salt多master使用failover方式倒换后minion连接master异常
本帖最后由 woshiqhj 于 2015-12-09 19:47 编辑测试环境:
2台salt-master
- 192.168.57.187
- 192.168.57.190
1台salt-minion
- 192.168.57.188
salt版本:# salt --versions-report
Salt Version:
Salt: 2015.8.3
Dependency Versions:
Jinja2: 2.7.2
M2Crypto: 0.21.1
Mako: Not Installed
PyYAML: 3.11
PyZMQ: 14.7.0
Python: 2.7.5 (default, Jun 17 2014, 18:11:42)
RAET: Not Installed
Tornado: 4.2.1
ZMQ: 4.0.5
cffi: Not Installed
cherrypy: 3.2.2
dateutil: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
libnacl: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
python-gnupg: Not Installed
smmap: Not Installed
timelib: Not Installed
System Versions:
dist: centos 7.1.1503 Core
machine: x86_64
release: 3.10.0-229.el7.x86_64
system: CentOS Linux 7.1.1503 Core
salt配置:
master-1:interface: 192.168.57.187
master_sign_pubkey: True
master_use_pubkey_signature: True
master_pubkey_signature: at-saltmaster-1master-2:interface: 192.168.57.190
master_sign_pubkey: True
master_use_pubkey_signature: True
master_pubkey_signature: at-saltmaster-1minion-1:default_include: minion.d/*.conf
master:
- 192.168.57.187
- 192.168.57.190
random_master: False
master_type: failover
master_alive_interval: 15
verify_master_pubkey_sign: True
always_verify_signature: True
ipv6: False
retry_dns: 0
master_port: 4506
user: root
color: True
rejected_retry: True
random_reauth_delay: 15
auth_timeout: 15
auth_tries: 1
auth_safemode: False
recon_default: 1000
recon_max: 5000
recon_randomize: Tru启动2台salt-master和1台salt-minion后,minion能够连接到master-1,在master-1上能够正常操作minion-1,当把master-1关闭后,minion-1能够自动切换到master-2,但是在master-2上操作minion-1,总是提示# salt "*" cmd.run "df -h"
minion-1:
Minion did not return. 查看两台master的debug日志都显示已鉴权通过,但是查看minion的debug日志看到有一点异常:
这是连接master-1的鉴权日志: Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'minion-1', 'tcp://192.168.57.187:4506', 'clear')
salt.crypt.verify_signature: Loading public key
salt.crypt.verify_signature: Verifying signature
Successfully verified signature of master public key with verification public key master_sign.pub
Received signed and verified master pubkey from master 192.168.57.187
Decrypting the current master AES key这是切换后连接master-2的鉴权日志: salt.crypt.verify_signature: Loading public key
salt.crypt.verify_signature: Verifying signature
Successfully verified signature of master public key with verification public key master_sign.pub
Received signed and verified master pubkey from master <tornado.concurrent.Future object at 0x202c750>
Decrypting the current master AES key查看代码这句日志是由crypt.py中verify_signing_master方法中打印的:def verify_signing_master(self, payload):
720 try:
721 if self.verify_pubkey_sig(payload['pub_key'],
722 payload['pub_sig']):
723 log.info('Received signed and verified master pubkey '
724 'from master {0}'.format(self.opts['master']))想请各位帮忙看看为何会打印出<tornado.concurrent.Future object at 0x202c750>,是不是因为这个导致切换后master-2与minion-1的zmq连接异常?
master和minion的日志:
已经确认是个bug
页:
[1]