Saltstack_使用指南17_salt-ssh
1. 主机规划
salt 版本
1 [root@salt100 ~]# salt --version 2 salt 2018.3.3 (Oxygen) 3 [root@salt100 ~]# salt-minion --version 4 salt-minion 2018.3.3 (Oxygen)
salt ssh文档
https://docs.saltstack.com/en/latest/topics/ssh/index.html
2. salt-ssh实现步骤
2.1. 部署salt-ssh
在salt100上部署salt-ssh
yum install -y salt-ssh
查看版本信息
1 [root@salt100 ~]# salt-ssh --version 2 salt-ssh 2018.3.3 (Oxygen)
2.2. salt-ssh配置
1 [root@salt100 ~]# cat /etc/salt/roster 2 # Sample salt-ssh config file 3 #web1: 4 # host: 192.168.42.1 # The IP addr or DNS hostname 5 # user: fred # Remote executions will be executed as user fred 6 # passwd: foobarbaz # The password to use for login, if omitted, keys are used 7 # sudo: True # Whether to sudo to root, not enabled by default 8 #web2: 9 # host: 192.168.42.2 10 11 # 添加信息如下: 12 # 由于所有机器做了禁止root远程登录,所以这里只能使用普通用户登录,通过提权到root 13 # 普通用户远程 14 salt100: 15 host: 172.16.1.100 # The IP addr or DNS hostname 16 user: yun # Remote executions will be executed as user fred 17 # passwd: foobarbaz # The password to use for login, if omitted, keys are used 18 sudo: True # Whether to sudo to root, not enabled by default 19 port: 22 # default port is 22 20 21 salt01: 22 host: 172.16.1.11 23 user: yun 24 sudo: True 25 26 salt02: 27 host: 172.16.1.12 28 user: yun 29 sudo: True 30 31 salt03: 32 host: 172.16.1.13 33 user: yun 34 sudo: True
3. salt-ssh操作测试
3.1. 首次通信并实现秘钥登录
1 [root@salt100 ~]# salt-ssh '*' test.ping -i # 有参数 -i ,之后就可以不需要该参数了 2 Permission denied for host salt100, do you want to deploy the salt-ssh key? (password required): 3 [Y/n] y 4 Password for yun@salt100: 5 salt100: 6 True 7 Permission denied for host salt02, do you want to deploy the salt-ssh key? (password required): 8 [Y/n] y 9 Password for yun@salt02: 10 salt02: 11 True 12 Permission denied for host salt01, do you want to deploy the salt-ssh key? (password required): 13 [Y/n] y 14 Password for yun@salt01: 15 salt01: 16 True 17 Permission denied for host salt03, do you want to deploy the salt-ssh key? (password required): 18 [Y/n] y 19 Password for yun@salt03: 20 salt03: 21 True
注意:
第一次连接时会输入密码,并实现秘钥登录,这样以后就使用秘钥进行交互了。
会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录,参见《Saltstack_使用指南01_部署》说明」。
3.2. salt-ssh目标指定
目前支持三种方式指定目标:通配符、正则表达式、列表
1 # 通配符 2 salt-ssh '*' test.ping 3 salt-ssh 'salt1*' test.ping 4 # 正则表达式 5 salt-ssh -E 'salt1.*' test.ping 6 salt-ssh -E 'salt(100|03)' test.ping 7 # 列表 8 salt-ssh -L 'salt100,salt02' test.ping
3.3. salt-ssh使用raw shell测试
查看环境变量
1 [root@salt100 ~]# salt-ssh 'salt01' -r 'echo "${PATH}"' 2 salt01: 3 ---------- 4 retcode: 5 0 6 stderr: 7 stdout: 8 /usr/local/bin:/usr/bin
说明:
有时会因为环境变量的原因找不到命令,这时需要你使用命令的全路径即可。
1 salt-ssh '*' -r 'df -h' 2 salt-ssh '*' -r '/usr/sbin/ifconfig' # 使用了全路径 3 salt-ssh '*' -r '/usr/sbin/ip address' 4 salt-ssh '*' -r 'whoami'
3.4. salt-ssh通过raw shell进行安装包操作
salt-ssh '*' -r 'sudo yum install -y nmap'
3.5. salt-ssh使用grains和pillar
1 [root@salt100 web]# salt-ssh 'salt01' grains.item os 2 salt01: 3 ---------- 4 os: 5 redhat01 6 [root@salt100 web]# 7 [root@salt100 web]# salt-ssh 'salt01' pillar.items 8 salt01: 9 ---------- 10 level1: 11 ---------- 12 level2: 13 None 14 service_appoint: 15 www
3.6. salt-ssh使用状态模块
可参见:《Saltstack_使用指南03_配置管理》
1 [root@salt100 web]# salt-ssh 'salt01' state.highstate test=true # 使用 state.highstate 还是存在有些问题,所以不要用该函数 2 salt01: 3 4 Summary for salt01 5 ----------- 6 Succeeded: 0 7 Failed: 0 8 ----------- 9 Total states run: 0 10 Total run time: 0.000 ms 11 [root@salt100 web]# 12 [root@salt100 web]# 13 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache test=true # 正常使用 14 salt01: 15 ---------- 16 ID: apache-install 17 Function: pkg.installed 18 Name: httpd 19 Result: True 20 Comment: All specified packages are already installed 21 Started: 10:26:46.078678 22 Duration: 896.211 ms 23 Changes: 24 ---------- 25 ID: apache-install 26 Function: pkg.installed 27 Name: httpd-devel 28 Result: True 29 Comment: All specified packages are already installed 30 Started: 10:26:46.975113 31 Duration: 16.735 ms 32 Changes: 33 ---------- 34 ID: apache-service 35 Function: service.running 36 Name: httpd 37 Result: None 38 Comment: Service httpd is set to start 39 Started: 10:26:46.992651 40 Duration: 306.683 ms 41 Changes: 42 43 Summary for salt01 44 ------------ 45 Succeeded: 3 (unchanged=1) 46 Failed: 0 47 ------------ 48 Total states run: 3 49 Total run time: 1.220 s 50 [root@salt100 web]# 51 [root@salt100 web]# 52 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache # 正常使用 53 salt01: 54 ---------- 55 ID: apache-install 56 Function: pkg.installed 57 Name: httpd 58 Result: True 59 Comment: All specified packages are already installed 60 Started: 10:26:58.298577 61 Duration: 907.003 ms 62 Changes: 63 ---------- 64 ID: apache-install 65 Function: pkg.installed 66 Name: httpd-devel 67 Result: True 68 Comment: All specified packages are already installed 69 Started: 10:26:59.205783 70 Duration: 16.56 ms 71 Changes: 72 ---------- 73 ID: apache-service 74 Function: service.running 75 Name: httpd 76 Result: True 77 Comment: Service httpd has been enabled, and is running 78 Started: 10:26:59.223138 79 Duration: 980.719 ms 80 Changes: 81 ---------- 82 httpd: 83 True 84 85 Summary for salt01 86 ------------ 87 Succeeded: 3 (changed=1) 88 Failed: 0 89 ------------ 90 Total states run: 3 91 Total run time: 1.904 s
———————————————END———————————————