Saltstack_使用指南17_salt-ssh

1. 主机规划

salt 版本

1 [[email protected] ~]# salt --version
2 salt 2018.3.3 (Oxygen)
3 [[email protected] ~]# salt-minion --version
4 salt-minion 2018.3.3 (Oxygen)

salt ssh文档

https://docs.saltstack.com/en/latest/topics/ssh/index.html

2. salt-ssh实现步骤

2.1. 部署salt-ssh

在salt100上部署salt-ssh

yum install -y salt-ssh    

查看版本信息

1 [[email protected] ~]# salt-ssh --version
2 salt-ssh 2018.3.3 (Oxygen)

2.2. salt-ssh配置

 1 [[email protected] ~]# cat /etc/salt/roster
 2 # Sample salt-ssh config file
 3 #web1:
 4 #  host: 192.168.42.1 # The IP addr or DNS hostname
 5 #  user: fred         # Remote executions will be executed as user fred
 6 #  passwd: foobarbaz  # The password to use for login, if omitted, keys are used
 7 #  sudo: True         # Whether to sudo to root, not enabled by default
 8 #web2:
 9 #  host: 192.168.42.2
10
11 # 添加信息如下:
12 # 由于所有机器做了禁止root远程登录,所以这里只能使用普通用户登录,通过提权到root
13 # 普通用户远程
14 salt100:
15   host: 172.16.1.100 # The IP addr or DNS hostname
16   user: yun         # Remote executions will be executed as user fred
17   # passwd: foobarbaz  # The password to use for login, if omitted, keys are used
18   sudo: True         # Whether to sudo to root, not enabled by default
19   port: 22           # default port is 22
20
21 salt01:
22   host: 172.16.1.11
23   user: yun
24   sudo: True
25
26 salt02:
27   host: 172.16.1.12
28   user: yun
29   sudo: True
30
31 salt03:
32   host: 172.16.1.13
33   user: yun
34   sudo: True

3. salt-ssh操作测试

3.1. 首次通信并实现秘钥登录

 1 [[email protected] ~]# salt-ssh ‘*‘ test.ping -i  # 有参数 -i ,之后就可以不需要该参数了
 2 Permission denied for host salt100, do you want to deploy the salt-ssh key? (password required):
 3 [Y/n] y
 4 Password for [email protected]:
 5 salt100:
 6     True
 7 Permission denied for host salt02, do you want to deploy the salt-ssh key? (password required):
 8 [Y/n] y
 9 Password for [email protected]:
10 salt02:
11     True
12 Permission denied for host salt01, do you want to deploy the salt-ssh key? (password required):
13 [Y/n] y
14 Password for [email protected]:
15 salt01:
16     True
17 Permission denied for host salt03, do you want to deploy the salt-ssh key? (password required):
18 [Y/n] y
19 Password for [email protected]:
20 salt03:
21     True

注意:

第一次连接时会输入密码,并实现秘钥登录,这样以后就使用秘钥进行交互了。

会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录,参见《Saltstack_使用指南01_部署》说明」。

3.2. salt-ssh目标指定

目前支持三种方式指定目标:通配符、正则表达式、列表

1 # 通配符
2 salt-ssh ‘*‘ test.ping
3 salt-ssh ‘salt1*‘ test.ping
4 # 正则表达式
5 salt-ssh -E ‘salt1.*‘ test.ping
6 salt-ssh -E ‘salt(100|03)‘ test.ping
7 # 列表
8 salt-ssh -L ‘salt100,salt02‘ test.ping  

3.3. salt-ssh使用raw shell测试

查看环境变量

1 [[email protected] ~]# salt-ssh ‘salt01‘ -r ‘echo "${PATH}"‘
2 salt01:
3     ----------
4     retcode:
5         0
6     stderr:
7     stdout:
8         /usr/local/bin:/usr/bin

说明:

有时会因为环境变量的原因找不到命令,这时需要你使用命令的全路径即可。

1 salt-ssh ‘*‘ -r ‘df -h‘
2 salt-ssh ‘*‘ -r ‘/usr/sbin/ifconfig‘   # 使用了全路径
3 salt-ssh ‘*‘ -r ‘/usr/sbin/ip address‘
4 salt-ssh ‘*‘ -r ‘whoami‘ 

3.4. salt-ssh通过raw shell进行安装包操作

salt-ssh ‘*‘ -r ‘sudo yum install -y nmap‘ 

3.5. salt-ssh使用grains和pillar

 1 [[email protected] web]# salt-ssh ‘salt01‘ grains.item os
 2 salt01:
 3     ----------
 4     os:
 5         redhat01
 6 [[email protected] web]#
 7 [[email protected] web]# salt-ssh ‘salt01‘ pillar.items
 8 salt01:
 9     ----------
10     level1:
11         ----------
12         level2:
13             None
14     service_appoint:
15         www

3.6. salt-ssh使用状态模块

可参见:《Saltstack_使用指南03_配置管理

 1 [[email protected] web]# salt-ssh ‘salt01‘ state.highstate test=true  # 使用 state.highstate 还是存在有些问题,所以不要用该函数
 2 salt01:
 3
 4 Summary for salt01
 5 -----------
 6 Succeeded: 0
 7 Failed:   0
 8 -----------
 9 Total states run:    0
10 Total run time:  0.000 ms
11 [[email protected] web]#
12 [[email protected] web]#
13 [[email protected] web]# salt-ssh ‘salt01‘ state.sls web.apache test=true  # 正常使用
14 salt01:
15 ----------
16           ID: apache-install
17     Function: pkg.installed
18         Name: httpd
19       Result: True
20      Comment: All specified packages are already installed
21      Started: 10:26:46.078678
22     Duration: 896.211 ms
23      Changes:
24 ----------
25           ID: apache-install
26     Function: pkg.installed
27         Name: httpd-devel
28       Result: True
29      Comment: All specified packages are already installed
30      Started: 10:26:46.975113
31     Duration: 16.735 ms
32      Changes:
33 ----------
34           ID: apache-service
35     Function: service.running
36         Name: httpd
37       Result: None
38      Comment: Service httpd is set to start
39      Started: 10:26:46.992651
40     Duration: 306.683 ms
41      Changes:
42
43 Summary for salt01
44 ------------
45 Succeeded: 3 (unchanged=1)
46 Failed:    0
47 ------------
48 Total states run:     3
49 Total run time:   1.220 s
50 [[email protected] web]#
51 [[email protected] web]#
52 [[email protected] web]# salt-ssh ‘salt01‘ state.sls web.apache  # 正常使用
53 salt01:
54 ----------
55           ID: apache-install
56     Function: pkg.installed
57         Name: httpd
58       Result: True
59      Comment: All specified packages are already installed
60      Started: 10:26:58.298577
61     Duration: 907.003 ms
62      Changes:
63 ----------
64           ID: apache-install
65     Function: pkg.installed
66         Name: httpd-devel
67       Result: True
68      Comment: All specified packages are already installed
69      Started: 10:26:59.205783
70     Duration: 16.56 ms
71      Changes:
72 ----------
73           ID: apache-service
74     Function: service.running
75         Name: httpd
76       Result: True
77      Comment: Service httpd has been enabled, and is running
78      Started: 10:26:59.223138
79     Duration: 980.719 ms
80      Changes:
81               ----------
82               httpd:
83                   True
84
85 Summary for salt01
86 ------------
87 Succeeded: 3 (changed=1)
88 Failed:    0
89 ------------
90 Total states run:     3
91 Total run time:   1.904 s

———————————————END———————————————

原文地址:https://www.cnblogs.com/zhanglianghhh/p/10952104.html

时间: 2024-10-08 18:35:14

Saltstack_使用指南17_salt-ssh的相关文章

Saltstack_实战指南02_各主机Pillar信息指定

1. 实战项目GitHub地址 该项目已经放在了GitHub上,地址如下: https://github.com/zhanglianghhh/salt-example-lnmp 2. 主机规划 3. pillar的整体目录结构 1 [[email protected] pillar]# pwd 2 /srv/pillar 3 [[email protected]master pillar]# ll 4 total 4 5 drwxr-xr-x 2 root root 62 Mar 10 17:2

Saltstack_实战指南01_系统规划

1. 实战项目GitHub地址 之前<Saltstack_使用指南>详细讲解了saltstack的使用.那么从这节开始实战讲解,当然不会再像之前那样详细说明了.只是讲一些系统规划之类的信息. 具体的项目代码请参见GitHub. 该项目已经放在了GitHub上,地址如下: https://github.com/zhanglianghhh/salt-example-lnmp 2. 主机规划 说明: 上述的salt03-web.salt04-web.salt05-web.salt150-master

Saltstack_使用指南01_部署

1. 主机规划 服务器名称 操作系统版本 内网IP 外网IP(模拟) Hostname 部署模块 salt100 CentOS7.5 172.16.1.100 10.0.0.100 salt100 salt-master.salt-minion salt01 CentOS7.5 172.16.1.11 10.0.0.11 salt01 salt-minion salt02 CentOS7.5 172.16.1.12 10.0.0.12 salt02 salt-minion salt03 Cent

Saltstack_使用指南04_数据系统-Grains

1. 主机规划 服务器名称 操作系统版本 内网IP 外网IP(模拟) Hostname 部署模块 salt100 CentOS7.5 172.16.1.100 10.0.0.100 salt100 salt-master.salt-minion salt01 CentOS7.5 172.16.1.11 10.0.0.11 salt01 salt-minion salt02 CentOS7.5 172.16.1.12 10.0.0.12 salt02 salt-minion salt03 Cent

Saltstack_使用指南07_远程执行-执行模块

1. 主机规划 远程执行教程文档 https://docs.saltstack.com/en/latest/topics/tutorials/modules.html 所有模块文档 https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules 模块在机器上存在的位置 1 [[email protected] modules]# pwd 2 /usr/lib/python2.7/site-packa

Saltstack_使用指南10_配置管理-状态模块

1. 主机规划 salt 版本 1 [[email protected] ~]# salt --version 2 salt 2018.3.3 (Oxygen) 3 [[email protected] ~]# salt-minion --version 4 salt-minion 2018.3.3 (Oxygen) 状态模块文档 https://docs.saltstack.com/en/latest/ref/states/all/index.html 注意事项 修改了master或者mini

Saltstack_使用指南09_远程执行-编写执行模块

1. 主机规划 salt 版本 1 [[email protected] ~]# salt --version 2 salt 2018.3.3 (Oxygen) 3 [[email protected] ~]# salt-minion --version 4 salt-minion 2018.3.3 (Oxygen) 编写执行模块文档 https://docs.saltstack.com/en/latest/ref/modules/index.html # 文档上的稍有些复杂 注意事项 修改了m

cygwin 的正确安装教程

http://www.cygwin.com/ 1 官方教程: This is the home of the Cygwin project Cygwin is : a large collection of GNU and Open Source tools which provide functionality similar to a Linux distributionon Windows. a DLL (cygwin1.dll) which provides substantial PO

《Ansible权威指南》笔记(1)——安装,ssh密钥登陆,命令

2016-12-23 读这本<Ansible权威指南>学习ansible,根据本书内容和网上的各种文档,以及经过自己测试,写出以下笔记.另,这本书内容很好,但印刷错误比较多,作者说第二版会改进,还没买的小伙伴们可以买第二版. 一.安装1.安装要求:控制服务器:需要安装Python2.6/2.7被管理服务器:需要安装Python2.4 以上版本,若低于Python2.5 需要安装pythonsimplejson;若启用了selinux,则需要安装libselinux-python 2.yum安装