我有两个ssh密钥,我试图部署到我的一个小伙子。 但我似乎无法得到它部署。 它出错了。 以下是支柱中的init.sls :
/xxx/yyy/zzz/id_rsa: file.managed: - source: salt://private/id_rsa /xxx/yyy/zz/id_rsa.pub: file.managed: - source: salt://private/id_rsa.pub
这是我的init.sls状态:
ssh: file.managed: - name: {{ pillar['private'] }}
我一定是做错了(显然),但我不知道是什么。 有什么build议么?
Salt Pillar系统没有init.sls文件。 状态和支柱都有一个top.sls文件。 作为子目录的国家可能有一个init.sls文件。
第1步:在/srv/pillar/users.sls中定义您的用户
users: - name: fred fullname: Fred Flintstone email: [email protected] uid: 4001 gid: 4001 shell: /bin/bash groups: - bowling shadow: $6$Sasdf/Ss$asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfsadfasdfsadfsadfsdf authkey: ssh-dss AAAAasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafa = [email protected] sshpub: ssh-dss AAAAasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafa = [email protected] - name: barney fullname: Barney Rubble email: [email protected] uid: 4002 gid: 4002 shell: /bin/bash groups: - bowling shadow: $6$Suiop/Ss$uiopuiopuiopuiopuiopuiopuiopuiopuiopuiopuiopsadfuiopsadfsadfsdf authkey: ssh-dss AAAAuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafa = [email protected] sshpub: ssh-dss AAAAuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafa = [email protected]
第2步:将新的支柱添加到/srv/pillar/top.sls
base: 'testminion': - users
第3步:使用jinja将支柱映射到/srv/salt/user/init.sls中的状态
{% for user in pillar['users'] %} user_{{user.name}}: group.present: - name: {{user.name}} - gid: {{user.gid}} user.present: - name: {{user.name}} - fullname: {{user.fullname}} - password: {{user.shadow}} - shell: {{user.shell}} - uid: {{user.uid}} - gid: {{user.gid}} {% if user.groups %} - optional_groups: {% for group in user.groups %} - {{group}} {% endfor %} {% endif %} - require: - group: user_{{user.name}} file.directory: - name: /home/{{user.name}} - user: {{user.name}} - group: {{user.name}} - mode: 0751 - makedirs: True user_{{user.name}}_forward: file.append: - name: /home/{{user.name}}/.forward - text: {{user.email}} user_{{user.name}}_sshdir: file.directory: - name: /home/{{user.name}}/.ssh - user: {{user.name}} - group: {{user.name}} - mode: 0700 {% if 'authkey' in user %} user_{{user.name}}_authkeys: ssh_auth.present: - user: {{user.name}} - name: {{user.authkey}} {% endif %} {% if 'sshpriv' in user %} user_{{user.name}}_sshpriv: file.managed: - name: /home/{{user.name}}/.ssh/id_rsa - user: {{user.name}} - group: {{user.name}} - mode: 0600 - contents_pillar: {{user.sshpriv}} {% endif %} {% if 'sshpub' in user %} user_{{user.name}}_sshpub: file.managed: - name: /home/{{user.name}}/.ssh/id_rsa.pub - user: {{user.name}} - group: {{user.name}} - mode: 0600 - contents_pillar: {{user.sshpub}} {% endif %} {% endfor %} # user in users # vim: ft=yaml tabstop=2 sts=2 sw=2 et ai si
不要忘记同步新的支柱!
salt targetminions saltutil.refresh_pillar
应该注意的是,关于原始问题,还有另一个简单的解决scheme,如果source: salt://...格式不适用于file.managed – 因为它仍然发生在salt-ssh因为bug https: //github.com/saltstack/salt/issues/38458这是自修 – 那就是切换到contents:用文件树的外部支柱,这也是由主文件支持的。
现在, https: ext_pillarlogging了file_tree ext_pillar 。 它已经从2015.5.0版本开始存在,所以它比原来的问题和答案更新,但它是一个现在相当可用的解决scheme。
事实上,这也在https://docs.saltstack.com/en/latest/faq.html#is-it-possible-to-deploy-a-file-to-a-specific-minion-without -其他-爪牙,其访问到它