How to use salt-ssh for targeting range of IP's?
893 views
Skip to first unread message
pankaj ghadge
Oct 9, 2014, 8:04:23 AM10/9/14
to salt-...@googlegroups.com
Hi all,
I have to apply one patch on all servers, but on all server salt minions are not installed.
So I was planning to use salt-ssh.
But in /etc/salt/roster I don't want to mention all the servers IP's,
Can I mention IP range in roster to execute command? I have the common public key with me to target all machine.
I have seen --range option in below link but don't know how to use it.
Thomas S Hatch
Oct 9, 2014, 6:45:08 PM10/9/14
to salt-...@googlegroups.com
--range is for targetting via a range server. For an ip range try the scan roster:
salt-ssh --roster scan <ip subnet> test.ping
Thomas S. Hatch | Founder, CTO
2825 E. Cottonwood Parkway, Suite 360 | Salt Lake City, UT 84121
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
pankaj ghadge
Oct 9, 2014, 10:43:44 PM10/9/14
to salt-...@googlegroups.com
HI,
Thanks for reply,
Can I run like this?
I want to apply patch on all server, so where do I provide PRIV (File path to SSH private key)?
Generally syntax mentioned in doc is like below, salt ID is required. where do I provide path to SSH private key for scan roster?
Thanks for reply,
Can I run like this?
salt-ssh --roster scan <192.168.0.1 - 192.168.0.254> cmd.run "yum -y update bash"Enter code here...I want to apply patch on all server, so where do I provide PRIV (File path to SSH private key)?
Generally syntax mentioned in doc is like below, salt ID is required. where do I provide path to SSH private key for scan roster?
<Salt ID>: # The id to reference the target system with
host: # The IP address or DNS name of the remote host
user: # The user to log in as
passwd: # The password to log in with
# Optional parameters
port: # The target system's ssh port number
sudo: # Boolean to run command via sudo
priv: # File path to ssh private key, defaults to salt-ssh.rsa
timeout: # Number of seconds to wait for response
Enter code here...Thomas S Hatch
Oct 9, 2014, 10:50:50 PM10/9/14
to salt-...@googlegroups.com
salt-ssh --roster scan 192.168.0/24 pkg.install bash
You can use the pkg module of course instead of shelling out, or salt-ssh can send raw shell commands:
salt-ssh --roster scan 192.168.0/24 -r 'yum -y update bash'
The -r option sends a raw command to the shell and does not require loading the salt libs and is therefore faster in salt-ssh
Thomas S. Hatch | Founder, CTO
2825 E. Cottonwood Parkway, Suite 360 | Salt Lake City, UT 84121
pankaj ghadge
Oct 10, 2014, 12:17:48 AM10/10/14
to salt-...@googlegroups.com
Thanks for reply,
But where do I keep root password/SSH private key path?
Thomas S Hatch
Oct 10, 2014, 12:32:04 AM10/10/14
to salt-...@googlegroups.com
In this setup just pass --askpass or --priv on the command line. You could also use jinja in the roster file to auto populate a roster with the range
pankaj ghadge
Oct 10, 2014, 12:51:00 AM10/10/14
to salt-...@googlegroups.com
HI,
It is not working for me. I'm using salt version salt 2014.1.10 (Hydrogen).
When I run man salt command , it does not show me --askpass and --priv in help
SALT-SSH(1) Salt SALT-SSH(1)
NAME salt-ssh - salt-ssh Documentation
SYNOPSIS salt-ssh '*' [ options ] sys.doc
salt-ssh -E '.*' [ options ] sys.doc cmd
DESCRIPTION Salt SSH allows for salt routines to be executed using only SSH for transport
OPTIONS -r, --raw, --raw-shell Execute a raw shell command.
--roster-file Define which roster system to use, this defines if a database backend, scanner, or custom roster system is used. Default is the flat file roster.
--refresh, --refresh-cache Force a refresh of the master side data cache of the target's data. This is needed if a target's grains have been changed and the auto refresh timeframe has not been reached.
--max-procs Set the number of concurrent minions to communicate with. This value defines how many processes are opened up at a time to manage connections, the more running process the faster communication should be, default is 25.
--passwd Set the default password to attempt to use when authenticating.
--key-deploy Set this flag to attempt to deploy the authorized ssh key with all minions. This combined with --passwd can make initial deployment of keys very fast and easy.
--version Print the version of Salt that is running.
--versions-report Show program's dependencies and version number, and then exit
-h, --help Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir The location of the Salt configuration directory. This directory contains the configuration files for Salt master and minions. The default location on most systems is /etc/salt.
Target Selection
-E, --pcre The target expression will be interpreted as a PCRE regular expression rather than a shell glob.
-L, --list The target expression will be interpreted as a comma-delimited list; example: server1.foo.bar,server2.foo.bar,example7.quo.qux
-G, --grain The target expression matches values returned by the Salt grains system on the minions. The target expression is in the format of '<grain value>:<glob expression>'; example: 'os:Arch*'
This was changed in version 0.9.8 to accept glob expressions instead of regular expression. To use reg- ular expression matching with grains, use the --grain-pcre option.
--grain-pcre The target expression matches values returned by the Salt grains system on the minions. The target expression is in the format of '<grain value>:< regular expression>'; example: 'os:Arch.*'
-N, --nodegroup Use a predefined compound target defined in the Salt master configuration file.
-R, --range Instead of using shell globs to evaluate the target, use a range expression to identify targets. Range expressions look like %cluster.
Using the Range option requires that a range server is set up and the location of the range server is referenced in the master configuration file.
Logging Options Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. Default: warning.
--log-file=LOG_FILE Log file path. Default: /var/log/salt/ssh.
--log-file-level=LOG_LEVEL_LOGFILE Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. Default: warning.
Output Options --out Pass in an alternative outputter to display the return of data. This outputter can be any of the avail- able outputters: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only for data returned from specific functions; for instance, the grains outputter will not work for non-grains data.
If an outputter is used that does not support the data passed into it, then Salt will fall back on the pprint outputter and display the return data using the Python pprint standard library module.
NOTE: If using --out=json, you will probably want --static as well. Without the static option, you will get a JSON string for each minion. This is due to using an iterative outputter. So if you want to feed it to a JSON parser, use --static as well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT Print the output indented by the provided value in spaces. Negative values disable indentation. Only applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE Write the output to the specified file.
--no-color Disable all colored output
--force-color Force colored output
SEE ALSO salt(7) salt-master(1) salt-minion(1)
AUTHOR Thomas S. Hatch <that...@gmail.com> and many others, please see the Authors file
COPYRIGHT 2013 SaltStack, Inc.
2014.1.0 February 19, 2014 SALT-SSH(1)
pankaj ghadge
Oct 22, 2014, 4:25:58 AM10/22/14
to salt-...@googlegroups.com
Thanks Thomas. It worked after salt-master package update.
Thanks a lot again :)
Wolodja Wentland
Mar 24, 2015, 9:50:59 AM3/24/15
to salt-...@googlegroups.com
On Wednesday, 22 October 2014 10:25:58 UTC+2, pankaj ghadge wrote:
Thanks Thomas. It worked after salt-master package update.Thanks a lot again :)
sorry for digging out this old thread, but it seems to be the only bit of documentation there is on the scan roster.
I am trying what has been suggested by Thomas before, but always get:
$ salt-ssh --roster=scan $SOME_IP_ADDRESS test.ping
No hosts found with target $SOME_IP_ADDRESS of type glob
What did you do to get it working, Pankaj? How is this supposed to work?
Colton Myers
Apr 2, 2015, 2:14:32 PM4/2/15
to salt-...@googlegroups.com
For the scan roster, the targeting string should be an IPCIDR string (like '127.0.0.1/24' or similar). There are additional options which can be passed in on the command line:
Scan Roster Options:
Parameters affecting scan roster
--scan-ports=SSH_SCAN_PORTS
Comma-separated list of ports to scan in the scan
roster.
--scan-timeout=SSH_SCAN_TIMEOUT
Scanning socket timeout for the scan roster.
You can see these options in the output of `salt-ssh -h`
Hope that helps!
--
Colton Myers
Platform Engineer, SaltStack
@basepi on Twitter/Github/IRC
Reply all
Reply to author
Forward
0 new messages