master 重启后,test.ping 测试不通,报错如下:
# salt "*" test.ping
Salt request timed out. The master is not responding.
You may need to run your command with `--async` in order to bypass the congested event bus.
With `--async`, the CLI tool will print the job id (jid) and exit immediately without listening for responses.
You can then use `salt-run jobs.lookup_jid` to look up the results of the job in the job cache later.
经查是防火墙原因,依次执行以下命令:
# iptables -A INPUT -p tcp --dport 4505 -j ACCEPT
# iptables -A INPUT -p tcp --dport 4506 -j ACCEPT
查看 iptables 发现添加成功:
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4505 // 添加成功
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4506 // 添加成功
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
等待片刻(salt 的反应有时真的挺慢的...),就可以恢复了:
# salt "*" test.ping
node-5:
True
node-4:
True
后续:
经过以上的处理,test.ping 依旧有时正常有时不正常...
再查,通过修改 master 文件,增大了 worker_thread 的数量,目前看起来总能返回正常结果了...
网友评论