saltstack:multi-master configuration
官方手册地址:http://docs.saltstack.com/topics/tutorials/multimaster.html
总结起来,有以下几步:
- Create a redundant master server(创建另一个salt master)
- Copy primary master key to redundant master(将主master的key复制到辅助master)
- Start redundant master(启动辅助master)
- Configure minions to connect to redundant master(配置minions使其链接到辅助master)
- Restart minions(重启minions)
- Accept keys on redundant master(在辅助master上接受minion的keys认证要求)
但是按照手册配置后,无法执行命令,看log报如下错误:
[ERROR ] The master key has changed, the salt master could have been subverted, verify salt master's public key
[CRITICAL] The Salt Master server's public key did not authenticate!
The master may need to be updated if it is a version of Salt lower than 0.16.4, or
If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
The master public key can be found at:
/etc/salt/pki/minion/minion_master.pub
解决方法:
要将/etc/salt/pki/master/下的master.pem和master.pub一起拷贝到辅助服务器的相同目录下。
扩展:
1.salt key的认证过程
2.使用非root用户启动辅助salt master应该如何配置
关于扩展1的一点补充
刚刚安装好,启动salt-master,salt-minion会在/etc/salt/pki/master/ & /etc/salt/pki/minion/目录下分别生成master.pem,master.pub & minion.pem, minion.pub key文件
root@aka-ostro:/etc/salt# tree
.
├── master
├── master.d
├── minion
├── minion.d
├── minion_id
└── pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ ├── minions_pre
│ │ └── aka-ostro.example.com
│ └── minions_rejected
└── minion
├── minion.pem
└── minion.pub
8 directories, 9 files
使用salt-key -L查看没有发送key认证的minion ,使用salt-key -A 认证所有的key
认证后实际就是将master.pub 送到minion,并且重命名为:minion_master.pub
将minion.pub文件送到master的minions目录下,重命名为该minion的主机名
root@aka-ostro:/etc/salt# tree
.
├── master
├── master.d
├── minion
├── minion.d
├── minion.dpkg-old
├── minion_id
└── pki
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ │ └── aka-ostro.example.com
│ ├── minions_pre
│ └── minions_rejected
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
其中aka-ostro.example.com 和 minion.pub的文件内容完全一致, master.pub和minion.pub的文件内容完全一致,即验证!
最新文章
- 网页插件学javascript还是jquery好啊?
- laravel DB事物
- Ajax的封装03
- easyui datagrid 设置列宽
- LeetCode ";Binary Tree Vertical Order";
- makefile 自动处理头文件的依赖关系 (zz)
- Android CursorAdapter
- windows服务1053错误排查
- su -无反应
- iOS下KVO使用过程中的陷阱 (转发)
- APP应用测试技巧
- tp5命令行基础
- 转帖 云和恩墨 http://www.eygle.com/archives/2015/06/sql_version_count.html
- 安装Python2.7出现configure: error: no acceptable C compiler found in $PATH错误
- C - 无间道之并查集 HihoCoder - 1066
- “全栈2019”Java第一百零三章:匿名内部类详解
- dbcp2连接池获取数据库连接Connection
- tomcat结合httpd和nginx
- [LeetCode 题解]: Pascal's Triangle
- luoguP2479 [SDOI2010]捉迷藏