Docker中的盐主和盐仆从连接问题
我在最新版本的ubuntu中连接盐主和盐仆从时遇到问题。 我使用了这个参考,但由于它使用的是较旧版本的ubuntu,我在docker构建文件中更新了ubuntu。但在更新ubuntu版本后,它不会与salt master连接 下面是文件。提前谢谢 salt\u master\u docker\u文件Docker中的盐主和盐仆从连接问题,docker,docker-compose,salt-stack,salt,Docker,Docker Compose,Salt Stack,Salt,我在最新版本的ubuntu中连接盐主和盐仆从时遇到问题。 我使用了这个参考,但由于它使用的是较旧版本的ubuntu,我在docker构建文件中更新了ubuntu。但在更新ubuntu版本后,它不会与salt master连接 下面是文件。提前谢谢 salt\u master\u docker\u文件 FROM ubuntu:latest ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-master
EXPOSE 4505 4506
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-minion curl
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt\u master\u setup.sh
#!/bin/bash
key_checker () {
x=1
while [ $x -le 250 ]
do
salt-key -A -y
x=$(( $x + 1 ))
sleep 1
done
echo "All available keys accepted." && salt "*" test.ping && \
touch /var/log/salt/master && \
tail -f /var/log/salt/master
}
service salt-master start && key_checker
盐碱兵码头工人档案
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-master
EXPOSE 4505 4506
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-minion curl
COPY setup.sh /opt/setup.sh
ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []
salt\u minion\u setup.sh
#!/bin/bash
salt_minion_check () {
if [ ! -f /var/log/salt/minion ]; then
echo "File not found!" && \
touch /var/log/salt/minion && \
salt_minion_check
else
tail -f /var/log/salt/minion
fi
}
echo "master: master_1" >> /etc/salt/minion && \
echo "id: salt-minion-$(hostname)" >> /etc/salt/minion
service salt-minion start && \
salt_minion_check
主docker编写文件
version: '3'
services:
minion:
image: salt-minion
links:
- master
depends_on:
- master
networks:
saltnetwork:
aliases:
- minion
master:
image: salt-master
networks:
saltnetwork:
aliases:
- master
networks:
saltnetwork:
driver: bridge
根据Saltstack文档,有一种方法可以在主机上进行复制,以避免交互式接受 如果您只想使用
docker compose
创建一个盐主和一个仆从,那么下面的内容就足够了
在Docker主机上生成盐密钥。这将生成minion1.pub
和minion1.pem
salt-key --gen-keys=minion1
然后我们将在Dockerfile
中使用各自的公钥和私钥。示例盐主文件Dockerfile
:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-master
COPY minion1.pub /etc/salt/pki/master/minions/minion1
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-minion
COPY minion1.pem /etc/salt/pki/minion/minion.pem
COPY minion1.pub /etc/salt/pki/minion/minion.pub
COPY id.conf /etc/salt/minion.d/id.conf
示例盐仆Dockerfile
:
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-master
COPY minion1.pub /etc/salt/pki/master/minions/minion1
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-minion
COPY minion1.pem /etc/salt/pki/minion/minion.pem
COPY minion1.pub /etc/salt/pki/minion/minion.pub
COPY id.conf /etc/salt/minion.d/id.conf
上面的id.conf
很简单:
id: minion1
默认情况下,Salt仆从查找Salt
hostname。如果它解析为盐母版,则使用它。因此,我们可以在docker compose.yml
文件中利用这一点
版本:“3”
服务:
奴才1:
图片:myminion
命令:盐仆
盐:
图片:mymaster
指挥:盐师
端口:
- 4505
- 4506
注意:
当我们使用
salt key-a
命令接受仆从的密钥时,它会将仆从的公钥从/etc/salt/pki/master/minions\u pre/
移动到主控机上的/etc/salt/pki/master/minions
。您遇到的具体问题是什么?您是否可以重新排列映像以运行单个进程作为主容器进程(使主容器进程成为盐主进程
或盐仆从进程
,而不是其他进程)`echo“master:master_1”>>/etc/salt/minion&&`在这一行中,我们提到了我们运行的salt主映像将为我提供主映像,但这并不是讨论效果。如果您将主容器更改为只运行主容器,而不运行包装器脚本,会发生什么情况?(在Dockerfile中,将ENTRYPOINT
更改为CMD
并删除空的CMD
行;然后docker运行您的图像盐母版
直接运行母版,而不是默认的CMD
)是的,它将创建一个独立的容器。但我的主要问题是如何在不登录的情况下从盐场主人那个里接受盐场仆从的钥匙。