更多saltstack的文章总结在:
http://rfyiamcool.blog.51cto.com/1030776/1357677
我的个人独立博客地址是,blog.xiaorui.cc
十一回来,很是懒散呀~
今天在群里看到 itnihao兄在聊 salt-ssh ,这是个好东西,就群里一直就跟进着。。。翻了下聊天记录,就把salt-ssh实现了下。
原本前些日子就想写一个salt ssh的文章,正好是快十一了,自己也没心思写了。。。
今天就把过程写一下,后期丰富下。。。。【嘿,又是这一套。。。。】
听兆松的意思,saltstack的epel源有问题,但是github里面的代码是无问题的。
salt-ssh 可以独立运行的,不用minion的~ 要是需要用salt-ssh的特殊参数,比如grains获取数据的话,还是需要安装minion的,不然他是不好判断你是redhat,debian的 ~ 说句废话 要是能安装minion,谁还用salt-ssh呀。。。。
提示这样出名的工具还是不少的,我这边简单分析下优缺点!
pdsh、pssh 这东西是要建立在你做好了key关联之后,他的优点才能看出来
1
2
3
4
5
6
|
vi server1.txt
192.168
.
1.11
192.168
.
1.12
192.168
.
1.13
192.168
.
1.14
pssh -h server1.txt -l root -P dir
|
expect 最大的有点就是交互,但是要成高性能的话,需要自己写多线程的。
1
2
3
4
5
6
7
8
9
10
|
#!/usr/bin/expect -f
set
toip [lindex $argv
0
]
set
ip
10.2
.
20.14
set
password
123123
set
timeout
10
spawn ssh root@$ip
expect {
"*yes/no"
{ send
"yes\r"
; exp_continue}
"*password:"
{ send
"$password\r"
}
}
|
fabric、paramiko python之利器,用过一段时间,该有的都有的,很是强大
1
2
3
|
from fabric
import
env
env.hosts = [
'user1@host1:port1'
,
'user2@host2.port2'
]
env.passwords = {
'user1@host1:port1'
:
'password1'
,
'user2@host2.port2'
:
'password2'
}
|
但是我还是很看好 salt-ssh ,关于理由,你猜 ~
以后配置salt-api 会更好用的~
salt-ssh 可以代替expect之类的密码推送脚本,看起来功能不比expect差 。 salt-ssh 用的是sshpass进行密码交互的。
源地址:http://rfyiamcool.blog.51cto.com/1030776/1305710
我们先开始安装 salt-ssh ~
1
2
3
|
git clone https:
//github.com/saltstack/salt.git
cd salt
./setup.py install
|
salt-ssh
我们可以把要执行的信息,也就是ip,帐号,密码等 都放到一个文件里面。当然
文件路径是可以随便定义的,官方是指定到了 /etc/salt/roster
我们刚才执行的结果:
我们测试下他的性能 ~ 结果让人很爽 ~
详细的参数:
指定信息文件
配置一个默认的密码,然后帮你推送下 ~~~ 这个功能有点怪,规范点的公司,大家的密码都是随机生成的,但是适合自己的实验环境和小公司。。。。
重大发现: 我在这里补充下~
salt-ssh 第一次执行是根据roster的账号密码推送密码,来实现自动交互的。
执行完了后 会在目标的服务器里面,追加master端的key
然后你就可以删除roster里面的passwd 密码条目了。
我给大家测试下,我把passwd删除了,还是可以运行,这里就不是用sshpass推送密码了,而是直接通过key了 !!!
参数不少,大家自己看吧 ~
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
salt-ssh
Synopsis
salt-ssh
'*'
[ options ] sys.doc
salt-ssh -E
'.*'
[ options ] sys.doc cmd
Description
Salt ssh allows
for
salt routines to be executed using only ssh
for
transport
Options
-r, --raw, --raw-shell
Execute a raw shell command.
要执行的命令,支持管道和常用的特殊符号
--roster-file
Define which roster system to
use
,
this
defines
if
a database backend, scanner, or custom roster system
is
used. Default
is
the flat file roster.
指定一个信息文件
--refresh, --refresh-cache
Force a refresh of the master side data cache of the target
's data. This is needed if a target'
s grains have been changed and the auto refresh timeframe has not been reached.
--max-procs
Set the number of concurrent minions to communicate
with
. This value defines how many processes are opened up at a time to manage connections, the more running process the faster communication should be,
default
is
25
.
--passwd
Set te
default
password to attempt to
use
when authenticating.
--key-deploy
Set
this
flag to attempt to deploy the authorized ssh key
with
all minions. This combined
with
--passwd can make initial deployment of keys very fast and easy.
--version
Print the version of Salt that
is
running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for
Salt master and minions. The
default
location on most systems
is
/etc/salt.
Target Selection
-E, --pcre
The target expression will be interpreted
as
a PCRE regular expression rather than a shell glob.
-L, --list
The target expression will be interpreted
as
a comma-delimited list; example: server1.foo.bar,server2.foo.bar,example7.quo.qux
-G, --grain
The target expression matches values returned by the Salt grains system on the minions. The target expression
is
in
the format of
'<grain value>:<glob expression>'
; example:
'os:Arch*'
This was changed
in
version
0.9
.
8
to accept glob expressions instead of regular expression. To
use
regular expression matching
with
grains,
use
the --grain-pcre option.
--grain-pcre
The target expression matches values returned by the Salt grains system on the minions. The target expression
is
in
the format of
'<grain value>:< regular expression>'
; example:
'os:Arch.*'
-N, --nodegroup
Use a predefined compound target defined
in
the Salt master configuration file.
-R, --range
Instead of using shell globs to evaluate the target,
use
a range expression to identify targets. Range expressions look like %cluster.
Using the Range option requires that a range server
is
set
up and the location of the range server
is
referenced
in
the master configuration file.
Logging Options
Logging options which
override
any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage,
trace
, debug, info, warning, error, quiet. Default: warning.
--log-file=LOG_FILE
Log file path. Default: /
var
/log/salt/ssh.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage,
trace
, debug, info, warning, error, quiet. Default: warning.
Output Options
--out
Pass
in
an alternative outputter to display the
return
of data. This outputter can be any of the available outputters:
grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only
for
data returned from specific functions;
for
instance, the grains outputter will not work
for
non-grains data.
If an outputter
is
used that does not support the data passed into it, then Salt will fall back on the pprint outputter and display the
return
data using the Python pprint standard library module.
Note
If using --out=json, you will probably want --
static
as
well. Without the
static
option, you will
get
a JSON string
for
each
minion. This
is
due to using an iterative outputter. So
if
you want to feed it to a JSON parser,
use
--
static
as
well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
Print the output indented by the provided value
in
spaces. Negative values disable indentation. Only applicable
in
outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--no-color
Disable all colored output
--force-color
Force colored output
|
要是有好用的功能,我会再补上的~
添加 参数的方法
源地址:http://rfyiamcool.blog.51cto.com/1030776/1305710
我们来总结下哈:
好东西,saltstack是个神器,但是有些服务器你死活装不上saltstack客户端,或者是有些业务线已经有puppet chef之类的,不太适合再装saltsatck minion ,再或者是 我们可以时髦的用saltstack salt-ssh 直接代替简单的expect写的脚本。。。。