salt 版本
1 [root@salt100 ~]# salt --version
2 salt 2018.3.3 (Oxygen)
3 [root@salt100 ~]# salt-minion --version
4 salt-minion 2018.3.3 (Oxygen)
salt ssh文档
https://docs.saltstack.com/en/latest/topics/ssh/index.html
在salt100上部署salt-ssh
yum install -y salt-ssh
查看版本信息
1 [root@salt100 ~]# salt-ssh --version
2 salt-ssh 2018.3.3 (Oxygen)
1 [root@salt100 ~]# cat /etc/salt/roster
2 # Sample salt-ssh config file
3 #web1:
4 # host: 192.168.42.1 # The IP addr or DNS hostname
5 # user: fred # Remote executions will be executed as user fred
6 # passwd: foobarbaz # The password to use for login, if omitted, keys are used
7 # sudo: True # Whether to sudo to root, not enabled by default
8 #web2:
9 # host: 192.168.42.2
10
11 # 添加信息如下:
12 # 由于所有机器做了禁止root远程登录,所以这里只能使用普通用户登录,通过提权到root
13 # 普通用户远程
14 salt100:
15 host: 172.16.1.100 # The IP addr or DNS hostname
16 user: yun # Remote executions will be executed as user fred
17 # passwd: foobarbaz # The password to use for login, if omitted, keys are used
18 sudo: True # Whether to sudo to root, not enabled by default
19 port: 22 # default port is 22
20
21 salt01:
22 host: 172.16.1.11
23 user: yun
24 sudo: True
25
26 salt02:
27 host: 172.16.1.12
28 user: yun
29 sudo: True
30
31 salt03:
32 host: 172.16.1.13
33 user: yun
34 sudo: True
1 [root@salt100 ~]# salt-ssh '*' test.ping -i # 有参数 -i ,之后就可以不需要该参数了
2 Permission denied for host salt100, do you want to deploy the salt-ssh key? (password required):
3 [Y/n] y
4 Password for yun@salt100:
5 salt100:
6 True
7 Permission denied for host salt02, do you want to deploy the salt-ssh key? (password required):
8 [Y/n] y
9 Password for yun@salt02:
10 salt02:
11 True
12 Permission denied for host salt01, do you want to deploy the salt-ssh key? (password required):
13 [Y/n] y
14 Password for yun@salt01:
15 salt01:
16 True
17 Permission denied for host salt03, do you want to deploy the salt-ssh key? (password required):
18 [Y/n] y
19 Password for yun@salt03:
20 salt03:
21 True
注意:
第一次连接时会输入密码,并实现秘钥登录,这样以后就使用秘钥进行交互了。
会把 /etc/salt/pki/master/ssh/salt-ssh.rsa.pub 拷贝到 /app/.ssh/authorized_keys「/app/ 是 yun用户的家目录,参见《Saltstack_使用指南01_部署》说明」。
目前支持三种方式指定目标:通配符、正则表达式、列表
1 # 通配符
2 salt-ssh '*' test.ping
3 salt-ssh 'salt1*' test.ping
4 # 正则表达式
5 salt-ssh -E 'salt1.*' test.ping
6 salt-ssh -E 'salt(100|03)' test.ping
7 # 列表
8 salt-ssh -L 'salt100,salt02' test.ping
查看环境变量
1 [root@salt100 ~]# salt-ssh 'salt01' -r 'echo "${PATH}"'
2 salt01:
3 ----------
4 retcode:
5 0
6 stderr:
7 stdout:
8 /usr/local/bin:/usr/bin
说明:
有时会因为环境变量的原因找不到命令,这时需要你使用命令的全路径即可。
1 salt-ssh '*' -r 'df -h'
2 salt-ssh '*' -r '/usr/sbin/ifconfig' # 使用了全路径
3 salt-ssh '*' -r '/usr/sbin/ip address'
4 salt-ssh '*' -r 'whoami'
salt-ssh '*' -r 'sudo yum install -y nmap'
1 [root@salt100 web]# salt-ssh 'salt01' grains.item os
2 salt01:
3 ----------
4 os:
5 redhat01
6 [root@salt100 web]#
7 [root@salt100 web]# salt-ssh 'salt01' pillar.items
8 salt01:
9 ----------
10 level1:
11 ----------
12 level2:
13 None
14 service_appoint:
15 www
可参见:《Saltstack_使用指南03_配置管理》
1 [root@salt100 web]# salt-ssh 'salt01' state.highstate test=true # 使用 state.highstate 还是存在有些问题,所以不要用该函数
2 salt01:
3
4 Summary for salt01
5 -----------
6 Succeeded: 0
7 Failed: 0
8 -----------
9 Total states run: 0
10 Total run time: 0.000 ms
11 [root@salt100 web]#
12 [root@salt100 web]#
13 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache test=true # 正常使用
14 salt01:
15 ----------
16 ID: apache-install
17 Function: pkg.installed
18 Name: httpd
19 Result: True
20 Comment: All specified packages are already installed
21 Started: 10:26:46.078678
22 Duration: 896.211 ms
23 Changes:
24 ----------
25 ID: apache-install
26 Function: pkg.installed
27 Name: httpd-devel
28 Result: True
29 Comment: All specified packages are already installed
30 Started: 10:26:46.975113
31 Duration: 16.735 ms
32 Changes:
33 ----------
34 ID: apache-service
35 Function: service.running
36 Name: httpd
37 Result: None
38 Comment: Service httpd is set to start
39 Started: 10:26:46.992651
40 Duration: 306.683 ms
41 Changes:
42
43 Summary for salt01
44 ------------
45 Succeeded: 3 (unchanged=1)
46 Failed: 0
47 ------------
48 Total states run: 3
49 Total run time: 1.220 s
50 [root@salt100 web]#
51 [root@salt100 web]#
52 [root@salt100 web]# salt-ssh 'salt01' state.sls web.apache # 正常使用
53 salt01:
54 ----------
55 ID: apache-install
56 Function: pkg.installed
57 Name: httpd
58 Result: True
59 Comment: All specified packages are already installed
60 Started: 10:26:58.298577
61 Duration: 907.003 ms
62 Changes:
63 ----------
64 ID: apache-install
65 Function: pkg.installed
66 Name: httpd-devel
67 Result: True
68 Comment: All specified packages are already installed
69 Started: 10:26:59.205783
70 Duration: 16.56 ms
71 Changes:
72 ----------
73 ID: apache-service
74 Function: service.running
75 Name: httpd
76 Result: True
77 Comment: Service httpd has been enabled, and is running
78 Started: 10:26:59.223138
79 Duration: 980.719 ms
80 Changes:
81 ----------
82 httpd:
83 True
84
85 Summary for salt01
86 ------------
87 Succeeded: 3 (changed=1)
88 Failed: 0
89 ------------
90 Total states run: 3
91 Total run time: 1.904 s
———————————————END———————————————