1. 主机规划
salt 版本
1 [root@salt100 ~]# salt --version 2 salt 2018.3.3 (Oxygen) 3 [root@salt100 ~]# salt-minion --version 4 salt-minion 2018.3.3 (Oxygen)
salt ssh文档
https://docs.saltstack.com/en/latest/topics/ssh/index.html
2. salt-ssh实现步骤
2.1. 部署salt-ssh
在salt100上部署salt-ssh
yum install -y salt-ssh
查看版本信息
1 [root@salt100 ~]# salt-ssh --version 2 salt-ssh 2018.3.3 (Oxygen)
2.2. salt-ssh配置
1 [root@salt100 ~]# cat /etc/salt/roster 2 # Sample salt-ssh config file 3 #web1: 4 # host: 192.168.42.1 # The IP addr or DNS hostname 5 # user: fred # Remote executions will be executed as user fred 6 # passwd: foobarbaz # The password to use for login, if omitted, keys are used 7 # sudo: True # Whether to sudo to root, not enabled by default 8 #web2: 9 # host: 192.168.42.2 10 11 # 添加信息如下: 12 # 由于所有机器做了禁止root远程登录,所以这里只能使用普通用户登录,通过提权到root 13 # 普通用户远程 14 salt100: 15 host: 172.16.1.100 # The IP addr or DNS hostname 16 user: yun # Remote executions will be executed as user fred 17 # passwd: foobarbaz # The password to use for login, if omitted, keys are used 18 sudo: True # Whether to sudo to root, not enabled by default 19 port: 22 # default port is 22 20 21 salt01: 22 host: 172.16.1.11 23 user: yun 24 sudo: True 25 26 salt02: 27 host: 172.16.1.12 28 user: yun 29 sudo: True 30 31 salt03: 32 host: 172.16.1.13 33 user: yun 34 sudo: True
3. salt-ssh操作测试
3.1. 首次通信并实现秘钥登录
1 [root@salt100 ~]# salt-ssh '*' test.ping -i # 有参数 -i ,之后就可以不需要该参数了 2 Permission denied for host salt100, do you want to deploy the salt-ssh key? (password required): 3 [Y/n] y 4 Password for yun@salt100: 5 salt100: 6 True 7 Permission denied for host salt02, do you want to deploy the salt-ssh key? (password required): 8 [Y/n] y 9 Password for yun@salt02: 10 salt02: 11 True 12 Permission denied for host salt01, do you want to deploy the salt-ssh key? (password required): 13 [Y/n] y 14 Password for yun@salt01: 15 salt01: 16 True 17 Permission denied for host salt03, do you want to deploy the salt-ssh key? (password required): 18 [Y/n] y 19 Password for yun@salt03: 20 salt03: 21 True
注意:
第一次连接时会输入密码,并实现秘钥登录,这样以后就使用秘钥进行交互了。
会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录,参见《Saltstack_使用指南01_部署》说明」。
3.2. salt-ssh目标指定
目前支持三种方式指定目标:通配符、正则表达式、列表
1 # 通配符 2 salt-ssh '*' test.ping 3 salt-ssh 'salt1*' test.ping 4 # 正则表达式 5 salt-ssh -E 'salt1.*' test.ping 6 salt-ssh -E 'salt(100|03)' test.ping 7 # 列表 8 salt-ssh -L 'salt100,salt02' test.ping
3.3. salt-ssh使用raw shell测试
查看环境变量
1 [root@salt100 ~]# salt-ssh 'salt01' -r 'echo "${PATH}"' 2 salt01: 3 ---------- 4 retcode: 5 0 6 stderr: 7 stdout: 8 /usr/local/bin:/usr/bin
说明:
有时会因为环境变量的原因找不到命令,这时需要你使用命令的全路径即可。
1 salt-ssh '*' -r 'df -h' 2 salt-ssh '*' -r '/usr/sbin/ifconfig' # 使用了全路径 3 salt-ssh '*' -r '/usr/sbin/ip address' 4 salt-ssh '*' -r 'whoami'
3.4. salt-ssh通过raw shell进行安装包操作
salt-ssh '*' -r 'sudo yum install -y nmap'
3.5. salt-ssh使用grains和pillar
1 [root@salt100 web]# salt-ssh 'salt01' grains.item os 2 salt01: 3 ---------- 4 os: 5 redhat01 6 [root@salt100 web]# 7 [root@salt100 web]# salt-ssh 'salt01' pillar.items 8 salt01: 9 ---------- 10 level1: 11 ---------- 12 level2: 13 None 14 service_appoint: 15