如何解决Docker中的Salt-master和Salt-Minion连接问题
在最新版本的ubuntu中连接salt-master和salt-minion时遇到问题。 https://bitbucket.org/jmarhee/saltstack-docker/src 我使用了此参考,但是由于它使用的是旧版本的ubuntu,因此我在docker build文件中更新了ubuntu。但是在更新ubuntu版本后,它不会与salt-master连接。
下面是文件。预先感谢。
salt_master_docker_file
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-master
EXPOSE 4505 4506
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt_master_setup.sh
#!/bin/bash
key_checker () {
x=1
while [ $x -le 250 ]
do
salt-key -A -y
x=$(( $x + 1 ))
sleep 1
done
echo "All available keys accepted." && salt "*" test.ping && \
touch /var/log/salt/master && \
tail -f /var/log/salt/master
}
service salt-master start && key_checker
salt_minion_Docker_file
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-minion curl
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt_minion_setup.sh
#!/bin/bash
salt_minion_check () {
if [ ! -f /var/log/salt/minion ]; then
echo "File not found!" && \
touch /var/log/salt/minion && \
salt_minion_check
else
tail -f /var/log/salt/minion
fi
}
echo "master: master_1" >> /etc/salt/minion && \
echo "id: salt-minion-$(hostname)" >> /etc/salt/minion
service salt-minion start && \
salt_minion_check
主要docker-compose-file
version: '3'
services:
minion:
image: salt-minion
links:
- master
depends_on:
- master
networks:
saltnetwork:
aliases:
- minion
master:
image: salt-master
networks:
saltnetwork:
aliases:
- master
networks:
saltnetwork:
driver: bridge
解决方法
根据Saltstack文档,有一种方法可以在母版上preseed keys以避免交互接受。
如果您想做的是用docker-compose造一个Salt大师和一个奴才,那么下面的内容就足够了。
在Docker主机上生成salt-key。这将生成minion1.pub和minion1.pem。
salt-key --gen-keys=minion1
然后,我们将在Dockerfile中使用相应的公钥和私钥。示例盐大师 Dockerfile:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-master
COPY minion1.pub /etc/salt/pki/master/minions/minion1
示例盐小兵 Dockerfile:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-minion
COPY minion1.pem /etc/salt/pki/minion/minion.pem
COPY minion1.pub /etc/salt/pki/minion/minion.pub
COPY id.conf /etc/salt/minion.d/id.conf
上面的id.conf很简单:
id: minion1
默认情况下,Salt小兵会寻找salt主机名。如果解析为Salt母版,则使用它。因此,我们可以在docker-compose.yml文件中使用它。
version: '3'
services:
minion1:
image: myminion
command: salt-minion
salt:
image: mymaster
command: salt-master
ports:
- 4505
- 4506
注意:
当我们使用salt-key -A命令接受一个小仆的密钥时,它会在后台将小仆的公钥从/etc/salt/pki/master/minions_pre/移到主服务器上的/etc/salt/pki/master/minions。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
