salt-syndic分布式架构
环境说明:
主机 | ip |
---|---|
master | 192.168.10.20 |
syndic | 192.168.10.30 |
minion | 192.168.10.40 |
minion1 | 192.168.10.50 |
syndic端安装salt-master与salt-syndic
[root@syndic ~]# rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
[root@syndic ~]# curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | tee /etc/yum.repos.d/salt.repo
[salt-latest-repo]
name=Salt repo for RHEL/CentOS 8 PY3
baseurl=https://repo.saltproject.io/py3/redhat/8/x86_64/latest
skip_if_unavailable=True
failovermethod=priority
enabled=1
enabled_metadata=1
gpgcheck=1
gpgkey=https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
[root@syndic ~]# yum -y install salt-master salt-syndic
修改master的/etc/salt/master配置文件
[root@master ~]# vim /etc/salt/master
......
# masters' syndic interfaces.
order_masters: True 取消注释改为True
......
[root@master ~]# systemctl restart salt-master
配置syndic的/etc/salt/master配置文件
[root@syndic ~]# vim /etc/salt/master
.....
syndic_master: 192.168.10.20 取消注释,将syndic_master的值设为master的IP
……
[root@syndic ~]# systemctl enable salt-master
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /usr/lib/systemd/system/salt-master.service.
[root@syndic ~]# systemctl enable salt-syndic
Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /usr/lib/systemd/system/salt-syndic.service.
[root@syndic ~]# systemctl restart salt-master
[root@syndic ~]# systemctl restart salt-syndic
配置minion
配置minion,将master指向syndic所在主机
[root@minion1 ~]# vim /etc/salt/minion
......
master: 192.168.10.30
......
[root@minion1 ~]# systemctl restart salt-minion
[root@minion1 ~]# systemctl enable salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /usr/lib/systemd/system/salt-minion.service.
在syndic上接受minion主机的key
[root@syndic ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion
minion1
Rejected Keys:
[root@syndic ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
minion
minion1
Proceed? [n/Y] y
Key for minion minion accepted.
Key for minion minion1 accepted.
[root@syndic ~]# salt-key -L
Accepted Keys:
minion
minion1
Denied Keys:
Unaccepted Keys:
Rejected Keys:
在master上接受syndic主机的key
[root@master ~]# salt-key -ya syndic
The following keys are going to be accepted:
Unaccepted Keys:
syndic
Key for minion syndic accepted.
[root@master ~]# salt-key -L
Accepted Keys:
syndic
Denied Keys:
Unaccepted Keys:
master
Rejected Keys:
在master上检验有几个minion应答
[root@master ~]# salt '*' test.ping
minion1:
True
minion:
True