Docker 中的 salt-master 和 salt-minion 连接问题
Problem with salt-master and salt-minion connection in Docker
我在连接最新版本的 salt-master 和 salt-minion 时遇到问题 ubuntu。
https://bitbucket.org/jmarhee/saltstack-docker/src
我使用了这个参考,但因为它使用的是旧版本的 ubuntu,所以我在 docker 构建文件中更新了 ubuntu。但是在更新 ubuntu 版本后,它没有与 salt-master 连接。
以下是文件。提前致谢。
salt_master_docker_file
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-master
EXPOSE 4505 4506
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt_master_setup.sh
#!/bin/bash
key_checker () {
x=1
while [ $x -le 250 ]
do
salt-key -A -y
x=$(( $x + 1 ))
sleep 1
done
echo "All available keys accepted." && salt "*" test.ping && \
touch /var/log/salt/master && \
tail -f /var/log/salt/master
}
service salt-master start && key_checker
salt_minion_Docker_file
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-minion curl
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt_minion_setup.sh
#!/bin/bash
salt_minion_check () {
if [ ! -f /var/log/salt/minion ]; then
echo "File not found!" && \
touch /var/log/salt/minion && \
salt_minion_check
else
tail -f /var/log/salt/minion
fi
}
echo "master: master_1" >> /etc/salt/minion && \
echo "id: salt-minion-$(hostname)" >> /etc/salt/minion
service salt-minion start && \
salt_minion_check
main docker-compose-file
version: '3'
services:
minion:
image: salt-minion
links:
- master
depends_on:
- master
networks:
saltnetwork:
aliases:
- minion
master:
image: salt-master
networks:
saltnetwork:
aliases:
- master
networks:
saltnetwork:
driver: bridge
根据 Saltstack 文档,有一种方法可以 preseed keys 在 master 上避免交互接受。
如果您想做的只是用 docker-compose 调出一个 Salt master 和一个 minion,像下面这样的东西就足够了。
在 Docker 主机上生成 salt-key。这将生成 minion1.pub 和 minion1.pem.
salt-key --gen-keys=minion1
然后我们将在Dockerfile中使用各自的public和私钥。示例 Salt master Dockerfile:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-master
COPY minion1.pub /etc/salt/pki/master/minions/minion1
示例 Salt minion Dockerfile:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-minion
COPY minion1.pem /etc/salt/pki/minion/minion.pem
COPY minion1.pub /etc/salt/pki/minion/minion.pub
COPY id.conf /etc/salt/minion.d/id.conf
上面的id.conf很简单:
id: minion1
默认情况下 Salt minions 会查找 salt 主机名。如果它解析为 Salt master,则使用它。所以我们可以在 docker-compose.yml 文件中利用它。
version: '3'
services:
minion1:
image: myminion
command: salt-minion
salt:
image: mymaster
command: salt-master
ports:
- 4505
- 4506
注:
当我们使用 salt-key -A 命令接受 minion 的密钥时,在引擎盖下它会将 minion 的 public 密钥从 /etc/salt/pki/master/minions_pre/ 移动到 master 上的 /etc/salt/pki/master/minions。
我在连接最新版本的 salt-master 和 salt-minion 时遇到问题 ubuntu。 https://bitbucket.org/jmarhee/saltstack-docker/src 我使用了这个参考,但因为它使用的是旧版本的 ubuntu,所以我在 docker 构建文件中更新了 ubuntu。但是在更新 ubuntu 版本后,它没有与 salt-master 连接。
以下是文件。提前致谢。
salt_master_docker_file
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-master
EXPOSE 4505 4506
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt_master_setup.sh
#!/bin/bash
key_checker () {
x=1
while [ $x -le 250 ]
do
salt-key -A -y
x=$(( $x + 1 ))
sleep 1
done
echo "All available keys accepted." && salt "*" test.ping && \
touch /var/log/salt/master && \
tail -f /var/log/salt/master
}
service salt-master start && key_checker
salt_minion_Docker_file
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-minion curl
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt_minion_setup.sh
#!/bin/bash
salt_minion_check () {
if [ ! -f /var/log/salt/minion ]; then
echo "File not found!" && \
touch /var/log/salt/minion && \
salt_minion_check
else
tail -f /var/log/salt/minion
fi
}
echo "master: master_1" >> /etc/salt/minion && \
echo "id: salt-minion-$(hostname)" >> /etc/salt/minion
service salt-minion start && \
salt_minion_check
main docker-compose-file
version: '3'
services:
minion:
image: salt-minion
links:
- master
depends_on:
- master
networks:
saltnetwork:
aliases:
- minion
master:
image: salt-master
networks:
saltnetwork:
aliases:
- master
networks:
saltnetwork:
driver: bridge
根据 Saltstack 文档,有一种方法可以 preseed keys 在 master 上避免交互接受。
如果您想做的只是用 docker-compose 调出一个 Salt master 和一个 minion,像下面这样的东西就足够了。
在 Docker 主机上生成 salt-key。这将生成 minion1.pub 和 minion1.pem.
salt-key --gen-keys=minion1
然后我们将在Dockerfile中使用各自的public和私钥。示例 Salt master Dockerfile:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-master
COPY minion1.pub /etc/salt/pki/master/minions/minion1
示例 Salt minion Dockerfile:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-minion
COPY minion1.pem /etc/salt/pki/minion/minion.pem
COPY minion1.pub /etc/salt/pki/minion/minion.pub
COPY id.conf /etc/salt/minion.d/id.conf
上面的id.conf很简单:
id: minion1
默认情况下 Salt minions 会查找 salt 主机名。如果它解析为 Salt master,则使用它。所以我们可以在 docker-compose.yml 文件中利用它。
version: '3'
services:
minion1:
image: myminion
command: salt-minion
salt:
image: mymaster
command: salt-master
ports:
- 4505
- 4506
注:
当我们使用 salt-key -A 命令接受 minion 的密钥时,在引擎盖下它会将 minion 的 public 密钥从 /etc/salt/pki/master/minions_pre/ 移动到 master 上的 /etc/salt/pki/master/minions。