salt-ssh介绍
1.salt-ssh 是 0.17.0 新引入的一个功能,不需要minion对客户端进行管理,也不需要master。
2.salt-ssh 支持salt大部分的功能:如 grains、modules、state 等
3.salt-ssh 没有使用ZeroMQ的通信架构,执行是串行模式
类似 paramiko、pssh、ansible 这类的工具
Roster使用
salt-ssh需要一个名单系统来确定哪些执行目标,Salt的0.17.0版本中salt-ssh引入roster系统
roster系统编译成了一个数据结构,包含了targets,这些targets是一个目标系统主机列表和或如连接到这些targets
配置文件如下
# target的信息 host: # 远端主机的ip地址或者dns域名 user: # 登录的用户 passwd: # 用户密码,如果不使用此选项,则默认使用秘钥方式 # 可选的部分 port: #ssh端口 sudo: #可以通过sudo tty: # 如果设置了sudo,设置这个参数为true priv: # ssh秘钥的文件路径 timeout: # 当建立链接时等待响应时间的秒数 minion_opts: # minion的位置路径 thin_dir: # target系统的存储目录,默认是/tmp/salt-<hash> cmd_umask: # 使用salt-call命令的umask值
安装配置
一,安装salt-ssh
[root@linux-node1 ~]# yum install salt-ssh
二,修改roster文件,配置要管理的机器
[root@linux-node1 ~]# tail -11 /etc/salt/roster linux-node1.example.com: host: 192.168.56.11 user: root passwd: 123456 port: 22 linux-node2.example.com: host: 192.168.56.12 user: root passwd: 123456 port: 22
三,进行管理测试
[root@linux-node1 ~]# salt-ssh '*' test.ping -i linux-node1.example.com: True linux-node2.example.com: True
四,salt-ssh命令用法
-r, –raw, –raw-shell # 直接使用shell命令 –priv #指定SSH私有密钥文件 –roster #定义使用哪个roster系统,如果定义了一个后端数据库,扫描方式,或者用户自定义的的roster系统,默认的就是/etc/salt/roster文件 –roster-file #指定roster文件 –refresh, –refresh-cache #刷新cache,如果target的grains改变会自动刷新 –max-procs #指定进程数,默认为25 -i, –ignore-host-keys #当ssh连接时,忽略keys –passwd #指定默认密码 –key-deploy #配置keys 设置这个参数对于所有minions用来部署ssh-key认证,
这个参和–passwd结合起来使用会使初始化部署很快很方便。当调用master模块时,并加上参数 –key-deploy 即可在minions生成keys,下次开始就不使用密码
五,salt-ssh执行状态模块
[root@linux-node1 ~]# salt-ssh '*' state.sls web.lamp linux-node2.example.com: ---------- ID: lamp-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 00:31:01.867400 Duration: 802.47 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 00:31:02.694092 Duration: 52.696 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 00:31:02.746901 Duration: 1.453 ms Changes: ---------- ID: lamp-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 00:31:02.752421 Duration: 249.895 ms Changes: ---------- ID: apache-conf Function: file.recurse Name: /etc/httpd/conf.d Result: True Comment: The directory /etc/httpd/conf.d is in the correct state Started: 00:31:03.002535 Duration: 7.066 ms Changes: ---------- ID: apache-auth Function: pkg.installed Name: httpd-tools Result: True Comment: Package httpd-tools is already installed. Started: 00:31:03.009760 Duration: 0.512 ms Changes: ---------- ID: apache-auth Function: cmd.run Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin Result: True Comment: unless execution succeeded Started: 00:31:03.016294 Duration: 7.043 ms Changes: Summary ------------ Succeeded: 7 Failed: 0 ------------ Total states run: 7 linux-node1.example.com: ---------- ID: lamp-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 00:31:01.479393 Duration: 1072.439 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 00:31:02.575303 Duration: 54.346 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 00:31:02.629757 Duration: 1.963 ms Changes: ---------- ID: lamp-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 00:31:02.635879 Duration: 233.048 ms Changes: ---------- ID: apache-conf Function: file.recurse Name: /etc/httpd/conf.d Result: True Comment: The directory /etc/httpd/conf.d is in the correct state Started: 00:31:02.869236 Duration: 5.416 ms Changes: ---------- ID: apache-auth Function: pkg.installed Name: httpd-tools Result: True Comment: Package httpd-tools is already installed. Started: 00:31:02.874737 Duration: 0.5 ms Changes: ---------- ID: apache-auth Function: cmd.run Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin Result: True Comment: unless execution succeeded Started: 00:31:02.880676 Duration: 5.381 ms Changes: Summary ------------ Succeeded: 7 Failed: 0 ------------ Total states run: 7
总结
1.salt-ssh 是在salt基础上打了一个python包上传到客户端的默认tmp目录下
在客户端上面解压并执行返回结果,最后删除tmp上传的临时文件
2.salt-minion方法是salt-mater先执行语法验证,验证通过后发送到minion
minion收到Msater的状态文件默认保存在/var/cache/salt/minion
注意:也有时候salt-master语法验证通过,在minion上可能因为环境问题会执行失败
3.salt-ssh和salt-minion可以共存,salt-minion不依赖于ssh服务