Saltstack批量添加用户密钥

Saltstack简介详见：http://strongit.blog.51cto.com/10020534/1727621

1、新建用户

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "adduser zhongchong"

2、建立.ssh目录

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "mkdir /home/zhangchong/.ssh/"

3、权限设置

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chmod 700 /home/zhangchong/.ssh/" 
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown  -R zhangchong:zhangchong /home/zhangchong/"

4、下发公钥keys

sudo salt -C "L@tz-relay1,tz-relay2" cp.get_file salt://keys/zhangchong_rsa.pub /home/zhangchong/.ssh/authorized_keys

5、公钥keys权限设置

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown zhangchong:zhangchong  /home/zhangchong/.ssh/authorized_keys"
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run “chmod 400  /home/zhangchong/.ssh/authorized_keys”

6、加入到sudoer用户组

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo  "zhangchong  ALL=(ALL:ALL) ALL " >>/etc/sudoers'
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo  "zhangchong  ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers'

附：有几个坑

1、公钥keys的格式

xshell程序生成的pub_keys格式如下：
---- BEGIN SSH2 PUBLIC KEY ----
Subject: zhchong
Comment: "zhchong1"
ModBitSize: 1024
AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG
Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO
lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R
9RnevgGrFw== 
---- END SSH2 PUBLIC KEY ----
需加入ssh才能生效
---- BEGIN SSH2 PUBLIC KEY ----
Subject: zhchong
Comment: "zhchong1"
ModBitSize: 1024
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG
Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO
lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R
9RnevgGrFw== zhchong
---- END SSH2 PUBLIC KEY ----

2、authorized_keys的权限设置

将 authorized_keys 的权限设置为对拥有者只读，其他用户没有任何权限