官方文档地址:
https://docs.saltstack.com/en/latest/topics/ssh/index.html
salt-ssh介绍
- 1.salt-ssh 是 0.17.0 新引入的一个功能,不需要minion对客户端进行管理,也不需要master。
- 2.salt-ssh 支持salt大部分的功能,如:grains、modules、state 等。
- 3.salt-ssh 没有使用ZeroMQ的通信架构,执行是串行模式。
类似的有 paramiko、pssh、ansible 这类工具。
Roster使用
salt-ssh需要一个名单系统来确定哪些执行目标,Salt的0.17.0版本中salt-ssh引入roster系统。roster系统编译成了一个数据结构,包含了targets,这些targets是一个目标系统主机列表和或如连接到这些targets。
配置文件如下:
# target的信息
host: # 远端主机的ip地址或者dns域名
user: # 登录的用户
passwd: # 用户密码,如果不使用此选项,则默认使用密钥方式
# 可选的部分
port: # ssh端口
sudo: # 可以通过sudo
tty: # 如果设置了sudo,设置这个参数为true
priv: # ssh秘钥的文件路径
timeout: # 当建立链接时等待响应时间的秒数
minion_opts: # minion的位置路径
thin_dir: # target系统的存储目录,默认是/tmp/salt-<hash>
cmd_umask: # 使用salt-call命令的umask值
安装配置
1.安装salt-ssh
[root@linux-node1 ~]# yum install salt-ssh -y
2.修改roster文件,配置要管理的机器
[root@linux-node1 ~]# tail -11 /etc/salt/roster
linux-node1.example.com:
host: 192.168.56.11
user: root
passwd: 123456
port: 22
linux-node2.example.com:
host: 192.168.56.12
user: root
passwd: 123456
port: 22
3.进行管理测试
# 参数-i=yes,测试,如果询问密码就加-i,直接帮你确认
[root@linux-node1 ~]# salt-ssh '*' test.ping -i
linux-node1.example.com:
True
linux-node2.example.com:
True
4.salt-ssh命令用法
-r, –raw, –raw-shell # 直接使用shell命令
--priv # 指定SSH私有密钥文件
--roster # 定义使用哪个roster系统,如果定义了一个后端数据库,扫描方式,或者用户自定义的的roster系统,默认的就是/etc/salt/roster文件
--roster-file # 指定roster文件
--refresh, –refresh-cache # 刷新cache,如果target的grains改变会自动刷新
--max-procs # 指定进程数,默认为25
-i, –ignore-host-keys # 当ssh连接时,忽略keys
--passwd # 指定默认密码
--key-deploy # 配置keys 设置这个参数对于所有minions用来部署ssh-key认证,这个参数和--passwd结合起来使用会使初始化部署很快很方便。当调用master模块时,并加上参数 --key-deploy 即可在minions生成keys,下次开始就不使用密码。
5.salt-ssh执行状态模块
[root@linux-node1 ~]# salt-ssh '*' state.sls web.lamp
linux-node2.example.com:
----------
ID: lamp-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed.
Started: 00:31:01.867400
Duration: 802.47 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 00:31:02.694092
Duration: 52.696 ms
Changes:
----------
ID: php-config
Function: file.managed
Name: /etc/php.ini
Result: True
Comment: File /etc/php.ini is in the correct state
Started: 00:31:02.746901
Duration: 1.453 ms
Changes:
----------
ID: lamp-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 00:31:02.752421
Duration: 249.895 ms
Changes:
----------
ID: apache-conf
Function: file.recurse
Name: /etc/httpd/conf.d
Result: True
Comment: The directory /etc/httpd/conf.d is in the correct state
Started: 00:31:03.002535
Duration: 7.066 ms
Changes:
----------
ID: apache-auth
Function: pkg.installed
Name: httpd-tools
Result: True
Comment: Package httpd-tools is already installed.
Started: 00:31:03.009760
Duration: 0.512 ms
Changes:
----------
ID: apache-auth
Function: cmd.run
Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
Result: True
Comment: unless execution succeeded
Started: 00:31:03.016294
Duration: 7.043 ms
Changes:
Summary
------------
Succeeded: 7
Failed: 0
------------
Total states run: 7
linux-node1.example.com:
----------
ID: lamp-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed.
Started: 00:31:01.479393
Duration: 1072.439 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 00:31:02.575303
Duration: 54.346 ms
Changes:
----------
ID: php-config
Function: file.managed
Name: /etc/php.ini
Result: True
Comment: File /etc/php.ini is in the correct state
Started: 00:31:02.629757
Duration: 1.963 ms
Changes:
----------
ID: lamp-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 00:31:02.635879
Duration: 233.048 ms
Changes:
----------
ID: apache-conf
Function: file.recurse
Name: /etc/httpd/conf.d
Result: True
Comment: The directory /etc/httpd/conf.d is in the correct state
Started: 00:31:02.869236
Duration: 5.416 ms
Changes:
----------
ID: apache-auth
Function: pkg.installed
Name: httpd-tools
Result: True
Comment: Package httpd-tools is already installed.
Started: 00:31:02.874737
Duration: 0.5 ms
Changes:
----------
ID: apache-auth
Function: cmd.run
Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
Result: True
Comment: unless execution succeeded
Started: 00:31:02.880676
Duration: 5.381 ms
Changes:
Summary
------------
Succeeded: 7
Failed: 0
------------
Total states run: 7
总结
- 1.salt-ssh是在salt基础上打了一个python包上传到客户端的默认/tmp目录下,在客户端上面解压并执行返回结果,最后删除/tmp上传的临时文件。
- 2.salt-minion方法是salt-master先执行语法验证,验证通过后发送到minion,minion收到master的状态文件默认保存在/var/cache/salt/minion,注意:也有时候salt-master语法验证通过,在minion上可能因为环境问题会执行失败。
- 3.salt-ssh和salt-minion可以共存,salt-minion不依赖于ssh服务。