Salt has the option to manage servers agentlessly. Agentless means that the targets don’t need a agent process. The master orchestrates the target system over SSH. Therefor it exists an own command called salt-shh. The following sections explain how to install Salt SSH on a CentOs 5.5 and how to configure minimally a master and its targets for a test connection. The how to is tested with Salt version 2014.1.11.
Installation
On Master Node
Salt SSH is a part of the master package, so we have to install salt-master.
sudo yum install salt-master
It also installs the optional dependencies. For an agent mode these dependencies can make trouble (see for more information Salt Installation on Centos 5.5). But for our case these dependencies can be ignored because the communication between master and target systems is over SSH.
On Target Nodes
On target nodes, we have to ensure that Python 2.6. are installed and some Python 2.6 modules (see Salt Dependency page). These are needed because the master copies Python scripts to the minions and run them on the targets. So the following steps has to be done.
- Enable EPEL Release:
sudo yum install epel-release
- Install Python 2.6 package and needed Python modules:
sudo yum install python26 python26-msgpack python26-PyYAML python26-jinja2 python26-markupsafe python-libcloud python26-requests
Configuration
This section describes only the important configuration issues for running the first command from a master to its targets. For further configuration possibilities, please read the Salt documentation about configuration.
The configuration depends whether the authentication uses password or public/private keys.
Password Authentication
- Go on target nodes.
- Enable SSH password authentication.
- Open /etc/ssh/sshd_config with your favorite editor.
- Ensure that the line PasswordAuthentication yes is active.
- Restart SSH.
sudo service ssh restart
- Go on master node.
- Configure the connection to the targets.
- Open /etc/salt/roster with your favorite editor.
- Add for every target following content
<Salt ID>: # The id to reference the target system with host: # The IP address or DNS name of the remote host user: # The user to log in as passwd: # The password to log in with - Save the file.
- Test the communication.
salt-ssh <Salt ID> test.ping
Public/Private Key Authentication
- Go on the master node.
- Prepare SSH for key authentication
- Call
ssh-keygen
- Reply following question
Enter file in which to save the key (/home/skosmalla/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: - Keep the following information in mind.
Your identification has been saved in /home/skosmalla/.ssh/id_rsa. Your public key has been saved in /home/skosmalla/.ssh/id_rsa.pub. The key fingerprint is: 44:3e:ef:58:94:15:52:c2:88:ca:ab:21:43:53:3d:42 skosmalla@computer - Copy the public key (in our example id_rsa.pub) to the targets.
ssh-copy-id -i /home/skosmalla/.ssh/id_rsa.pub username@target_host
- Check, if the ssh access is working without password.
ssh username@target_host
- Call
- Configure the connection to the targets.
- Open /etc/salt/roster with your favorite editor.
- Add for every target following content.
<Salt ID>: # The id to reference the target system with host: # The IP address or DNS name of the remote host user: # The user to log in as priv: # File path to ssh private key, defaults to salt-ssh.rsa, in our example it is /home/skosmalla/.ssh/id_rsa.
- Test the communication.
salt-ssh <Salt ID> test.ping
Further Information
| Reference: | Salt SSH Installation on Centos 5.5 from our SCG partner Sandra Parsick at the SKM IT WORLD blog. |
