slat-ssh部署salt-minion
生活随笔
收集整理的這篇文章主要介紹了
slat-ssh部署salt-minion
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
目錄
- 1. salt-ssh介紹
- 1.1 salt-ssh的特點(diǎn)
- 1.2 salt-ssh遠(yuǎn)程管理的方式
- 2. salt-ssh管理
- 2.1 通過(guò)使用用戶名密碼的SSH實(shí)現(xiàn)遠(yuǎn)程管理
- 2.2 通過(guò)密鑰
- 2.2 通過(guò)salt-ssh初始化系統(tǒng)安裝salt-minion
1. salt-ssh介紹
salt-ssh可以讓我們不需要在受控機(jī)上安裝salt-minion客戶端也能夠?qū)崿F(xiàn)管理操作。
1.1 salt-ssh的特點(diǎn)
- 遠(yuǎn)程系統(tǒng)需要Python支持,除非使用-r選項(xiàng)發(fā)送原始ssh命令
- salt-ssh是一個(gè)軟件包,需安裝之后才能使用,命令本身也是salt-ssh
- salt-ssh不會(huì)取代標(biāo)準(zhǔn)的Salt通信系統(tǒng),它只是提供了一個(gè)基于SSH的替代方案,不需要ZeroMQ和agent
請(qǐng)注意,由于所有與Salt SSH的通信都是通過(guò)SSH執(zhí)行的,因此它比使用ZeroMQ的標(biāo)準(zhǔn)Salt慢得多
1.2 salt-ssh遠(yuǎn)程管理的方式
salt-ssh有兩種方式實(shí)現(xiàn)遠(yuǎn)程管理,一種是在配置文件中記錄所有客戶端的信息,諸如 IP 地址、端口號(hào)、用戶名、密碼以及是否支持sudo等;另一種是使用密鑰實(shí)現(xiàn)遠(yuǎn)程管理,不需要輸入密碼。
2. salt-ssh管理
在 master 上安裝 salt-ssh
[root@master ~]# yum -y install salt-ssh2.1 通過(guò)使用用戶名密碼的SSH實(shí)現(xiàn)遠(yuǎn)程管理
修改配置文件,添加受控機(jī)信息
[root@master ~]# vim /etc/salt/roster [root@master ~]# cat /etc/salt/roster # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2node1:host: 192.168.235.172user: rootpasswd: 1 [root@master ~]# salt-ssh 'node1' test.ping node1:True[root@master ~]# salt-ssh -r 'node1' "yum -y install python3"``` [root@master ~]# cat test.sh #!/bin/bash while read line;docat >> abc << EOF node$(echo $line | awk '{print $1}'):host: $(echo $line | awk '{print $2}')user: rootpasswd: 1 EOF done < host.info[root@master ~]# cat host.info 1 192.168.235.172 2 192.168.235.173 3 192.168.235.175[root@master ~]# chmod +x test.sh [root@master ~]# ./test.sh [root@master ~]# cat abc node1:host: 192.168.235.172user: rootpasswd: 1 node2:host: 192.168.235.173user: rootpasswd: 1 node3:host: 192.168.235.175user: rootpasswd: 1 //此文件刪除將會(huì)不通 [root@master ~]# cd .ssh/ [root@master .ssh]# ls known_hosts [root@master .ssh]# rm -rf known_hosts [root@master ~]# salt-ssh '*' test.ping vm1:----------retcode:254stderr:stdout:The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:The authenticity of host '192.168.235.172 (192.168.235.172)' can't be established.ECDSA key fingerprint is SHA256:Nz8CAwwL3HRh/Lvqejqa+eiV3A09xGYYfG2A/W8wRPs.ECDSA key fingerprint is MD5:8c:b3:22:14:7a:8a:bc:34:f9:9d:3c:3a:07:8a:96:20.Are you sure you want to continue connecting (yes/no)?從上面的信息可以看出,第一次訪問(wèn)時(shí)需要輸入 yes/no ,但是 saltstack 是不支持交互式操作的,所以為了解決這個(gè)問(wèn)題,我們需要對(duì)其進(jìn)行設(shè)置,讓系統(tǒng)不進(jìn)行主機(jī)驗(yàn)證。
[root@master ~]# vim ~/.ssh/config [root@master ~]# cat ~/.ssh/config trictHostKeyChecking no [root@master salt]# salt-ssh 'node1' test.ping node1:True2.2 通過(guò)密鑰
[root@master ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:3hAolp1oeZtCoySP1QLqeTA9DtEAzLANFR8JvZbdOaQ root@master The key's randomart image is: +---[RSA 3072]----+ |X+*+.. | |.Bo+o* o. | |++=o%+=+.. | |.***=+Eo+. | |.oo+. o S. | | . . . o | | . . | | | | | +----[SHA256]-----+[root@master .ssh]# ls config id_rsa id_rsa.pub known_hosts[root@master .ssh]# ssh-copy-id root@192.168.235.172 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.235.172 (192.168.235.172)' can't be established. ECDSA key fingerprint is SHA256:neSVD6BycCgJCBinl8cOsZDqS8uBg3V1J7xImc1D+Tg. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.235.172's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.235.172'" and check to make sure that only the key(s) you wanted were added.//測(cè)試遠(yuǎn)程 [root@master .ssh]# ssh root@192.168.235.172 'date' 2021年 11月 28日 星期日 19:25:37 CST//刪除賬戶密碼 [root@master ~]# vim /etc/salt/roster [root@master ~]# cat /etc/salt/roster # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2node1:host: 192.168.235.172[root@master ~]# salt-ssh 'node1' test.ping Permission denied for host node1, do you want to deploy the salt-ssh key? (password required): [Y/n] ^Z [2]+ 已停止 salt-ssh 'node1' test.ping[root@master .ssh]# cat known_hosts 192.168.235.172 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG/1aKSxVYylsWSVsOFnaOsqr8LSO2SheTtfwtZJg2q9I8j/zL2UGQnplNHAAHjh54UfnIv3dzNP8mPTYWVvLak=[root@master .ssh]# salt-ssh '*' test.ping Permission denied for host node1, do you want to deploy the salt-ssh key? (password required): [Y/n] Y Password for root@node1: node1:True2.2 通過(guò)salt-ssh初始化系統(tǒng)安裝salt-minion
安裝 salt-ssh
[root@master ~]# yum -y install salt-ssh[root@master ~]# salt-ssh '*' test.ping node1:True執(zhí)行狀態(tài)命令,初始化系統(tǒng),安裝salt-minion
[root@master yum]# pwd /srv/salt/base/init/yum [root@master yum]# cat main.sls {% if grains['os'] == 'RedHat' %} /etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:file.managed:- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo- user: root- group: root- mode: '0644' {% endif %}/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:file.managed:- source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo- user: root- group: root- mode: '0644' /etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:file.managed:- source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo- user: root- group: root- mode: '0644' [root@master yum]# cd files/ [root@master files]# ls centos-7.repo centos-8.repo epel-7.repo epel-8.repo salt-7.repo salt-8.repo//修改epel8的key [root@master files]# vim epel-8.repo ...... enabled=1 gpgcheck=1 countme=1 gpgkey=https://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-8 #添加此行 #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 #添加注釋 ·········································································· //執(zhí)行安裝minion [root@master salt-minion]# pwd /srv/salt/base/init/salt-minion [root@master salt-minion]# cat main.sls include:- init.yum.main salt-minion:pkg.installed /etc/salt/minion:file.managed:- source: salt://init/salt-minion/files/minion.j2- user: root- group: root- mode: '0644'- template: jinja- require:- pkg: salt-minion salt-minion.service:service.running:- enable: true- reload: true- watch:- file: /etc/salt/minion[root@master files]# pwd /srv/salt/base/init/salt-minion/files [root@master files]# vim minion.j2 ....... #master: salt master: {{ pillar['master_ip'] }} #定義成變量 ......//在pillar定義變量 [root@master base]# pwd /srv/pillar/base [root@master base]# cat salt-minion.sls master_ip:192.168.235.160 [root@master base]# cat top.sls base:'*':- salt-minion//執(zhí)行 [root@master files]# salt-ssh '*' state.sls init.salt-minion.main //安裝完后可把ssh密鑰刪除,使用salt命令執(zhí)行 [root@localhost .ssh]# ls authorized_keys [root@localhost .ssh]# rm -rf authorized_keys [root@localhost .ssh]# pwd /root/.ssh //安裝minion后,主機(jī)名為localhost,shiyong-L查看時(shí)顯示的會(huì)是IP [root@master files]# salt-key -L Accepted Keys: node1 node2 Denied Keys: Unaccepted Keys: 192.168.235.172 Rejected Keys:總結(jié)
以上是生活随笔為你收集整理的slat-ssh部署salt-minion的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 【嵌入式系统】基于触摸屏控制的多功能电子
- 下一篇: 世界这么大我箱去看看