Saltstack简介详见:http://strongit.blog.51cto.com/10020534/1727621
Saltstack分组操作参考:http://strongit.blog.51cto.com/10020534/1736302
1、新建用户
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "adduser zhongchong"
2、建立.ssh目录
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "mkdir /home/zhangchong/.ssh/"
3、权限设置
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chmod 700 /home/zhangchong/.ssh/" sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown -R zhangchong:zhangchong /home/zhangchong/"
4、下发公钥keys
sudo salt -C "L@tz-relay1,tz-relay2" cp.get_file salt://keys/zhangchong_rsa.pub /home/zhangchong/.ssh/authorized_keys
5、公钥keys权限设置
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown zhangchong:zhangchong /home/zhangchong/.ssh/authorized_keys"sudo salt -C "L@tz-relay1,tz-relay2" cmd.run “chmod 400 /home/zhangchong/.ssh/authorized_keys”
6、加入到sudoer用户组
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo "zhangchong ALL=(ALL:ALL) ALL " >>/etc/sudoers'sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo "zhangchong ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers'
附:有几个坑
1、公钥keys的格式
xshell程序生成的pub_keys格式如下:---- BEGIN SSH2 PUBLIC KEY ----Subject: zhchong Comment: "zhchong1"ModBitSize: 1024AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R 9RnevgGrFw== ---- END SSH2 PUBLIC KEY ----需加入ssh才能生效---- BEGIN SSH2 PUBLIC KEY ----Subject: zhchong Comment: "zhchong1"ModBitSize: 1024ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R 9RnevgGrFw== zhchong---- END SSH2 PUBLIC KEY ----
2、authorized_keys的权限设置
将 authorized_keys 的权限设置为对拥有者只读,其他用户没有任何权限
转载于:https://blog.51cto.com/strongit/1727621
334
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
