Saltstack 简明教程

SaltStack - Salt through SSH

Salt 使用 salt-minion 在远程系统中执行命令。这是正常行为。在某些情况下,只能通过 SSH 协议访问远程系统。对于这些情况,Salt 提供了一个仅使用 SSH 协议连接远程系统并在 SSH 层中执行命令的选项。

Salt executes commands in a remote system by using salt-minion. This is the normal behavior. In some scenarios, the remote system can be accessed only by the SSH protocol. For these scenarios, Salt provides an option to connect the remote system using the SSH protocol only and execute the command through the SSH layer.

Salt SSH 非常容易配置。唯一需要的配置是在名为 Roster file 的特殊文件中指定远程系统详细信息。此名册文件通常位于 /etc/salt/roster 。名册文件将包含有关远程系统的所有信息以及如何才能连接到该系统。一旦配置名册文件,所有 Salt 命令都将使用 salt-ssh 而不是 salt 命令执行。

Salt SSH is very easy to configure. The only needed configuration is to specify the remote system details in a special file called as the Roster file. This roster file is normally located in /etc/salt/roster. The roster file will have all the information regarding the remote system and how can we connect to it. Once the roster files are configured, all the Salt commands are executed using the salt-ssh instead of the salt command.

Roster File

名册系统专门为 Salt SSH 设计。它被设计为可插入系统。名册系统的唯一目的是收集有关远程系统的信息。名册文件是一个包含 targets 等远程系统信息 YAML based configuration file 。这些目标是具有预定义属性集的特殊数据结构。名册文件包含一个或多个目标,每个目标都由 Salt ID 标识。

The Roster System is designed specifically for Salt SSH. This is designed as a pluggable system. The sole purpose of the roster system is to gather information about the remote system. The roster file is a YAML based configuration file containing remote system information as targets. These targets are a special data structure with a predefined set of attributes. A roster file contains one or more targets and each target is identified by a Salt ID.

名册文件的基本结构如下 −

The basic structure of the roster file is as follows −

<Salt ID>:
   host: <host name>
   user: <user name>
   passwd: <password of the user>

花名册文件中支持的所有其他属性都是可选的。它们如下所示-

All the other attributes supported by the roster file is optional. They are as follows −

  1. port − SSH port number.

  2. sudo − whether to run the command via sudo.

  3. sudo_user − sudo user name.

  4. tty − true if sudo is enabled.

  5. priv − private key.

  6. timeout − timeout for an SSH connection.

  7. minion_opts − dictionary of minion opts.

  8. thin_dir − target system’s storage directory for salt components.

  9. cmd_umask − umask to force for the salt-call command.

示例名册文件如下-

The sample roster file is as follows −

web:
   host: 192.168.2.1
   user: webuser
   passwd: secret
   sudo: True
db:
   host: 192.168.2.2

Deploy SSH Keys

Salt SSH将为SSH登录生成默认的公钥/私钥对。默认路径将是/etc/salt/pki/master/ssh/salt-ssh.rsa。可以使用 ssh-copy-id 命令将此秘钥部署到远程系统,如下所示。

Salt SSH will generate a default public/private key pairs for SSH logins. The default path will be /etc/salt/pki/master/ssh/salt-ssh.rsa. This key can be deployed to the remote system using the ssh-copy-id command as shown below.

ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub user@web.company.com

Execute Command

执行salt命令就像将 salt cli 命令更改为 salt-ssh 一样简单,如下所示。

Executing a salt command is as simple as changing the salt cli command into salt-ssh as shown below.

salt-ssh '*' test.ping

Raw Shell Command

Salt SSH提供了一个选项(-r)来在远程系统中执行原始命令,从而绕过了salt模块和功能。

Salt SSH provides an option (-r) to execute a raw command in the remote system bypassing the salt module and functions.

salt-ssh '*' -r 'ls'

Targeting with Salt SSH

Salt SSH中面向远程系统仅支持glob和regex目标。由于Salt SSH是一个独立的模块,因此它现在提供的选项有限,并且将在不久的将来提供更多功能。

Targeting the remote system in Salt SSH supports only glob and regex targets. Since Salt SSH is a separate module, it provides only limited options as of now and will provide more features in the near future.