这里先记录下下今天对salt-ssh关于密码以密钥的测试情况(后期完善)
1
2
3
4
5
6
7
|
操作系统版本:
[root@master ~]
# cat /etc/redhat-release
CentOS release 6.7 (Final)
主机信息:
master: 10.10.10.140(安装salt-
ssh
)
node01: 10.10.10.141
node01:10.10.10.142
|
基于密码验证的测试过程:
a、安装epel源以及salt-ssh
1
2
|
[root@master ~]
# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@master ~]
# yum -y install salt-ssh
|
b、配置salt-ssh配置文件
1
2
3
4
5
6
7
8
9
|
[root@master ~]
# vim /etc/salt/roster
node01:
host: 10.10.10.141
user: root
passwd
: redhat12345
node02:
host: 10.10.10.142
user: root
passwd
: redhat12345
|
c、使用salt-ssh进行测试
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@master salt]
# salt-ssh '*' test.ping
[WARNING ] Failed to
open
log
file
,
do
you have permission to write to
/var/log/salt/master
?
node01:
True
node02:
True
[root@master salt]
# salt-ssh '*' cmd.run 'uptime'
[WARNING ] Failed to
open
log
file
,
do
you have permission to write to
/var/log/salt/master
?
node01:
05:33:37 up 23 min, 1 user, load average: 0.17, 0.05, 0.02
node02:
21:33:42 up 23 min, 1 user, load average: 0.16, 0.06, 0.02
说明:这里由于我没有安装salt-master,出现没有日志文件权限的警告信息,可以忽略
|
基于密钥验证的测试过程:
a、配置免密钥登录:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@master ~]
# ssh-keygen -t rsa
Generating public
/private
rsa key pair.
Enter
file
in
which
to save the key (
/root/
.
ssh
/id_rsa
):
Enter passphrase (empty
for
no passphrase):
Enter same passphrase again:
Your identification has been saved
in
/root/
.
ssh
/id_rsa
.
Your public key has been saved
in
/root/
.
ssh
/id_rsa
.pub.
The key fingerprint is:
19:65:
dc
:fa:72:33:35:d6:81:18:e0:91:d3:ce:ce:0f root@master.saltstack.com
The key's randomart image is:
+--[ RSA 2048]----+
| +*oo . |
| .=oo.. . |
| ..+. ..|
| o.o + .|
| S o. o . |
| .E= |
| ooo |
| . |
| |
+-----------------+
[root@master ~]
# scp ~/.ssh/id_rsa.pub root@10.10.10.141:/root/
root@10.10.10.141's password:
id_rsa.pub 100% 407 0.4KB
/s
00:00
[root@master ~]
# scp ~/.ssh/id_rsa.pub root@10.10.10.142:/root/
root@10.10.10.142's password:
id_rsa.pub 100% 407 0.4KB
/s
00:00
[root@node01 ~]
# cat id_rsa.pub >>~/.ssh/authorized_keys
[root@node01 ~]
# service sshd restart
停止 sshd: [确定]
正在启动 sshd: [确定]
[root@node02 ~]
# cat id_rsa.pub >>~/.ssh/authorized_keys
[root@node02 ~]
# service sshd restart
停止 sshd: [确定]
正在启动 sshd: [确定]
|
b、调整salt-ssh的配置文件
1
2
3
4
5
6
7
|
为了测试密钥登录,而不是在配置文件中写好密码登录,重新调整下
/etc/salt/roster
文件,将密码的部分注销掉
[root@master ~]
# vim /etc/salt/roster
# Sample salt-ssh config file
node01:
host: 10.10.10.141
node02:
host: 10.10.10.142
|
c、基于密钥的配置:
1
2
3
4
5
6
7
8
|
[root@master ~]
# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.141
Now try logging into the machine, with
"ssh 'root@10.10.10.141'"
, and check
in
:
.
ssh
/authorized_keys
to
make
sure we haven
't added extra keys that you weren'
t expecting.
[root@master ~]
# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.142
Now try logging into the machine, with
"ssh 'root@10.10.10.142'"
, and check
in
:
.
ssh
/authorized_keys
to
make
sure we haven
't added extra keys that you weren'
t expecting.
|
d、测试实验效果:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@master ~]
# salt-ssh '*' cmd.run 'df -h'
[WARNING ] Failed to
open
log
file
,
do
you have permission to write to
/var/log/salt/master
?
node02:
Filesystem Size Used Avail Use% Mounted on
/dev/sda5
14G 8.3G 4.6G 65% /
tmpfs 932M 0 932M 0%
/dev/shm
/dev/sda1
190M 42M 139M 23%
/boot
/dev/sda3
2.0G 18M 1.8G 1%
/tmp
node01:
Filesystem Size Used Avail Use% Mounted on
/dev/sda5
14G 8.3G 4.6G 65% /
tmpfs 932M 72K 932M 1%
/dev/shm
/dev/sda1
190M 42M 139M 23%
/boot
/dev/sda3
2.0G 18M 1.8G 1%
/tmp
|
到此,salt-ssh的测试初步完成,参考资料:https://docs.saltstack.cn/topics/ssh/index.html
本文转自 冰冻vs西瓜 51CTO博客,原文链接:http://blog.51cto.com/molewan/1897832,如需转载请自行联系原作者