SaltStack Tutorial
SaltStack Useful Resources
Selected Reading
- SaltStack - Working Example
- SaltStack - Python API
- SaltStack - Salt Package Manager
- SaltStack - Orchestration
- SaltStack - Event system
- SaltStack - Salt Proxy Minions
- Salt for Cloud Infrastructure
- SaltStack - Salt through SSH
- SaltStack - Logging
- Configuration Management
- SaltStack - Remote Execution
- SaltStack - Using Cron with Salt
- Using MinionFS as the File Server
- SaltStack - Git as a File Server
- SaltStack - Salt File Server
- SaltStack - Job Management
- SaltStack - Access Control System
- Creating a Simple Environment
- SaltStack - Installation
- SaltStack - Competitors
- SaltStack - Architecture
- SaltStack - Overview
- SaltStack - Home
SaltStack Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
SaltStack - Salt through SSH
SaltStack - Salt through SSH
Salt executes commands in a remote system by using salt-minion. This is the normal behavior. In some scenarios, the remote system can be accessed only by the SSH protocol. For these scenarios, Salt provides an option to connect the remote system using the SSH protocol only and execute the command through the SSH layer.
Salt SSH is very easy to configure. The only needed configuration is to specify the remote system details in a special file called as the Roster file. This roster file is normally located in /etc/salt/roster. The roster file will have all the information regarding the remote system and how can we connect to it. Once the roster files are configured, all the Salt commands are executed using the salt-ssh instead of the salt command.
Roster File
The Roster System is designed specifically for Salt SSH. This is designed as a pluggable system. The sole purpose of the roster system is to gather information about the remote system. The roster file is a YAML based configuration file containing remote system information as targets. These targets are a special data structure with a predefined set of attributes. A roster file contains one or more targets and each target is identified by a Salt ID.
The basic structure of the roster file is as follows −
<Salt ID>: host: <host name> user: <user name> passwd: <password of the user>
All the other attributes supported by the roster file is optional. They are as follows −
port − SSH port number.
sudo − whether to run the command via sudo.
sudo_user − sudo user name.
tty − true if sudo is enabled.
priv − private key.
timeout − timeout for an SSH connection.
minion_opts − dictionary of minion opts.
thin_dir − target system s storage directory for salt components.
cmd_umask − umask to force for the salt-call command.
The sample roster file is as follows −
web: host: 192.168.2.1 user: webuser passwd: secret sudo: True db: host: 192.168.2.2
Deploy SSH Keys
Salt SSH will generate a default pubpc/private key pairs for SSH logins. The default path will be /etc/salt/pki/master/ssh/salt-ssh.rsa. This key can be deployed to the remote system using the ssh-copy-id command as shown below.
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub user@web.company.com
Execute Command
Executing a salt command is as simple as changing the salt cp command into salt-ssh as shown below.
salt-ssh * test.ping
Raw Shell Command
Salt SSH provides an option (-r) to execute a raw command in the remote system bypassing the salt module and functions.
salt-ssh * -r ls
Targeting with Salt SSH
Targeting the remote system in Salt SSH supports only glob and regex targets. Since Salt SSH is a separate module, it provides only pmited options as of now and will provide more features in the near future.
Advertisements