Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

Salt Master_Active Active

Jump to bottom
Yashodhan Pise edited this page Jan 20, 2021 · 3 revisions

Study Active-Active Configuration For Salt-Master

Source: EOS-9550

Procedure

  1. Intall salt-master on all nodes

    yum install salt-master

  2. Copy the keys from primary node located at /etc/salt/pki to non-primary nodes

    [root@srvnode-2 ~]# scp -r /etc/salt/pki srvnode-2:/etc/salt/pki
master.pub                                        100%  451     1.3MB/s   00:00
master.pem                                        100% 1675     5.8MB/s   00:00

  3. Restart salt-master on all nodes

    systemctl restart salt-master

  4. Install salt-minion on both nodes

    yum install salt-minion

  5. Configure master and related values in configuration file /etc/salt/minion

    master:

    • srvnode-1
    • srvnode-2

    master_type: str
    random_master: True
    master_shuffle: False

  6. Restart salt-minion

    systemctl restart salt-master

  7. Checked for key acceptance on both nodes Node-1:

    [root@srvnode-2 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
srvnode-1
srvnode-2
Rejected Keys:

[root@srvnode-2 ~]# salt-key -A -y
The following keys are going to be accepted:
Unaccepted Keys:
srvnode-1
srvnode-2
Key for minion srvnode-1 accepted.
Key for minion srvnode-2 accepted.

[root@srvnode-2 ~]# salt "*" test.ping
srvnode-1:
    True
srvnode-2:
    True

[root@srvnode-2 demo]# salt "*" grains.get master
srvnode-1:
    srvnode-2
srvnode-2:
    srvnode-2

    Node-2:

    [root@srvnode-1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
srvnode-1
srvnode-2
Rejected Keys:
[root@srvnode-1 ~]# salt-key -A -y
The following keys are going to be accepted:
Unaccepted Keys:
srvnode-1
srvnode-2
Key for minion srvnode-1 accepted.
Key for minion srvnode-2 accepted.
[root@srvnode-1 ~]# salt-key -L
Accepted Keys:
srvnode-1
srvnode-2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@srvnode-1 ~]# salt "*" test.ping
srvnode-1:
    True
srvnode-2:
    True
[root@srvnode-1 ~]# salt "*" grains.get master
srvnode-1:
    srvnode-1
srvnode-2:
    srvnode-1

Observations

  1. On node-1, at times auto-detection of the keys doesn't list all keys after waiting for couple of mins and restarting services. Firing salt-call state.highstate command helps detection of the minions on node-1. ( needs Exploration.) This didn't happen on secondary node though. The keys were auto-detected by its master.

  2. Created a basic pillar file and a state file and verified it is accessible across both nodes. It was observed that, in a failover scenario the pillar files and srv(both srv & srv_user) are required in sync across all nodes.

Index

Research

Clone this wiki locally