SKM IT World

Just another blog about IT


1 Comment

Salt SSH Installation on Centos 5.5

Salt has the option to manage servers agentlessly.  Agentless means that the targets don’t need a agent process. The master orchestrates the target system over SSH. Therefor it exists an own command called salt-shh.  The following sections explain how to install Salt SSH on a CentOs 5.5 and how to configure minimally a master and its targets for a test connection. The how to is tested with Salt version 2014.1.11.

Installation

On Master Node

Salt SSH is a part of the master package, so we have to install salt-master.

sudo yum install salt-master

It also installs the optional dependencies. For an agent mode these dependencies can make trouble (see for more information Salt Installation on Centos 5.5). But for our case these dependencies can be ignored because the communication between master and target systems is over SSH.

On Target Nodes

On target nodes, we have to ensure that Python 2.6. are installed and some Python 2.6 modules (see Salt Dependency page). These are needed because the master copies Python scripts to the minions and run them on the targets. So the following steps has to be done.

  1. Enable EPEL Release
    sudo yum install epel-release
    
  1. Install Python 2.6 package and needed Python modules
    sudo yum install python26 python26-msgpack python26-PyYAML python26-jinja2 python26-markupsafe python-libcloud python26-requests
    

Configuration

This section describes only the important configuration issues for running the first command from a master to its targets. For further configuration possibilities, please read the Salt documentation about configuration.

The configuration depends whether the authentication uses password or public/private keys.

Password Authentication

  1. Go on target nodes.
  2. Enable SSH password authentication.
    1. Open /etc/ssh/sshd_config with your favorite editor.
    2. Ensure that the line PasswordAuthentication yes is active.
    3. Restart SSH.
      sudo service ssh restart
      
  1. Go on master node.
  2. Configure the connection to the targets.
    1. Open /etc/salt/roster with your favorite editor.
    2. Add for every target following content
          <Salt ID>:   # The id to reference the target system with
              host:    # The IP address or DNS name of the remote host
              user:    # The user to log in as
              passwd:  # The password to log in with
      
    1. Save the file.
  1. Test the communication.
    salt-ssh <Salt ID> test.ping
    

Public/Private Key Authentication

  1. Go on the master node.
  2. Prepare SSH for key authentication
    1. Call
      ssh-keygen
      
    2. Reply following question
          Enter file in which to save the key (/home/skosmalla/.ssh/id_rsa):
          Enter passphrase (empty for no passphrase):
          Enter same passphrase again:
      
    3. Keep the following information in mind.
          Your identification has been saved in /home/skosmalla/.ssh/id_rsa.
          Your public key has been saved in /home/skosmalla/.ssh/id_rsa.pub.
          The key fingerprint is:
          44:3e:ef:58:94:15:52:c2:88:ca:ab:21:43:53:3d:42 skosmalla@computer
      
    4. Copy the public key (in our example id_rsa.pub) to the targets.
      ssh-copy-id -i /home/skosmalla/.ssh/id_rsa.pub username@target_host
      
    5. Check, if the ssh access is working without password.
      ssh username@target_host
      
      
  1. Configure the connection to the targets.
    1. Open /etc/salt/roster with your favorite editor.
    2. Add for every target following content.
          <Salt ID>:   # The id to reference the target system with
              host:    # The IP address or DNS name of the remote host
              user:    # The user to log in as
              priv:    # File path to ssh private key, defaults to salt-ssh.rsa, in our example it is /home/skosmalla/.ssh/id_rsa.
      
  2. Test the communication.
    salt-ssh <Salt ID> test.ping
    

 Further Information