salt-syndic架构图
salt-syndic的优劣势
优势:
- 可以通过syndic实现更复杂的salt架构
- 减轻master的负担
劣势:
- syndic的/srv目录下的salt和pillar目录内容要与最顶层的master下的一致,所以要进行数据同步,同步方案同salt-master高可用
- 最顶层的master不知道自己有几个syndic,它只知道自己有多少个minion,并不知道这些minion是由哪些syndic来管理的
部署环境!!
主机IP | 角色and主机名 | 安装的应用 |
---|---|---|
192.168.160.110 | master master | salt-master |
192.168.160.128 | syndic syndic | salt-master salt-syndic |
192.168.160.111 | minion laolin | salt-minion |
192.168.160.129 | minion linjunjie | salt-minion |
按照部署环境,在对应的主机上安装上对应的应用!
yum -y install salt-master salt-minion salt-syndic
首先在角色master的主机上修改配置文件!
[root@master ~]# vim /etc/salt/master
# 修改master的master配置文件
# 取消注释order_master
# 将order_master的值设为True
# masters' syndic interfaces.
order_masters: True
# 重启master!!!
[root@master ~]# systemctl enable salt-master
[root@master ~]# systemctl restart salt-master
然后再角色syndic的主机上修改配置文件!
[root@syndic ~]# vim /etc/salt/master
# 修改syndic所在主机的master配置文件
# 取消注释syndic_master
# 将syndic_master的值设为master的IP
# this master where to receive commands from.
syndic_master: 192.168.160.110
# 重启master和syndic!!!
[root@syndic ~]# systemctl enable salt-master
[root@syndic ~]# systemctl enable salt-syndic
[root@syndic ~]# systemctl restart salt-master
[root@syndic ~]# systemctl restart salt-syndic
再然后配置两台minion的主机!!
[root@laolin ~]# vim /etc/salt/minion
# resolved, then the minion will fail to start.
master: 192.168.160.128
[root@linjunjie ~]# vim /etc/salt/minion
# resolved, then the minion will fail to start.
master: 192.168.160.128
# 重启两台minion!!
[root@linjunjie ~]# systemctl restart salt-minion
[root@linjunjie ~]# systemctl enable salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /usr/lib/systemd/system/salt-minion.service.
再次回到syndic上看的时候,会看到minion主机的key!! 要先在syndic上接收minion的key,才能去master上接收syndic的key!!!
[root@syndic ~]# salt-key
Accepted Keys:
laolin
Denied Keys:
Unaccepted Keys:
linjunjie
Rejected Keys:
[root@syndic ~]# salt-key -ya linjunjie
The following keys are going to be accepted:
Unaccepted Keys:
linjunjie
Key for minion linjunjie accepted.
[root@syndic ~]# salt-key
Accepted Keys:
laolin
linjunjie
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@syndic ~]# salt '*' test.ping
linjunjie:
True
laolin:
True
然后 在回到master上接收主机syndic的key!!
[root@master pki]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
master
syndic
Rejected Keys:
[root@master pki]# salt-key -ya syndic
The following keys are going to be accepted:
Unaccepted Keys:
syndic
Key for minion syndic accepted.
[root@master pki]# salt-key
Accepted Keys:
syndic
Denied Keys:
Unaccepted Keys:
master
Rejected Keys:
测试在master上执行状态检验有几个minion应答
[root@master pki]# salt '*' test.ping
laolin:
True
linjunjie:
True
[root@master pki]# salt '*' cmd.run 'uptime'
laolin:
04:50:26 up 6:11, 3 users, load average: 0.23, 0.11, 0.13
linjunjie:
04:50:26 up 1:09, 3 users, load average: 0.31, 0.26, 0.21