欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

Saltstack_使用指南17_salt-ssh

程序员文章站 2022-07-01 08:48:45
1. 主机规划 salt 版本 salt ssh文档 2. salt-ssh实现步骤 2.1. 部署salt-ssh 在salt100上部署salt-ssh 查看版本信息 2.2. salt-ssh配置 3. salt-ssh操作测试 3.1. 首次通信并实现秘钥登录 注意: 第一次连接时会输入密码 ......

 

1. 主机规划

Saltstack_使用指南17_salt-ssh

 

salt 版本

1 [root@salt100 ~]# salt --version
2 salt 2018.3.3 (oxygen)
3 [root@salt100 ~]# salt-minion --version
4 salt-minion 2018.3.3 (oxygen)

 

salt ssh文档

https://docs.saltstack.com/en/latest/topics/ssh/index.html

 

2. salt-ssh实现步骤

2.1. 部署salt-ssh

在salt100上部署salt-ssh

yum install -y salt-ssh    

 

查看版本信息

1 [root@salt100 ~]# salt-ssh --version
2 salt-ssh 2018.3.3 (oxygen)

 

2.2. salt-ssh配置

 1 [root@salt100 ~]# cat /etc/salt/roster 
 2 # sample salt-ssh config file
 3 #web1:
 4 #  host: 192.168.42.1 # the ip addr or dns hostname
 5 #  user: fred         # remote executions will be executed as user fred
 6 #  passwd: foobarbaz  # the password to use for login, if omitted, keys are used
 7 #  sudo: true         # whether to sudo to root, not enabled by default
 8 #web2:
 9 #  host: 192.168.42.2
10 
11 # 添加信息如下:
12 # 由于所有机器做了禁止root远程登录,所以这里只能使用普通用户登录,通过提权到root
13 # 普通用户远程
14 salt100:
15   host: 172.16.1.100 # the ip addr or dns hostname
16   user: yun         # remote executions will be executed as user fred
17   # passwd: foobarbaz  # the password to use for login, if omitted, keys are used
18   sudo: true         # whether to sudo to root, not enabled by default
19   port: 22           # default port is 22
20 
21 salt01:
22   host: 172.16.1.11
23   user: yun
24   sudo: true
25 
26 salt02:
27   host: 172.16.1.12
28   user: yun
29   sudo: true
30 
31 salt03:
32   host: 172.16.1.13
33   user: yun
34   sudo: true

 

3. salt-ssh操作测试

3.1. 首次通信并实现秘钥登录

 1 [root@salt100 ~]# salt-ssh '*' test.ping -i  # 有参数 -i ,之后就可以不需要该参数了
 2 permission denied for host salt100, do you want to deploy the salt-ssh key? (password required):
 3 [y/n] y
 4 password for yun@salt100: 
 5 salt100:
 6     true
 7 permission denied for host salt02, do you want to deploy the salt-ssh key? (password required):
 8 [y/n] y
 9 password for yun@salt02: 
10 salt02:
11     true
12 permission denied for host salt01, do you want to deploy the salt-ssh key? (password required):
13 [y/n] y
14 password for yun@salt01: 
15 salt01:
16     true
17 permission denied for host salt03, do you want to deploy the salt-ssh key? (password required):
18 [y/n] y
19 password for yun@salt03: 
20 salt03:
21     true

注意:

第一次连接时会输入密码,并实现秘钥登录,这样以后就使用秘钥进行交互了。

会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录,参见《saltstack_使用指南01_部署》说明」。

 

3.2. salt-ssh目标指定

目前支持三种方式指定目标:通配符、正则表达式、列表

1 # 通配符
2 salt-ssh '*' test.ping  
3 salt-ssh 'salt1*' test.ping  
4 # 正则表达式
5 salt-ssh -e 'salt1.*' test.ping  
6 salt-ssh -e 'salt(100|03)' test.ping  
7 # 列表
8 salt-ssh -l 'salt100,salt02' test.ping  

 

3.3. salt-ssh使用raw shell测试

查看环境变量

1 [root@salt100 ~]# salt-ssh 'salt01' -r 'echo "${path}"' 
2 salt01:
3     ----------
4     retcode:
5         0
6     stderr:
7     stdout:
8         /usr/local/bin:/usr/bin

说明:

有时会因为环境变量的原因找不到命令,这时需要你使用命令的全路径即可。

1 salt-ssh '*' -r 'df -h' 
2 salt-ssh '*' -r '/usr/sbin/ifconfig'   # 使用了全路径
3 salt-ssh '*' -r '/usr/sbin/ip address' 
4 salt-ssh '*' -r 'whoami' 

 

3.4. salt-ssh通过raw shell进行安装包操作

salt-ssh '*' -r 'sudo yum install -y nmap' 

 

3.5. salt-ssh使用grains和pillar

 1 [root@salt100 web]# salt-ssh 'salt01' grains.item os
 2 salt01:
 3     ----------
 4     os:
 5         redhat01
 6 [root@salt100 web]# 
 7 [root@salt100 web]# salt-ssh 'salt01' pillar.items
 8 salt01:
 9     ----------
10     level1:
11         ----------
12         level2:
13             none
14     service_appoint:
15         www

 

3.6. salt-ssh使用状态模块

可参见:《saltstack_使用指南03_配置管理

 1 [root@salt100 web]# salt-ssh 'salt01' state.highstate test=true  # 使用 state.highstate 还是存在有些问题,所以不要用该函数
 2 salt01:
 3 
 4 summary for salt01
 5 -----------
 6 succeeded: 0
 7 failed:   0
 8 -----------
 9 total states run:    0
10 total run time:  0.000 ms
11 [root@salt100 web]# 
12 [root@salt100 web]# 
13 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache test=true  # 正常使用
14 salt01:
15 ----------
16           id: apache-install
17     function: pkg.installed
18         name: httpd
19       result: true
20      comment: all specified packages are already installed
21      started: 10:26:46.078678
22     duration: 896.211 ms
23      changes:   
24 ----------
25           id: apache-install
26     function: pkg.installed
27         name: httpd-devel
28       result: true
29      comment: all specified packages are already installed
30      started: 10:26:46.975113
31     duration: 16.735 ms
32      changes:   
33 ----------
34           id: apache-service
35     function: service.running
36         name: httpd
37       result: none
38      comment: service httpd is set to start
39      started: 10:26:46.992651
40     duration: 306.683 ms
41      changes:   
42 
43 summary for salt01
44 ------------
45 succeeded: 3 (unchanged=1)
46 failed:    0
47 ------------
48 total states run:     3
49 total run time:   1.220 s
50 [root@salt100 web]# 
51 [root@salt100 web]# 
52 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache  # 正常使用
53 salt01:
54 ----------
55           id: apache-install
56     function: pkg.installed
57         name: httpd
58       result: true
59      comment: all specified packages are already installed
60      started: 10:26:58.298577
61     duration: 907.003 ms
62      changes:   
63 ----------
64           id: apache-install
65     function: pkg.installed
66         name: httpd-devel
67       result: true
68      comment: all specified packages are already installed
69      started: 10:26:59.205783
70     duration: 16.56 ms
71      changes:   
72 ----------
73           id: apache-service
74     function: service.running
75         name: httpd
76       result: true
77      comment: service httpd has been enabled, and is running
78      started: 10:26:59.223138
79     duration: 980.719 ms
80      changes:   
81               ----------
82               httpd:
83                   true
84 
85 summary for salt01
86 ------------
87 succeeded: 3 (changed=1)
88 failed:    0
89 ------------
90 total states run:     3
91 total run time:   1.904 s

 

———————————————end———————————————

Saltstack_使用指南17_salt-ssh