|
|
这里先记录下下今天对salt-ssh关于密码以密钥的测试情况(后期完善)
1
2
3
4
5
6
7
| 操作系统版本:
[iyunv@master ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
主机信息:
master: 10.10.10.140(安装salt-ssh)
node01: 10.10.10.141
node01:10.10.10.142
|
基于密码验证的测试过程:
a、安装epel源以及salt-ssh
b、配置salt-ssh配置文件
1
2
3
4
5
6
7
8
9
| [iyunv@master ~]# vim /etc/salt/roster
node01:
host: 10.10.10.141
user: root
passwd: redhat12345
node02:
host: 10.10.10.142
user: root
passwd: redhat12345
|
c、使用salt-ssh进行测试
1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@master salt]# salt-ssh '*' test.ping
[WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master?
node01:
True
node02:
True
[iyunv@master salt]# salt-ssh '*' cmd.run 'uptime'
[WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master?
node01:
05:33:37 up 23 min, 1 user, load average: 0.17, 0.05, 0.02
node02:
21:33:42 up 23 min, 1 user, load average: 0.16, 0.06, 0.02
说明:这里由于我没有安装salt-master,出现没有日志文件权限的警告信息,可以忽略
|
基于密钥验证的测试过程:
a、配置免密钥登录:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| [iyunv@master ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
19:65:dc:fa:72:33:35:d6:81:18:e0:91:d3:ce:ce:0f root@master.saltstack.com
The key's randomart image is:
+--[ RSA 2048]----+
| +*oo . |
| .=oo.. . |
| ..+. ..|
| o.o + .|
| S o. o . |
| .E= |
| ooo |
| . |
| |
+-----------------+
[iyunv@master ~]# scp ~/.ssh/id_rsa.pub root@10.10.10.141:/root/
root@10.10.10.141's password:
id_rsa.pub 100% 407 0.4KB/s 00:00
[iyunv@master ~]# scp ~/.ssh/id_rsa.pub root@10.10.10.142:/root/
root@10.10.10.142's password:
id_rsa.pub 100% 407 0.4KB/s 00:00
[iyunv@node01 ~]# cat id_rsa.pub >>~/.ssh/authorized_keys
[iyunv@node01 ~]# service sshd restart
停止 sshd: [确定]
正在启动 sshd: [确定]
[iyunv@node02 ~]# cat id_rsa.pub >>~/.ssh/authorized_keys
[iyunv@node02 ~]# service sshd restart
停止 sshd: [确定]
正在启动 sshd: [确定]
|
b、调整salt-ssh的配置文件
1
2
3
4
5
6
7
| 为了测试密钥登录,而不是在配置文件中写好密码登录,重新调整下/etc/salt/roster文件,将密码的部分注销掉
[iyunv@master ~]# vim /etc/salt/roster
# Sample salt-ssh config file
node01:
host: 10.10.10.141
node02:
host: 10.10.10.142
|
c、基于密钥的配置:
1
2
3
4
5
6
7
8
| [iyunv@master ~]# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.141
Now try logging into the machine, with "ssh 'root@10.10.10.141'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[iyunv@master ~]# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.142
Now try logging into the machine, with "ssh 'root@10.10.10.142'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
|
d、测试实验效果:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| [iyunv@master ~]# salt-ssh '*' cmd.run 'df -h'
[WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master?
node02:
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 14G 8.3G 4.6G 65% /
tmpfs 932M 0 932M 0% /dev/shm
/dev/sda1 190M 42M 139M 23% /boot
/dev/sda3 2.0G 18M 1.8G 1% /tmp
node01:
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 14G 8.3G 4.6G 65% /
tmpfs 932M 72K 932M 1% /dev/shm
/dev/sda1 190M 42M 139M 23% /boot
/dev/sda3 2.0G 18M 1.8G 1% /tmp
|
到此,salt-ssh的测试初步完成,参考资料:https://docs.saltstack.cn/topics/ssh/index.html
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-2-15 08:50:04
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
