search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.21k stars 5.48k forks source link

Example Saltstack at getstarted/ssh/connect.html is incomplete #53664

Open non7top opened 5 years ago

non7top commented 5 years ago

https://docs.saltstack.com/en/getstarted/ssh/connect.html

If using Saltfile as suggested on the page, salt-ssh will not function because of numerous permissions issues. There are a lot of suggestions in the guide and in error messages to fix those with sudo, but sudo is not an option when running as non-root.

I had to check these additional sources to at least make that example work https://github.com/saltstack/salt/issues/8062 https://docs.saltstack.com/en/latest/ref/configuration/nonroot.html

Saltfile

salt-ssh:
  config_dir: ./etc
  roster_file: ./roster
  ssh_log_file: /tmp/salt-ssh.txt

./etc/master (not sure about file_roots though)

file_roots:
  base:
      - .
state_verbose: False
cachedir: /home/non7top/sls/cache
pki_dir: /home/non7top/sls/pki

Most troublesome part was to identify where to put cachedir after I found out about it, I tried cachedir and ssh_cachedir in Saltfile without any effect.

There is also a discrepancy where Saltfile accepts relative paths with ./, while ./etc/master converts ./ to /. Not sure if that is a bug worth submitting.

Setup

python3 -m venv salt . salt/bin/activate pip install --upgrade pip wheel pip install salt-ssh

Steps to Reproduce Issue

Follow the guide

Versions Report

$ salt-ssh --versions-report
Salt Version:
           Salt: 2019.2.0

Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: Not Installed
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.10.1
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.6.1
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: Not Installed
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 3.6.8 (default, Jan 14 2019, 11:02:34)
   python-gnupg: Not Installed
         PyYAML: 5.1.1
          PyZMQ: Not Installed
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: Not Installed

System Versions:
           dist: Ubuntu 18.04 bionic
         locale: UTF-8
        machine: x86_64
        release: 4.15.0-54-generic
         system: Linux
        version: Ubuntu 18.04 bionic
max-arnold commented 5 years ago

I filed similar issue in the past: https://github.com/saltstack/salt/issues/32578

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

max-arnold commented 4 years ago

Bump

stale[bot] commented 4 years ago

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] commented 4 years ago

Thank you for updating this issue. It is no longer marked as stale.

sagetherage commented 4 years ago

@saltstack/team-ssh can you help with some follow up here, please?

hartwork commented 4 years ago

It's been over a year now and https://docs.saltstack.com/en/getstarted/ssh/connect.html is still nowhere near working out of the box. Why?

Not only is it incomplete, but also key log_file would need to be ssh_log_file to have an effect, as demonstrated by @non7top's Saltfile above.

This minimal setup helped me getting salt-ssh -i '*' test.ping to work as an unprivileged user, eventually:

# cat Saltfile 
salt-ssh:
  roster_file: ./roster
  config_dir: .
  ssh_log_file: ./log.txt

# cat master 
root_dir: .
cachedir: ./cachedir

What does it take to get this fixed for the masses?

skoenig commented 6 months ago

Had the same issues with salt-ssh 9000. Ended up with this setup to execute masterless Saltstack configuration:

$ cat Saltfile
salt-ssh:
  roster_file: roster.yml
  config_dir: .

$ cat master 
root_dir: salt-ssh
ssh_log_file: var/logs/salt-ssh.log
cachedir: var/cache
file_roots:
    base:
        - .

This puts everything salt-ssh related under salt-ssh/ which I can then add to .gitignore.