烹茶细论

salt-ssh初始化salt客户端

salt-ssh是依赖ssh进行通讯的,最大的优点就是可以不通过salt-minion客户端去执行远程的批量操作。所以在没有安装salt-minion之前使用salt-ssh是一个很不错的选择。
salt-ssh还能使用salt的标准模块和命令

一、salt-ssh安装

1
$yum install salt-ssh

配置roster,配置文件:/etc/salt/roster

1
2
3
4
5
6
7
8
#Sample salt-ssh config file
web1:
host: 192.168.42.1 # The IP addr or DNS hostname
user: fred # Remote executions will be executed as user fred
passwd: foobarbaz # The password to use for login, if omitted, keys are used
sudo: True # Whether to sudo to root, not enabled by default
web2:
host: 192.168.42.2

host: 机器的ip或者hostname
user: 远程登录到服务器的账号
passwd: 登录密码
sudo: 是否需要sudo权限
如果需要sudo权限,需要在 /etc/sudoers打开用户sudo权限,ALL=(ALL) NOPASSWD: ALL

二、使用
调用salt的模块
salt-ssh ‘*’ test.ping

执行命令
salt-ssh ‘*’ -r ‘ifconfig’

首次连接服务器需要输入yes,则可以使用-i参数忽略

1
2
3
4
5
6
7
8
9
10
11
12
13
14
三、练手(初始化salt-minion客户端)
因为使用的是kvm虚拟机,所以把salt-minion已经加入到模板里面,初始化只是修改minion里的master和id而已
cd /srv/salt/
新建minion文件夹,文件结构如下:
# tree minion/
```bash
minion/
├── files
│   ├── minion
│   └── minion_id
└── install.sls

1
2
3
cat /srv/salt/minion/files/minion
master: 172.16.**.**
id: {{id}}
1
2
cat /srv/salt/minion/files/minion_id
{{id}}

state文件,使用jinjia 修改上面的两个文件并发送到客户端,然后重启salt-minion

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
cat /srv/salt/minion/install.sls
modify_file:
file.managed:
- name: /etc/salt/minion_id
- source: salt://minion/files/minion_id
- template: jinja
- user: root
- group: root
- mode: 644
- id: {{ grains['ip_interfaces']['eth0'][0] }}
modify_master:
file.managed:
- name: /etc/salt/minion
- source: salt://minion/files/minion
- template: jinja
- user: root
- group: root
- mode: 644
- id: {{ grains['ip_interfaces']['eth0'][0] }}
salt_restart:
service.running:
- name: salt-minion
- enable: True
- reload: True
- watch:
- file: modify_file

执行

1
salt-ssh '172.16.**.**' state.sls minion.install

上面的172.16.. 就是roster文件里面的web1、web2,根据自己的命名修改
结果:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
172.16**.**:
----------
ID: modify_file
Function: file.managed
Name: /etc/salt/minion_id
Result: True
Comment: File /etc/salt/minion_id is in the correct state
Started: 17:11:09.589424
Duration: 115.379 ms
Changes:
----------
ID: modify_master
Function: file.managed
Name: /etc/salt/minion
Result: True
Comment: File /etc/salt/minion is in the correct state
Started: 17:11:09.704937
Duration: 16.939 ms
Changes:
----------
ID: salt_restart
Function: service.running
Name: salt-minion
Result: True
Comment: Service salt-minion is already enabled, and is in the desired state
Started: 17:11:09.722335
Duration: 652.707 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3

参考文献:
http://docs.saltstack.com/en/latest/topics/ssh/