- 论坛徽章:
- 1
|
本帖最后由 woshiqhj 于 2015-12-09 19:47 编辑
测试环境:
2台salt-master
- 192.168.57.187
- 192.168.57.190
1台salt-minion
- 192.168.57.188
salt版本:- [root@at-saltmaster-1 ~]# salt --versions-report
- Salt Version:
- Salt: 2015.8.3
-
- Dependency Versions:
- Jinja2: 2.7.2
- M2Crypto: 0.21.1
- Mako: Not Installed
- PyYAML: 3.11
- PyZMQ: 14.7.0
- Python: 2.7.5 (default, Jun 17 2014, 18:11:42)
- RAET: Not Installed
- Tornado: 4.2.1
- ZMQ: 4.0.5
- cffi: Not Installed
- cherrypy: 3.2.2
- dateutil: Not Installed
- gitdb: Not Installed
- gitpython: Not Installed
- ioflo: Not Installed
- libnacl: Not Installed
- msgpack-pure: Not Installed
- msgpack-python: 0.4.6
- mysql-python: Not Installed
- pycparser: Not Installed
- pycrypto: 2.6.1
- pygit2: Not Installed
- python-gnupg: Not Installed
- smmap: Not Installed
- timelib: Not Installed
-
- System Versions:
- dist: centos 7.1.1503 Core
- machine: x86_64
- release: 3.10.0-229.el7.x86_64
- system: CentOS Linux 7.1.1503 Core
复制代码 salt配置:
master-1:- interface: 192.168.57.187
- master_sign_pubkey: True
- master_use_pubkey_signature: True
- master_pubkey_signature: at-saltmaster-1
复制代码 master-2:- interface: 192.168.57.190
- master_sign_pubkey: True
- master_use_pubkey_signature: True
- master_pubkey_signature: at-saltmaster-1
复制代码 minion-1:- default_include: minion.d/*.conf
- master:
- - 192.168.57.187
- - 192.168.57.190
- random_master: False
- master_type: failover
- master_alive_interval: 15
- verify_master_pubkey_sign: True
- always_verify_signature: True
- ipv6: False
- retry_dns: 0
- master_port: 4506
- user: root
- color: True
- rejected_retry: True
- random_reauth_delay: 15
- auth_timeout: 15
- auth_tries: 1
- auth_safemode: False
- recon_default: 1000
- recon_max: 5000
- recon_randomize: Tru
复制代码 启动2台salt-master和1台salt-minion后,minion能够连接到master-1,在master-1上能够正常操作minion-1,当把master-1关闭后,minion-1能够自动切换到master-2,但是在master-2上操作minion-1,总是提示- [root@saltmaster-2 ]# salt "*" cmd.run "df -h"
- minion-1:
- Minion did not return. [No response]
复制代码 查看两台master的debug日志都显示已鉴权通过,但是查看minion的debug日志看到有一点异常:
这是连接master-1的鉴权日志:- [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'minion-1', 'tcp://192.168.57.187:4506', 'clear')
- [DEBUG ] salt.crypt.verify_signature: Loading public key
- [DEBUG ] salt.crypt.verify_signature: Verifying signature
- [DEBUG ] Successfully verified signature of master public key with verification public key master_sign.pub
- [INFO ] Received signed and verified master pubkey from master 192.168.57.187
- [DEBUG ] Decrypting the current master AES key
复制代码 这是切换后连接master-2的鉴权日志:- [DEBUG ] salt.crypt.verify_signature: Loading public key
- [DEBUG ] salt.crypt.verify_signature: Verifying signature
- [DEBUG ] Successfully verified signature of master public key with verification public key master_sign.pub
- [INFO ] Received signed and verified master pubkey from master <tornado.concurrent.Future object at 0x202c750>
- [DEBUG ] Decrypting the current master AES key
复制代码 查看代码这句日志是由crypt.py中verify_signing_master方法中打印的:- def verify_signing_master(self, payload):
- 720 try:
- 721 if self.verify_pubkey_sig(payload['pub_key'],
- 722 payload['pub_sig']):
- 723 log.info('Received signed and verified master pubkey '
- 724 'from master {0}'.format(self.opts['master']))
复制代码 想请各位帮忙看看为何会打印出<tornado.concurrent.Future object at 0x202c750>,是不是因为这个导致切换后master-2与minion-1的zmq连接异常?
|
|