You'll learn how to:
Estimated time: 10 minutes
Difficulty:
Let’s learn how Salt SSH stores connection details and connects to agentless systems.
By default, Salt uses a YAML file to store connection details for agentless systems, called the roster. A basic roster file contains an ID, a host, and a user:
ID:
host: [IP or DNS name]
user: [username]
The default location of the roster file is /etc/salt/roster
. You can use the --roster-file=
argument (example below) to specify a different path if you want to save it somewhere else.
There are many additional options available in rosters, see How Rosters Work for more details.
The salt-ssh
command is used to connect to agentless systems. This command is very similar to the salt
command:
salt-ssh [target] [command] [arguments]
The main difference is that any system specified in the target must be defined in the roster file, and targets can be matched using globs or regex only.
The first time you connect to a system, Salt SSH returns a message with the key fingerprint. You can examine this key fingerprint, and then connect using the -i
option to accept the key.
salt-ssh -i '*' test.ping
Permission denied for host managed, do you want to deploy the salt-ssh key? (password required):
[Y/n] y
Password for vagrant@managed:
managed:
True
Salt SSH generated a local SSH RSA key to use for authentication. The user password is required the first time to deploy the key, then subsequent connections work without providing the user password:
salt-ssh '*' disk.usage
managed:
----------
/:
----------
1K-blocks:
41251136
available:
38318832
capacity:
4%
filesystem:
/dev/sda1
used:
1196392
/dev:
----------
1K-blocks:
245916
available:
245904
capacity:
1%
filesystem:
udev
used:
12
...
Let’s add a roster file and then run a test command. Make sure you are in the Salt SSH directory that you created previously (~/salt-ssh
) and you have activated the virtual environment (source venv/bin/activate
).
Create a salt-ssh/roster
text file and save connection details for each agentless system:
managed:
host: 192.168.70.11
user: vagrant
You can add as many systems as you like to this file using this format. The example above is based on the vagrant demo systems from the previous section, but you can easily substitute the values from your own environment.
Create a salt-ssh/Saltfile
text file and add connection options:
salt-ssh:
roster_file: /home/vagrant/salt-ssh/roster # replace 'vagrant' with your username if needed
config_dir: /home/vagrant/salt-ssh
log_file: /home/vagrant/salt-ssh/log.txt
A Saltfile lets you specify command line options that you want included each time you run a command.
Test the connection by running the following command:
salt-ssh -i '*' test.ping
If all goes well you’ll get a response from each system.