Salt SSH of saltstack

1. salt-ssh Introduce

salt-ssh So we don't need to install... On the controlled machine salt-minion The client can also implement management operations .

1.1 salt-ssh Characteristics

• The remote system requires Python Support , Unless used -r Option to send the original message ssh command
• salt-ssh It's a software package , It can only be used after installation , The command itself is salt-ssh
• salt-ssh Will not replace the standard Salt communication system , It just provides a platform based on SSH alternatives , Unwanted ZeroMQ and agent

Please note that , Due to all and Salt SSH All communications are through SSH Executive , So it's better than using ZeroMQ Standards for Salt Much slower

1.2 salt-ssh The way of remote management

salt-ssh There are two ways to achieve remote management , One is to record the information of all clients in the configuration file , Such as IP Address 、 Port number 、 user name 、 Password and support sudo etc. ; The other is to use key to realize remote management , No password required .

2. salt-ssh management

stay master Installation on salt-ssh

[[email protected] ~]# yum -y install salt-ssh

2.1 By using the user name and password SSH Realize remote management

Modify the configuration file , Add controlled machine information

[[email protected] ~]# vim /etc/salt/roster
.... Omit here N That's ok 
node1:
  host: 192.168.91.134
  user: root
  passwd: amu123

[[email protected] ~]# salt-ssh 'node1‘ test.ping
node1:
    ----------
    retcode:
        10
    stderr:
        ERROR: Unable to locate appropriate python command
    stdout:
        ERROR: Python version error. Recommendation(s) follow:
        - Install Python 3 on the target machine(s)
        - You can use ssh_pre_flight or raw shell (-r) to install Python 3	//  Need to install python3

//  install python3
[[email protected] ~]# salt-ssh -r 'node1' 'yum -y install python3'

[[email protected] ~]# which python3
/usr/bin/python3

//  Test after installation 
[[email protected] ~]# salt-ssh 'node1' test.ping
node1:
    True

Test connectivity

//  for the first time ping He will ask you if you want to continue connecting 
[[email protected] .ssh]# ls
known_hosts

[[email protected] .ssh]# ls
known_hosts
[[email protected] .ssh]# rm -f known_hosts 

[[email protected] .ssh]# salt-ssh 'node1' test.ping
node1:
    ----------
    retcode:
        254
    stderr:
    stdout:
        The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
        The authenticity of host '192.168.91.134 (192.168.91.134)' can't be established.
        ECDSA key fingerprint is SHA256:Nz8CAwwL3HRh/Lvqejqa+eiV3A09xGYYfG2A/W8wRPs.
        ECDSA key fingerprint is MD5:8c:b3:22:14:7a:8a:bc:34:f9:9d:3c:3a:07:8a:96:20.
        Are you sure you want to continue connecting (yes/no)?

As can be seen from the above information , For the first visit, you need to enter yes/no , however saltstack Interactive operation is not supported , So in order to solve this problem , We need to set it up , Let the system not perform host Authentication .

[[email protected] .ssh]# vim ~/.ssh/config
StrictHostKeyChecking no

[[email protected] .ssh]# salt-ssh '*' test.ping
node1:
    True

2.2 adopt salt-ssh Initialize system installation salt-minion

install salt-ssh

[[email protected] ~]# yum -y install salt-ssh

modify roster The configuration file , Add controlled host

[[email protected] ~]# vim /etc/salt/roster
.... Omit here N That's ok 
node1:
  host: 192.168.91.134
  user: root
  passwd: amu123

Test connectivity

[[email protected] ~]# salt-ssh 'node1' test.ping
node1:
    True

Execute status command , Initialize system , install salt-minion

[[email protected] ~]# cd /srv/salt/base/init/
[[email protected] init]# ls
basepkgs   history   postfix      sshd     yum
chrony     kernel    salt-minion  sudo
firewalld  main.sls  selinux      timeout

//  preparation 
[[email protected] init]# cd salt-minion/
[[email protected] salt-minion]# 
[[email protected] salt-minion]# ls
files  main.sls
[[email protected] salt-minion]# vim main.sls 
include:
  - init.yum.main

salt-minion:
  pkg.installed

/etc/salt/minion:
  file.managed:
    - source: salt://init/salt-minion/files/minion.j2
    - user: root
    - group: root
    - mode: '0644'
    - template: jinja
    - require:
      - pkg: salt-minion

salt-minion.service:
  service.running:
    - enable: true
    - reload: true
    - watch:
      - file: /etc/salt/minion

//  Start installation 
[[email protected] ~]# systemctl status salt-minion
Unit salt-minion.service could not be found.

[[email protected] ~]# salt-ssh 'node1' state.sls init.salt-minion.main

//  Check the installation 
[[email protected] yum.repos.d]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.servi>
   Active: active (running) since Mon 2021-11-29 17:19:08 CS>
     Docs: man:salt-minion(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltproject.io/en/latest/contents.ht>
 Main PID: 77393 (salt-minion)
    Tasks: 3 (limit: 4743)
   Memory: 50.4M
   CGroup: /system.slice/salt-minion.service
           ├─77393 /usr/bin/python3.6 /usr/bin/salt-minion
           └─77429 /usr/bin/python3.6 /usr/bin/salt-minion

Nov 29 17:19:07 node1 systemd[1]: Starting The Salt Minion...
Nov 29 17:19:08 node1 systemd[1]: Started The Salt Minion.

//  see key
[[email protected] ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
node1
Rejected Keys:

//  Accept all key
[[email protected] ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
node1
Key for minion node1 accepted.

[[email protected] ~]# salt-key -L
Accepted Keys:
node1
Denied Keys:
Unaccepted Keys:
Rejected Keys:

//  Conduct ping Pass test 
[[email protected] ~]# salt 'node1' test.ping
node1:
    True