Saltstack_使用指南17_salt-ssh
程序员文章站
2022-03-16 15:49:15
1. 主机规划 salt 版本 salt ssh文档 2. salt-ssh实现步骤 2.1. 部署salt-ssh 在salt100上部署salt-ssh 查看版本信息 2.2. salt-ssh配置 3. salt-ssh操作测试 3.1. 首次通信并实现秘钥登录 注意: 第一次连接时会输入密码 ......
1. 主机规划
salt 版本
1 [root@salt100 ~]# salt --version 2 salt 2018.3.3 (oxygen) 3 [root@salt100 ~]# salt-minion --version 4 salt-minion 2018.3.3 (oxygen)
salt ssh文档
https://docs.saltstack.com/en/latest/topics/ssh/index.html
2. salt-ssh实现步骤
2.1. 部署salt-ssh
在salt100上部署salt-ssh
yum install -y salt-ssh
查看版本信息
1 [root@salt100 ~]# salt-ssh --version 2 salt-ssh 2018.3.3 (oxygen)
2.2. salt-ssh配置
1 [root@salt100 ~]# cat /etc/salt/roster 2 # sample salt-ssh config file 3 #web1: 4 # host: 192.168.42.1 # the ip addr or dns hostname 5 # user: fred # remote executions will be executed as user fred 6 # passwd: foobarbaz # the password to use for login, if omitted, keys are used 7 # sudo: true # whether to sudo to root, not enabled by default 8 #web2: 9 # host: 192.168.42.2 10 11 # 添加信息如下: 12 # 由于所有机器做了禁止root远程登录,所以这里只能使用普通用户登录,通过提权到root 13 # 普通用户远程 14 salt100: 15 host: 172.16.1.100 # the ip addr or dns hostname 16 user: yun # remote executions will be executed as user fred 17 # passwd: foobarbaz # the password to use for login, if omitted, keys are used 18 sudo: true # whether to sudo to root, not enabled by default 19 port: 22 # default port is 22 20 21 salt01: 22 host: 172.16.1.11 23 user: yun 24 sudo: true 25 26 salt02: 27 host: 172.16.1.12 28 user: yun 29 sudo: true 30 31 salt03: 32 host: 172.16.1.13 33 user: yun 34 sudo: true
3. salt-ssh操作测试
3.1. 首次通信并实现秘钥登录
1 [root@salt100 ~]# salt-ssh '*' test.ping -i # 有参数 -i ,之后就可以不需要该参数了 2 permission denied for host salt100, do you want to deploy the salt-ssh key? (password required): 3 [y/n] y 4 password for yun@salt100: 5 salt100: 6 true 7 permission denied for host salt02, do you want to deploy the salt-ssh key? (password required): 8 [y/n] y 9 password for yun@salt02: 10 salt02: 11 true 12 permission denied for host salt01, do you want to deploy the salt-ssh key? (password required): 13 [y/n] y 14 password for yun@salt01: 15 salt01: 16 true 17 permission denied for host salt03, do you want to deploy the salt-ssh key? (password required): 18 [y/n] y 19 password for yun@salt03: 20 salt03: 21 true
注意:
第一次连接时会输入密码,并实现秘钥登录,这样以后就使用秘钥进行交互了。
会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录,参见《saltstack_使用指南01_部署》说明」。
3.2. salt-ssh目标指定
目前支持三种方式指定目标:通配符、正则表达式、列表
1 # 通配符 2 salt-ssh '*' test.ping 3 salt-ssh 'salt1*' test.ping 4 # 正则表达式 5 salt-ssh -e 'salt1.*' test.ping 6 salt-ssh -e 'salt(100|03)' test.ping 7 # 列表 8 salt-ssh -l 'salt100,salt02' test.ping
3.3. salt-ssh使用raw shell测试
查看环境变量
1 [root@salt100 ~]# salt-ssh 'salt01' -r 'echo "${path}"' 2 salt01: 3 ---------- 4 retcode: 5 0 6 stderr: 7 stdout: 8 /usr/local/bin:/usr/bin
说明:
有时会因为环境变量的原因找不到命令,这时需要你使用命令的全路径即可。
1 salt-ssh '*' -r 'df -h' 2 salt-ssh '*' -r '/usr/sbin/ifconfig' # 使用了全路径 3 salt-ssh '*' -r '/usr/sbin/ip address' 4 salt-ssh '*' -r 'whoami'
3.4. salt-ssh通过raw shell进行安装包操作
salt-ssh '*' -r 'sudo yum install -y nmap'
3.5. salt-ssh使用grains和pillar
1 [root@salt100 web]# salt-ssh 'salt01' grains.item os 2 salt01: 3 ---------- 4 os: 5 redhat01 6 [root@salt100 web]# 7 [root@salt100 web]# salt-ssh 'salt01' pillar.items 8 salt01: 9 ---------- 10 level1: 11 ---------- 12 level2: 13 none 14 service_appoint: 15 www
3.6. salt-ssh使用状态模块
可参见:《saltstack_使用指南03_配置管理》
1 [root@salt100 web]# salt-ssh 'salt01' state.highstate test=true # 使用 state.highstate 还是存在有些问题,所以不要用该函数 2 salt01: 3 4 summary for salt01 5 ----------- 6 succeeded: 0 7 failed: 0 8 ----------- 9 total states run: 0 10 total run time: 0.000 ms 11 [root@salt100 web]# 12 [root@salt100 web]# 13 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache test=true # 正常使用 14 salt01: 15 ---------- 16 id: apache-install 17 function: pkg.installed 18 name: httpd 19 result: true 20 comment: all specified packages are already installed 21 started: 10:26:46.078678 22 duration: 896.211 ms 23 changes: 24 ---------- 25 id: apache-install 26 function: pkg.installed 27 name: httpd-devel 28 result: true 29 comment: all specified packages are already installed 30 started: 10:26:46.975113 31 duration: 16.735 ms 32 changes: 33 ---------- 34 id: apache-service 35 function: service.running 36 name: httpd 37 result: none 38 comment: service httpd is set to start 39 started: 10:26:46.992651 40 duration: 306.683 ms 41 changes: 42 43 summary for salt01 44 ------------ 45 succeeded: 3 (unchanged=1) 46 failed: 0 47 ------------ 48 total states run: 3 49 total run time: 1.220 s 50 [root@salt100 web]# 51 [root@salt100 web]# 52 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache # 正常使用 53 salt01: 54 ---------- 55 id: apache-install 56 function: pkg.installed 57 name: httpd 58 result: true 59 comment: all specified packages are already installed 60 started: 10:26:58.298577 61 duration: 907.003 ms 62 changes: 63 ---------- 64 id: apache-install 65 function: pkg.installed 66 name: httpd-devel 67 result: true 68 comment: all specified packages are already installed 69 started: 10:26:59.205783 70 duration: 16.56 ms 71 changes: 72 ---------- 73 id: apache-service 74 function: service.running 75 name: httpd 76 result: true 77 comment: service httpd has been enabled, and is running 78 started: 10:26:59.223138 79 duration: 980.719 ms 80 changes: 81 ---------- 82 httpd: 83 true 84 85 summary for salt01 86 ------------ 87 succeeded: 3 (changed=1) 88 failed: 0 89 ------------ 90 total states run: 3 91 total run time: 1.904 s
———————————————end———————————————