Salt,,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。
salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口;
salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制,如果连接断开,master对客户端就无能为力了。当然,客户端若检查到断开后会定期的一直连接master端的。
这是saltstack的官方手册:saltstack
https://docs.saltstack.com/en/latest/contents.html
首先来看一下help命令:下面针对经常使用到的进行操作解释。
[root@master ~]# salt --help
Usage: salt [options] '<target>' <function> [arguments]
Salt allows for commands to be executed across a swath of remote systems in
parallel, so they can be both controlled and queried with ease.
Options:
--version show program's version number and exit
-V, --versions-report
Show program's dependencies version number and exit.
-h, --help show this help message and exit
--saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one
will be searched for in the current working directory.
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: '/etc/salt'.
--module-executors=EXECUTOR_LIST
Set an alternative list of executors to override the
one set in minion config.
--executor-opts=EXECUTOR_OPTS
Set alternate executor options if supported by
executor. Options set by minion config are used by
default.
-t TIMEOUT, --timeout=TIMEOUT
Change the timeout, if applicable, for the running
command (in seconds). Default: 5.
--args-stdin Read additional options and/or arguments from stdin.
Each entry is newline separated.
--hard-crash Raise any original exception rather than exiting
gracefully. Default: False.
--no-parse=argname1,argname2,...
Comma-separated list of named CLI arguments (i.e.
argname=value) which should not be parsed as Python
data types
-s, --static Return the data from minions as a group after they all
return.
-p, --progress Display a progress graph. Requires "progressbar"
python package.
--failhard Stop batch execution upon first "bad" return.
--async Run the salt command but don't wait for a reply.
--subset=SUBSET Execute the routine on a random subset of the targeted
minions. The minions will be verified that they have
the named function before executing.
-v, --verbose Turn on command verbosity, display jid and active job
queries.
--hide-timeout Hide minions that timeout.
--show-jid Display jid without the additional output of
--verbose.
-b BATCH, --batch=BATCH, --batch-size=BATCH
Execute the salt job in batch mode, pass either the
number of minions to batch at a time, or the
percentage of minions to have running.
--batch-wait=BATCH_WAIT
Wait the specified time in seconds after each job is
done before freeing the slot in the batch for the next
one.
--batch-safe-limit=BATCH_SAFE_LIMIT
Execute the salt job in batch mode if the job would
have executed on more than this many minions.
--batch-safe-size=BATCH_SAFE_SIZE
Batch size to use for batch jobs created by batch-
safe-limit.
--return=RETURNER Set an alternative return method. By default salt will
send the return data from the command back to the
master, but the return data can be redirected into any
number of systems, databases or applications.
--return_config=RETURNER_CONF
Set an alternative return method. By default salt will
send the return data from the command back to the
master, but the return data can be redirected into any
number of systems, databases or applications.
--return_kwargs=RETURNER_KWARGS
Set any returner options at the command line.
-d, --doc, --documentation
Return the documentation for the specified module or
for all modules if none are specified.
--args-separator=ARGS_SEPARATOR
Set the special argument used as a delimiter between
command arguments of compound commands. This is useful
when one wants to pass commas as arguments to some of
the commands in a compound command.
--summary Display summary information about a salt command.
--metadata=METADATA Pass metadata into Salt, used to search jobs.
--output-diff Report only those states that have changed.
--config-dump Dump the master configuration values
--preview-target Show the minions expected to match a target. Does not
issue any command.
Logging Options:
Logging options which override any settings defined on the
configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of 'all', 'garbage',
'trace', 'debug', 'profile', 'info', 'warning',
'error', 'critical', 'quiet'. Default: 'warning'.
--log-file=LOG_FILE
Log file path. Default: '/var/log/salt/master'.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'profile', 'info', 'warning',
'error', 'critical', 'quiet'. Default: 'warning'.
Target Options:
Target selection options.
-H, --hosts List all known hosts to currently visible or other
specified rosters
-E, --pcre Instead of using shell globs to evaluate the target
servers, use pcre regular expressions.
-L, --list Instead of using shell globs to evaluate the target
servers, take a comma or whitespace delimited list of
servers.
-G, --grain Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a
globexpression: "os:Arch*".
-P, --grain-pcre Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a pcre regular
expression: "os:Arch.*".
-N, --nodegroup Instead of using shell globs to evaluate the target
use one of the predefined nodegroups to identify a
list of targets.
-R, --range Instead of using shell globs to evaluate the target
use a range expression to identify targets. Range
expressions look like %cluster.
-C, --compound The compound target option allows for multiple target
types to be evaluated, allowing for greater
granularity in target matching. The compound target is
space delimited, targets other than globs are preceded
with an identifier matching the specific targets
argument type: salt 'G@os:RedHat and webser* or
E@database.*'.
-I, --pillar Instead of using shell globs to evaluate the target
use a pillar value to identify targets, the syntax for
the target is the pillar key followed by a glob
expression: "role:production*".
-J, --pillar-pcre Instead of using shell globs to evaluate the target
use a pillar value to identify targets, the syntax for
the target is the pillar key followed by a pcre
regular expression: "role:prod.*".
-S, --ipcidr Match based on Subnet (CIDR notation) or IP address.
Additional Target Options:
Additional options for minion targeting.
--delimiter=DELIMITER
Change the default delimiter for matching in multi-
level data structures. Default: ':'.
External Authentication:
-a EAUTH, --auth=EAUTH, --eauth=EAUTH, --external-auth=EAUTH
Specify an external authentication system to use.
-T, --make-token Generate and save an authentication token for re-use.
The token is generated and made available for the
period defined in the Salt Master.
--username=USERNAME
Username for external authentication.
--password=PASSWORD
Password for external authentication.
Output Options:
Configure your preferred output format.
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt' command using the
specified outputter.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--out-file-append, --output-file-append
Append the output to the specified file.
--no-color, --no-colour
Disable all colored output.
--force-color, --force-colour
Force colored output.
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of 'full', 'terse', 'mixed', 'changes' or
'filter'. Default: 'none'.
--state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.
You can find additional help about salt issuing "man salt" or on
http://docs.saltstack.com
[root@master ~]#
一、salt相关的管理命令:
salt-run manage.up # 查看存活的minion
salt-run manage.down # 查看死掉的minion
salt-run manage.down removekeys=True # 查看down掉的minion,并将其删除
salt-run manage.status # 查看minion的相关状态
salt-run manage.versions # 查看salt的所有master和minion的版本信息
salt-run jobs.active # 查看哪些系统任务还在处理中
salt-run jobs.list_jobs # 显示所有的已完成或部分完成的任务信息
salt '*' saltutil.running # 查看运行的jobs ID
salt \* saltutil.kill_job 20151209034239907625 # kill掉进程ID
salt -d # 查看帮助文档
salt -d|grep service # 查看service相关模块命令
salt '*' sys.doc # 查看帮助文档
salt-key -L # 查询所有接收到的证书
salt-key -a <证书名> # 接收单个证书
salt-key -A # 接受所有证书
salt-key -d <证书名> # 删除单个证书
salt-key -D # 删除所有证书
salt '*' service.get_all # 获取主机所有服务
salt '*' service.reload sshd # 重载sshd服务
salt '*' pkg.list_pkgs # 显示软件包版本列表
salt '*' pkg.version python # 显示软件包版本信息
salt '*' pkg.install httpd # 安装软件包
salt 'node1.com' service.status mysql # 查看mysql服务状态
salt 'node1.com' service.start mysql # 启动mysql服务
salt 'node1.com' cmd.run 'service mysql status' # 与上面一样查看服务
salt '*' sys.list_modules # 模块列表
salt-cp '*' /etc/hosts /etc/hosts # 把master上的hosts文件分发到所有主机
salt '*' cp.get_file salt://ceshi/b /tmp/test # 把salt-master端相应的文件,分发文件到minion端
salt '*' cp.get_dir salt://zabbix /tmp # 把salt-master端相应的目录,分发文件到minion端
salt '*' file.copy /tmp/zabbix.sls /tmp/sls # 把salt-master端对应文件拷贝到minion端相应目录下
salt '*' cmd.run 'uptime' # 远程命令执行测试
二、远程执行脚本:
cmd.script
'cmd.script:'
salt '*' cmd.script salt://scripts/runme.sh
salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
salt '*' cmd.script salt://scripts/windows_task.ps1 args=' -Input c:\tmp\infile.txt' shell='powershell'
salt '*' cmd.script salt://scripts/runme.sh stdin='one\ntwo\nthree\nfour\nfive\n'
'cmd.shell
This passes the cmd argument directly to the shell
salt '*' cmd.shell "ls -l | awk '/foo/{print \$2}'"
salt '*' cmd.shell template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \$2}'"
salt '*' cmd.shell "Get-ChildItem C:\ " shell='powershell'
salt '*' cmd.shell "grep f" stdin='one\ntwo\nthree\nfour\nfive\n'
salt '*' cmd.shell cmd='sed -e s/=/:/g'
'cmd.shells:'
salt '*' cmd.shells
‘cmd.tty:’
'cmd.tty:'
salt '*' cmd.tty tty0 'This is a test'
salt '*' cmd.tty pts3 'This is a test'
‘cmd.which:’
salt '*' cmd.which cat
grains选项:
salt '*' grains.ls # 查看grains分类
salt '*' grains.items # 查看grains所有信息
salt '*' grains.item osrelease # 查看grains某个信息
# 说明:state模块是salt state的管理模块,可以通过state模块简单的对minion操作sls状态
salt 'node1.com' state.highstate # 更新指定minons的所有sls状态
salt 'node1.com' state.running # 查看当前运行的sls状态
三、相关例子:
[root@master ~]# salt \* saltutil.running
node02.saltstack.com:
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141733009548
pid:
5922
ret:
tgt:
*
tgt_type:
glob
user:
root
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141748160358
pid:
5927
ret:
tgt:
*
tgt_type:
glob
user:
root
node01.saltstack.com:
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141733009548
pid:
6252
ret:
tgt:
*
tgt_type:
glob
user:
root
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141748160358
pid:
6256
ret:
tgt:
*
tgt_type:
glob
user:
root
[root@master ~]# salt \* saltutil.kill_job 20190901141748160358
node01.saltstack.com:
Signal 9 sent to job 20190901141748160358 at pid 6256
node02.saltstack.com:
Signal 9 sent to job 20190901141748160358 at pid 5927
[root@master ~]# salt \* saltutil.kill_job 20190901141733009548
node02.saltstack.com:
Signal 9 sent to job 20190901141733009548 at pid 5922
node01.saltstack.com:
Signal 9 sent to job 20190901141733009548 at pid 6252
[root@master ~]# salt \* saltutil.running
node01.saltstack.com:
node02.saltstack.com:
[root@master ~]# salt-run manage.versions
Master:
2015.5.10
Up to date:
----------
node01.saltstack.com:
2019.09.01
node02.saltstack.com:
2019.09.01
[root@RS1 states]# salt-run manage.status
down:
up:
- minion.saltstack.com
- minion2.saltstack.com
[root@RS1 ~]# salt-run manage.versions # 查看salt的所有master和minion的版本信息
Master:
2019.09.01
Up to date:
----------
minion.saltstack.com:
2019.09.01
minion2.saltstack.com:
2019.09.01
[root@RS1 ~]# salt '*' test.ping -v # 使用-v参数,能够查看到job的jid
Executing job with jid 20190901142709337088
-------------------------------------------
minion.saltstack.com:
True
minion2.saltstack.com:
True
说明:每执行一个任务,都会有一个对应的jid
[root@RS1 ~]# salt '*' saltutil.running # 查看minion当前正在运的jobs
minion2.saltstack.com:
|_
----------
arg:
fun:
state.highstate
jid:
20190901143846076337
pid:
5488
ret:
tgt:
*
tgt_type:
glob
user:
root
minion.saltstack.com:
|_
----------
arg:
fun:
state.highstate
jid:
20190901143846076337
pid:
6384
ret:
tgt:
*
tgt_type:
glob
user:
root
[root@RS1 ~]# salt '*' saltutil.kill_job 20190901143846076337
取消正在执行的某个jid,例如:20190901143846076337
[root@master ~]# salt-run jobs.list_jobs
20190901155927733273:
----------
Arguments:
Function:
state.running
StartTime:
2019, Nov 01 15:59:27.733273
Target:
node01.saltstack.com
Target-type:
glob
User:
root
20190901160325920754:
----------
Arguments:
Function:
sys.doc
StartTime:
2019, Nov 01 16:03:25.920754
Target:
*
Target-type:
glob
User:
root
201900021161556599324:
----------
Arguments:
- cat
Function:
cmd.which
StartTime:
2019, Nov 01 16:15:56.599324
Target:
*
Target-type:
glob
User:
root
20190901161641114901:
----------
Arguments:
Function:
grains.ls
StartTime:
2019, Nov 01 16:16:41.114901
Target:
*
Target-type:
glob
User:
root
远程执行是saltstack核心功能之一,使用salt模块可以给选定的minion端发送执行某条命令的指示,并获得返回结果,比如
[root@saltstack-node1 ~]# salt 'saltstack-node2.lichengbing.com' test.ping
saltstack-node2.lichengbing.com:
True
salt → 命令
saltstack-node2.lichengbing.com → 管理对象
test.ping → 模块(这里的ping并不是指我们熟知的网络ping命令)
命令
- salt是saltstack使用最多的一个管理minion命令,但是并不表示就这么一个命令,saltstack命令包括
/usr/bin/salt
/usr/bin/salt-cp
/usr/bin/salt-key
/usr/bin/salt-master
/usr/bin/salt-minion
/usr/bin/salt-run
/usr/bin/salt-unity
/usr/bin/salt-call
/usr/bin/salt-run
/usr/bin/salt-ssh
/usr/bin/salt-syndic
/usr/bin/salt-api
/usr/bin/salt-cloud
四、管理对象
管理对象是我们远程执行的操作主机,saltstack的主机选择支持很多方式,正则匹配、列表匹配、Granis匹配、组匹配、复合匹配、Pillar匹配、CIDR匹配等
- 1)正则匹配
[root@saltstack-node1 ~]# salt -E 'salt*' test.ping #salt*是一个简单的正则表达式
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
[root@saltstack-node1 ~]# salt -E 'saltstack-node[1|2]*' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 2)列表匹配
[root@saltstack-node1 ~]# salt -L saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com test.ping # L 主机用逗号分隔开
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 3)Grains匹配
[root@saltstack-node1 ~]# salt -G 'os:CentOS' test.ping #选择Grains os键值为CentOS的主机
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
#Grains是minion启动时收集的一组系统相关的静态数据,后续会有讲解
#Pillar类似Grains
- 4)组匹配
saltstack可以提前给minion定义组角色,然后以组名来批量匹配
修改master配置文件
[root@saltstack-node1 ~]# vim /etc/salt/master
nodegroups:
web: 'L@saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com'
[root@saltstack-node1 ~]# salt -N web test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 5)复合匹配
[root@saltstack-node1 ~]# salt -C 'G@os:CentOS or L@saltstack-node2.lichengbing.com' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
#G@os:CentOS or L@saltstack-node2是使用的一个复合组合,支持 and or 关联多个条件
- 6)CIDR匹配
CIDR就是网络中的无类别域间路由,网段匹配
[root@saltstack-node1 ~]# salt -S '172.16.2.0/24' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
六、模块
模块是可以理解为saltstack已经为我们写好的一组可以操作minion主机的命令
saltstack自带的模块功能十分丰富和强大,当然我们也可以自定义一些相关模块(这里需要注意的是,saltstack自带的模块是Master端和Minion端同时存在的,如果在Master自定义模块需要先同步到Minion再执行才能得到返回结果,当然这个同步saltstack会帮我们完成)
- 自带模块
saltstack自带模块参考:https://www.unixhot.com/docs/saltstack/contents.html
- 查看所有module列表
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_modules
saltstack-node1.lichengbing.com:
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_modules
saltstack-node1.lichengbing.com:
- acl
- aliases
- alternatives
- apache
- archive
- artifactory
- at
- augeas
- beacons
- bigip
- blockdev
- bridge
- btrfs
- buildout
- cloud
- cmd
- composer
- config
- consul
···
七、这里我们讨论几个平时生产实践中最常用到的模块 State Modules
- 1)sys.doc模块
sys.doc类似于我们Linux系统中man命令,可以很方便的查看相关模块介绍和用法
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.doc test.ping
test.ping:
Used to make sure the minion is up and responding. Not an ICMP ping.
Returns ``True``.
CLI Example:
salt '*' test.ping
- 2 )cmd模块
查看指定模块的所有function
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_functions cmd
saltstack-node1.lichengbing.com:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.powershell
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_bg
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
- 查看指定模块的使用方法
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.doc cmd.run
CLI Example:
salt '*' cmd.run "ls -l | awk '/foo/{print \\$2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.run template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \\$2}'"
Specify an alternate shell with the shell parameter:
salt '*' cmd.run "Get-ChildItem C:\\ " shell='powershell'
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.run "grep f" stdin='one\\ntwo\\nthree\\nfour\\nfive\\n'
If an equal sign (``=``) appears in an argument to a Salt command it is
interpreted as a keyword argument in the format ``key=val``. That
processing can be bypassed in order to pass an equal sign through to the
remote shell command by manually specifying the kwarg:
salt '*' cmd.run cmd='sed -e s/=/:/g'
- 比如查看磁盘使用率
[root@saltstack-node1 ~]# salt 'saltstack-node1*' cmd.run "df -h|grep sda3"
saltstack-node1.lichengbing.com:
/dev/sda3 9.0G 2.7G 6.4G 29% /
- 3)cp模块
salt '*' sys.list_functions cp
- cp.cache_dir
- cp.cache_file
- cp.cache_files
- cp.cache_local_file
- cp.cache_master
- cp.get_dir
- cp.get_file
- cp.get_file_str
- cp.get_template
- cp.get_url
- cp.hash_file
- cp.is_cached
- cp.list_master
- cp.list_master_dirs
- cp.list_master_symlinks
- cp.list_minion
- cp.list_states
- cp.push
- cp.push_dir
- cp.recv
将指定minion下的指定文件拷贝到salt cache目录(/var/cache/salt/minion/localfiles),相当于备份
[root@saltstack-node1 ~]# salt 'saltstack-node1*' cp.cache_local_file /etc/hosts
saltstack-node1.lichengbing.com:
/var/cache/salt/minion/localfiles/etc/hosts
- 将master file_roots下的目录拷贝到minion
[root@saltstack-node1 salt]# salt 'saltstack-node1*' cp.get_dir salt://base/ minion/dest
#相当于命令
[root@saltstack-node1 minion]# salt-cp '*' /etc/hosts /tmp/123
- 下载文件到指定目录
[root@saltstack-node1 ~]# salt 'saltstack-node2*' cp.get_url http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm /tmp/1
saltstack-node2.lichengbing.com:
/tmp/1
- 4)status模块
[root@saltstack-node1 salt]# salt 'saltstack-node2*' sys.list_functions status
saltstack-node2.lichengbing.com:
- status.all_status
- status.cpuinfo
- status.cpustats
- status.custom
- status.diskstats
- status.diskusage
- status.loadavg
- status.master
- status.meminfo
- status.netdev
- status.netstats
- status.nproc
- status.pid
- status.ping_master
- status.procs
- status.time
- status.uptime
- status.version
- status.vmstats
- status.w
- 查看系统负载
[root@saltstack-node1 salt]# salt 'saltstack-node2*' status.loadavg
saltstack-node2.lichengbing.com:
----------
1-min:
0.08
15-min:
0.24
5-min:
0.22
- 5)cron模块
salt '*' sys.list_functions cron
- cron.list_tab
- cron.ls
- cron.raw_cron
- cron.rm
- cron.rm_env
- cron.rm_job
- cron.set_env
- cron.set_job
- cron.set_special
- cron.write_cron_file
- cron.write_cron_file_verbose
实现minion主机的定时任务操作
- 查看主机定时任务
[root@saltstack-node1 ~]# salt '*' cron.raw_cron root
saltstack-node2.lichengbing.com:
*/5 * * * * /usr/sbin/ntpdate time.nist.gov >dev/null 2>&1
saltstack-node1.lichengbing.com:
*/5 * * * * /usr/sbin/ntpdate time.nist.gov >dev/null 2>&1
- 为指定的minion添加定时任务
[root@saltstack-node1 ~]# salt '*' cron.set_job root '*' '*' '*' '*' 1 /usr/local/weekly
- 删除指定任务
[root@saltstack-node1 ~]# salt '*' cron.rm_job root '*' '*' '*' '*' 1 /usr/local/weekly
- 6)file模块
salt '*' sys.list_functions file
- file.access
- file.append
- file.basename
- file.blockreplace
- file.check_file_meta
- file.check_hash
- file.check_managed
- file.check_managed_changes
- file.check_perms
- file.chgrp
- file.chown
- file.comment
- file.comment_line
- file.contains
- file.contains_glob
- file.contains_regex
- file.contains_regex_multiline
- file.copy
- file.delete_backup
- file.directory_exists
- file.dirname
- file.diskusage
- file.extract_hash
- file.file_exists
- file.find
- file.get_devmm
- file.get_diff
- file.get_gid
- file.get_group
- file.get_hash
- file.get_managed
- file.get_mode
- file.get_selinux_context
- file.get_sum
- file.get_uid
- file.get_user
- file.gid_to_group
- file.grep
- file.group_to_gid
- file.is_blkdev
- file.is_chrdev
- file.is_fifo
- file.is_link
- file.join
- file.lchown
- file.link
- file.list_backup
- file.list_backups
- file.list_backups_dir
- file.lstat
- file.makedirs
- file.makedirs_perms
- file.manage_file
- file.mkdir
- file.mknod
- file.mknod_blkdev
- file.mknod_chrdev
- file.mknod_fifo
- file.move
- file.normpath
- file.open_files
- file.pardir
- file.patch
- file.path_exists_glob
- file.prepend
- file.psed
- file.readdir
- file.readlink
- file.remove
- file.remove_backup
- file.rename
- file.replace
- file.restore_backup
- file.restorecon
- file.rmdir
- file.search
- file.sed
- file.sed_contains
- file.seek_read
- file.seek_write
- file.set_mode
- file.set_selinux_context
- file.source_list
- file.stats
- file.statvfs
- file.symlink
- file.touch
- file.truncate
- file.uid_to_user
- file.uncomment
- file.user_to_uid
- file.write
被控主机文件常见操作,包括文件读写、权限、查找、校验等
修改所以minion 的/etc/passwd 文件的属组、用户权限,等价于chown root:root /etc/passwd
[root@saltstack-node1 ~]# salt '*' file.chown /etc/passwd root root
- 检查minion端/etc目录是否存在
[root@saltstack-node1 ~]# salt '*' file.directory_exists /etc
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 获取minion passwd文件stats信息
[root@saltstack-node1 ~]# salt '*' file.stats /etc/passwd
saltstack-node2.lichengbing.com:
----------
atime:
1575060056.71
ctime:
1574959828.71
gid:
0
group:
root
inode:
17844978
mode:
0644
mtime:
1574959828.71
size:
1513
target:
/etc/passwd
type:
file
uid:
0
user:
root
- 获取minion passwd权限信息
[root@saltstack-node1 ~]# salt '*' file.get_mode /etc/passwd
saltstack-node2.lichengbing.com:
0644
saltstack-node1.lichengbing.com:
0644
- 创建opt/test目录
[root@saltstack-node1 ~]# salt '*' file.mkdir /opt/test
saltstack-node2.lichengbing.com:
None
saltstack-node1.lichengbing.com:
None
- 删除
[root@saltstack-node1 ~]# salt '*' file.remove /opt/test
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 创建文件
[root@saltstack-node1 ~]# salt '*' file.touch /tmp/test.txt
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 追加内容
[root@saltstack-node1 ~]# salt '*' file.append /tmp/test.txt "10000"
saltstack-node2.lichengbing.com:
Wrote 1 lines to "/tmp/test.txt"
saltstack-node1.lichengbing.com:
Wrote 1 lines to "/tmp/test.txt"
- 修改内容
[root@saltstack-node1 ~]# salt '*' file.sed /tmp/test.txt "10000" "1"
saltstack-node2.lichengbing.com:
----------
pid:
57521
retcode:
0
stderr:
stdout:
saltstack-node1.lichengbing.com:
----------
pid:
42333
retcode:
0
stderr:
stdout:
- 收集文件校验
[root@saltstack-node1 ~]# salt '*' file.get_sum /etc/passwd md5
saltstack-node2.lichengbing.com:
500ef551a710b9b486ddb32602fb3f13
saltstack-node1.lichengbing.com:
8f683526b18c55429422442d1c06caa0
7)Network模块
salt '*' sys.list_functions network
- network.active_tcp
- network.arp
- network.connect
- network.default_route
- network.dig
- network.get_bufsize
- network.get_hostname
- network.get_route
- network.hw_addr
- network.hwaddr
- network.in_subnet
- network.interface
- network.interface_ip
- network.interfaces
- network.ip_addrs
- network.ip_addrs6
- network.ip_in_subnet
- network.ipaddrs
- network.ipaddrs6
- network.is_loopback
- network.is_private
- network.mod_bufsize
- network.mod_hostname
- network.netstat
- network.ping
- network.reverse_ip
- network.routes
- network.subnets
- network.traceroute
- network.wol
返回minion主机网络信息
- 获取主机dig网站域名信息
[root@saltstack-node1 ~]# salt '*' network.dig www.baidu.com
[root@saltstack-node1 ~]# salt '*' network.ping www.baidu.com
[root@saltstack-node1 ~]# salt '*' network.traceroute www.baidu.com
- MAC地址
[root@saltstack-node1 ~]# salt '*' network.hwaddr eth0
saltstack-node1.lichengbing.com:
00:0c:29:94:18:ea
saltstack-node2.lichengbing.com:
00:0c:29:1a:87:b4
- 网卡配置信息
[root@saltstack-node1 ~]# salt '*' network.ip_addrs
saltstack-node2.lichengbing.com:
- 10.0.0.184
- 10.0.0.186
- 172.16.2.186
saltstack-node1.lichengbing.com:
- 10.0.0.185
- 172.16.2.185
- 判断是否属于子网
[root@saltstack-node1 ~]# salt '*' network.in_subnet 172.16.2.0/24
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
8)pkg模块
salt '*' sys.list_functions pkg
- pkg.available_version
- pkg.check_db
- pkg.clean_metadata
- pkg.del_repo
- pkg.diff
- pkg.download
- pkg.expand_repo_def
- pkg.file_dict
- pkg.file_list
- pkg.get_locked_packages
- pkg.get_repo
- pkg.group_diff
- pkg.group_info
- pkg.group_install
- pkg.group_list
- pkg.hold
- pkg.install
- pkg.latest_version
- pkg.list_holds
- pkg.list_pkgs
- pkg.list_repo_pkgs
- pkg.list_repos
- pkg.list_upgrades
- pkg.mod_repo
- pkg.modified
- pkg.normalize_name
- pkg.owner
- pkg.purge
- pkg.refresh_db
- pkg.remove
- pkg.unhold
- pkg.upgrade
- pkg.upgrade_available
- pkg.verify
- pkg.version
- pkg.version_cmp
- minion端主机主机程序包管理
为被控主机安装PHP环境,根据不同系统发行版调用不同安装工具进行部署,如redhat平台的yum,等价于yum -y install php
[root@saltstack-node1 ~]# salt '*' pkg.install php
[root@saltstack-node1 ~]# salt '*' pkg.remove php
[root@saltstack-node1 ~]# salt '*' pkg.upgrade php
9)service模块
salt '*' sys.list_functions service
- service.available
- service.disable
- service.disabled
- service.enable
- service.enabled
- service.execs
- service.force_reload
- service.get_all
- service.get_disabled
- service.get_enabled
- service.mask
- service.missing
- service.reload
- service.restart
- service.show
- service.start
- service.status
- service.stop
- service.systemctl_reload
- service.unmask
minion端主机服务管理
开启、禁用Nginx开机自启动服务
[root@saltstack-node1 ~]# salt '*' service.enable nginx
[root@saltstack-node1 ~]# salt '*' service.disable nginx
- 常规服务操作
[root@saltstack-node1 ~]# salt '*' service.start nginx
[root@saltstack-node1 ~]# salt '*' service.stop nginx
[root@saltstack-node1 ~]# salt '*' service.restart nginx
[root@saltstack-node1 ~]# salt '*' service.reload nginx
[root@saltstack-node1 ~]# salt '*' service.status nginx
saltstack还有很多模块,如
user(系统用户模块)
- user.add
- user.chfullname
- user.chgid
- user.chgroups
- user.chhome
- user.chhomephone
- user.chloginclass
- user.chroomnumber
- user.chshell
- user.chuid
- user.chworkphone
- user.delete
- user.get_loginclass
- user.getent
- user.info
- user.list_groups
- user.list_users
- user.rename
- group(系统组模块)
- group.add
- group.adduser
- group.chgid
- group.delete
- group.deluser
- group.getent
- group.info
- group.members
partition(系统分区模块)
puppet(puppet管理模块)
system(系统重启、关机模块)
- system.halt
- system.init
- system.poweroff
- system.reboot
- system.shutdown
timezone(时区管理模块)
nginx(Nginx管理模块)
iptables(被控主机iptables支持模块)
- iptables.append
- iptables.build_rule
- iptables.check
- iptables.check_chain
- iptables.delete
- iptables.delete_chain
- iptables.flush
- iptables.get_policy
- iptables.get_rules
- iptables.get_saved_policy
- iptables.get_saved_rules
- iptables.insert
- iptables.new_chain
- iptables.save
- iptables.set_policy
- iptables.version
- mount(文件系统挂载模块) 等等…
- mount.active
- mount.automaster
- mount.fstab
- mount.is_fuse_exec
- mount.is_mounted
- mount.mount
- mount.remount
- mount.rm_automaster
- mount.rm_fstab
- mount.set_automaster
- mount.set_fstab
- mount.swapoff
- mount.swapon
- mount.swaps
- mount.umount
- rsync模块
- rsync.config
- rsync.rsync
- rsync.version
- sys 模块
- sys.argspec
- sys.doc
- sys.list_functions
- sys.list_modules
- sys.list_renderers
- sys.list_returner_functions
- sys.list_returners
- sys.list_runner_functions
- sys.list_runners
- sys.list_state_functions
- sys.list_state_modules
- sys.reload_modules
- sys.renderer_doc
- sys.returner_argspec
- sys.returner_doc
- sys.runner_argspec
- sys.runner_doc
- sys.state_argspec
- sys.state_doc
- ssh 模块
- ssh.auth_keys
- ssh.check_key
- ssh.check_key_file
- ssh.check_known_host
- ssh.get_known_host
- ssh.hash_known_hosts
- ssh.host_keys
- ssh.recv_known_host
- ssh.rm_auth_key
- ssh.rm_known_host
- ssh.set_auth_key
- ssh.set_auth_key_from_file
- ssh.set_known_host
- ssh.user_keys
- config 模块
- config.backup_mode
- config.dot_vals
- config.gather_bootstrap_script
- config.get
- config.manage_mode
- config.merge
- config.option
- config.valid_fileproto
上面便是整个saltstack的管理命令的介绍和使用,请多查阅官方手册:
http://docs.saltstack.com
版权声明:本文为qq_28513801原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。