salt-ssh allows the use of salt modules and states without the need to run a master or masterless configuration on a server. It’s also a nice tool when you have to connect and thing commands across multiple instances.
Recently a friend of mine got his PR #42103
merged upstream into salt. This enables the
sshconfig roster for
users can leverage an existing ssh config for targeting salt minions without
needing a roster file. Unfortunately it hasn’t landed in an official release of
salt-ssh but below I’ll cover how to install
salt-ssh from the git develop
branch on a
FreeBSD 11.1 machine. Similar steps will work for a linux install.
All that should be required is the substituting of the pkgng calls to align with
the Linux distros package manager.
Install the required pkgng packages to get
su - # We need to be root here pkg install python27 py27-virtualenv git exit # Go back to normal user
Create a virtualenv with
python2.7 interpreter and install the
mkdir ~/.virtualenvs virtualenv -p python2.7 ~/.virtualenvs/salt-ssh . ~/.virtualenvs/salt-ssh/bin/activate pip install jinja2 markupsafe msgpack-python pyyaml tornado
Note: Assumption that the user’s default shell its
sshconfig roster has yet to land into the release we’ll need to
install it from source into the virtualenv. At the time of writting this the
commit ID was
33bf0e1 of the
develop branch in salt:
git clone https://github.com/saltstack/salt.git cd salt python setup.py --ssh-packaging install
The last thing we need to go is create the salt directory structure since it’d
be better to run
salt-ssh as a normal user vs root:
mkdir -p ~/salt-ssh/etc/salt mkdir -p ~/salt-ssh/var/log/salt cat << EOF > ~/salt-ssh/Saltfile salt-ssh: config_dir: etc/salt/ EOF cat << EOF > ~/salt-ssh/etc/salt/master root_dir: . EOF
Note: The above config might be overkill but this is due to issues with logging and cache dir overrides not working in the Saltfile in 33bf0e1
~/.ssh/config looks like:
Host salty HostName 192.168.0.10 User rob Protocol 2 IdentityFile ~/.ssh/id_rsa Host salty2 HostName 192.168.0.20 User rob Protocol 2 IdentityFile ~/.ssh/id_rsa
Due to the new
sshconfig roster you can now just start targeting minions:
(salt-ssh)$ salt-ssh --roster=sshconfig '*' test.ping salty: True salty2: True
salt-ssh is now ready to go and do my bidding!
Python Missing From Target
The hosts that you are targeting with
salt-ssh need to have python installed.
If they don’t you’ll receive an error like this:
ERROR: salt requires python 2.6 or newer on target hosts, must have same major version as origin host
salt-ssh by default will generate its own private key and store it in
<config_dir>/etc/salt/pki/master/ssh/id_rsa. Just be explicit about which key
you’d like to use in your ssh config (like I was above).