Quickly build a salt SSH Environment Based on Salt master/minions

Pre-reading

Environment Description

Commencement

Create a user and key authentication management environment for the salt SSH Environment

Configure mine to get the minion ID and IP address

Generate salt rosters

Apply salt SSH

Remarks

The salt 0.17 version has been released. An important feature of this version is the introduction of the salt SSH system, which provides maintenance methods without minion and SSH. The original salt maintenance environment has begun to take shape, and manual rebuilding of the salt SSH environment is costly. Lazy is human nature. Using the original saltstack master/minions environment, how to quickly build a new salt SSH maintenance environment will be the topic of this article.

Pre-reading

Pre-creation. Read the following before reading this article:

Salt 0.17 release note: http://docs.saltstack.com/topics/releases/0.17.0.html

Salt SSH: http://docs.saltstack.com/topics/ssh/

Salt rosters: http://docs.saltstack.com/topics/ssh/roster.html

Environment Description

Minion version: This article uses salt mine to obtain the existing minion ID and IP address. Because salt mine is a new function introduced by 0.15.0, make sure that the minion version is equal to or higher than 0.15.0.

Install the master using epel warehouse yum

All minion-side sshd services have been started and master access is allowed

Minion is installed on the server where the master is located and the master is run for management. The corresponding minion ID is salt.

The salt file_roots directory is/srv/salt/, and the pillar_roots directory is/srv/pillar/

Commencement

Note

All of the following operations are performed on the master

Create a user and key authentication management environment for the salt SSH Environment

Generate master SSH key

# Create a master SSH key directory

Mkdir/etc/salt/pki/master/ssh/

# Generate the master SSH key

CD/etc/salt/pki/master/ssh/

Ssh-keygen-t rsa-P ""-F salt-ssh.rsa

# Copy the master public key to salt fileserver

CP/etc/salt/pki/master/ssh/salt-ssh.rsa.pub/srv/salt/files/salt-ssh.rsa.pub

Write the user and key authentication status management file for salt SSH management,/srv/salt/ssh/init. SLS

Salt-user:

{# Salt user #}

User. Present:

-Name: salt

{# Salt user sudoer #}

File. managed:

-Name:/etc/sudoers. d/salt

-Source: salt: // salt/files/etc/sudoers. d/salt

-Require:

-User: salt-user

Salt-master-key:

Ssh_auth.present:

-User: salt

-Source: salt: /salt/files/salt-ssh.rsa.pub

-Require:

-User: salt-user

Sudoer file/srv/salt/files/etc/sudoers. d/salt:

Defaults: salt! Requiretty

Salt all = (all) nopasswd: All

Application Status

Salt '*' state. SLS salt. SSH

Configure mine to get the minion ID and IP address

Configure salt mine,/srv/pillar/salt/mine. SLS

Mine_functions:

Network. ip_addrs:

-Eth0

Configure pillar top. SLS,/srv/pillar/top. SLS

Base:

'*':

-Salt. Mine

Refresh pillar and verify Salt Mine Configuration

Salt '*' saltutil. refresh_pillar

Salt '*' pillar. Get mine_functions

Update Salt Mine and test to obtain the IDs and IP addresses of all minions.

Salt '*' mine. Update

Salt 'Salt 'Mine. get' * 'network. ip_addrs

Generate salt rosters

Configure salt rosters state

/Srv/salt/ssh/roster. SLS

Salt-rosters:

{# Salt rosters file for salt-ssh #}

File. managed:

-Name:/etc/salt/roster

-Source: salt: // salt/files/etc/salt/roster

-Template: Jinja

/Srv/salt/files/etc/salt/roster:

{% For eachminion, each_mine in Salt ['Mine. get'] ('*', 'network. ip_addrs '). iteritems ()-%}

{Eachminion }}:

HOST: {each_mine [0]}

User: salt

Sudo: True

{% Endfor-%}

Generate salt rosters

Salt 'salt' state. SLS salt. Ssh. Roster

Apply salt SSH

Upgrade the master to version 0.17 or later (the current epel stable version is 0.17.1-1). Now, the salt SSH environment has been built.

Yum update salt-Master

Service salt-master restart

Test salt SSH

# Run the salt Module

Salt-ssh '*' test. Ping

# Run the original shell command

Salt-ssh '*'-r'uptime'

Remarks

Salt: This is the pace to grab the fabric rice bowl. I personally prefer the management method like salt master/minions. Salt SSH serves as a supplement, it is very reliable to upgrade Minion, restart Minion, and so on. With salt SSH, you don't have to worry about having a chicken or an egg.

This article is from the "davideylee" blog and will not be reposted!

Quickly build a salt SSH Environment Based on Salt master/minions