saltstack实现ssh key公钥分发
[*]以前写过一个交互式的expcet脚本实现分发公钥,以便于管理海量主机。虽说脚本不难写,但还是没有saltstack实现起来简单!
[*]来做好了 下面开始实验了!
[*]首先实验环境2台主机10.255.254.129 10.255.254.222
[*]#####################################################
[*]salt master
[*]master节点为10.255.254.129
[*]管理两个minion
[*]localhost ip为127.0.0.1
[*]node2 对应的ip为10.255.254.222
[*]10.255.254.129即作为master又作为minion
[*]注:如果对saltstack安装不懂,请看http://www.devopsh.com/713.html
[*]####################################################
[*]
[*]在minion localhost上生成秘钥对
[*][root@localhost ~]# ssh-keygen -t rsa
[*]Generating public/private rsa key pair.
[*]Enter file in which to save the key (/root/.ssh/id_rsa):
[*]Enter passphrase (empty for no passphrase):
[*]Enter same passphrase again:
[*]Your identification has been saved in /root/.ssh/id_rsa.
[*]Your public key has been saved in /root/.ssh/id_rsa.pub.
[*]The key fingerprint is:
[*]58:36:a7:12:6a:84:00:3a:7c:7c:51:f2:43:38:72:d9 root@localhost.localdomain
[*]The key's randomart image is:
[*]+--[ RSA 2048]----+
[*]|+ o=o |
[*]|o..o ==E |
[*]|o..o+.oo+ . |
[*]| ..... =.+ |
[*]| o o S |
[*]| . . |
[*]| |
[*]| |
[*]| |
[*]+-----------------+
[*]你想把谁的公钥分享出去,就在哪台主机执行
[*]################################################################
[*]创建salt master的fileserver目录并把localhost minion上的公钥拷贝到该目录中
[*]本例中,salt master 与 salt minion 在同一台主机,所以用cp ,如果是不同主机,请通过网络传输过去
[*]# mkdir -pv /srv/salt/ssh
[*]mkdir: 已创建目录 "/srv/salt"
[*]mkdir: 已创建目录 "/srv/salt/ssh"
[*]
[*]# cp /root/.ssh/id_rsa.pub /srv/salt/ssh/
[*]####################################################################
[*]重点来了,就两条命令搞定
[*]把node2 mininon上的主机指纹加入到localhost minion上
[*]# salt 'localhost' ssh.set_known_host root10.255.254.222
[*]
[*]把localhost minion上的公钥分发给node2 minion
[*]# salt 'node2' ssh.set_auth_key_from_file root salt://ssh/id_rsa.pub
[*]
[*]####################################################################
[*]在localhost minion上测试
[*]# ssh 10.255.254.222
[*]不用输入任何交换信息即可登录了!
[*]##############################################################
页:
[1]