自动化运维之saltstack(一)安装及常用方法
发表于:2025-02-06 作者:千家信息网编辑
千家信息网最后更新 2025年02月06日,1、软件环境:[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@localh
千家信息网最后更新 2025年02月06日自动化运维之saltstack(一)安装及常用方法
1、软件环境:
[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@localhost ~]# uname -aLinux localhost.localdomain 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux[root@localhost ~]#
(1)修改selinux配置文件:
[root@localhost ~]# vim /etc/sysconfig/selinux SELINUX=enforcing 改为 SELINUX=disabled
(2)关闭防火墙:
[root@localhost ~]# systemctl disable firewalld[root@localhost ~]# systemctl stop firewalld[root@localhost ~]# iptables -F[root@localhost ~]# iptables -L
IP分配如下:
master 192.168.112.140
minion 192.168.112.141
minion 192.168.112.142
(3)master和minion端部署安装
master端执行:
[root@localhost ~]# yum install epel-release[root@localhost ~]# yum install -y salt-master
minion端执行:
[root@localhost ~]# yum install epel-release[root@localhost ~]# yum install salt-minion
(4)修改配置文件:
[root@localhost ~]# vim /etc/salt/minion master: 192.168.112.140id: server02[root@localhost ~]#[root@localhost ~]# systemctl start salt-minion[root@localhost ~]# ps -ef|grep salt-minionroot 2505 1 2 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 2508 2505 8 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 2536 2318 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion[root@localhost ~]# netstat -lnupt|grep 4505tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2304/python [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# vim /etc/salt/minionmaster: 192.168.112.140id: server03[root@localhost ~]#[root@localhost ~]# systemctl start salt-minion[root@localhost ~]# ps -ef|grep salt-minionroot 2487 1 1 23:05 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 2490 2487 4 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 2521 2320 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion[root@localhost ~]# [root@localhost ~]# [root@localhost ~]#
(5)设置salt-master和salt-minion开机启动
[root@localhost ~]# systemctl enable salt-masterCreated symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.[root@localhost ~]#[root@localhost ~]# systemctl enable salt-minionCreated symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.[root@localhost ~]#
2、配置saltstack认证
salt-key //查看已经签名的客户端
salt-key -a //签名指定的主机
salt-key -A //签名所有的主机
salt-key -d //删除指定主机的签名
salt-key --help //查看各命令的用法
[root@localhost ~]# salt-key Accepted Keys:Denied Keys:Unaccepted Keys:server02server03Rejected Keys:[root@localhost ~]# [root@localhost ~]# salt-key -a server02The following keys are going to be accepted:Unaccepted Keys:server02Proceed? [n/Y] YKey for minion server02 accepted.[root@localhost ~]# [root@localhost ~]# salt-key Accepted Keys:server02server03Denied Keys:Unaccepted Keys:Rejected Keys:[root@localhost ~]#
3、日常用法
test.ping用户检查master到minion端的网络连通性,返回True即正常,False为异常
[root@localhost ~]# salt '*' test.pingserver02: Trueserver03: True[root@localhost ~]#
cmd.run 在minion端执行shell命令,记住这模块只能执行短连接命令,比如df命令;长连接的无法返回结果,比如top命令
[root@localhost ~]# salt '*' cmd.run 'hostname'server03: localhost.localdomainserver02: localhost.localdomain[root@localhost ~]# salt '*' cmd.run 'df -Th'server02: Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 xfs 90G 1.8G 89G 2% / devtmpfs devtmpfs 231M 0 231M 0% /dev tmpfs tmpfs 241M 12K 241M 1% /dev/shm tmpfs tmpfs 241M 4.6M 236M 2% /run tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 131M 884M 13% /boot tmpfs tmpfs 49M 0 49M 0% /run/user/0server03: Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 xfs 90G 1.8G 89G 2% / devtmpfs devtmpfs 231M 0 231M 0% /dev tmpfs tmpfs 241M 12K 241M 1% /dev/shm tmpfs tmpfs 241M 4.6M 236M 2% /run tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 131M 884M 13% /boot tmpfs tmpfs 49M 0 49M 0% /run/user/0[root@localhost ~]#
显示被控主机的操作系统类型
[root@localhost ~]# salt '*' grains.item osserver02: ---------- os: CentOSserver03: ---------- os: CentOS[root@localhost ~]#远程代码执行测试
(1)(通配符*匹配)
[root@localhost ~]# salt '*' cmd.exec_code python 'import sys;print sys.version'server02: 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]server03: 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)][root@localhost ~]#
(2)正则匹配
[root@localhost ~]# salt -E 'server(02|03)' test.pingserver03: Trueserver02: True[root@localhost ~]#
(3)列表匹配
[root@localhost ~]# salt -L 'server02,server03' test.pingserver02: Trueserver03: True[root@localhost ~]#
(4)grains匹配,其命令salt
[root@localhost ~]# salt 'server02' grains.itemsserver02: ---------- SSDs: biosreleasedate: 07/31/2013 biosversion: 6.00 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - dts - mmx - fxsr - sse - sse2 - ss - ht - syscall - nx - rdtscp - lm - constant_tsc - arch_perfmon - pebs - bts - nopl - xtopology - tsc_reliable - nonstop_tsc - aperfmperf - eagerfpu - pni - pclmulqdq - ssse3 - cx16 - pcid - sse4_1 - sse4_2 - x2apic - popcnt - xsave - avx - f16c - hypervisor - lahf_lm - arat - epb - pln - pts - dtherm - fsgsbase - smep - xsaveopt cpu_model: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz cpuarch: x86_64 domain: fqdn: server02 fqdn_ip4: - 192.168.112.141 fqdn_ip6: - ::1 gpus: |_ ---------- model: SVGA II Adapter vendor: unknown host: server02 hwaddr_interfaces: ---------- eth0: 00:0c:29:0b:28:95 lo: 00:00:00:00:00:00 id: server02 init: systemd ip4_interfaces: ---------- eth0: - 192.168.112.141 lo: - 127.0.0.1 ip6_interfaces: ---------- eth0: lo: ip_interfaces: ---------- eth0: - 192.168.112.141 lo: - 127.0.0.1 ipv4: - 127.0.0.1 - 192.168.112.141 ipv6: kernel: Linux kernelrelease: 3.10.0-514.el7.x86_64 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 localhost: server02 lsb_distrib_id: CentOS Linux machine_id: 09e12c5f3a7948af9747ee938feee87f manufacturer: VMware, Inc. master: 192.168.112.140 mdadm: mem_total: 480 nodename: server02 num_cpus: 4 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: Core osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.3.1611 osrelease_info: - 7 - 3 - 1611 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin productname: VMware Virtual Platform ps: ps -efH pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib64/python2.7/site-packages/gtk-2.0 - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 2015.5.10 saltversioninfo: - 2015 - 5 - 10 - 0 selinux: ---------- enabled: False enforced: Disabled serialnumber: VMware-56 4d 19 57 3d 1d 44 0d-99 bf 1a ff c4 0b 28 95 server_id: 1264512667 shell: /bin/sh systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 virtual: VMware zmqversion: 3.2.5[root@localhost ~]#
如果要获取具体某一项内容,可以直接在该命令后加项名,比如获取操作系统,则:
[root@localhost ~]# salt -L 'server02,server03' grains.item osserver03: ---------- os: CentOSserver02: ---------- os: CentOS[root@localhost ~]#
同样可以获取host、ip_interfaces、fqdn_ipv4、cpu_model对应的值:
[root@localhost ~]# salt 'server02' grains.item hostserver02: ---------- host: server02[root@localhost ~]#[root@localhost ~]# salt 'server02' grains.item ip_interfacesserver02: ---------- ip_interfaces: ---------- eth0: - 192.168.112.141 lo: - 127.0.0.1[root@localhost ~]#[root@localhost ~]# salt 'server02' grains.item fqdn_ip4server02: ---------- fqdn_ip4: - 192.168.112.141[root@localhost ~]#[root@localhost ~]# salt 'server02' grains.item cpu_modelserver02: ---------- cpu_model: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz[root@localhost ~]#
4、常用模块介绍
(1)、cp模块(实现远程文件、目录的复制,以及下载URL文件等操作)
#将主服务器file_roots指定位置下的目录复制到被控主机
打开master文件中的
#file_roots:
base:
- /srv/salt
改为:
file_roots:
base:
- /srv/salt
# salt '*' cp.get_dir salt://test_dir /data
salt:// --->表示file_root指定的路径,这里是/srv/salt,salt://test_dir 表示/srv/salt/test_dir
/data --->表示目标主机上的根目录下的data目录
[root@localhost ~]# ll /srv/salt/test_dir/total 672-rw-r--r-- 1 root root 686011 May 7 22:37 nginx-1.0.10.tar.gz[root@localhost ~]# salt '*' cp.get_dir salt://test_dir /dataserver02: - /data/test_dir/nginx-1.0.10.tar.gzserver03: - /data/test_dir/nginx-1.0.10.tar.gz[root@localhost ~]# salt '*' cmd.run 'ls -l /data'server03: total 0 drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dirserver02: total 0 drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir[root@localhost ~]#
#将主服务器file_roots指定位置下的文件复制到被控主机
# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
[root@localhost salt]# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gzserver02: /root/nginx-1.0.10.tar.gzserver03: /root/nginx-1.0.10.tar.gz[root@localhost salt]# salt '*' cmd.run 'ls -l /root/'server02: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gzserver03: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz[root@localhost salt]#
对于大文件,cp_get_file支持gzip压缩,在参数中指定gzip的压缩级别,如下:
[root@server01 salt]# pwd/srv/salt[root@server01 salt]# ll -th test-rw-r--r-- 1 root root 1.0G Jun 13 22:04 test[root@server01 salt]# salt '*' cp.get_file salt://test /root/test gzip=5server02: /root/testserver03: /root/test[root@server01 salt]#[root@server01 salt]# salt '*' cmd.run 'ls -htl /root/test'server02: -rw-r--r-- 1 root root 1.0G Jun 13 22:06 /root/testserver03: -rw-r--r-- 1 root root 1.0G Jun 13 22:06 /root/test[root@server01 salt]#
其中,1代表最小压缩,9代表最大压缩,gzip参数是在传输过程中对文件进行压缩。
cp.get_file默认不会在客户端上建立目录,如果客户端上没有这个目录了,文件拷贝将失败,所以这里又有一个参数makedirs,当客户端上的目标目录不存在时,直接将该参数的值设置为True,即makedirs=True;
[root@server01 salt]# salt '*' cmd.run 'ls -l /root/'server02: total 1049372 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 webserver03: total 1049368 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 web[root@server01 salt]#[root@server01 salt]# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/web/nginx-1.0.10.tar.gz makedirs=Trueserver02: /root/web/nginx-1.0.10.tar.gzserver03: /root/web/nginx-1.0.10.tar.gz[root@server01 salt]#[root@server01 salt]# salt '*' cmd.run 'ls -l /root/'server02: total 1049372 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 webserver03: total 1049368 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 web[root@server01 salt]#
注意:cp.get_file从字面上就可以看出是操作对象是文件,即只有在拷贝文件的时候,目标主机上对应的目录不存在使用makedirs参数才有用,否则该参数无效。
#下载指定URL内容到被控主机指定位置
salt '*' cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
cp.get_url 根据指定的url地址下载文件到被控端主机的对应目录下,这里被控端目录/root/下面
[root@localhost salt]# salt '*' cmd.run 'ls -l /root/'server02: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gzserver03: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz[root@localhost salt]# salt '*' cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpmserver03: /root/GeoIP-1.6.5.-1.e16.x86_64.rpmserver02: /root/GeoIP-1.6.5.-1.e16.x86_64.rpm[root@localhost salt]# salt '*' cmd.run 'ls -l /root/'server02: total 792 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gzserver03: total 792 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz[root@localhost salt]#
当然URL也可以是master上的路径(salt://)
[root@server01 salt]# salt '*' cp.get_url salt://nginx-1.0.10.tar.gz /opt/nginx-1.0.10.tar.gzserver02: /opt/nginx-1.0.10.tar.gzserver03: /opt/nginx-1.0.10.tar.gz[root@server01 salt]# salt '*' cmd.run 'ls -l /opt'server02: total 672 -rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.tar.gzserver03: total 672 -rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.tar.gz[root@server01 salt]#
#salt '*' cp.hash_file salt://test-file
cp.hash_file获取从主控端下发到被控端后文件的hash值,一般用于对比某个被控端某个文件的hash值
[root@localhost ~]# salt '*' cp.hash_file salt://nginx-1.0.10.tar.gzserver02: ---------- hash_type: md5 hsum: 930b297b00fa1018fb0a1dd3e6b7e17eserver03: ---------- hash_type: md5 hsum: 930b297b00fa1018fb0a1dd3e6b7e17e[root@localhost ~]#
(2)、cmd模块(实现远程的命令行调用执行)
# salt '*' cmd.run 'netstat -ntlp'
[root@localhost salt]# salt '*' cmd.run 'netstat -lnupt'server02: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1184/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2013/master tcp6 0 0 :::22 :::* LISTEN 1184/sshd tcp6 0 0 ::1:25 :::* LISTEN 2013/master udp 0 0 0.0.0.0:32525 0.0.0.0:* 737/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 672/chronyd udp 0 0 0.0.0.0:68 0.0.0.0:* 737/dhclient udp6 0 0 ::1:323 :::* 672/chronyd udp6 0 0 :::14472 :::* 737/dhclientserver03: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1191/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1835/master tcp6 0 0 :::22 :::* LISTEN 1191/sshd tcp6 0 0 ::1:25 :::* LISTEN 1835/master udp 0 0 0.0.0.0:32525 0.0.0.0:* 729/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 661/chronyd udp 0 0 0.0.0.0:68 0.0.0.0:* 729/dhclient udp6 0 0 ::1:323 :::* 661/chronyd udp6 0 0 :::14472 :::* 729/dhclient[root@localhost salt]#
(3)、cron模块(实现被控主机的crontab操作)
## 为指定的被控主机、root用户添加crontab信息
# salt '*' cron.set_job root '*/5' '*' '*' '*' '*' 'date >/dev/null 2>&1'
# salt '*' cron.raw_cron root
[root@localhost salt]# salt '*' cron.set_job root '*/60' '*' '*' '*' '*' '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1'server02: newserver03: new[root@localhost salt]#[root@localhost salt]# salt '*' cmd.run 'crontab -l'server03: # Lines below here are managed by Salt, do not edit */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1server02: # Lines below here are managed by Salt, do not edit */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1[root@localhost salt]#
## 删除指定的被控主机、root用户的crontab信息
[root@localhost salt]# salt '*' cron.rm_job root '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1'server02: removedserver03: removed[root@localhost salt]# salt '*' cmd.run 'crontab -l'server03: # Lines below here are managed by Salt, do not editserver02: # Lines below here are managed by Salt, do not edit[root@localhost salt]#
(4)、dnsutil模块(实现被控主机通用DNS操作)
给被控制端添加指定的hosts配置项目,即host主机记录
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
[root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.140 server01server02: The following line was added to /etc/hosts: 192.168.112.140 server01server03: The following line was added to /etc/hosts: 192.168.112.140 server01[root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.141 server02server03: The following line was added to /etc/hosts: 192.168.112.141 server02server02: The following line was added to /etc/hosts: 192.168.112.141 server02[root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.142 server03server03: The following line was added to /etc/hosts: 192.168.112.142 server03server02: The following line was added to /etc/hosts: 192.168.112.142 server03[root@localhost salt]# salt '*' cmd.run 'grep 192.168.112.* /etc/hosts'server03: 192.168.112.140 server01 192.168.112.141 server02 192.168.112.142 server03server02: 192.168.112.140 server01 192.168.112.141 server02 192.168.112.142 server03[root@localhost salt]#
(5)、file模块(被控主机文件常见操作,包括文件读写、权限、查找、校验等)
# salt '*' file.get_sum /etc/hosts md5
# salt '*' file.stats /etc/hosts
[root@localhost salt]# salt '*' file.get_sum /etc/hosts md5server03: 7895e4dd8df907aa29d026a75f2a035aserver02: 7895e4dd8df907aa29d026a75f2a035a[root@localhost salt]# salt '*' file.stats /etc/hostsserver02: ---------- atime: 1496299480.63 ctime: 1496299455.14 gid: 0 group: root inode: 67128992 mode: 0644 mtime: 1496299455.14 size: 234 target: /etc/hosts type: file uid: 0 user: rootserver03: ---------- atime: 1496299480.62 ctime: 1496299455.14 gid: 0 group: root inode: 67109270 mode: 0644 mtime: 1496299455.14 size: 234 target: /etc/hosts type: file uid: 0 user: root[root@localhost salt]#
(6)、network模块(返回被控主机网络信息)
# salt '*' network.ip_addrs
# salt '*' network.interfaces
[root@localhost salt]# salt '*' network.ip_addrsserver03: - 192.168.112.142server02: - 192.168.112.141[root@localhost salt]# salt '*' network.interfacesserver02: ---------- eth0: ---------- hwaddr: 00:0c:29:0b:28:95 inet: |_ ---------- address: 192.168.112.141 broadcast: 192.168.112.255 label: eth0 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::bf36:72fd:ae66:3183 prefixlen: 64 scope: link up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 inet6: |_ ---------- address: ::1 prefixlen: 128 scope: host up: Trueserver03: ---------- eth0: ---------- hwaddr: 00:0c:29:63:9d:12 inet: |_ ---------- address: 192.168.112.142 broadcast: 192.168.112.255 label: eth0 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::7f27:a270:df5d:d68 prefixlen: 64 scope: link up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 inet6: |_ ---------- address: ::1 prefixlen: 128 scope: host up: True[root@localhost salt]#
(7)、pkg包管理模块(被控主机程序包管理,如yum、apt-get等)
# salt '*' pkg.install httpd --->安装Apache服务
# salt '*' pkg.file_list httpd---->查看Apache服务安装的路径及安装的文件
[root@localhost ~]# salt '*' pkg.install httpdserver03: ---------- httpd: ---------- new: 2.4.6-45.el7.centos.4 old: httpd-tools: ---------- new: 2.4.6-45.el7.centos.4 old: mailcap: ---------- new: 2.1.41-2.el7 old:server02: ---------- httpd: ---------- new: 2.4.6-45.el7.centos.4 old: httpd-tools: ---------- new: 2.4.6-45.el7.centos.4 old: mailcap: ---------- new: 2.1.41-2.el7 old:[root@localhost ~]#
(8)、service 服务模块(被控主机程序包服务管理)
# salt '*' service.enable httpd
# salt '*' service.disable httpd
# salt '*' service.status httpd
# salt '*' service.stop httpd
# salt '*' service.start httpd
# salt '*' service.restart httpd
# salt '*' service.reload httpd
[root@localhost ~]# salt '*' service.enable httpdserver02: Trueserver03: True[root@localhost ~]# salt '*' service.disable httpdserver02: Trueserver03: True[root@localhost ~]# salt '*' service.status httpdserver02: Falseserver03: False[root@localhost ~]# salt '*' service.stop httpdserver02: Trueserver03: True[root@localhost ~]# salt '*' service.start httpdserver03: Trueserver02: True[root@localhost ~]# salt '*' service.reload httpdserver03: Trueserver02: True[root@localhost ~]# salt '*' cmd.run 'netstat -lnupt|grep httpd'server03: tcp6 0 0 :::80 :::* LISTEN 17294/httpdserver02: tcp6 0 0 :::80 :::* LISTEN 3231/httpd[root@localhost ~]#
(9)、更多功能
更多的功能,比如:grains、pillar、states、modules、returner、runners、reactor等,还有如下高级命令的使用,以及模板配置的渲染、扩展模块的二次开发等,可以自己去深入学习,未完,待续........
主机
文件
模块
命令
目录
参数
服务
配置
客户
客户端
位置
信息
用户
目标
路径
管理
操作系统
代表
内容
功能
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
榆树网络技术服务什么价格
c语言怎么调取数据库
mac登入服务器的命令
网易服务器到期自动删存档吗
网络安全举报电话12339
宝山区管理软件开发信息中心
湖北网格软件开发
西城区自动软件开发风格
网络安全最基本的法律
金湖银联软件开发技术是什么
苏州鸿熙网络技术
商飞软件开发有限公司
sql数据库员工数据名字
手游用什么服务器架设
用友后台数据库删除凭证
服务器dns异常什么情况
厦门直开尼网络技术有限公司
非洲网络安全吗
计算机网络安全及防火墙技术探析
ntp同步时间服务器
30岁软件开发待遇
用友u8数据库服务器重启
36岁的软件开发还能做几年
分布式数据库缺点
鹰皇金伯仕网络技术有限公司
服务器dns异常什么情况
网络安全等级保护三级
服务器可以玩欧洲卡车吗
机顶盒怎么当服务器
苏秦网络技术
