Saltstack实战配置client_acl
应用举例:1
2
3
4
5
6
7
8
9
client_acl:
# Allow thatch to execute anything.
thatch:
- .*
# Allow fred to use test and pkg, but only on "web*" minions.
fred:
- web*:
- test.*
- pkg.*
配置实战:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# vim /etc/salt/master打开注释并修改用户名
client_acl:
oldboy:
- test.ping
- network.*
# chmod 755 /var/cache/salt /var/cache/salt/master /var/cache/salt/master/jobs /var/run/salt /var/run/salt/master
# chmod 777 /var/log/salt/master
# /etc/init.d/salt-master restart
# su - oldboy
$ salt '*' test.ping
linux-node2.example.com:
True
linux-node1.example.com:
True
$ salt '*' cmd.run 'w'
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
页:
[1]