SaltStack使用salt-ssh模式-第十一篇

salt-ssh介绍

1.salt-ssh 是 0.17.0 新引入的一个功能，不需要minion对客户端进行管理，也不需要master。

2.salt-ssh 支持salt大部分的功能：如 grains、modules、state 等

3.salt-ssh 没有使用ZeroMQ的通信架构，执行是串行模式

类似 paramiko、pssh、ansible 这类的工具

Roster使用

salt-ssh需要一个名单系统来确定哪些执行目标，Salt的0.17.0版本中salt-ssh引入roster系统

roster系统编译成了一个数据结构，包含了targets，这些targets是一个目标系统主机列表和或如连接到这些targets

配置文件如下

# target的信息
    host:        # 远端主机的ip地址或者dns域名
    user:        # 登录的用户
    passwd:      # 用户密码,如果不使用此选项，则默认使用秘钥方式
# 可选的部分
    port:        #ssh端口
    sudo:        #可以通过sudo
    tty:         # 如果设置了sudo，设置这个参数为true
    priv:        # ssh秘钥的文件路径
    timeout:     # 当建立链接时等待响应时间的秒数
    minion_opts: # minion的位置路径
    thin_dir:    # target系统的存储目录，默认是/tmp/salt-<hash>
    cmd_umask:   # 使用salt-call命令的umask值

安装配置

一，安装salt-ssh

[root@linux-node1 ~]# yum install salt-ssh

二，修改roster文件，配置要管理的机器

[root@linux-node1 ~]# tail -  /etc/salt/roster
linux-node1.example.com:
  host: 192.168.56.11
  user: root
  passwd:
  port: 

linux-node2.example.com:
  host: 192.168.56.12
  user: root
  passwd:
  port: 

三，进行管理测试

[root@linux-node1 ~]# salt-ssh '*' test.ping -i
linux-node1.example.com:
    True
linux-node2.example.com:
    True

四，salt-ssh命令用法

-r, –raw, –raw-shell # 直接使用shell命令
–priv #指定SSH私有密钥文件
–roster #定义使用哪个roster系统，如果定义了一个后端数据库，扫描方式，或者用户自定义的的roster系统，默认的就是/etc/salt/roster文件
–roster-file #指定roster文件
–refresh, –refresh-cache #刷新cache，如果target的grains改变会自动刷新
–max-procs #指定进程数，默认为25
-i, –ignore-host-keys #当ssh连接时，忽略keys
–passwd #指定默认密码
–key-deploy #配置keys 设置这个参数对于所有minions用来部署ssh-key认证，
 这个参和–passwd结合起来使用会使初始化部署很快很方便。当调用master模块时，并加上参数 –key-deploy 即可在minions生成keys，下次开始就不使用密码

五，salt-ssh执行状态模块

[root@linux-node1 ~]# salt-ssh '*' state.sls web.lamp
linux-node2.example.com:
----------
          ID: lamp-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed.
     Started: ::01.867400
    Duration: 802.47 ms
     Changes:
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf is in the correct state
     Started: ::02.694092
    Duration: 52.696 ms
     Changes:
----------
          ID: php-config
    Function: file.managed
        Name: /etc/php.ini
      Result: True
     Comment: File /etc/php.ini is in the correct state
     Started: ::02.746901
    Duration: 1.453 ms
     Changes:
----------
          ID: lamp-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is in the desired state
     Started: ::02.752421
    Duration: 249.895 ms
     Changes:
----------
          ID: apache-conf
    Function: file.recurse
        Name: /etc/httpd/conf.d
      Result: True
     Comment: The directory /etc/httpd/conf.d is in the correct state
     Started: ::03.002535
    Duration: 7.066 ms
     Changes:
----------
          ID: apache-auth
    Function: pkg.installed
        Name: httpd-tools
      Result: True
     Comment: Package httpd-tools is already installed.
     Started: ::03.009760
    Duration: 0.512 ms
     Changes:
----------
          ID: apache-auth
    Function: cmd.run
        Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
      Result: True
     Comment: unless execution succeeded
     Started: ::03.016294
    Duration: 7.043 ms
     Changes:   

Summary
------------
Succeeded:
Failed:
------------
Total states run:
linux-node1.example.com:
----------
          ID: lamp-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed.
     Started: ::01.479393
    Duration: 1072.439 ms
     Changes:
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf is in the correct state
     Started: ::02.575303
    Duration: 54.346 ms
     Changes:
----------
          ID: php-config
    Function: file.managed
        Name: /etc/php.ini
      Result: True
     Comment: File /etc/php.ini is in the correct state
     Started: ::02.629757
    Duration: 1.963 ms
     Changes:
----------
          ID: lamp-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is in the desired state
     Started: ::02.635879
    Duration: 233.048 ms
     Changes:
----------
          ID: apache-conf
    Function: file.recurse
        Name: /etc/httpd/conf.d
      Result: True
     Comment: The directory /etc/httpd/conf.d is in the correct state
     Started: ::02.869236
    Duration: 5.416 ms
     Changes:
----------
          ID: apache-auth
    Function: pkg.installed
        Name: httpd-tools
      Result: True
     Comment: Package httpd-tools is already installed.
     Started: ::02.874737
    Duration: 0.5 ms
     Changes:
----------
          ID: apache-auth
    Function: cmd.run
        Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
      Result: True
     Comment: unless execution succeeded
     Started: ::02.880676
    Duration: 5.381 ms
     Changes:   

Summary
------------
Succeeded:
Failed:
------------
Total states run:     

salt-ssh '*' state.sls web.lamp

总结

1.salt-ssh 是在salt基础上打了一个python包上传到客户端的默认tmp目录下

在客户端上面解压并执行返回结果,最后删除tmp上传的临时文件

2.salt-minion方法是salt-mater先执行语法验证，验证通过后发送到minion

minion收到Msater的状态文件默认保存在/var/cache/salt/minion

注意：也有时候salt-master语法验证通过，在minion上可能因为环境问题会执行失败

3.salt-ssh和salt-minion可以共存，salt-minion不依赖于ssh服务