salt/doc/topics/ssh/roster.rst

.. _ssh-roster:

============
Salt Rosters
============

Salt rosters are pluggable systems added in Salt 0.17.0 to facilitate the
``salt-ssh`` system.
The roster system was created because ``salt-ssh`` needs a means to
identify which systems need to be targeted for execution.

.. seealso:: :ref:`all-salt.roster`

.. note::
    The Roster System is not needed or used in standard Salt because the
    master does not need to be initially aware of target systems, since the
    Salt Minion checks itself into the master.

Since the roster system is pluggable, it can be easily augmented to attach to
any existing systems to gather information about what servers are presently
available and should be attached to by ``salt-ssh``. By default the roster
file is located at /etc/salt/roster.

How Rosters Work
================

The roster system compiles a data structure internally referred to as
``targets``. The ``targets`` is a list of target systems and attributes about how
to connect to said systems. The only requirement for a roster module in Salt
is to return the ``targets`` data structure.

Targets Data
------------

The information which can be stored in a roster ``target`` is the following:

.. code-block:: yaml

    <Salt ID>:       # The id to reference the target system with
        host:        # The IP address or DNS name of the remote host
        user:        # The user to log in as
        passwd:      # The password to log in with

        # Optional parameters
        port:        # The target system's ssh port number
        sudo:        # Boolean to run command via sudo
        sudo_user:   # Str: Set this to execute Salt as a sudo user other than root.
                     # This user must be in the same system group as the remote user
                     # that is used to login and is specified above. Alternatively,
                     # the user must be a super-user.
        tty:         # Boolean: Set this option to True if sudo is also set to
                     # True and requiretty is also set on the target system
        priv:        # File path to ssh private key, defaults to salt-ssh.rsa
                     # The priv can also be set to agent-forwarding to not specify
                     # a key, but use ssh agent forwarding
        timeout:     # Number of seconds to wait for response when establishing
                     # an SSH connection
        minion_opts: # Dictionary of minion opts
        thin_dir:    # The target system's storage directory for Salt
                     # components. Defaults to /tmp/salt-<hash>.
        cmd_umask:   # umask to enforce for the salt-call command. Should be in
                     # octal (so for 0o077 in YAML you would do 0077, or 63)

thin_dir
--------

Salt needs to upload a standalone environment to the target system, and this
defaults to /tmp/salt-<hash>. This directory will be cleaned up per normal
systems operation.

If you need a persistent Salt environment, for instance to set persistent grains,
this value will need to be changed.
Doc restructuring, organization, and cleanup. Updated the doc navigation. 2016-02-01 03:10:02 +00:00			`.. _ssh-roster:`

Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00			`============`
			`Salt Rosters`
			`============`

more copyediting 2014-04-30 20:55:30 +00:00			`Salt rosters are pluggable systems added in Salt 0.17.0 to facilitate the`
Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00			``salt-ssh`` system.
			The roster system was created because ``salt-ssh`` needs a means to
Fixed pedantic spelling errors picked up by lintian joe@unstable-builder:~/salt_017rc/salt$ lintian -I ../*.deb I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz softwares software - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz specifed specified - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz Targetting Targeting - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz targetted targeted - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz Dependant Dependent - done I: salt-common: FSSTND-dir-in-manual-page usr/share/man/man7/salt.7.gz:57301 /var/named/ - not done - example I: salt-common: FSSTND-dir-in-manual-page usr/share/man/man7/salt.7.gz:57320 /var/named/ - not done - example I: salt-common: FSSTND-dir-in-manual-page usr/share/man/man7/salt.7.gz:57339 /var/named/ - not done - example I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz recieve receive - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz allows to allows one to - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz allows to allows one to - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz dont don't - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz succesfully successfully - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz softwares software - done I: salt-common: spelling-error-in-manpage usr/share/man/man7/salt.7.gz These package This package - not done - legitimate 2013-09-20 12:01:20 +00:00			`identify which systems need to be targeted for execution.`
Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00
Added roster modules to the documentation 2014-06-30 19:47:52 +00:00			.. seealso:: :ref:`all-salt.roster`

Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00			`.. note::`
			`The Roster System is not needed or used in standard Salt because the`
			`master does not need to be initially aware of target systems, since the`
			`Salt Minion checks itself into the master.`

			`Since the roster system is pluggable, it can be easily augmented to attach to`
			`any existing systems to gather information about what servers are presently`
Updated the salt-ssh.rst to add the new options that are available via the command line. Modified the ssh index.rst to include a link to the salt-ssh cli commands page. Updated parsers.py to fix the default value that is present in the documentation from 5 to 25 (as 25 is the actual default). Updated roster.rst to note that the default file location is /etc/salt/roster since it was absent, and might be confusing if you head to the roster documentation before reading the rest of the salt-ssh documentation. 2013-09-29 05:16:13 +00:00			available and should be attached to by ``salt-ssh``. By default the roster
			`file is located at /etc/salt/roster.`
Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00
			`How Rosters Work`
			`================`

codespell: grammar nazi Run codespell[1] against sources. [1] https://github.com/lucasdemarchi/codespell 2014-01-27 02:38:03 +00:00			`The roster system compiles a data structure internally referred to as`
Assorted doc bugs Refs #9051 Refs #13407 Refs #21475 Refs #14876 Refs #27005 2015-10-05 23:37:13 +00:00			``targets``. The ``targets`` is a list of target systems and attributes about how
Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00			`to connect to said systems. The only requirement for a roster module in Salt`
Assorted doc bugs Refs #9051 Refs #13407 Refs #21475 Refs #14876 Refs #27005 2015-10-05 23:37:13 +00:00			is to return the ``targets`` data structure.
Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00
			`Targets Data`
			`------------`

Assorted doc bugs Refs #9051 Refs #13407 Refs #21475 Refs #14876 Refs #27005 2015-10-05 23:37:13 +00:00			The information which can be stored in a roster ``target`` is the following:
Add initial bare bones roster docs 2013-09-09 05:00:45 +00:00
			`.. code-block:: yaml`

Add minion_opts to roster docs 2015-05-04 20:46:16 +00:00			`<Salt ID>: # The id to reference the target system with`
			`host: # The IP address or DNS name of the remote host`
			`user: # The user to log in as`
			`passwd: # The password to log in with`
Added undocumented ssh roster configuration options 2013-10-11 14:21:52 +00:00
			`# Optional parameters`
Add minion_opts to roster docs 2015-05-04 20:46:16 +00:00			`port: # The target system's ssh port number`
			`sudo: # Boolean to run command via sudo`
Docs 2016-08-04 18:24:18 +00:00			`sudo_user: # Str: Set this to execute Salt as a sudo user other than root.`
			`# This user must be in the same system group as the remote user`
Better error handling and a workaround for group mismatch. 2016-08-04 18:41:36 +00:00			`# that is used to login and is specified above. Alternatively,`
			`# the user must be a super-user.`
Document tty: True usage in salt-ssh roster file Fixes #27354 2015-09-24 22:25:22 +00:00			`tty: # Boolean: Set this option to True if sudo is also set to`
			`# True and requiretty is also set on the target system`
Add minion_opts to roster docs 2015-05-04 20:46:16 +00:00			`priv: # File path to ssh private key, defaults to salt-ssh.rsa`
Adding documentation for salt-ssh agent forwarding support 2016-02-18 20:14:47 +00:00			`# The priv can also be set to agent-forwarding to not specify`
			`# a key, but use ssh agent forwarding`
Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.2 Conflicts: doc/topics/ssh/roster.rst salt/client/ssh/__init__.py salt/client/ssh/wrapper/__init__.py salt/config.py salt/modules/file.py salt/runners/lxc.py 2015-05-05 22:26:39 +00:00			`timeout: # Number of seconds to wait for response when establishing`
			`# an SSH connection`
Add minion_opts to roster docs 2015-05-04 20:46:16 +00:00			`minion_opts: # Dictionary of minion opts`
Merge remote-tracking branch 'upstream/2015.5' into merge-forward-develop Conflicts: doc/topics/ssh/roster.rst salt/modules/win_groupadd.py 2015-05-06 21:49:50 +00:00			`thin_dir: # The target system's storage directory for Salt`
			`# components. Defaults to /tmp/salt-<hash>.`
Add cmd_umask to roster docs 2015-12-10 21:51:43 +00:00			`cmd_umask: # umask to enforce for the salt-call command. Should be in`
			`# octal (so for 0o077 in YAML you would do 0077, or 63)`
Updates Salt SSH roster documentation, adding thin_dir and a note on setting persistent grains 2015-01-12 00:54:30 +00:00
			`thin_dir`
			`--------`

			`Salt needs to upload a standalone environment to the target system, and this`
Merge remote-tracking branch 'upstream/2015.5' into merge-forward-develop Conflicts: doc/topics/ssh/roster.rst salt/modules/win_groupadd.py 2015-05-06 21:49:50 +00:00			`defaults to /tmp/salt-<hash>. This directory will be cleaned up per normal`
Updates Salt SSH roster documentation, adding thin_dir and a note on setting persistent grains 2015-01-12 00:54:30 +00:00			`systems operation.`

			`If you need a persistent Salt environment, for instance to set persistent grains,`
			`this value will need to be changed.`