt-master salt-syndic

配置master

修改master的master配置文件

取消注释order_master
将order_master的值设为True

[root@master ~]# vim /etc/salt/master
1088 order_masters: True    //取消注释，修改值为true
[root@master ~]# systemctl restart salt-master

配置syndic

修改syndic所在主机的master配置文件

取消注释syndic_master
将syndic_master的值设为master的IP

[root@syndic ~]# vim /etc/salt/master
1082 syndic_master: 192.168.147.129
[root@syndic ~]# systemctl enable --now salt-master
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[root@syndic ~]# systemctl enable --now salt-syndic
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-syndic.service to /usr/lib/systemd/system/salt-syndic.service.

配置minion

配置minion，将master指向syndic所在主机
minion1

[root@minion ~]# ls /etc/yum.repos.d/
CentOS-Stream-AppStream.repo         CentOS-Stream-Media.repo
CentOS-Stream-BaseOS.repo            CentOS-Stream-PowerTools.repo
CentOS-Stream-Debuginfo.repo         CentOS-Stream-RealTime.repo
CentOS-Stream-Extras.repo            salt.repo
CentOS-Stream-HighAvailability.repo
[root@minion ~]# yum -y install salt-minion
[root@minion ~]# vim /etc/salt/minion
 17 master: 192.168.147.133    //这里的IP指的是syndic主机的IP
[root@minion ~]# systemctl enable --now salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /usr/lib/systemd/system/salt-minion.service.
[root@minion ~]# tree /etc/salt/pki/
/etc/salt/pki/
├── master
└── minion
    ├── minion.pem
    └── minion.pub

2 directories, 2 files

minion2

[root@minion2 ~]# ls /etc/yum.repos.d/
CentOS-Stream-AppStream.repo         CentOS-Stream-Media.repo
CentOS-Stream-BaseOS.repo            CentOS-Stream-PowerTools.repo
CentOS-Stream-Debuginfo.repo         CentOS-Stream-RealTime.repo
CentOS-Stream-Extras.repo            salt.repo
CentOS-Stream-HighAvailability.repo
[root@minion2 ~]# yum -y install salt-minion
[root@minion2 ~]# vim /etc/salt/minion
 17 master: 192.168.147.133    //这里的IP指的是syndic主机的IP
[root@minion2 ~]# systemctl enable --now salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /usr/lib/systemd/system/salt-minion.service.
[root@minion2 ~]# tree /etc/salt/pki/
/etc/salt/pki/
├── master
└── minion
    ├── minion.pem
    └── minion.pub

2 directories, 2 files

在syndic上接受minion主机的key

// minion主机
[root@syndic ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion
Rejected Keys:
[root@syndic ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
minion
Key for minion minion accepted.
[root@syndic ~]# salt-key -L
Accepted Keys:
minion
Denied Keys:
Unaccepted Keys:
Rejected Keys:

// minion2主机
[root@syndic ~]# salt-key -L
Accepted Keys:
minion
Denied Keys:
Unaccepted Keys:
minion2
Rejected Keys:
[root@syndic ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
minion2
Key for minion minion accepted.
[root@syndic ~]# salt-key -L
Accepted Keys:
minion
minion2
Denied Keys:
Unaccepted Keys:
Rejected Keys:

在master上接受syndic主机的key

[root@master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
syndic
Rejected Keys:
[root@master ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
syndic
Key for minion syndic accepted.
[root@master ~]# salt-key -L
Accepted Keys:
syndic
Denied Keys:
Unaccepted Keys:
Rejected Keys:

在master上执行模块或状态检验有几个minion应答

[root@master ~]# salt '*' test.ping
minion:
    True
minion2:
    True

[root@syndic ~]# vim /etc/salt/master
 677 file_roots:
 678   base:
 679     - /srv/salt/base
 849 pillar_roots:
 850   base:
 851     - /srv/pillar/base
[root@syndic ~]# systemctl restart salt-master salt-syndic

[root@master ~]# scp -r /srv/* 192.168.147.133:/srv/
[root@syndic ~]# tree /srv/salt/base/
/srv/salt/base/
└── init
    ├── basepkg
    │   └── main.sls
    ├── chrony
    │   ├── files
    │   │   └── chrony.conf
    │   └── main.sls
    ├── firewall
    │   └── main.sls
    ├── history
    │   └── main.sls
    ├── kernel
    │   ├── files
    │   │   ├── limits.conf
    │   │   └── sysctl.conf
    │   └── main.sls
    ├── main.sls
    ├── salt-minion
    │   ├── files
    │   │   ├── minion
    │   │   └── multi-minion
    │   └── main.sls
    ├── selinux
    │   ├── files
    │   │   └── config
    │   └── main.sls
    ├── timeout
    │   └── main.sls
    └── yum
        ├── files
        │   ├── centos-7.repo
        │   ├── centos-8.repo
        │   ├── epel-7.repo
        │   ├── epel-8.repo
        │   ├── salt-7.repo
        │   └── salt-8.repo
        └── main.sls

15 directories, 22 files

[root@master ~]# salt '*' test.ping
minion:
    True
minion2:
    True
[root@master ~]# salt 'minion' state.sls init.history.main
minion:
----------
          ID: /etc/profile
    Function: file.managed
      Result: True
     Comment: File /etc/profile exists with proper permissions. No changes made.
     Started: 21:26:28.497745
    Duration: 10.238 ms
     Changes:   

Summary for minion
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time:  10.238 ms