Saltstack简介详见:http://strongit.blog.51cto.com/10020534/1727621
1、新建用户
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "adduser zhongchong"
2、建立.ssh目录
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "mkdir /home/zhangchong/.ssh/"
3、权限设置
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chmod 700 /home/zhangchong/.ssh/" sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown -R zhangchong:zhangchong /home/zhangchong/"
4、下发公钥keys
sudo salt -C "L@tz-relay1,tz-relay2" cp.get_file salt://keys/zhangchong_rsa.pub /home/zhangchong/.ssh/authorized_keys
5、公钥keys权限设置
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown zhangchong:zhangchong /home/zhangchong/.ssh/authorized_keys" sudo salt -C "L@tz-relay1,tz-relay2" cmd.run “chmod 400 /home/zhangchong/.ssh/authorized_keys”
6、加入到sudoer用户组
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ‘ echo "zhangchong ALL=(ALL:ALL) ALL " >>/etc/sudoers‘ sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ‘ echo "zhangchong ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers‘
附:有几个坑
1、公钥keys的格式
xshell程序生成的pub_keys格式如下: ---- BEGIN SSH2 PUBLIC KEY ---- Subject: zhchong Comment: "zhchong1" ModBitSize: 1024 AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R 9RnevgGrFw== ---- END SSH2 PUBLIC KEY ---- 需加入ssh才能生效 ---- BEGIN SSH2 PUBLIC KEY ---- Subject: zhchong Comment: "zhchong1" ModBitSize: 1024 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R 9RnevgGrFw== zhchong ---- END SSH2 PUBLIC KEY ----
2、authorized_keys的权限设置
将 authorized_keys 的权限设置为对拥有者只读,其他用户没有任何权限
原文:http://strongit.blog.51cto.com/10020534/1727621