saltstack's salt-ssh (Update at any time)

Posted by tomwerner on Wed, 08 May 2019 17:54:04 +0200

Salt introduces a powerful message queue as a communication transmission mechanism. Sometimes we need old tools to be more effective -- salt ssh.

Official documents https://docs.saltstack.com/en/latest/topics/ssh/index.html

salt is designed to connect a large number of remote hosts at one time, while SSH (security shell is short for Secure shell) allows only one host to interact at a time.

salt-ssh usage steps:

1. Roster (roster) establishment:

In traditional salt infrastructure, minions actively link master, and master does not store minion's network and host configuration. This rule needs to be changed based on SSH links, because the master must link his minion through ssh.

Roster is used to save minion id and ip.

Roster is a plain text document stored in / etc / salt / roster. Roster paths can be changed by salt-ssh -- roster-file=/etc/salt/roster'*'test.ping.

roster files can be added as follows:

id: minion unique identifier
 Host: host name
 Port: ssh port (default 22, specify port for non-standard installation)
User: The default user running salt-ssh is root
 passwd: using password authentication
 sudo: Privileged users execute commands, defaulting to False.
priv: Access minion with a private key and select the key through a specified path
 timeout: Maximum number of seconds to wait for ssh connections to be established
 thin_dir: minion's salt thin agent installation directory

My personal setup is simple.

[root@Management-Machine-140 ~]# cat /etc/salt/roster
136: 192.168.146.136
137: 192.168.146.137
138:
  host: 192.168.146.138
  user: root
  port: 22
  passwd: 111111
  timeout: 5
[root@Management-Machine-140 ~]#


Other built-in roster s

Scan dynamically defines host and connection parameters, requiring roster to be specified in salt-ssh --roster=scan

[root@Management-Machine-140 ~]# salt-ssh --roster=scan 192.168.146.0/24 test.ping
192.168.146.139:    #ssh key is not stored in ssh key agent.
    ----------
    retcode:
        254
    stderr:
    stdout:
        The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
        The authenticity of host '192.168.146.139 (192.168.146.139)' can't be established.
        RSA key fingerprint is 6e:c2:82:f9:9b:dc:b6:21:8f:9f:9f:55:59:4e:72:6f.
        Are you sure you want to continue connecting (yes/no)?
192.168.146.136:
    True
192.168.146.137:
    True
192.168.146.138:
    True
[root@Management-Machine-140 ~]#

Cache, when minion cannot respond, you can use salt-ssh --roster cache 136 service.start salt-minion to troubleshoot.

[root@Management-Machine-140 ~]# salt-ssh --roster cache 136 service.start salt-minion

cloud, similar to cache

ansible ssh automation platform, self-learning


Using salt-ssh, the matching target has Glob (default), Perl regular-E, list-L, Grains-G, NodeGroup-N group name, Range-R.

- r Specifies Execution Command

- Ignore keys when i connect

[root@Management-Machine-140 ~]# salt-ssh '*'  -r 'tail -1 /var/log/dmesg'
137:
    ----------
    retcode:
        0
    stderr:
    stdout:
        SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
138:
    ----------
    retcode:
        0
    stderr:
    stdout:
        SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
136:
    ----------
    retcode:
        0
    stderr:
    stdout:
        SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
[root@Management-Machine-140 ~]#

Topics: Linux ssh SELinux shell saltstack

Hot Topics

©2024 Programmer Think