我正在尝试设置一个盐矿,该盐矿将从各小兵那里收集公共SSH密钥。为此,我想使用file.read模块并仅获取~/.ssh/id_rsa.pub的内容。问题是从file.read运行时mine.update失败了(但在salt-call file.read ~/.ssh/id_rsa.pub运行时执行得很好):
[ERROR ] Function public-ssh-key in mine_functions failed to execute
[DEBUG ] Error: Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/salt/modules/mine.py", line 165, in update
data[func] = __salt__[mine_func](*m_data[func])
File "/usr/lib/python2.7/site-packages/salt/modules/file.py", line 3513, in read
with salt.utils.files.fopen(path, access_mode) as file_obj:
File "/usr/lib/python2.7/site-packages/salt/utils/files.py", line 399, in fopen
f_handle = open(*args, **kwargs) # pylint: disable=resource-leakage
IOError: [Errno 2] No such file or directory: '~/.ssh/id_rsa.pub'
仅使用绝对路径(例如/root/.ssh/id_rsa.pub)是不可行的,因为不能保证它将始终是运行salt-minion的root用户(而不是始终在* nix上运行)。 / p>
我使用salt 2019.2.0,其配置如下。
# /srv/pillar/top.sls
base:
'*':
- mine.public-ssh-key
# /srv/pillar/mine/public-ssh-key.sls
mine_functions:
public-ssh-key:
- mine_function: file.read
- ~/.ssh/id_rsa.pub
答案 0 :(得分:0)
盐在设计上不会扩展~。我设法通过以下方法解决此问题:
# /srv/pillar/mine/public-ssh-key.sls
mine_functions:
public-ssh-key:
- mine_function: cmd.run
{% if grains['os_family'] == 'Windows' %}
- {{ grains['shell'] }} /c "if exist %USERPROFILE%\.ssh\id_rsa.pub type %USERPROFILE%\.ssh\id_rsa.pub"
{% else %}
- {{ grains['shell'] }} -c 'if [ -f ~/.ssh/id_rsa.pub ]; then cat ~/.ssh/id_rsa.pub; else echo ""; fi'
{% endif %}
答案 1 :(得分:0)
Saltstack不会扩展〜,但是您不能使用%h吗?
在关于ssh_auth的盐文档中,有一个示例类似于您要实现的目标
thatch:
ssh_auth.present:
- user: root
- source: salt://ssh_keys/thatch.id_rsa.pub
- config: '%h/.ssh/authorized_keys'