Saltstack_使用指南17_salt-ssh

1. 主机规划

salt 版本

1 [root@salt100 ~]# salt --version
2 salt 2018.3.3 (Oxygen)
3 [root@salt100 ~]# salt-minion --version
4 salt-minion 2018.3.3 (Oxygen)

salt ssh文档

https://docs.saltstack.com/en/latest/topics/ssh/index.html

2. salt-ssh实现步骤

2.1. 部署salt-ssh

在salt100上部署salt-ssh

yum install -y salt-ssh

查看版本信息

1 [root@salt100 ~]# salt-ssh --version
2 salt-ssh 2018.3.3 (Oxygen)

2.2. salt-ssh配置

 1 [root@salt100 ~]# cat /etc/salt/roster 
 2 # Sample salt-ssh config file
 3 #web1:
 4 #  host: 192.168.42.1 # The IP addr or DNS hostname
 5 #  user: fred         # Remote executions will be executed as user fred
 6 #  passwd: foobarbaz  # The password to use for login, if omitted, keys are used
 7 #  sudo: True         # Whether to sudo to root, not enabled by default
 8 #web2:
 9 #  host: 192.168.42.2
10 
11 # 添加信息如下：
12 # 由于所有机器做了禁止root远程登录，所以这里只能使用普通用户登录，通过提权到root
13 # 普通用户远程
14 salt100:
15   host: 172.16.1.100 # The IP addr or DNS hostname
16   user: yun         # Remote executions will be executed as user fred
17   # passwd: foobarbaz  # The password to use for login, if omitted, keys are used
18   sudo: True         # Whether to sudo to root, not enabled by default
19   port: 22           # default port is 22
20 
21 salt01:
22   host: 172.16.1.11
23   user: yun
24   sudo: True
25 
26 salt02:
27   host: 172.16.1.12
28   user: yun
29   sudo: True
30 
31 salt03:
32   host: 172.16.1.13
33   user: yun
34   sudo: True

3. salt-ssh操作测试

3.1. 首次通信并实现秘钥登录

 1 [root@salt100 ~]# salt-ssh '*' test.ping -i  # 有参数 -i ，之后就可以不需要该参数了
 2 Permission denied for host salt100, do you want to deploy the salt-ssh key? (password required):
 3 [Y/n] y
 4 Password for yun@salt100: 
 5 salt100:
 6     True
 7 Permission denied for host salt02, do you want to deploy the salt-ssh key? (password required):
 8 [Y/n] y
 9 Password for yun@salt02: 
10 salt02:
11     True
12 Permission denied for host salt01, do you want to deploy the salt-ssh key? (password required):
13 [Y/n] y
14 Password for yun@salt01: 
15 salt01:
16     True
17 Permission denied for host salt03, do you want to deploy the salt-ssh key? (password required):
18 [Y/n] y
19 Password for yun@salt03: 
20 salt03:
21     True

注意：

第一次连接时会输入密码，并实现秘钥登录，这样以后就使用秘钥进行交互了。

会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录，参见《Saltstack_使用指南01_部署》说明」。

3.2. salt-ssh目标指定

目前支持三种方式指定目标：通配符、正则表达式、列表

1 # 通配符
2 salt-ssh '*' test.ping  
3 salt-ssh 'salt1*' test.ping  
4 # 正则表达式
5 salt-ssh -E 'salt1.*' test.ping  
6 salt-ssh -E 'salt(100|03)' test.ping  
7 # 列表
8 salt-ssh -L 'salt100,salt02' test.ping

3.3. salt-ssh使用raw shell测试

查看环境变量

1 [root@salt100 ~]# salt-ssh 'salt01' -r 'echo "${PATH}"' 
2 salt01:
3     ----------
4     retcode:
5         0
6     stderr:
7     stdout:
8         /usr/local/bin:/usr/bin

说明：

有时会因为环境变量的原因找不到命令，这时需要你使用命令的全路径即可。

1 salt-ssh '*' -r 'df -h' 
2 salt-ssh '*' -r '/usr/sbin/ifconfig'   # 使用了全路径
3 salt-ssh '*' -r '/usr/sbin/ip address' 
4 salt-ssh '*' -r 'whoami'

3.4. salt-ssh通过raw shell进行安装包操作

salt-ssh '*' -r 'sudo yum install -y nmap'

3.5. salt-ssh使用grains和pillar

 1 [root@salt100 web]# salt-ssh 'salt01' grains.item os
 2 salt01:
 3     ----------
 4     os:
 5         redhat01
 6 [root@salt100 web]# 
 7 [root@salt100 web]# salt-ssh 'salt01' pillar.items
 8 salt01:
 9     ----------
10     level1:
11         ----------
12         level2:
13             None
14     service_appoint:
15         www

3.6. salt-ssh使用状态模块

可参见：《Saltstack_使用指南03_配置管理》

 1 [root@salt100 web]# salt-ssh 'salt01' state.highstate test=true  # 使用 state.highstate 还是存在有些问题，所以不要用该函数
 2 salt01:
 3 
 4 Summary for salt01
 5 -----------
 6 Succeeded: 0
 7 Failed:   0
 8 -----------
 9 Total states run:    0
10 Total run time:  0.000 ms
11 [root@salt100 web]# 
12 [root@salt100 web]# 
13 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache test=true  # 正常使用
14 salt01:
15 ----------
16           ID: apache-install
17     Function: pkg.installed
18         Name: httpd
19       Result: True
20      Comment: All specified packages are already installed
21      Started: 10:26:46.078678
22     Duration: 896.211 ms
23      Changes:   
24 ----------
25           ID: apache-install
26     Function: pkg.installed
27         Name: httpd-devel
28       Result: True
29      Comment: All specified packages are already installed
30      Started: 10:26:46.975113
31     Duration: 16.735 ms
32      Changes:   
33 ----------
34           ID: apache-service
35     Function: service.running
36         Name: httpd
37       Result: None
38      Comment: Service httpd is set to start
39      Started: 10:26:46.992651
40     Duration: 306.683 ms
41      Changes:   
42 
43 Summary for salt01
44 ------------
45 Succeeded: 3 (unchanged=1)
46 Failed:    0
47 ------------
48 Total states run:     3
49 Total run time:   1.220 s
50 [root@salt100 web]# 
51 [root@salt100 web]# 
52 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache  # 正常使用
53 salt01:
54 ----------
55           ID: apache-install
56     Function: pkg.installed
57         Name: httpd
58       Result: True
59      Comment: All specified packages are already installed
60      Started: 10:26:58.298577
61     Duration: 907.003 ms
62      Changes:   
63 ----------
64           ID: apache-install
65     Function: pkg.installed
66         Name: httpd-devel
67       Result: True
68      Comment: All specified packages are already installed
69      Started: 10:26:59.205783
70     Duration: 16.56 ms
71      Changes:   
72 ----------
73           ID: apache-service
74     Function: service.running
75         Name: httpd
76       Result: True
77      Comment: Service httpd has been enabled, and is running
78      Started: 10:26:59.223138
79     Duration: 980.719 ms
80      Changes:   
81               ----------
82               httpd:
83                   True
84 
85 Summary for salt01
86 ------------
87 Succeeded: 3 (changed=1)
88 Failed:    0
89 ------------
90 Total states run:     3
91 Total run time:   1.904 s