First, the experimental environment:
1. Salt version:
[[email protected] Master]# salt-- Versions-report salt:2015.5.10 Python: 2.7.5 (Default, Nov 6, 00:28:07) JINJA2: 2.7.2 M2crypto: /span>0.21.1 msgpack -python:0.4.8 Msgpack -pure:not installed Pycrypto: 2.6.1 Libnacl:not installed Pyyaml: 3.10 Ioflo:not installed PyZ MQ: 14.3.1 Raet:not installed ZMQ: 3.2.5 Mako:not installed Tornado:not installed Timelib:not installed Dateutil:not Installed
2. System version:
[[email protected] master] #
Second, salt to build master and prepare master
1. Install the new master server
2, copy master keys to the new master corresponding directory (MASTER.PEM and Master.pub)
3. Start the new master process
4. Configuring the Minions configuration file
5, Restart Minions
6. Accept keys on the new master
7, test two salt-master on the test.ping of Salt-minion
[[email protected] master] # salt-l 192.168.163.13 test.ping192.168.163.13: true[[email protected] Minions]# Salt-l 192.168.163.13 test.ping192.168.163.13: True
Note: Configuration multi-master The main problem is that each master uses the same private key. Private key is automatically generated when master first starts (note: When configuring multi-master, be sure to copy the old master's private key to the corresponding directory before starting the new master). Modify Minion configuration file: master-saltmaster1.example.com-saltmaster2.example.com
third, the problems encountered:1, when the Minion end of the Salt-call test (the prerequisite will be Master Master stop), found that:
[[Email protected]Salt#Salt-call test.ping[INFO] Saltreqtimeouterror:after seconds. (Try 1 of 4) [INFO] Saltreqtimeouterror:afterSeconds. (Try 2 of 4) [INFO] Saltreqtimeouterror:afterSeconds. (Try 3 of 4) [INFO] Saltreqtimeouterror:afterSeconds. (Try 4 of 4) [WARNING] attempted to authenticate with master192.168.199.39 andfailed[warning] Master IP address changed from192.168.199.39 to 192.168.163.13local:true----The above test result is to modify the auth_tries in Minion to 4, the default value is 7. Change the value to 3 times and close the test results for the master and backup master: [[email protected]Minion]#Salt-call test.ping[INFO] Saltreqtimeouterror:after seconds. (Try 1 of 3) [INFO] Saltreqtimeouterror:afterSeconds. (Try 2 of 3) [INFO] Saltreqtimeouterror:afterSeconds. (Try 3 of 3) [WARNING] attempted to authenticate with master192.168.199.39 andfailed[warning] Master IP address changed from192.168.199.39 to 192.168.163.13[INFO] Saltreqtimeouterror:afterSeconds. (Try 1 of 3) [INFO] Saltreqtimeouterror:afterSeconds. (Try 2 of 3) [INFO] Saltreqtimeouterror:afterSeconds. (Try 3 of 3) [WARNING] attempted to authenticate with master192.168.163.13 andFailed[error] an un-handled exception was caught by salt's Global exception handler:Attributeerror:'sminion'object has no attribute'functions'Traceback (most recent): File"/usr/bin/salt-call", line 11,inch<module>Salt_call () File"/usr/lib/python2.7/site-packages/salt/scripts.py", line 227,inchsalt_call client.run () File"/usr/lib/python2.7/site-packages/salt/cli/call.py", line 71,inchrun Caller.run () File"/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 236,inchRUN RET=Self.call () File"/usr/lib/python2.7/site-packages/salt/cli/caller.py", Line 107,inchPagerifFun not inchSelf.minion.functions:AttributeError:'sminion'object has no attribute'functions'Traceback (most recent): File"/usr/bin/salt-call", line 11,inch<module>Salt_call () File"/usr/lib/python2.7/site-packages/salt/scripts.py", line 227,inchsalt_call client.run () File"/usr/lib/python2.7/site-packages/salt/cli/call.py", line 71,inchrun Caller.run () File"/usr/lib/python2.7/site-packages/salt/cli/caller.py", line 236,inchRUN RET=Self.call () File"/usr/lib/python2.7/site-packages/salt/cli/caller.py", Line 107,inchPagerifFun not inchSelf.minion.functions:AttributeError:'sminion'object has no attribute'functions'
2, master data sharing problem: Masters does not share information, public keys need to accept on each master, file sharing needs to be done manually, or use a git-like tool to ensure that the File_roots directory file is consistent. The directories that need to be synchronized are: Minion Keys:
- /etc/salt/pki/master/minions
- /etc/salt/pki/master/minions_pre
- /etc/salt/pki/master/minions_rejected
Note: Sharing the/etc/salt/master directory directly is strongly opposed. Allowing external access to MASTER.PEM key poses a serious security risk. 4, Minion keys can refer to use: Scheme one: */10 * * * * rsync-av--progress--delete--timeout=30 [email protected]:/etc/salt/pki/mast er/minions//etc/salt/pki/master/minions/Scenario Two: Modify the source code of the Salt-key: when the Master Master has accept the synchronization to the master, in the configuration file to configure the standby IP, Only the two sides of the success of the synchronization is successful; Delete Minion only by salt-key-d the way to delete, or with rsync, to prevent the way to remove Minion by RM. 5, File_roots and pillar_roots files can be placed on git. It should be mentioned that the salt version of this experiment needs to modify the minion.py file: Because the Minion registration will be first to the IP small machine registration, but not in the order of the IP you specified registration. Modify the code as follows: View from the minion.py code for the for Master in set (self.opts[' master '): Medium
classmultiminion (minionbase):" "Create A multi Minion interface, this creates as many minions as is defined in the Master option and binds EAC H Minion object to a respective master. " " #Timeout for one of the minions to Auth with a masterMinion_connect_timeout = 5def __init__(Self, opts): Super (Multiminion, self).__init__(opts)defMinions (self):" "Return a dict of minion generators bound to the Tune_in method Dict of Master, Minion_mapping, the Mapping contains:opts:options used to create the Minion Last:last Auth attempt time a Uth_wait:time to wait for next auth attempt Minion:minion object Generator:generator function (no N-blocking tune_in)" " if notIsinstance (self.opts['Master'], list): Log.error ('attempting to start a multimaster system with one master') Sys.exit (Salt.defaults.exitcodes.EX_GENERIC) RET= {} #Here's a sort of master forMasterinchself.opts['Master']: #For Master in set (self.opts[' master '):S_opts =copy.deepcopy (self.opts) s_opts['Master'] =Master s_opts['multimaster'] =True Ret[master]= {'opts': S_opts,' Last': Time.time (),'auth_wait': s_opts['Acceptance_wait_time']} Try: Minion=Minion (s_opts, self. Minion_connect_timeout, False,'Salt.loader. {0}'. Format (master)) ret[master]['Minion'] =Minion ret[master]['Generator'] =Minion.tune_in_no_block ()exceptSaltclienterror as Exc:log.error ('Error while bringing up minion for multi-master. is master at {0} responding?'. Format (Master)returnRet
The multi-master of Saltstack