菜鸟玩云计算之廿二: saltstack 配置

菜鸟玩云计算之廿二: saltstack 配置

要求环境: RHEL6.4+ >=Python2.6.6, < Python 3.0

关闭salt-master/minion服务:  

# chkconfig --level 2345 salt-master off
# chkconfig --level 2345 salt-minion off

打开salt-master/minion服务:  

# chkconfig --level 2345 salt-master on
# chkconfig --level 2345 salt-minion on

1. saltstack 的主节点master配置

# mkdir /etc/salt/master.d
# vi /etc/salt/master.d/master.conf

内容如下:

######## master.conf ########
interface: 192.168.122.201
log_level: debug
worker_threads: 20
timeout: 60

2. saltstack 的从节点minion配置

# mkdir /etc/salt/minion.d
# vi /etc/salt/minion.d/minion.conf

从节点配置成失败重启。ping_interval 单位是分钟:

######## minion.conf ########
master: 192.168.122.201
id: cdh2
log_level: debug

## restart on error ##
rejected_retry: True
restart_on_error: True
auth_tries: 10
auth_safemode: False
ping_interval: 30

然后可以随意停止主节点(在master上):

# service salt-master stop

看看从节点停掉。从节点应该不停掉才是正确的(在minion上):

# service salt-minion status

salt-minion (pid  2293) is running...

3 在master上查看salt端口

master上需要打开端口:4505-4506.

# cat /etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall

--enabled
--port=4505-4506:tcp
--service=ssh

查看端口状态:

# lsof -i:4506

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 3189 root   20u  IPv4  22082      0t0  TCP vm-cdh1:4506 (LISTEN)

salt-mast 3189 root   22u  IPv4  25301      0t0  TCP vm-cdh1:4506->vm-cdh4:34464 (ESTABLISHED)

salt-mast 3189 root   23u  IPv4  25299      0t0  TCP vm-cdh1:4506->vm-cdh2:38810 (ESTABLISHED)

salt-mast 3189 root   24u  IPv4  25295      0t0  TCP vm-cdh1:4506->vm-cdh5:52285 (ESTABLISHED)

salt-mast 3189 root   27u  IPv4  23495      0t0  TCP vm-cdh1:4506->vm-cdh1:41074 (ESTABLISHED)

salt-mast 3189 root   31u  IPv4  25484      0t0  TCP vm-cdh1:4506->vm-cdh3:59343 (ESTABLISHED)

salt      3409 root   17u  IPv4  23494      0t0  TCP vm-cdh1:41074->vm-cdh1:4506 (ESTABLISHED)

# lsof -i:4505

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 3177 root   12u  IPv4  22073      0t0  TCP vm-cdh1:4505 (LISTEN)

salt-mast 3177 root   14u  IPv4  25534      0t0  TCP vm-cdh1:4505->vm-cdh5:44089 (ESTABLISHED)

salt-mast 3177 root   15u  IPv4  25536      0t0  TCP vm-cdh1:4505->vm-cdh4:47728 (ESTABLISHED)

salt-mast 3177 root   16u  IPv4  25538      0t0  TCP vm-cdh1:4505->vm-cdh2:59561 (ESTABLISHED)

salt-mast 3177 root   17u  IPv4  25660      0t0  TCP vm-cdh1:4505->vm-cdh3:34390 (ESTABLISHED)

4 在master上ssh到minion

这种方法不需要minion上安装任何salt产品，如salt-minion。通过salt-ssh命令访问子节点。好处是减少安装维护节点的代价。缺点是速度会比较慢。

master上需要安装salt-ssh。然后配置/etc/salt/roster文件如下：

# vi /etc/salt/roster

内容例子如下：

########################################################################
## the roster file on master, the default location is /etc/salt/roster
##
## Note: sudo works only if NOPASSWD is set for user in
## /etc/sudoers:
##   fred ALL=(ALL) NOPASSWD: ALL
## web1:
##  host: 192.168.122.201
##  user: fred
##  passwd: aYtdhD
##  sudo: True
########################################################################
chd1:
  host: 192.168.122.201
  user: root
  passwd: Abc123
  sudo: True

cdh2:
  host: 192.168.122.202
  user: root
  passwd: Abc123
  sudo: True

cdh3:
  host: 192.168.122.203
  user: root
  passwd: Abc123
  sudo: True

cdh4:
  host: 192.168.122.204
  user: root
  passwd: Abc123
  sudo: True

cdh5:
  host: 192.168.122.205
  user: root
  passwd: Abc123
  sudo: True

然后重启服务service salt-master restart。就可以直接返问节点了：

# salt-ssh 'cdh1' test.ping

minion上的故障排除:

当一切配置都正确, 启动minion时

# service salt-minion start

遇到错误:

salt-minion dead but pid file exists

采用debug模式查找错误:

# salt-minion -l debug

可见输出:

[CRITICAL] The Salt Master server's public key did not authenticate!
The master may need to be updated if it is a version of Salt lower than 2014.7.1, or
If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
The master public key can be found at:

/etc/salt/pki/minion/minion_master.pub

删除下面的文件:

# rm -rf /etc/salt/pki/minion/minion_master.pub
重新启动:

# service salt-minion start

正常!