SaltStack部署实践（6） - masterless和master高可用架构

目录

一、masterless架构

#1.1、开启本地local与目录

#1.2、此时无需启动minion

#1.3、salt命令格式有变动

二、master高可用架构

#2.1、双主要求master共有私有证书一致

#2.2、部署nfs服务器挂载目录

#2.3、node2安装salt-master

#2.4、节点机器配置双master地址

#2.5、node2认证请求minion请求

#2.6、mysql为新的master节点授权

#2.7、新master节点测试

---

一、masterless架构

minion端可以实现本地直接使用salt，无需master端
例如每家客户只有一台服务器，我们可以提前写好sls部署文件，直接执行安装。

#1.1、开启本地local与目录

[root@linux-node2 base]# vi  /etc/salt/minion
file_client: local
file_roots:
  base:
   - /srv/salt/

#1.2、此时无需启动minion

[root@linux-node2 base]# systemctl stop salt-minion

#1.3、salt命令格式有变动

[root@linux-node2 base]# salt '*' test.ping                      
-bash: salt: 未找到命令
[root@linux-node2 base]# salt-call --local test.ping
local:
    True
[root@linux-node2 base]# salt-call --local state.sls web.tomcat

二、master高可用架构

官方文档：
https://www.unixhot.com/docs/saltstack/topics/tutorials/multimaster.html

#2.1、双主要求master共有私有证书一致

[root@linux-node1 pki]# scp -r master/ [email protected]:/etc/salt/pki/
[root@linux-node2 master]# pwd
/etc/salt/pki/master
[root@linux-node2 master]# ll
总用量 8
-r-------- 1 root root 1675 3月  31 21:18 master.pem
-rw-r--r-- 1 root root  451 3月  31 21:18 master.pub

#2.2、部署nfs服务器挂载目录

#双主模块等文件目录同时挂载到nfs上面，保持数据同步
#本次11机器搭建nfs模拟，实际工作利用git等方式

#node1部署nfs并授权
[root@linux-node1 /]# yum install -y nfs-utils
[root@linux-node1 /]# cat /etc/exports
/srv/salt 192.168.56.12 *(rw,sync,rw,sync,no_root_squash,no_all_squash)
[root@linux-node1 /]# systemctl restart nfs

#node2挂载
[root@linux-node2 zabbix]# showmount -e 192.168.56.11
[root@linux-node2 srv]# mkdir /srv/salt
[root@linux-node2 srv]# mount -t nfs 192.168.56.11:/srv/salt/ /srv/salt/

#2.3、node2安装salt-master

[root@linux-node2 zabbix]# yum install -y salt-master
[root@linux-node2 master]# systemctl restart salt-master

#2.4、节点机器配置双master地址

[root@linux-node1-2 master]# vi /etc/salt/minion
master: 
  - 192.168.56.11
  - 192.168.56.12
[root@linux-node2 master]# systemctl restart salt-minion
[root@linux-node1 master]# systemctl restart salt-minion

#2.5、node2认证请求minion请求

[root@linux-node2 master]# salt-key 
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Rejected Keys:
[root@linux-node2 master]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
linux-node2.example.com
Proceed? [n/Y] Y
Key for minion linux-node1.example.com accepted.
Key for minion linux-node2.example.com accepted.

#2.6、mysql为新的master节点授权

[root@linux-node1 pki]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 175
Server version: 10.2.31-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> grant all on salt.* to [email protected] identified by 'salt'; 
Query OK, 0 rows affected (0.10 sec)

#2.7、新master节点测试

[root@linux-node2 master]# salt '*' test.ping
linux-node1.example.com:
    True
linux-node2.example.com:
    True