Saltstack批量添加用户密钥

Saltstack简介详见:http://strongit.blog.51cto.com/10020534/1727621

Saltstack分组操作参考:http://strongit.blog.51cto.com/10020534/1736302

1、新建用户

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "adduser zhongchong"

2、建立.ssh目录

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "mkdir /home/zhangchong/.ssh/"

3、权限设置

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chmod 700 /home/zhangchong/.ssh/" sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown  -R zhangchong:zhangchong /home/zhangchong/"

4、下发公钥keys

sudo salt -C "L@tz-relay1,tz-relay2" cp.get_file salt://keys/zhangchong_rsa.pub /home/zhangchong/.ssh/authorized_keys

5、公钥keys权限设置

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown zhangchong:zhangchong  /home/zhangchong/.ssh/authorized_keys"sudo salt -C "L@tz-relay1,tz-relay2" cmd.run “chmod 400  /home/zhangchong/.ssh/authorized_keys”

6、加入到sudoer用户组

sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo  "zhangchong  ALL=(ALL:ALL) ALL " >>/etc/sudoers'sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo  "zhangchong  ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers'
 

附:有几个坑

1、公钥keys的格式

xshell程序生成的pub_keys格式如下:---- BEGIN SSH2 PUBLIC KEY ----Subject: zhchong
Comment: "zhchong1"ModBitSize: 1024AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG
Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO
lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R
9RnevgGrFw== 
---- END SSH2 PUBLIC KEY ----需加入ssh才能生效---- BEGIN SSH2 PUBLIC KEY ----Subject: zhchong
Comment: "zhchong1"ModBitSize: 1024ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG
Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO
lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R
9RnevgGrFw== zhchong---- END SSH2 PUBLIC KEY ----

2、authorized_keys的权限设置

将 authorized_keys 的权限设置为对拥有者只读,其他用户没有任何权限

你可能感兴趣的:(master,saltstack,自动化运维工具)