1. 主机规划
服务器名称 | 操作系统版本 | 内网IP | 外网IP(模拟) | Hostname | 部署模块 |
---|---|---|---|---|---|
salt100 | CentOS7.5 | 172.16.1.100 | 10.0.0.100 | salt100 | salt-ssh |
salt01 | CentOS7.5 | 172.16.1.11 | 10.0.0.11 | salt01 | |
salt02 | CentOS7.5 | 172.16.1.12 | 10.0.0.12 | salt02 | |
salt03 | CentOS7.5 | 172.16.1.13 | 10.0.0.13 | salt03 |
salt 版本
[root@salt100 ~]# salt --version
salt 2018.3.3 (Oxygen)
[root@salt100 ~]# salt-minion --version
salt-minion 2018.3.3 (Oxygen)
salt ssh文档
https://docs.saltstack.com/en/latest/topics/ssh/index.html
2. salt-ssh实现步骤
2.1. 部署salt-ssh
在salt100上部署salt-ssh
yum install -y salt-ssh
查看版本信息
[root@salt100 ~]# salt-ssh --version
salt-ssh 2018.3.3 (Oxygen)
2.2. salt-ssh配置
[root@salt100 ~]# cat /etc/salt/roster
# Sample salt-ssh config file
#web1:
# host: 192.168.42.1 # The IP addr or DNS hostname
# user: fred # Remote executions will be executed as user fred
# passwd: foobarbaz # The password to use for login, if omitted, keys are used
# sudo: True # Whether to sudo to root, not enabled by default
#web2:
# host: 192.168.42.2
# 添加信息如下:
# 由于所有机器做了禁止root远程登录,所以这里只能使用普通用户登录,通过提权到root
# 普通用户远程
salt100:
host: 172.16.1.100 # The IP addr or DNS hostname
user: yun # Remote executions will be executed as user fred
# passwd: foobarbaz # The password to use for login, if omitted, keys are used
sudo: True # Whether to sudo to root, not enabled by default
port: 22 # default port is 22
salt01:
host: 172.16.1.11
user: yun
sudo: True
salt02:
host: 172.16.1.12
user: yun
sudo: True
salt03:
host: 172.16.1.13
user: yun
sudo: True
3. salt-ssh操作测试
3.1. 首次通信并实现秘钥登录
[root@salt100 ~]# salt-ssh '*' test.ping -i # 有参数 -i ,之后就可以不需要该参数了
Permission denied for host salt100, do you want to deploy the salt-ssh key? (password required):
[Y/n] y
Password for yun@salt100:
salt100:
True
Permission denied for host salt02, do you want to deploy the salt-ssh key? (password required):
[Y/n] y
Password for yun@salt02:
salt02:
True
Permission denied for host salt01, do you want to deploy the salt-ssh key? (password required):
[Y/n] y
Password for yun@salt01:
salt01:
True
Permission denied for host salt03, do you want to deploy the salt-ssh key? (password required):
[Y/n] y
Password for yun@salt03:
salt03:
True
注意:
第一次连接时会输入密码,并实现秘钥登录,这样以后就使用秘钥进行交互了。
会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录,参见《Saltstack_使用指南01_部署》说明」。
3.2. salt-ssh目标指定
目前支持三种方式指定目标:通配符、正则表达式、列表
# 通配符
salt-ssh '*' test.ping
salt-ssh 'salt1*' test.ping
# 正则表达式
salt-ssh -E 'salt1.*' test.ping
salt-ssh -E 'salt(100|03)' test.ping
# 列表
salt-ssh -L 'salt100,salt02' test.ping
3.3. salt-ssh使用raw shell测试
查看环境变量
[root@salt100 ~]# salt-ssh 'salt01' -r 'echo "${PATH}"'
salt01:
----------
retcode:
0
stderr:
stdout:
/usr/local/bin:/usr/bin
说明:
有时会因为环境变量的原因找不到命令,这时需要你使用命令的全路径即可。
salt-ssh '*' -r 'df -h'
salt-ssh '*' -r '/usr/sbin/ifconfig' # 使用了全路径
salt-ssh '*' -r '/usr/sbin/ip address'
salt-ssh '*' -r 'whoami'
3.4. salt-ssh通过raw shell进行安装包操作
salt-ssh '*' -r 'sudo yum install -y nmap'
3.5. salt-ssh使用grains和pillar
[root@salt100 web]# salt-ssh 'salt01' grains.item os
salt01:
----------
os:
redhat01
[root@salt100 web]#
[root@salt100 web]# salt-ssh 'salt01' pillar.items
salt01:
----------
level1:
----------
level2:
None
service_appoint:
www
3.6. salt-ssh使用状态模块
可参见:《Saltstack_使用指南03_配置管理》
[root@salt100 web]# salt-ssh 'salt01' state.highstate test=true # 使用 state.highstate 还是存在有些问题,所以不要用该函数
salt01:
Summary for salt01
-----------
Succeeded: 0
Failed: 0
-----------
Total states run: 0
Total run time: 0.000 ms
[root@salt100 web]#
[root@salt100 web]#
[root@salt100 web]# salt-ssh 'salt01' state.sls web.apache test=true # 正常使用
salt01:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 10:26:46.078678
Duration: 896.211 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 10:26:46.975113
Duration: 16.735 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start
Started: 10:26:46.992651
Duration: 306.683 ms
Changes:
Summary for salt01
------------
Succeeded: 3 (unchanged=1)
Failed: 0
------------
Total states run: 3
Total run time: 1.220 s
[root@salt100 web]#
[root@salt100 web]#
[root@salt100 web]# salt-ssh 'salt01' state.sls web.apache # 正常使用
salt01:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 10:26:58.298577
Duration: 907.003 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 10:26:59.205783
Duration: 16.56 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 10:26:59.223138
Duration: 980.719 ms
Changes:
----------
httpd:
True
Summary for salt01
------------
Succeeded: 3 (changed=1)
Failed: 0
------------
Total states run: 3
Total run time: 1.904 s