You'll learn how to:
Estimated time: 10 minutes
Let’s learn how Salt SSH stores connection details and connects to agentless systems.
By default, Salt uses a YAML file to store connection details for agentless systems, called the roster. A basic roster file contains an ID, a host, and a user:
ID: host: [IP or DNS name] user: [username]
The default location of the roster file is
/etc/salt/roster. You can use the
--roster-file= argument (example below) to specify a different path if you want to save it somewhere else.
There are many additional options available in rosters, see How Rosters Work for more details.
salt-ssh command is used to connect to agentless systems. This command is very similar to the
salt-ssh [target] [command] [arguments]
The main difference is that any system specified in the target must be defined in the roster file, and targets can be matched using globs or regex only.
The first time you connect to a system, Salt SSH returns a message with the key fingerprint. You can examine this key fingerprint, and then connect using the
-i option to accept the key.
salt-ssh -i '*' test.ping Permission denied for host managed, do you want to deploy the salt-ssh key? (password required): [Y/n] y Password for vagrant@managed: managed: True
Salt SSH generated a local SSH RSA key to use for authentication. The user password is required the first time to deploy the key, then subsequent connections work without providing the user password:
salt-ssh '*' disk.usage managed: ---------- /: ---------- 1K-blocks: 41251136 available: 38318832 capacity: 4% filesystem: /dev/sda1 used: 1196392 /dev: ---------- 1K-blocks: 245916 available: 245904 capacity: 1% filesystem: udev used: 12 ...
Let’s add a roster file and then run a test command. Make sure you are in the Salt SSH directory that you created previously (
~/salt-ssh) and you have activated the virtual environment (
salt-ssh/roster text file and save connection details for each agentless system:
managed: host: 192.168.70.11 user: vagrant
You can add as many systems as you like to this file using this format. The example above is based on the vagrant demo systems from the previous section, but you can easily substitute the values from your own environment.
salt-ssh/Saltfile text file and add connection options:
salt-ssh: roster_file: /home/vagrant/salt-ssh/roster # replace 'vagrant' with your username if needed config_dir: /home/vagrant/salt-ssh log_file: /home/vagrant/salt-ssh/log.txt
A Saltfile lets you specify command line options that you want included each time you run a command.
Test the connection by running the following command:
salt-ssh -i '*' test.ping
If all goes well you’ll get a response from each system.