salt-syndic分布式架构

在你书包里拉屎

于 2021-11-30 21:25:05 发布

阅读量103

点赞数

文章标签：运维 saltstack

在你书包里拉屎的博客

本文链接：https://blog.csdn.net/hellolcr/article/details/121643221

版权

salt-syndic分布式架构

文章目录

salt-syndic分布式架构

salt-syndic架构图

salt-syndic的优劣势

优势：

可以通过syndic实现更复杂的salt架构
减轻master的负担

劣势：

syndic的/srv目录下的salt和pillar目录内容要与最顶层的master下的一致，所以要进行数据同步，同步方案同salt-master高可用
最顶层的master不知道自己有几个syndic，它只知道自己有多少个minion，并不知道这些minion是由哪些syndic来管理的

salt-syndic部署

环境说明

主机IP	角色	安装的应用
192.168.240.50	Master	salt-master
192.168.240.30	Syndic	salt-master salt-syndic
192.168.240.60	syndic2	salt-master salt-syndic
192.168.240.40	node1	salt-minion
192.168.240.70	node2	salt-minion

安装salt-master与salt-syndic

在192.168.240.60与192.168.240.40上安装salt-master与salt-syndic，安装前请自行配置yum源

[root@syndic ~]# yum -y install salt-master salt-syndic

[root@syndic2 ~]# yum -y install salt-master salt-syndic

配置master

修改master的master配置文件

取消注释order_master
将order_master的值设为True

[root@master ~]# vim /etc/salt/master
····省略部分·····
# Set the order_masters setting to True if this master will command lower
# masters' syndic interfaces.
order_masters: true    #取消注释，并将值设置为true
····省略部分·····

#重启并设置为开机自启
[root@master ~]# systemctl restart salt-master.service
[root@master ~]# systemctl enable salt-master.service

配置syndic

修改syndic所在主机的master配置文件

取消注释syndic_master
将syndic_master的值设为master的IP

#syndic1
[root@syndic1 ~]# vim /etc/salt/master
····省略部分·····
# If this master will be running a salt syndic daemon, syndic_master tells
# this master where to receive commands from.
syndic_master: 192.168.240.50   #取消注释，并将值设置为master的IP
····省略部分·····

#重启服务并设置开机自启
[root@syndic1 ~]# systemctl enable salt-master.service 
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /usr/lib/systemd/system/salt-master.service.
[root@syndic1 ~]# systemctl enable salt-syndic.service 
Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /usr/lib/systemd/system/salt-syndic.service.
[root@syndic1 ~]# systemctl restart salt-master.service 
[root@syndic1 ~]# systemctl restart salt-syndic.service 


#syndic2
[root@syndic2 ~]# vim /etc/salt/master
····省略部分·····
# If this master will be running a salt syndic daemon, syndic_master tells
# this master where to receive commands from.
syndic_master: 192.168.240.50
····省略部分·····

[root@syndic2 ~]# systemctl enable salt-master.service 
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /usr/lib/systemd/system/salt-master.service.
[root@syndic2 ~]# systemctl enable salt-syndic.service 
Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /usr/lib/systemd/system/salt-syndic.service.
[root@syndic2 ~]# systemctl restart salt-master.service 
[root@syndic2 ~]# systemctl restart salt-syndic.service

配置minion

配置minion，将master指向syndic所在主机

#node1
[root@node1 ~]# vim /etc/salt/minion
····省略部分·····
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
#master: salt
master: 192.168.240.30 #添加syndic1的IP
····省略部分·····

#重启并设置开机自启
[root@node1 ~]# systemctl restart salt-minion.service 
[root@node1 ~]# systemctl enable salt-minion.service


#node2
[root@nide2 ~]# vim /etc/salt/minion
····省略部分·····
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
#master: salt
master: 192.168.240.60
····省略部分·····

#重启并设置开机自启
[root@nide2 ~]# systemctl restart salt-minion.service 
[root@nide2 ~]# systemctl enable salt-minion.service

在所有minion上做同样的操作，注意，要设置minion配置文件中的id参数，指向minion自身的ip地址或主机名，必须能够唯一标识minion本机。

在syndic上接受minion主机的key

#syndic1
[root@syndic1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
node1
Rejected Keys:
[root@syndic1 ~]# salt-key -a node1
The following keys are going to be accepted:
Unaccepted Keys:
node1
Proceed? [n/Y] Y
Key for minion node1 accepted.
[root@syndic1 ~]# salt-key -L
Accepted Keys:
node1
Denied Keys:
Unaccepted Keys:
Rejected Keys:

#dyndic2
[root@syndic2 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
node2
Rejected Keys:
[root@syndic2 ~]# salt-key -a node2
The following keys are going to be accepted:
Unaccepted Keys:
node2
Proceed? [n/Y] Y
Key for minion node2 accepted.
[root@syndic2 ~]# salt-key -L
Accepted Keys:
node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:

在master上接受syndic主机的key

[root@master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
master
syndic1
syndic2
Rejected Keys:
[root@master ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
master
syndic1
syndic2
Proceed? [n/Y] Y
Key for minion master accepted.
Key for minion syndic1 accepted.
Key for minion syndic2 accepted.
[root@master ~]# salt-key -L
Accepted Keys:
master
syndic1
syndic2
Denied Keys:
Unaccepted Keys:
Rejected Keys:

在master上执行模块或状态检验有几个minion应答

[root@master ~]# salt '*' test.ping
master:
    True
node1:
    True
node2:
    True