Overview
salt-ssh allows the use of salt modules and states without the need to run a master or masterless configuration on a server. It’s also a nice tool when you have to connect and thing commands across multiple instances.
Recently a friend of mine got his PR #42103
merged upstream into the Salt project. This enables the sshconfig
roster for salt-ssh
so
users can leverage an existing ssh config for targeting salt minions without
needing a roster file. Unfortunately it hasn’t landed in an official release of
salt-ssh
but below I’ll cover how to install salt-ssh
from the git develop
branch on a FreeBSD 11.1
machine. Similar steps will work for a Linux install
by substituting of the pkgng
calls to align with the Linux distros package
manager (apt, yum, etc.).
Setup
Install the required pkgng packages to get python
and virtualenv
:
$ su - # We need to be root here
$ pkg install python27 py27-virtualenv git
$ exit # Go back to normal user
Create a virtualenv with python2.7
interpreter, activate it, and
install the pip
dependencies:
$ mkdir ~/.virtualenvs
$ virtualenv -p python2.7 ~/.virtualenvs/salt-ssh
$ . ~/.virtualenvs/salt-ssh/bin/activate
(salt-ssh)$ pip install jinja2 markupsafe msgpack-python pyyaml tornado
Note: Assumption that the user’s default shell its
/bin/sh
Since the sshconfig
roster has yet to land into the release we’ll need to
install it from source into the virtualenv. At the time of writting this the
commit ID was 33bf0e1
of the develop
branch in salt:
(salt-ssh)$ git clone https://github.com/saltstack/salt.git
(salt-ssh)$ cd salt
(salt-ssh)$ python setup.py --ssh-packaging install
The last thing required is creating the salt
directory structure so that
salt-ssh
could run as a normal user instead of root:
(salt-ssh)$ mkdir -p ~/salt-ssh/etc/salt
(salt-ssh)$ mkdir -p ~/salt-ssh/var/log/salt
(salt-ssh)$ cat << EOF > ~/salt-ssh/Saltfile
salt-ssh:
config_dir: etc/salt/
EOF
(salt-ssh)$ cat << EOF > ~/salt-ssh/etc/salt/master
root_dir: .
EOF
Note: The above config might be overkill but this is due to issues with logging and cache dir overrides not working in the Saltfile in 33bf0e1
My example ~/.ssh/config
looks like:
Host salty
HostName 192.168.0.10
User rob
Protocol 2
IdentityFile ~/.ssh/id_rsa
Host salty2
HostName 192.168.0.20
User rob
Protocol 2
IdentityFile ~/.ssh/id_rsa
With the new sshconfig
roster just start targeting minions based on the Host
in ~/.ssh/config
:
(salt-ssh)$ salt-ssh --roster=sshconfig '*' test.ping
salty:
True
salty2:
True
Giddy up! salt-ssh
is now ready to go and do my bidding against my minions!
Issues
Python Missing From Target
The hosts that you are targeting with salt-ssh
need to have python installed.
If they don’t you’ll receive an error like this:
ERROR: salt requires python 2.6 or newer on target hosts, must have same major version as origin host
#(salt-ssh)# Wrong IdentityFile
salt-ssh
by default will generate its own private key and store it in
<config_dir>/etc/salt/pki/master/ssh/id_rsa
. If you do not want to use
this key then just be explicit about which key you’d like to use in your
~/.ssh/config
(like I was above).