Ssh
通過鹽柱將 ssh 密鑰從 master 部署到 minion
我有兩個 ssh 密鑰,我正試圖將它們部署到我的一個奴才。但我似乎無法部署它。它出錯了。這是
init.sls
支柱:/xxx/yyy/zzz/id_rsa: file.managed: - source: salt://private/id_rsa /xxx/yyy/zz/id_rsa.pub: file.managed: - source: salt://private/id_rsa.pub
這是我的
init.sls
狀態:ssh: file.managed: - name: {{ pillar['private'] }}
我一定做錯了什麼(顯然),但我不確定是什麼。有什麼建議麼?
Salt Pillar 系統沒有 init.sls 文件。狀態和支柱都有一個 top.sls 文件。作為子目錄的狀態可能有一個 init.sls 文件。
第 1 步:在 /srv/pillar/users.sls 中定義您的使用者
users: - name: fred fullname: Fred Flintstone email: fflintstone@slaterockandgravel.com uid: 4001 gid: 4001 shell: /bin/bash groups: - bowling shadow: $6$Sasdf/Ss$asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfsadfasdfsadfsadfsdf authkey: ssh-dss AAAAasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafa = fflinstone@slaterockandgravel.com sshpub: ssh-dss AAAAasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafa = fflinstone@slaterockandgravel.com - name: barney fullname: Barney Rubble email: brubbel@slaterockandgravel.com uid: 4002 gid: 4002 shell: /bin/bash groups: - bowling shadow: $6$Suiop/Ss$uiopuiopuiopuiopuiopuiopuiopuiopuiopuiopuiopsadfuiopsadfsadfsdf authkey: ssh-dss AAAAuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafa = fflinstone@slaterockandgravel.com sshpub: ssh-dss AAAAuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafa = fflinstone@slaterockandgravel.com
第 2 步:將新支柱添加到 /srv/pillar/top.sls
base: 'testminion': - users
第 3 步:使用 jinja 將支柱映射到 /srv/salt/user/init.sls 中的狀態
{% for user in pillar['users'] %} user_{{user.name}}: group.present: - name: {{user.name}} - gid: {{user.gid}} user.present: - name: {{user.name}} - fullname: {{user.fullname}} - password: {{user.shadow}} - shell: {{user.shell}} - uid: {{user.uid}} - gid: {{user.gid}} {% if user.groups %} - optional_groups: {% for group in user.groups %} - {{group}} {% endfor %} {% endif %} - require: - group: user_{{user.name}} file.directory: - name: /home/{{user.name}} - user: {{user.name}} - group: {{user.name}} - mode: 0751 - makedirs: True user_{{user.name}}_forward: file.append: - name: /home/{{user.name}}/.forward - text: {{user.email}} user_{{user.name}}_sshdir: file.directory: - name: /home/{{user.name}}/.ssh - user: {{user.name}} - group: {{user.name}} - mode: 0700 {% if 'authkey' in user %} user_{{user.name}}_authkeys: ssh_auth.present: - user: {{user.name}} - name: {{user.authkey}} {% endif %} {% if 'sshpriv' in user %} user_{{user.name}}_sshpriv: file.managed: - name: /home/{{user.name}}/.ssh/id_rsa - user: {{user.name}} - group: {{user.name}} - mode: 0600 - contents_pillar: {{user.sshpriv}} {% endif %} {% if 'sshpub' in user %} user_{{user.name}}_sshpub: file.managed: - name: /home/{{user.name}}/.ssh/id_rsa.pub - user: {{user.name}} - group: {{user.name}} - mode: 0600 - contents_pillar: {{user.sshpub}} {% endif %} {% endfor %} # user in users # vim: ft=yaml tabstop=2 sts=2 sw=2 et ai si
不要忘記將奴才與新支柱同步!
salt targetminions saltutil.refresh_pillar