SUSE Manager/SaltSSHServerPush

From MicroFocusInternationalWiki
Revision as of 12:25, 22 September 2016 by Fkobzik (Talk | contribs) (SSH Server Push via salt-ssh)

Jump to: navigation, search

SUSE Manager Main Page

SSH Server Push via salt-ssh

Note: This page is not related to the SSH Server Push for the traditional clients. For this, visit this page  SUSE_Manager/SSHServerPush.
Note: This feature is still work-in-progress and this page reflects the current state of it.

Saltstack provides a mechanism, called *salt-ssh* [1] to manage clients from a server, without installing salt-related software on clients. No need to have minions connected to salt-master in this case. In other words, the goal of the feature is to provide similar functionality as the traditional SSH Server Push feature mentioned above.

This feature allows:

  • managing salt-entitled systems with the "push via SSH" contact method using salt-ssh. This is only partially supported at this moment (we only support registering a basic system profile, almost no actions can be done on such system).
  • bootstrapping such systems.

To bootstrap a salt-ssh system, go to the "Bootstrapping" page in the Web UI (Salt -> Bootstrapping), fill the required fields in and check "Manage system completely via SSH" field and click the "Bootstrap" button. After this the system will be bootstrapped and registered in the SUSE Manager and will appear under the System list.

Ss ssh push.png

Note: This checkbox is hidden from the Web UI in the current code.

Configuration

There are 2 kinds of parameters for salt-ssh:

  • Bootstrap-time parameters - these are configured in the bootstrap UI
    • Host
    • Activation keys
    • Password (used only for bootstrapping, not to be saved anywhere, all future ssh sessions are authorized via a key/cert pair)
  • Persistent parameters - these are configured SUMA-wide:

Requirements

  • ssh daemon must be running on the remote system and reachable by the *salt-api* daemon (typically running on the SUSE Manager server)
  • python must be installed on the remote system (python must be supported by the installed salt). Currently: python 2.6.
 Note: Old RHEL/CentOS versions (<= 5) are not supported since they do not contain python 2.6 by default.