目錄
一、masterless架構
minion端可以實現本地直接使用salt,無需master端
例如每家客戶只有一臺服務器,我們可以提前寫好sls部署文件,直接執行安裝。
#1.1、開啓本地local與目錄
[root@linux-node2 base]# vi /etc/salt/minion
file_client: local
file_roots:
base:
- /srv/salt/
#1.2、此時無需啓動minion
[root@linux-node2 base]# systemctl stop salt-minion
#1.3、salt命令格式有變動
[root@linux-node2 base]# salt '*' test.ping
-bash: salt: 未找到命令
[root@linux-node2 base]# salt-call --local test.ping
local:
True
[root@linux-node2 base]# salt-call --local state.sls web.tomcat
二、master高可用架構
官方文檔:
https://www.unixhot.com/docs/saltstack/topics/tutorials/multimaster.html
#2.1、雙主要求master共有私有證書一致
[root@linux-node1 pki]# scp -r master/ [email protected]:/etc/salt/pki/
[root@linux-node2 master]# pwd
/etc/salt/pki/master
[root@linux-node2 master]# ll
總用量 8
-r-------- 1 root root 1675 3月 31 21:18 master.pem
-rw-r--r-- 1 root root 451 3月 31 21:18 master.pub
#2.2、部署nfs服務器掛載目錄
#雙主模塊等文件目錄同時掛載到nfs上面,保持數據同步
#本次11機器搭建nfs模擬,實際工作利用git等方式
#node1部署nfs並授權
[root@linux-node1 /]# yum install -y nfs-utils
[root@linux-node1 /]# cat /etc/exports
/srv/salt 192.168.56.12 *(rw,sync,rw,sync,no_root_squash,no_all_squash)
[root@linux-node1 /]# systemctl restart nfs
#node2掛載
[root@linux-node2 zabbix]# showmount -e 192.168.56.11
[root@linux-node2 srv]# mkdir /srv/salt
[root@linux-node2 srv]# mount -t nfs 192.168.56.11:/srv/salt/ /srv/salt/
#2.3、node2安裝salt-master
[root@linux-node2 zabbix]# yum install -y salt-master
[root@linux-node2 master]# systemctl restart salt-master
#2.4、節點機器配置雙master地址
[root@linux-node1-2 master]# vi /etc/salt/minion
master:
- 192.168.56.11
- 192.168.56.12
[root@linux-node2 master]# systemctl restart salt-minion
[root@linux-node1 master]# systemctl restart salt-minion
#2.5、node2認證請求minion請求
[root@linux-node2 master]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Rejected Keys:
[root@linux-node2 master]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [n/Y] Y
Key for minion linux-node1.example.com accepted.
Key for minion linux-node2.example.com accepted.
#2.6、mysql爲新的master節點授權
[root@linux-node1 pki]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 175
Server version: 10.2.31-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> grant all on salt.* to [email protected] identified by 'salt';
Query OK, 0 rows affected (0.10 sec)
#2.7、新master節點測試
[root@linux-node2 master]# salt '*' test.ping
linux-node1.example.com:
True
linux-node2.example.com:
True