菜鸟玩云计算之廿二: saltstack 配置

要求环境: RHEL6.4+ >=Python2.6.6, < Python 3.0

关闭salt-master/minion服务:  

# chkconfig --level 2345 salt-master off# chkconfig --level 2345 salt-minion off

打开salt-master/minion服务:  

# chkconfig --level 2345 salt-master on# chkconfig --level 2345 salt-minion on

1. saltstack 的主节点master配置

# mkdir /etc/salt/master.d# vi /etc/salt/master.d/master.conf

内容如下:

######## master.conf ########interface: 192.168.122.201log_level: debugworker_threads: 20timeout: 60

2. saltstack 的从节点minion配置

# mkdir /etc/salt/minion.d# vi /etc/salt/minion.d/minion.conf

从节点配置成失败重启。ping_interval 单位是分钟:

######## minion.conf ########master: 192.168.122.201id: cdh2log_level: debug## restart on error ##rejected_retry: Truerestart_on_error: Trueauth_tries: 10auth_safemode: Falseping_interval: 30

然后可以随意停止主节点(在master上):

# service salt-master stop

看看从节点停掉。从节点应该不停掉才是正确的(在minion上):

# service salt-minion status

salt-minion (pid  2293) is running…

3 在master上查看salt端口

master上需要打开端口:4505-4506.

# cat /etc/sysconfig/system-config-firewall# Configuration file for system-config-firewall--enabled--port=4505-4506:tcp--service=ssh

查看端口状态:

# lsof -i:4506

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 3189 root   20u  IPv4  22082      0t0  TCP vm-cdh1:4506 (LISTEN)

salt-mast 3189 root   22u  IPv4  25301      0t0  TCP vm-cdh1:4506->vm-cdh4:34464 (ESTABLISHED)

salt-mast 3189 root   23u  IPv4  25299      0t0  TCP vm-cdh1:4506->vm-cdh2:38810 (ESTABLISHED)

salt-mast 3189 root   24u  IPv4  25295      0t0  TCP vm-cdh1:4506->vm-cdh5:52285 (ESTABLISHED)

salt-mast 3189 root   27u  IPv4  23495      0t0  TCP vm-cdh1:4506->vm-cdh1:41074 (ESTABLISHED)

salt-mast 3189 root   31u  IPv4  25484      0t0  TCP vm-cdh1:4506->vm-cdh3:59343 (ESTABLISHED)

salt      3409 root   17u  IPv4  23494      0t0  TCP vm-cdh1:41074->vm-cdh1:4506 (ESTABLISHED)

# lsof -i:4505

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 3177 root   12u  IPv4  22073      0t0  TCP vm-cdh1:4505 (LISTEN)

salt-mast 3177 root   14u  IPv4  25534      0t0  TCP vm-cdh1:4505->vm-cdh5:44089 (ESTABLISHED)

salt-mast 3177 root   15u  IPv4  25536      0t0  TCP vm-cdh1:4505->vm-cdh4:47728 (ESTABLISHED)

salt-mast 3177 root   16u  IPv4  25538      0t0  TCP vm-cdh1:4505->vm-cdh2:59561 (ESTABLISHED)

salt-mast 3177 root   17u  IPv4  25660      0t0  TCP vm-cdh1:4505->vm-cdh3:34390 (ESTABLISHED)

4 在master上ssh到minion

这种方法不需要minion上安装任何salt产品，如salt-minion。通过salt-ssh命令访问子节点。好处是减少安装维护节点的代价。缺点是速度会比较慢。

master上需要安装salt-ssh。然后配置/etc/salt/roster文件如下：

# vi /etc/salt/roster

内容例子如下：

########################################################################## the roster file on master, the default location is /etc/salt/roster#### Note: sudo works only if NOPASSWD is set for user in## /etc/sudoers:##   fred ALL=(ALL) NOPASSWD: ALL## web1:##  host: 192.168.122.201##  user: fred##  passwd: aYtdhD##  sudo: True########################################################################chd1:  host: 192.168.122.201  user: root  passwd: Abc123  sudo: Truecdh2:  host: 192.168.122.202  user: root  passwd: Abc123  sudo: Truecdh3:  host: 192.168.122.203  user: root  passwd: Abc123  sudo: Truecdh4:  host: 192.168.122.204  user: root  passwd: Abc123  sudo: Truecdh5:  host: 192.168.122.205  user: root  passwd: Abc123  sudo: True

然后重启服务service salt-master restart。就可以直接返问节点了：

# salt-ssh 'cdh1' test.ping

minion上的故障排除:

当一切配置都正确, 启动minion时

# service salt-minion start

遇到错误:

salt-minion dead but pid file exists

采用debug模式查找错误:

# salt-minion -l debug

可见输出:

[CRITICAL] The Salt Master server’s public key did not authenticate!
The master may need to be updated if it is a version of Salt lower than 2014.7.1, or
If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
The master public key can be found at:

/etc/salt/pki/minion/minion_master.pub

删除下面的文件:

# rm -rf /etc/salt/pki/minion/minion_master.pub
重新启动:

# service salt-minion start

正常!