salt-ssh介绍及使用方法
在ssh上执行salt命令和状态而不安装salt-minion,类似于ansible。
1. salt-ssh的安装:
[root@linux-node1 ~]# yum install salt-ssh -y [root@linux-node1 ~]# rpm -qa salt-ssh salt-ssh-2018.3.2-1.el7.noarch
2. Roster的使用:
Roster 系统为可插拔设计,可以非常方便地加入到已有的系统中,用于 Salt SSH 获取需要连接的服务器信息。默认情况下 Roster 文件本地路径为:/etc/salt/roster。
Roster 系统编译了一个内部数据结构,称为 Targets。Targets 是一个目标系统和关于如何连接到系统属性的列表。对于一个在 Salt 中的 Roster 模块来说,唯一要求是返回 Targets 数据结构:
<SaltID>: # 目标 ID host: # 远程主机的 IP 地址或者主机名 user: # 可以登录的用户 passwd: # 可以登录用户的密码
# 可选参数 port: # SSH 端口 sudo: # 是否运行 sudo,设置 True 或者 False priv: # SSH 私钥的路径,默认是 salt-ssh.rsa timeout: # 连接 SSH 时的超时时间 thin_dir: # 目标系统 Salt 的存储路径,默认是 /tmp/salt-<hash>
3. 修改roster配置文件,添加测试主机:
[root@linux-node1 ~]# vim /etc/salt/roster linux-node2: host: 192.168.25.92 user: root passwd: 123456 port: 22 linux-node3: host: 192.168.25.93 user: root passwd: 123456 port: 22
4. 使用salt-ssh远程执行命令:
[root@linux-node1 ~]# salt-ssh '*' test.ping linux-node2: True linux-node3: True [root@linux-node1 ~]# salt-ssh '*' -r 'free -m' linux-node3: ---------- retcode: 0 stderr: stdout: root@192.168.25.93's password: total used free shared buff/cache available Mem: 1985 95 1657 20 232 1721 Swap: 2047 0 2047 linux-node2: ---------- retcode: 0 stderr: stdout: total used free shared buff/cache available Mem: 1985 100 1516 8 369 1716 Swap: 2047 0 2047
如果上面没有在roster中配置passwd,则第一次运行 Salt SSH 会提示进行 salt-ssh key 的部署,需要在 Rosters 中配置用户的密码,即可进行 Key 的部署,初始化代码如下:
[root@linux-node1 ~]# salt-ssh 'linux-node2' -r 'free -m' Permission denied for host linux-node2, do you want to deploy the salt-ssh key? (password required): [Y/n] Y Password for root@linux-node2: linux-node2: ---------- retcode: 0 stderr: stdout: total used free shared buff/cache available Mem: 1985 100 1515 8 369 1716 Swap: 2047 0 2047
5. 执行状态命令,初始化系统,安装salt-minion:
[root@linux-node1 ~]# cat /srv/salt/base/init/minion.sls salt-minion-install: pkg.installed: - name: salt-minion salt-minion-conf: file.managed: - name: /etc/salt/minion - source: salt://init/files/minion - user: root - group: root - mode: 644 - template: jinja - default: ID: {{ grains['ipv4'] [1] }} - require: - pkg: salt-minion-install salt-minion-service: service.running: - name: salt-minion - enable: True - watch: - file: /etc/salt/minion [root@linux-node1 ~]# salt-ssh 'linux-node2' state.sls init.minion linux-node2: ---------- ID: salt-minion-install Function: pkg.installed Name: salt-minion Result: True Comment: The following packages were installed/updated: salt-minion Started: 22:04:21.462901 Duration: 10700.117 ms Changes: ---------- salt-minion: ---------- new: 2018.3.2-1.el7 old: ---------- ID: salt-minion-conf Function: file.managed Name: /etc/salt/minion Result: True Comment: File /etc/salt/minion updated Started: 22:04:32.193498 Duration: 140.611 ms Changes: ---------- diff: --- +++ @@ -100,7 +100,7 @@ # Since salt uses detached ids it is possible to run multiple minions on the # same machine but with different ids, this can be useful for salt compute # clusters. -id: 192.168.25.92 +id: 192.168.25.91 # Cache the minion id to a file when the minion's id is not statically defined # in the minion config. Defaults to "True". This setting prevents potential mode: 0644 ---------- ID: salt-minion-service Function: service.running Name: salt-minion Result: True Comment: Service salt-minion has been enabled, and is running Started: 22:04:33.108610 Duration: 451.682 ms Changes: ---------- salt-minion: True Summary for linux-node2 ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3 Total run time: 11.292 s
总结:
salt-minion方法是salt-mater先执行语法验证,验证通过后发送到minion
minion收到Msater的状态文件默认保存在/var/cache/salt/minion
注意:也有时候salt-master语法验证通过,在minion上可能因为环境问题会执行失败