Salt SSH Installation on Centos 5.5
Salt has the option to manage servers agentlessly. Agentless means that the targets don't need a agent process. The master orchestrates the target system over SSH. Therefor it exists an own command called _salt-shh. _ The following sections explain how to install Salt SSH on a CentOs 5.5 and how to configure minimally a master and its targets for a test connection. The how to is tested with Salt version 2014.1.11.
Installation
On Master Node
Salt SSH is a part of the master package, so we have to install salt-master.
1sudo yum install salt-master
It also installs the optional dependencies. For an agent mode these dependencies can make trouble (see for more information Salt Installation on Centos 5.5). But for our case these dependencies can be ignored because the communication between master and target systems is over SSH.
On Target Nodes
On target nodes, we have to ensure that Python 2.6. are installed and some Python 2.6 modules (see Salt Dependency page). These are needed because the master copies Python scripts to the minions and run them on the targets. So the following steps has to be done.
Enable EPEL Release
sudo yum install epel-release
Install Python 2.6 package and needed Python modules
sudo yum install python26 python26-msgpack python26-PyYAML python26-jinja2 python26-markupsafe python-libcloud python26-requests
Configuration
This section describes only the important configuration issues for running the first command from a master to its targets. For further configuration possibilities, please read the Salt documentation about configuration. The configuration depends whether the authentication uses password or public/private keys.
Password Authentication
- Go on target nodes.
- Enable SSH password authentication.
- Open
etc/ssh/sshd_config
with your favorite editor. - Ensure that the line
PasswordAuthentication yes
is active. - Restart SSH.
sudo service ssh restart
- Open
- Go on master node.
- Configure the connection to the targets.
- Open
/etc/salt/roster
with your favorite editor. - Add for every target following content
1<Salt ID>: # The id to reference the target system with 2host: # The IP address or DNS name of the remote host 3user: # The user to log in as 4passwd: # The password to log in with
- Open
- Save the file.
- Test the communication.
salt-ssh <Salt ID> test.ping
Public/Private Key Authentication
- Go on the master node.
- Prepare SSH for key authentication
- Call
ssh-keygen
- Reply following question
1 Enter file in which to save the key (/home/skosmalla/.ssh/id_rsa): 2 Enter passphrase (empty for no passphrase): 3 Enter same passphrase again:
- Keep the following information in mind.
1Your identification has been saved in /home/skosmalla/.ssh/id_rsa. 2Your public key has been saved in /home/skosmalla/.ssh/id_rsa.pub. 3The key fingerprint is: 444:3e:ef:58:94:15:52:c2:88:ca:ab:21:43:53:3d:42 skosmalla@computer
- Copy the public key (in our example id_rsa.pub) to the targets.
ssh-copy-id -i /home/skosmalla/.ssh/id_rsa.pub username@target_host
- Check, if the ssh access is working without password.
ssh username@target_host
- Call
- Configure the connection to the targets.
- Open
/etc/salt/roster
with your favorite editor. - Add for every target following content.
1<Salt ID>: # The id to reference the target system with 2host: # The IP address or DNS name of the remote host 3user: # The user to log in as 4priv: # File path to ssh private key, defaults to salt-ssh.rsa, in our example it is /home/skosmalla/.ssh/id_rsa.
- Open
- Test the communication.
salt-ssh <Salt ID> test.ping