Difference between revisions of "SUSE Manager/SaltSSHServerPush"

From MicroFocusInternationalWiki
Jump to: navigation, search
(rephrased the description a bit (this feature is mainly about managing systems, bootstrapping is less important; reduce the number of the word "via" :) ), added a screenshot)
(SSH Server Push via salt-ssh)
Line 6: Line 6:
 
  '''Note:''' This feature is still work-in-progress and this page reflects the current state of it.
 
  '''Note:''' This feature is still work-in-progress and this page reflects the current state of it.
  
Saltstack provides a mechanism, called *salt-ssh* [https://docs.saltstack.com/en/latest/topics/ssh/] to manage clients from a server, without installing salt-related software on clients. No need to have minions connected to salt-master in this case.
+
Saltstack provides a mechanism, called *salt-ssh* [https://docs.saltstack.com/en/latest/topics/ssh/] to manage clients from a server, without installing salt-related software on clients. No need to have minions connected to salt-master in this case. In other words, the goal of the feature is to provide similar functionality as the traditional SSH Server Push feature mentioned above.
  
 
This feature allows:
 
This feature allows:
* managing salt-entitled systems with the "push via SSH" contact method using salt-ssh;
+
* managing salt-entitled systems with the "push via SSH" contact method using salt-ssh. '''This is only partially supported at this moment (we only support registering a basic system profile, almost no actions can be done on such system).'''
 
* bootstrapping such systems.
 
* bootstrapping such systems.
  
Line 17: Line 17:
  
 
  '''Note:''' This checkbox is hidden from the Web UI in the current code.
 
  '''Note:''' This checkbox is hidden from the Web UI in the current code.
 +
== Configuration ==
 +
There are 2 kinds of parameters for salt-ssh:
 +
* Bootstrap-time parameters - these are configured in the bootstrap UI
 +
** Host
 +
** Activation keys
 +
** Password (used only for bootstrapping, not to be saved anywhere, all future ssh sessions are authorized via a key/cert pair)
 +
* Persistent parameters - these are configured SUMA-wide:
 +
** sudo user - same as in [[SUSE_Manager/SSHServerPush#Server_Configuration]]
  
 
== Requirements ==
 
== Requirements ==

Revision as of 12:25, 22 September 2016

SUSE Manager Main Page

SSH Server Push via salt-ssh

Note: This page is not related to the SSH Server Push for the traditional clients. For this, visit this page  SUSE_Manager/SSHServerPush.
Note: This feature is still work-in-progress and this page reflects the current state of it.

Saltstack provides a mechanism, called *salt-ssh* [1] to manage clients from a server, without installing salt-related software on clients. No need to have minions connected to salt-master in this case. In other words, the goal of the feature is to provide similar functionality as the traditional SSH Server Push feature mentioned above.

This feature allows:

  • managing salt-entitled systems with the "push via SSH" contact method using salt-ssh. This is only partially supported at this moment (we only support registering a basic system profile, almost no actions can be done on such system).
  • bootstrapping such systems.

To bootstrap a salt-ssh system, go to the "Bootstrapping" page in the Web UI (Salt -> Bootstrapping), fill the required fields in and check "Manage system completely via SSH" field and click the "Bootstrap" button. After this the system will be bootstrapped and registered in the SUSE Manager and will appear under the System list.

Ss ssh push.png

Note: This checkbox is hidden from the Web UI in the current code.

Configuration

There are 2 kinds of parameters for salt-ssh:

  • Bootstrap-time parameters - these are configured in the bootstrap UI
    • Host
    • Activation keys
    • Password (used only for bootstrapping, not to be saved anywhere, all future ssh sessions are authorized via a key/cert pair)
  • Persistent parameters - these are configured SUMA-wide:

Requirements

  • ssh daemon must be running on the remote system and reachable by the *salt-api* daemon (typically running on the SUSE Manager server)
  • python must be installed on the remote system (python must be supported by the installed salt). Currently: python 2.6.
 Note: Old RHEL/CentOS versions (<= 5) are not supported since they do not contain python 2.6 by default.