saltstack-ssh
salt-ssh功能
salt-ssh可以让我们不需要在受控机上安装salt-minion客户端也能够实现管理操作
salt-ssh的特点
- 远程系统需要Python支持,除非使用-r选项发送原始ssh命令
- salt-ssh是一个软件包,需安装之后才能使用,命令本身也是salt-ssh
- salt-ssh不会取代标准的Salt通信系统,它只是提供了一个基于SSH的替代方案,不需要ZeroMQ和agent
salt-ssh远程管理的方式
salt-ssh有两种方式实现远程管理,一种是在配置文件中记录所有客户端的信息,诸如 IP 地址、端口号、用户名、密码以及是否支持sudo等;另一种是使用密钥实现远程管理,不需要输入密码。
salt-ssh管理
安装salt-ssh
在这之前先安装salt源
这里是redhat8版本
https://repo.saltproject.io
#saltstack官网
安装salt源
sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo
安装salt-ssh
[root@server1 ~]# yum -y install salt-ssh
通过使用用户名密码的SSH实现远程管理
添加受控机信息
[root@server1 ~]# vim /etc/salt/roster
#web1:
# host: 192.168.42.1 # The IP addr or DNS hostname
# user: fred # Remote executions will be executed as user fred
# passwd: foobarbaz # The password to use for login, if omitted, keys are used
# sudo: True # Whether to sudo to root, not enabled by default
#web2:
# host: 192.168.42.2
node1:
host: 192.168.244.133
user: root
passwd: 1
node2:
host: 192.168.244.135
user: root
passwd: 1
测试是否可以ping通
[root@server1 ~]# salt-ssh '*' test.ping
node1:
----------
retcode:
10
stderr:
ERROR: Unable to locate appropriate python command
stdout:
ERROR: Python version error. Recommendation(s) follow:
- Install Python 3 on the target machine(s)
- You can use ssh_pre_flight or raw shell (-r) to install Python 3
node2:
----------
retcode:
10
stderr:
ERROR: Unable to locate appropriate python command
stdout:
ERROR: Python version error. Recommendation(s) follow:
- Install Python 3 on the target machine(s)
- You can use ssh_pre_flight or raw shell (-r) to install Python 3
报错是没有安装python3
那安装一个python3
[root@server1 ~]# salt-ssh -r '*' 'yum -y install py
thon3'
node2:
----------
retcode:
0
stderr:
Failed to set locale, defaulting to C.UTF-8
stdout:
root@192.168.244.135's password:
Updating Subscription Management repositorie
s.
Unable to read consumer identity
This system is not registered to Red Hat Sub
scription Management. You can use subscription-manag
er to register.
CentOS-8 - Base - mirrors.aliyun.com
46 kB/s | 3.9 kB 00:00
CentOS-8 - Base - mirrors.aliyun.com
2.0 MB/s | 3.5 MB 00:01
CentOS-8 - Extras - mirrors.aliyun.com
18 kB/s | 1.5 kB 00:00
CentOS-8 - AppStream - mirrors.aliyun.com
.....
node1:
----------
retcode:
0
stderr:
Failed to set locale, defaulting to C.UTF-8
Repository base is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository AppStream is listed more than once in the configuration
stdout:
root@192.168.244.133's password:
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Extra Packages for Enterprise Linux 7 - x86_64 792 kB/s | 17 MB 00:21
Salt repo for RHEL/CentOS 8 PY3 108 kB/s | 245 kB 00:02
Last metadata expiration check: 0:00:01 ago on Mon Nov 29 20:38:21 2021.
Dependencies resolved.
===========================================================================================
Package Arch Version Repo Size
===========================================================================================
Installing:
python36 x86_64 3.6.8-38.module_el8.5.0+895+a459eca8 AppStream 19 k
Upgrading:
......
在测试可否ping通
[root@server1 ~]# salt-ssh '*' test.ping
node2:
True
node1:
True
如果需要checking验证
在这个文件添加
[root@server1 ~]# cat /root/.ssh/config
StrictHostKeyChecking no
通过salt-ssh安装salt-minion
编写sls文件
[root@server1 salt-minion]# cat install.sls
salt-minion:
pkg.installed
/etc/salt/minion:
file.managed:
- source: salt://init/salt-minion/files/minion.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
salt-minion-service:
service.running:
- name: salt-minion
- enable: true
- reload: true
- watch:
- pkg: salt-minion
如果受控主机没有salt源的话可执行
[root@server1 yum]# salt-ssh -r '*' 'sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub'
node1:
----------
retcode:
0
stderr:
stdout:
root@192.168.244.133's password:
node2:
----------
retcode:
0
stderr:
stdout:
root@192.168.244.135's password:
[root@server1 yum]# salt-ssh -r '*' 'curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo'
node1:
----------
retcode:
0
stderr:
stdout:
root@192.168.244.133's password:
[salt-latest-repo]
name=Salt repo for RHEL/CentOS 8 PY3
baseurl=https://repo.saltproject.io/py3/redhat/8/x86_64/latest
skip_if_unavailable=True
failovermethod=priority
enabled=1
enabled_metadata=1
gpgcheck=1
gpgkey=https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
node2:
----------
retcode:
0
stderr:
stdout:
root@192.168.244.135's password:
[salt-latest-repo]
name=Salt repo for RHEL/CentOS 8 PY3
baseurl=https://repo.saltproject.io/py3/redhat/8/x86_64/latest
skip_if_unavailable=True
failovermethod=priority
enabled=1
enabled_metadata=1
gpgcheck=1
gpgkey=https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
当然也可以写yum文件
salt源下载好了执行下面的命令安装salt-minnion
[root@server1 salt-minion]# salt-ssh '*' state.sls init.salt-minion.install
在node1和node2上查看
node1
[root@node1 ~]# which salt-minion
/usr/bin/salt-minion
[root@node1 ~]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-11-29 21:13:21 CST; 20s ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltproject.io/en/latest/contents.html
Main PID: 100276 (salt-minion)
Tasks: 15 (limit: 11301)
Memory: 78.4M
CGroup: /system.slice/salt-minion.service
├─100276 /usr/bin/python3.6 /usr/bin/salt-minion
├─100315 /usr/bin/python3.6 /usr/bin/salt-minion
└─100317 /usr/bin/python3.6 /usr/bin/salt-minion
Nov 29 21:13:20 node1 systemd[1]: Starting The Salt Minion...
Nov 29 21:13:21 node1 systemd[1]: Started The Salt Minion.
node2
[root@node2 ~]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-11-29 21:14:22 CST; 20s ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltproject.io/en/latest/contents.html
Main PID: 92779 (salt-minion)
Tasks: 5 (limit: 11301)
Memory: 82.4M
CGroup: /system.slice/salt-minion.service
├─92779 /usr/bin/python3.6 /usr/bin/salt-minion
├─92810 /usr/bin/python3.6 /usr/bin/salt-minion
├─92816 /usr/bin/python3.6 /usr/bin/salt-minion
└─93536 /usr/sbin/lvm lvs -o lv_name --noheadings rhel
Nov 29 21:14:22 node2 systemd[1]: Starting The Salt Minion...
Nov 29 21:14:22 node2 systemd[1]: Started The Salt Minion.
salt-minion服务都已开启
可以看到key已经发过来了
[root@server1 salt-minion]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
node1
node2
Rejected Keys:
[root@server1 salt-minion]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
node1
node2
Proceed? [n/Y] y
Key for minion node1 accepted.
Key for minion node2 accepted.
[root@server1 salt-minion]# salt-key -L
Accepted Keys:
node1
node2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
测试ping通
[root@server1 salt-minion]# salt '*' test.ping
node2:
True
node1:
True
514
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
