要求环境: RHEL6.4+ >=Python2.6.6, < Python 3.0
关闭salt-master/minion服务:
# chkconfig --level 2345 salt-master off
# chkconfig --level 2345 salt-minion off
打开salt-master/minion服务:
# chkconfig --level 2345 salt-master on
# chkconfig --level 2345 salt-minion on
# mkdir /etc/salt/master.d
# vi /etc/salt/master.d/master.conf
内容如下:
######## master.conf ########
interface: 192.168.122.201
log_level: debug
worker_threads: 20
timeout: 60
# mkdir /etc/salt/minion.d
# vi /etc/salt/minion.d/minion.conf
从节点配置成失败重启。ping_interval 单位是分钟:
######## minion.conf ########
master: 192.168.122.201
id: cdh2
log_level: debug
## restart on error ##
rejected_retry: True
restart_on_error: True
auth_tries: 10
auth_safemode: False
ping_interval: 30
# service salt-master stop
# service salt-minion status
master上需要打开端口:4505-4506.
# cat /etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall
--enabled
--port=4505-4506:tcp
--service=ssh
查看端口状态:
# lsof -i:4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 3189 root 20u IPv4 22082 0t0 TCP vm-cdh1:4506 (LISTEN)
salt-mast 3189 root 22u IPv4 25301 0t0 TCP vm-cdh1:4506->vm-cdh4:34464 (ESTABLISHED)
salt-mast 3189 root 23u IPv4 25299 0t0 TCP vm-cdh1:4506->vm-cdh2:38810 (ESTABLISHED)
salt-mast 3189 root 24u IPv4 25295 0t0 TCP vm-cdh1:4506->vm-cdh5:52285 (ESTABLISHED)
salt-mast 3189 root 27u IPv4 23495 0t0 TCP vm-cdh1:4506->vm-cdh1:41074 (ESTABLISHED)
salt-mast 3189 root 31u IPv4 25484 0t0 TCP vm-cdh1:4506->vm-cdh3:59343 (ESTABLISHED)
salt 3409 root 17u IPv4 23494 0t0 TCP vm-cdh1:41074->vm-cdh1:4506 (ESTABLISHED)
# lsof -i:4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 3177 root 12u IPv4 22073 0t0 TCP vm-cdh1:4505 (LISTEN)
salt-mast 3177 root 14u IPv4 25534 0t0 TCP vm-cdh1:4505->vm-cdh5:44089 (ESTABLISHED)
salt-mast 3177 root 15u IPv4 25536 0t0 TCP vm-cdh1:4505->vm-cdh4:47728 (ESTABLISHED)
salt-mast 3177 root 16u IPv4 25538 0t0 TCP vm-cdh1:4505->vm-cdh2:59561 (ESTABLISHED)
salt-mast 3177 root 17u IPv4 25660 0t0 TCP vm-cdh1:4505->vm-cdh3:34390 (ESTABLISHED)
这种方法不需要minion上安装任何salt产品,如salt-minion。通过salt-ssh命令访问子节点。好处是减少安装维护节点的代价。缺点是速度会比较慢。
master上需要安装salt-ssh。然后配置/etc/salt/roster文件如下:
# vi /etc/salt/roster
########################################################################
## the roster file on master, the default location is /etc/salt/roster
##
## Note: sudo works only if NOPASSWD is set for user in
## /etc/sudoers:
## fred ALL=(ALL) NOPASSWD: ALL
## web1:
## host: 192.168.122.201
## user: fred
## passwd: aYtdhD
## sudo: True
########################################################################
chd1:
host: 192.168.122.201
user: root
passwd: Abc123
sudo: True
cdh2:
host: 192.168.122.202
user: root
passwd: Abc123
sudo: True
cdh3:
host: 192.168.122.203
user: root
passwd: Abc123
sudo: True
cdh4:
host: 192.168.122.204
user: root
passwd: Abc123
sudo: True
cdh5:
host: 192.168.122.205
user: root
passwd: Abc123
sudo: True
然后重启服务service salt-master restart。就可以直接返问节点了:
# salt-ssh 'cdh1' test.ping
minion上的故障排除:
当一切配置都正确, 启动minion时
# service salt-minion start
遇到错误:
salt-minion dead but pid file exists
采用debug模式查找错误:
# salt-minion -l debug
可见输出:
[CRITICAL] The Salt Master server's public key did not authenticate!
The master may need to be updated if it is a version of Salt lower than 2014.7.1, or
If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
The master public key can be found at:
/etc/salt/pki/minion/minion_master.pub
删除下面的文件:
# rm -rf /etc/salt/pki/minion/minion_master.pub
重新启动:
# service salt-minion start
正常!