目錄

• • 1. salt-ssh介紹
  • • 1.1 salt-ssh的特點(diǎn)
    • 1.2 salt-ssh遠(yuǎn)程管理的方式
  • 2. salt-ssh管理
  • • 2.1 通過使用用戶名密碼的SSH實(shí)現(xiàn)遠(yuǎn)程管理
    • 2.2 通過密鑰
    • 2.2 通過salt-ssh初始化系統(tǒng)安裝salt-minion

1. salt-ssh介紹

salt-ssh可以讓我們不需要在受控機(jī)上安裝salt-minion客戶端也能夠?qū)崿F(xiàn)管理操作。

1.1 salt-ssh的特點(diǎn)

• 遠(yuǎn)程系統(tǒng)需要Python支持，除非使用-r選項(xiàng)發(fā)送原始ssh命令
• salt-ssh是一個軟件包，需安裝之后才能使用，命令本身也是salt-ssh
• salt-ssh不會取代標(biāo)準(zhǔn)的Salt通信系統(tǒng)，它只是提供了一個基于SSH的替代方案，不需要ZeroMQ和agent

請注意，由于所有與Salt SSH的通信都是通過SSH執(zhí)行的，因此它比使用ZeroMQ的標(biāo)準(zhǔn)Salt慢得多

1.2 salt-ssh遠(yuǎn)程管理的方式

salt-ssh有兩種方式實(shí)現(xiàn)遠(yuǎn)程管理，一種是在配置文件中記錄所有客戶端的信息，諸如 IP 地址、端口號、用戶名、密碼以及是否支持sudo等；另一種是使用密鑰實(shí)現(xiàn)遠(yuǎn)程管理，不需要輸入密碼。

2. salt-ssh管理

在 master 上安裝 salt-ssh

[root@master ~]# yum -y install salt-ssh

2.1 通過使用用戶名密碼的SSH實(shí)現(xiàn)遠(yuǎn)程管理

修改配置文件，添加受控機(jī)信息

[root@master ~]# vim /etc/salt/roster [root@master ~]# cat /etc/salt/roster # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2node1:host: 192.168.235.172user: rootpasswd: 1 [root@master ~]# salt-ssh 'node1' test.ping node1:True[root@master ~]# salt-ssh -r 'node1' "yum -y install python3"``` [root@master ~]# cat test.sh #!/bin/bash while read line;docat >> abc << EOF node$(echo $line | awk '{print $1}'):host: $(echo $line | awk '{print $2}')user: rootpasswd: 1 EOF done < host.info[root@master ~]# cat host.info 1 192.168.235.172 2 192.168.235.173 3 192.168.235.175[root@master ~]# chmod +x test.sh [root@master ~]# ./test.sh [root@master ~]# cat abc node1:host: 192.168.235.172user: rootpasswd: 1 node2:host: 192.168.235.173user: rootpasswd: 1 node3:host: 192.168.235.175user: rootpasswd: 1 //此文件刪除將會不通 [root@master ~]# cd .ssh/ [root@master .ssh]# ls known_hosts [root@master .ssh]# rm -rf known_hosts [root@master ~]# salt-ssh '*' test.ping vm1:----------retcode:254stderr:stdout:The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:The authenticity of host '192.168.235.172 (192.168.235.172)' can't be established.ECDSA key fingerprint is SHA256:Nz8CAwwL3HRh/Lvqejqa+eiV3A09xGYYfG2A/W8wRPs.ECDSA key fingerprint is MD5:8c:b3:22:14:7a:8a:bc:34:f9:9d:3c:3a:07:8a:96:20.Are you sure you want to continue connecting (yes/no)?

從上面的信息可以看出，第一次訪問時需要輸入 yes/no ，但是 saltstack 是不支持交互式操作的，所以為了解決這個問題，我們需要對其進(jìn)行設(shè)置，讓系統(tǒng)不進(jìn)行主機(jī)驗(yàn)證。

[root@master ~]# vim ~/.ssh/config [root@master ~]# cat ~/.ssh/config trictHostKeyChecking no [root@master salt]# salt-ssh 'node1' test.ping node1:True

2.2 通過密鑰

[root@master ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:3hAolp1oeZtCoySP1QLqeTA9DtEAzLANFR8JvZbdOaQ root@master The key's randomart image is: +---[RSA 3072]----+ |X+*+.. | |.Bo+o* o. | |++=o%+=+.. | |.***=+Eo+. | |.oo+. o S. | | . . . o | | . . | | | | | +----[SHA256]-----+[root@master .ssh]# ls config id_rsa id_rsa.pub known_hosts[root@master .ssh]# ssh-copy-id root@192.168.235.172 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.235.172 (192.168.235.172)' can't be established. ECDSA key fingerprint is SHA256:neSVD6BycCgJCBinl8cOsZDqS8uBg3V1J7xImc1D+Tg. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.235.172's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.235.172'" and check to make sure that only the key(s) you wanted were added.//測試遠(yuǎn)程 [root@master .ssh]# ssh root@192.168.235.172 'date' 2021年 11月 28日 星期日 19:25:37 CST//刪除賬戶密碼 [root@master ~]# vim /etc/salt/roster [root@master ~]# cat /etc/salt/roster # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2node1:host: 192.168.235.172[root@master ~]# salt-ssh 'node1' test.ping Permission denied for host node1, do you want to deploy the salt-ssh key? (password required): [Y/n] ^Z [2]+ 已停止 salt-ssh 'node1' test.ping[root@master .ssh]# cat known_hosts 192.168.235.172 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG/1aKSxVYylsWSVsOFnaOsqr8LSO2SheTtfwtZJg2q9I8j/zL2UGQnplNHAAHjh54UfnIv3dzNP8mPTYWVvLak=[root@master .ssh]# salt-ssh '*' test.ping Permission denied for host node1, do you want to deploy the salt-ssh key? (password required): [Y/n] Y Password for root@node1: node1:True

2.2 通過salt-ssh初始化系統(tǒng)安裝salt-minion

安裝 salt-ssh

[root@master ~]# yum -y install salt-ssh[root@master ~]# salt-ssh '*' test.ping node1:True

執(zhí)行狀態(tài)命令，初始化系統(tǒng)，安裝salt-minion

[root@master yum]# pwd /srv/salt/base/init/yum [root@master yum]# cat main.sls {% if grains['os'] == 'RedHat' %} /etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:file.managed:- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo- user: root- group: root- mode: '0644' {% endif %}/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:file.managed:- source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo- user: root- group: root- mode: '0644' /etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:file.managed:- source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo- user: root- group: root- mode: '0644' [root@master yum]# cd files/ [root@master files]# ls centos-7.repo centos-8.repo epel-7.repo epel-8.repo salt-7.repo salt-8.repo//修改epel8的key [root@master files]# vim epel-8.repo ...... enabled=1 gpgcheck=1 countme=1 gpgkey=https://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-8 #添加此行 #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 #添加注釋 ·········································································· //執(zhí)行安裝minion [root@master salt-minion]# pwd /srv/salt/base/init/salt-minion [root@master salt-minion]# cat main.sls include:- init.yum.main salt-minion:pkg.installed /etc/salt/minion:file.managed:- source: salt://init/salt-minion/files/minion.j2- user: root- group: root- mode: '0644'- template: jinja- require:- pkg: salt-minion salt-minion.service:service.running:- enable: true- reload: true- watch:- file: /etc/salt/minion[root@master files]# pwd /srv/salt/base/init/salt-minion/files [root@master files]# vim minion.j2 ....... #master: salt master: {{ pillar['master_ip'] }} #定義成變量 ......//在pillar定義變量 [root@master base]# pwd /srv/pillar/base [root@master base]# cat salt-minion.sls master_ip:192.168.235.160 [root@master base]# cat top.sls base:'*':- salt-minion//執(zhí)行 [root@master files]# salt-ssh '*' state.sls init.salt-minion.main //安裝完后可把ssh密鑰刪除，使用salt命令執(zhí)行 [root@localhost .ssh]# ls authorized_keys [root@localhost .ssh]# rm -rf authorized_keys [root@localhost .ssh]# pwd /root/.ssh //安裝minion后，主機(jī)名為localhost，shiyong-L查看時顯示的會是IP [root@master files]# salt-key -L Accepted Keys: node1 node2 Denied Keys: Unaccepted Keys: 192.168.235.172 Rejected Keys:

總結(jié)

以上是生活随笔為你收集整理的slat-ssh部署salt-minion的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。