Ssh

通過鹽柱將 ssh 密鑰從 master 部署到 minion

  • April 4, 2017

我有兩個 ssh 密鑰,我正試圖將它們部署到我的一個奴才。但我似乎無法部署它。它出錯了。這是init.sls支柱:

/xxx/yyy/zzz/id_rsa:
 file.managed:
   - source: salt://private/id_rsa

/xxx/yyy/zz/id_rsa.pub:
 file.managed:
   - source: salt://private/id_rsa.pub

這是我的init.sls狀態:

ssh:
 file.managed:
   - name: {{ pillar['private'] }}

我一定做錯了什麼(顯然),但我不確定是什麼。有什麼建議麼?

Salt Pillar 系統沒有 init.sls 文件。狀態和支柱都有一個 top.sls 文件。作為子目錄的狀態可能有一個 init.sls 文件。

第 1 步:在 /srv/pillar/users.sls 中定義您的使用者

users:

 - name: fred
   fullname: Fred Flintstone
   email: fflintstone@slaterockandgravel.com
   uid: 4001
   gid: 4001
   shell: /bin/bash
   groups:
     - bowling
   shadow: $6$Sasdf/Ss$asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfsadfasdfsadfsadfsdf
   authkey: ssh-dss AAAAasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafa = fflinstone@slaterockandgravel.com
   sshpub: ssh-dss AAAAasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafaasdfasdfasdfasdfasdfsadfsadfsadfsadfasdfasdfsdafsdafa = fflinstone@slaterockandgravel.com

 - name: barney
   fullname: Barney Rubble
   email: brubbel@slaterockandgravel.com
   uid: 4002
   gid: 4002
   shell: /bin/bash
   groups:
     - bowling
   shadow: $6$Suiop/Ss$uiopuiopuiopuiopuiopuiopuiopuiopuiopuiopuiopsadfuiopsadfsadfsdf
   authkey: ssh-dss AAAAuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafa = fflinstone@slaterockandgravel.com
   sshpub: ssh-dss AAAAuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafauiopuiopuiopuiopuiopsadfsadfsadfsadfuiopuiopsdafsdafa = fflinstone@slaterockandgravel.com

第 2 步:將新支柱添加到 /srv/pillar/top.sls

base:
 'testminion':
   - users

第 3 步:使用 jinja 將支柱映射到 /srv/salt/user/init.sls 中的狀態

{% for user in pillar['users'] %}
user_{{user.name}}:
 group.present:
   - name: {{user.name}}
   - gid: {{user.gid}}

 user.present:
   - name: {{user.name}}
   - fullname: {{user.fullname}}
   - password: {{user.shadow}}
   - shell: {{user.shell}}
   - uid: {{user.uid}}
   - gid: {{user.gid}}
   {% if user.groups %}
   - optional_groups:
     {% for group in user.groups %}
     - {{group}}
     {% endfor %}
   {% endif %}
   - require:
     - group: user_{{user.name}}

 file.directory:
   - name: /home/{{user.name}}
   - user: {{user.name}}
   - group: {{user.name}}
   - mode: 0751
   - makedirs: True

user_{{user.name}}_forward:
 file.append:
   - name: /home/{{user.name}}/.forward
   - text: {{user.email}}

user_{{user.name}}_sshdir:
 file.directory:
   - name: /home/{{user.name}}/.ssh
   - user: {{user.name}}
   - group: {{user.name}}
   - mode: 0700

{% if 'authkey' in user %}
user_{{user.name}}_authkeys:
 ssh_auth.present:
   - user: {{user.name}}
   - name: {{user.authkey}}
{% endif %}

{% if 'sshpriv' in user %}
user_{{user.name}}_sshpriv:
 file.managed:
   - name: /home/{{user.name}}/.ssh/id_rsa
   - user: {{user.name}}
   - group: {{user.name}}
   - mode: 0600
   - contents_pillar: {{user.sshpriv}}
{% endif %}

{% if 'sshpub' in user %}
user_{{user.name}}_sshpub:
 file.managed:
   - name: /home/{{user.name}}/.ssh/id_rsa.pub
   - user: {{user.name}}
   - group: {{user.name}}
   - mode: 0600
   - contents_pillar: {{user.sshpub}}
{% endif %}
{% endfor %} # user in users
# vim: ft=yaml tabstop=2 sts=2 sw=2 et ai si

不要忘記將奴才與新支柱同步!

salt targetminions saltutil.refresh_pillar

引用自:https://serverfault.com/questions/538218