satlstack常用命令
saltstack最重要的两个命令
salt '*' sys.doc iptables #查看相关模块的帮助文档
salt '*' sys.list_functions iptables #列出相关模块支持的命令列表
salt '*' sys.list_functions # 列出所有支持的命令
一、archive压缩和解压
查看解压和压缩命令支持的格式和命令
View Code
salt远程压缩文件命令
[root@host106 ~]# salt '*' archive.zip /opt/t.zip /tmp/t1,/tmp/t2 host104: - tmp/t1 - tmp/t2 host105: - tmp/t1 - tmp/t2
salt远程解压命令
[root@host106 ~]# salt '*' archive.unzip /opt/t.zip /tmp/ host104: - tmp/t1 - tmp/t2 host105: - tmp/t1 - tmp/t2
API调用
client.cmd('*','archive.gunzip',['lsfz_Conference.zip'])
二、cmd模块命令
查看cmd模块支持的命令
View Code
salt '*' cmd.run 'free -m' # 命令cmd.run
salt '*' cmd.script /tmp/t.sh # cmd.script
salt 'host105' cmd.shell 'rm /tmp/lsfz* -rf' # cmd.shell
API调用
client.cmd('*','cmd.run',['free -m'])
三、cp模块
[root@host106 ~]# salt '*' sys.list_functions cp host104: - cp.cache_dir - cp.cache_file - cp.cache_files - cp.cache_local_file - cp.cache_master - cp.get_dir - cp.get_file - cp.get_file_str - cp.get_template - cp.get_url - cp.hash_file - cp.is_cached - cp.list_master - cp.list_master_dirs - cp.list_master_symlinks - cp.list_minion - cp.list_states - cp.push - cp.push_dir - cp.recv - cp.recv_chunked - cp.stat_file host105: - cp.cache_dest - cp.cache_dir - cp.cache_file - cp.cache_files - cp.cache_local_file - cp.cache_master - cp.envs - cp.get_dir - cp.get_file - cp.get_file_str - cp.get_template - cp.get_url - cp.hash_file - cp.is_cached - cp.list_master - cp.list_master_dirs - cp.list_master_symlinks - cp.list_minion - cp.list_states - cp.push - cp.push_dir - cp.recv - cp.recv_chunked - cp.stat_file
cp.cache_local_file
将master端的/etc/hosts文件复制到minion端的salt cache目录(/var/cache/salt/minion/localfiles/)
[root@host106 ~]# salt '*' cp.cache_local_file /etc/hosts host104: /var/cache/salt/minion/localfiles/etc/hosts host105: /var/cache/salt/minion/localfiles/etc/hosts
cp.get_dir
将master端salt主目录下面的目录复制到minion端的/opt目录下
[root@host106 ~]# ls /srv/salt/ apache.sls _modules nginx top.sls [root@host106 ~]# salt '*' cp.get_dir salt://nginx/ /opt/ host104: - /opt//nginx/files/nginx-1.25.0.tar.gz - /opt//nginx/files/nginx.conf - /opt//nginx/files/nginx.service - /opt//nginx/init.sls host105: - /opt//nginx/files/nginx-1.25.0.tar.gz - /opt//nginx/files/nginx.conf - /opt//nginx/files/nginx.service - /opt//nginx/init.sls
cp.get_url
下载URL内容到被控主机指定位置(/tmp/index.html)
[root@host106 ~]# salt '*' cp.get_url https://www.cyy123.com /tmp/index.html host105: /tmp/index.html host104: /tmp/index.html
API调用
client.cmd('*','cp.get_file',['salt://script/test.py','/minion/test.py'])
四、DNS模块
功能:实现被控主机通用DNS操作
添加minion端的hosts域名解析信息
[root@host106 ~]# salt '*' dnsutil.hosts_append /etc/hosts 10.1.1.1 www.baidu.com host104: The following line was added to /etc/hosts: 10.1.1.1 www.baidu.com host105: The following line was added to /etc/hosts: 10.1.1.1 www.baidu.com
删除minion端的hosts域名解析信息
[root@host106 ~]# salt 'host105' dnsutil.hosts_remove /etc/hosts www.baidu.com host105: None [root@host106 ~]# salt 'host104' dnsutil.hosts_remove /etc/hosts www.baidu.com host104: None
API调用:
clietn.cmd('wx','dnsutil.hosts_append'['/etc/hosts','127.0.0.1','test1.com','test2.com'])
五、file模块
功能:被控主机常见的文件操作,包括文件读写、权限、查找、校验
首先查看帮助文档,看看支持什么命令
[root@host106 ~]# salt '*' sys.list_functions file host104: - file.access - file.append - file.apply_template_on_contents - file.basename - file.blockreplace - file.check_file_meta - file.check_hash - file.check_managed - file.check_managed_changes - file.check_perms - file.chgrp - file.chown - file.comment - file.comment_line - file.contains - file.contains_glob - file.contains_regex - file.copy - file.delete_backup - file.directory_exists - file.dirname - file.diskusage - file.extract_hash - file.file_exists - file.find - file.get_devmm - file.get_diff - file.get_gid - file.get_group - file.get_hash - file.get_managed - file.get_mode - file.get_selinux_context - file.get_source_sum - file.get_sum - file.get_uid - file.get_user - file.gid_to_group - file.grep - file.group_to_gid - file.is_blkdev - file.is_chrdev - file.is_fifo - file.is_link - file.join - file.lchown - file.line - file.link - file.list_backup - file.list_backups - file.list_backups_dir - file.lstat - file.makedirs - file.makedirs_perms - file.manage_file - file.mkdir - file.mknod - file.mknod_blkdev - file.mknod_chrdev - file.mknod_fifo - file.move - file.normpath - file.open_files - file.pardir - file.patch - file.path_exists_glob - file.prepend - file.psed - file.read - file.readdir - file.readlink - file.remove - file.remove_backup - file.rename - file.replace - file.restore_backup - file.restorecon - file.rmdir - file.search - file.sed - file.sed_contains - file.seek_read - file.seek_write - file.set_mode - file.set_selinux_context - file.source_list - file.stats - file.statvfs - file.symlink - file.touch - file.truncate - file.uid_to_user - file.uncomment - file.user_to_uid - file.write host105: - file.access - file.append - file.apply_template_on_contents - file.basename - file.blockreplace - file.chattr - file.check_file_meta - file.check_hash - file.check_managed - file.check_managed_changes - file.check_perms - file.chgrp - file.chown - file.comment - file.comment_line - file.contains - file.contains_glob - file.contains_regex - file.copy - file.delete_backup - file.directory_exists - file.dirname - file.diskusage - file.extract_hash - file.file_exists - file.find - file.get_devmm - file.get_diff - file.get_gid - file.get_group - file.get_hash - file.get_managed - file.get_mode - file.get_selinux_context - file.get_source_sum - file.get_sum - file.get_uid - file.get_user - file.gid_to_group - file.grep - file.group_to_gid - file.is_blkdev - file.is_chrdev - file.is_fifo - file.is_hardlink - file.is_link - file.join - file.lchown - file.line - file.link - file.list_backup - file.list_backups - file.list_backups_dir - file.lsattr - file.lstat - file.makedirs - file.makedirs_perms - file.manage_file - file.mkdir - file.mknod - file.mknod_blkdev - file.mknod_chrdev - file.mknod_fifo - file.move - file.normpath - file.open_files - file.pardir - file.patch - file.path_exists_glob - file.prepend - file.psed - file.read - file.readdir - file.readlink - file.remove - file.remove_backup - file.rename - file.replace - file.restore_backup - file.restorecon - file.rmdir - file.search - file.sed - file.sed_contains - file.seek_read - file.seek_write - file.set_mode - file.set_selinux_context - file.source_list - file.stats - file.statvfs - file.symlink - file.touch - file.truncate - file.uid_to_user - file.uncomment - file.user_to_uid - file.write
具体文件管理命令如下:
file.chown 修改文件权限 [root@host106 ~]# salt '*' file.chown /etc/passwd root root host104: None host105: None file.copy 拷贝文件 [root@host106 ~]# salt '*' file.copy /tmp/t.sh /opt/t.sh host104: True host105: True file.directory_exists [root@host106 ~]# salt '*' file.copy /root/test /opt/test recurse=True host104: True host105: True file.directory_exists,检车目录是否存在 [root@host106 ~]# salt '*' file.directory_exists /tmp host104: True host105: True file.stats检测文件的ststs信息,比如创建修改信息,权限信息,大小,类型等 [root@host106 ~]# salt '*' file.stats /etc/passwd host104: ---------- atime: 1685606591.579007 ctime: 1685520187.770625 gid: 0 group: root inode: 3149087 mode: 0o644 mtime: 1685520187.6146245 size: 3007 target: /etc/passwd type: file uid: 0 user: root host105: ---------- atime: 1685675456.4029915 ctime: 1685589056.2419565 gid: 0 group: root inode: 68500246 mode: 0644 mtime: 1685589056.1539576 size: 1505 target: /etc/passwd type: file uid: 0 user: root file.get_mode查看文件的mode信息,大部分是0o755或者0o644 [root@host106 ~]# salt '*' file.get_mode /etc/passwd host104: 0o644 host105: 0644 file.set_mode设置文件的mode信息 [root@host106 ~]# salt '*' file.set_mode /etc/passwd 0644 host104: 0o644 host105: 0644 file.mkdir在所选节点创建目录 [root@host106 ~]# salt '*' file.mkdir /tmp/test host104: True host105: True file.sed 修改文件内容 [root@host106 ~]# salt '*' file.sed /opt/t.sh 'ls' 'ls -la' host104: ---------- pid: 8754 retcode: 0 stderr: stdout: host105: ---------- pid: 6309 retcode: 0 stderr: stdout: file.append在文件中增加内容 [root@host106 ~]# salt '*' file.append /tmp/t.sh 'ls /root/test' host104: Wrote 1 lines to "/tmp/t.sh" host105: Wrote 1 lines to "/tmp/t.sh" file.remove删除具体文件 [root@host106 ~]# salt '*' file.remove /opt/t.sh host104: True host105: True file.touch 创建一个新文件 [root@host106 ~]# salt '*' file.touch /opt/t.sh host104: True host105: True file.move 把文件移动到另外一个地方 [root@host106 ~]# salt '*' file.move /opt/t.sh /opt/t1.sh host104: ---------- comment: '/opt/t.sh' moved to '/opt/t1.sh' result: True host105: ---------- comment: '/opt/t.sh' moved to '/opt/t1.sh' result: True file.rename 修改文件的名称 [root@host106 ~]# salt '*' file.rename /opt/t1.sh /opt/t2.sh host104: True host105: True file.find 在/root目录下查找文件结尾是.tar.gz,大小大于200MB的文件 [root@host106 ~]# salt '*' file.find /root/ type=f name=\*.tar.gz size=+200m host104: - /root/pkg/mysql-8.0.26.tar.gz host105: - /root/soft/mysql-8.0.11-linux-glibc2.12-x86_64.tar.gz file.find 在/root目录下查找最新30天内修改,尺寸大于100MB的文件,输出name,path,size,mtime信息 [root@host106 ~]# salt '*' file.find /root/ mtime=-30d size=+100m print=name,path,size,mtime host104: |_ - boaoweb04meeting_backup-20230505-10.00.01.sql - /root/boaoweb04meeting_backup-20230505-10.00.01.sql - 209330215 - 1683252009 |_ - catalina.out - /root/apache-tomcat-9.0.54/logs/catalina.out - 578517543 - 1683507314 |_ - cms.war - /root/apache-tomcat-9.0.54/webapps/cms.war - 119967374 - 1683167746 |_ - jdk-11.0.19_linux-x64_bin.tar.gz - /root/jdk-11.0.19_linux-x64_bin.tar.gz - 169440335 - 1684812540 host105:
#命令file.check_hash,核对文件的MD5值,一致返回True
[root@host106 ~]# salt 'host105' file.check_hash /etc/passwd 6bf32c4953fb94337243614856545d25 host105: True
校验所有被控主机文件的加密信息,支持md5、sha1、sha224、shs256、sha384、sha512加密算法
[root@host106 ~]# salt '*' file.get_sum /etc/passwd md5 host104: d48c55ef3beec86d0c23cbb477f55315 host105: 6bf32c4953fb94337243614856545d25
修改文件的属主属组,权限等
[root@host106 ~]# salt '*' file.chown /tmp/t.sh admin admin host104: None host105: None
API调用
client.cmd('*','file.remove',['/tmp/foo'])
六、group模块
查看该模块可以使用的命令
View Code
添加和删除一个用户组zabbix
View Code
七、network模块
看看该模块有哪些命令可用
[root@host106 ~]# salt '*' sys.list_functions network host104: - network.active_tcp - network.arp - network.calc_net - network.connect - network.convert_cidr - network.default_route - network.dig - network.get_bufsize - network.get_fqdn - network.get_hostname - network.get_route - network.hw_addr - network.hwaddr - network.ifacestartswith - network.in_subnet - network.interface - network.interface_ip - network.interfaces - network.ip_addrs - network.ip_addrs6 - network.ip_in_subnet - network.ipaddrs - network.ipaddrs6 - network.iphexval - network.is_loopback - network.is_private - network.mod_bufsize - network.mod_hostname - network.netstat - network.ping - network.reverse_ip - network.routes - network.subnets - network.subnets6 - network.traceroute - network.wol host105: - network.active_tcp - network.arp - network.calc_net - network.connect - network.convert_cidr - network.default_route - network.dig - network.fqdns - network.get_bufsize - network.get_fqdn - network.get_hostname - network.get_route - network.hw_addr - network.hwaddr - network.ifacestartswith - network.in_subnet - network.interface - network.interface_ip - network.interfaces - network.ip_addrs - network.ip_addrs6 - network.ip_in_subnet - network.ip_networks - network.ip_networks6 - network.ipaddrs - network.ipaddrs6 - network.iphexval - network.is_loopback - network.is_private - network.mod_bufsize - network.mod_hostname - network.netstat - network.ping - network.reverse_ip - network.routes - network.subnets - network.subnets6 - network.traceroute - network.wol
查看所有minion端的dig信息
[root@host106 ~]# salt '*' network.dig www.baidu.com host105: Command required for 'network.dig' not found: The 'dig' binary was not found in $PATH. host104: ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21433 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 166 IN CNAME www.a.shifen.com. www.a.shifen.com. 83 IN A 182.61.200.6 www.a.shifen.com. 83 IN A 182.61.200.7 ;; Query time: 4 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Jun 02 13:38:36 CST 2023 ;; MSG SIZE rcvd: 101 ERROR: Minions returned with non-zero exit code
查看所有minon端的ping结果
[root@host106 ~]# salt '*' network.ping www.baidu.com host104: PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data. 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=1 ttl=53 time=3.26 ms 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=2 ttl=53 time=2.86 ms 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=3 ttl=53 time=2.97 ms 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=4 ttl=53 time=3.20 ms --- www.a.shifen.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 2.869/3.075/3.261/0.161 ms host105: PING www.a.shifen.com (182.61.200.7) 56(84) bytes of data. 64 bytes from 182.61.200.7 (182.61.200.7): icmp_seq=1 ttl=53 time=4.62 ms 64 bytes from 182.61.200.7 (182.61.200.7): icmp_seq=2 ttl=53 time=2.57 ms 64 bytes from 182.61.200.7 (182.61.200.7): icmp_seq=3 ttl=53 time=2.89 ms 64 bytes from 182.61.200.7 (182.61.200.7): icmp_seq=4 ttl=53 time=2.62 ms --- www.a.shifen.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 2.577/3.181/4.628/0.844 ms
查看所有minon端的traceroute命令结果
host104:st106 ~]# salt '*' network.traceroute www.baidu.com host105: |_ ---------- count: 1 hostname: gateway ip: 192.168.0.5 ms1: 0.341 ms2: 0.508 ms3: 0.665 |_ ---------- count: 2 hostname: 121.79.132.233 ip: 121.79.132.233 ms1: 5.551 ms2: 5.78 ms3: 5.865 |_ ---------- count: 3 hostname: 172.30.10.242 ip: 172.30.10.242 ms1: 4.855 ms2: 4.936 ms3: 4.935 |_ ---------- count: 4 hostname: 172.16.200.33 ip: 172.16.200.33 ms1: 5.0 ms2: 5.047 ms3: 5.094 |_ ---------- count: 5 hostname: 172.16.205.34 ip: 172.16.205.34 ms1: 7.115 ms2: 7.336 ms3: 7.654 |_ ---------- count: 6 hostname: 103.216.40.30 ip: 103.216.40.30 ms1: 8.269 ms2: 2.844 ms3: 5.517 |_ ---------- count: 7 hostname: 182.61.255.42 ip: 182.61.255.42 ms1: 5.427 ms2: 5.474 ms3: 5.534 |_ ---------- count: 8 hostname: 182.61.255.49 ip: 182.61.255.49 ms1: 5.539 ms2: 5.555 ms3: 5.619 |_ ---------- count: 9 hostname: * |_ ---------- count: 10 hostname: * |_ ---------- count: 11 hostname: * |_ ---------- count: 12 hostname: * |_ ---------- count: 13 hostname: * |_ ---------- count: 14 hostname: * |_ ---------- count: 15 hostname: * |_ ---------- count: 16 hostname: * |_ ---------- count: 17 hostname: * |_ ---------- count: 18 hostname: * |_ ---------- count: 19 hostname: * |_ ---------- count: 20 hostname: * |_ ---------- count: 21 hostname: * |_ ---------- count: 22 hostname: * |_ ---------- count: 23 hostname: * |_ ---------- count: 24 hostname: * |_ ---------- count: 25 hostname: * |_ ---------- count: 26 hostname: * |_ ---------- count: 27 hostname: * |_ ---------- count: 28 hostname: * |_ ---------- count: 29 hostname: * |_ ---------- count: 30 hostname: *
查看minon端的物理网卡信息
[root@host106 ~]# salt '*' network.hw_addr eno1 host104: 30:d0:42:e4:fc:86 host105: Interface "eno1" not in available interfaces: "lo", "tunl0", "enp3s0", "docker_gwbridge", "docker0", "enp3s0.10" [root@host106 ~]# [root@host106 ~]# salt '*' network.hw_addr enp3s0 host104: Interface "enp3s0" not in available interfaces: "lo", "eno1", "docker0", "virbr0", "virbr0-nic", "tunl0", "br-92be500b6b54", "vethfee5608", "cali4054adce699", "cali81dc7e15a37", "calieaedee2f6a9", "vethf4dec3b", "veth662ccf9" host105: 10:78:d2:e7:d5:88
查看物理机的网卡ip信息
[root@host106 ~]# salt '*' network.ip_addrs host104: - 10.244.243.192 - 172.17.0.1 - 172.25.0.1 - 192.168.0.104 - 192.168.122.1 host105: - 172.17.0.1 - 172.18.0.1 - 192.168.0.105 - 192.168.70.122 - 192.168.70.123 - 211.88.36.2
查看物理机的网卡网段信息
[root@host106 ~]# salt '*' network.subnets host104: - 10.244.243.192/32 - 172.17.0.0/16 - 172.25.0.0/16 - 192.168.0.0/24 - 192.168.122.0/24 host105: - 172.17.0.0/16 - 172.18.0.0/16 - 192.168.0.0/24 - 192.168.70.0/24 - 211.88.36.0/24
查看网卡配置信息
[root@host106 ~]# salt 'host104' network.interfaces host104: ---------- br-92be500b6b54: ---------- hwaddr: 02:42:e3:c0:50:62 inet: |_ ---------- address: 172.25.0.1 broadcast: 172.25.255.255 label: br-92be500b6b54 netmask: 255.255.0.0
API调用:
client.cmd('host105','network.ip_addrs')
八、pkg模块
查看pkg模块支持的命令
[root@host106 ~]# salt '*' sys.list_functions pkg host104: - pkg.add_repo_key - pkg.autoremove - pkg.available_version - pkg.del_repo - pkg.del_repo_key - pkg.expand_repo_def - pkg.file_dict - pkg.file_list - pkg.get_repo - pkg.get_repo_keys - pkg.get_selections - pkg.hold - pkg.info_installed - pkg.install - pkg.latest_version - pkg.list_pkgs - pkg.list_repo_pkgs - pkg.list_repos - pkg.list_upgrades - pkg.mod_repo - pkg.owner - pkg.purge - pkg.refresh_db - pkg.remove - pkg.set_selections - pkg.unhold - pkg.upgrade - pkg.upgrade_available - pkg.version - pkg.version_cmp host105: - pkg.available_version - pkg.clean_metadata - pkg.del_repo - pkg.diff - pkg.download - pkg.file_dict - pkg.file_list - pkg.get_locked_packages - pkg.get_repo - pkg.group_diff - pkg.group_info - pkg.group_install - pkg.group_list - pkg.groupinstall - pkg.hold - pkg.info_installed - pkg.install - pkg.latest_version - pkg.list_downloaded - pkg.list_holds - pkg.list_installed_patches - pkg.list_patches - pkg.list_pkgs - pkg.list_repo_pkgs - pkg.list_repos - pkg.list_updates - pkg.list_upgrades - pkg.mod_repo - pkg.modified - pkg.normalize_name - pkg.owner - pkg.parse_arch - pkg.purge - pkg.refresh_db - pkg.remove - pkg.services_need_restart - pkg.unhold - pkg.update - pkg.upgrade - pkg.upgrade_available - pkg.verify - pkg.version - pkg.version_cmp
使用pkg.install 包安装软件 pkg.remove卸载软件
[root@host106 ~]# salt '*' pkg.install httpd host104: ERROR: Problem encountered installing package(s). Additional info follows: changes: ---------- errors: - Running scope as unit: run-r680d064db4534a5185c82e67897b207b.scope E: Package 'httpd' has no installation candidate host105: ---------- httpd: ---------- new: 2.4.6-99.el7.centos.1 old: [root@host106 ~]# salt '*' pkg.remove httpd host104: ---------- host105: ---------- httpd: ---------- new: old: 2.4.6-99.el7.centos.1
API调用:
client.cmd('*','pkg.remove',['php'])
九、service模块
查看service模块有哪些命令
[root@host106 ~]# salt '*' sys.list_functions service host104: - service.available - service.disable - service.disabled - service.enable - service.enabled - service.execs - service.force_reload - service.get_all - service.get_disabled - service.get_enabled - service.get_running - service.get_static - service.mask - service.masked - service.missing - service.reload - service.restart - service.show - service.start - service.status - service.stop - service.systemctl_reload - service.unmask host105: - service.available - service.disable - service.disabled - service.enable - service.enabled - service.execs - service.firstboot - service.force_reload - service.get_all - service.get_disabled - service.get_enabled - service.get_running - service.get_static - service.mask - service.masked - service.missing - service.offline - service.reload - service.restart - service.show - service.start - service.status - service.stop - service.systemctl_reload - service.unmask
service.start 命令启动程序 [root@host106 ~]# salt '*' service.start httpd host105: ERROR: Running scope as unit run-6535.scope. Failed to start httpd.service: Unit not found. host104: ERROR: Failed to start httpd.service: Unit httpd.service not found. ERROR: Minions returned with non-zero exit code service.status 命令查看程序状态 [root@host106 ~]# salt '*' service.status httpd host105: False host104: False service.stop命令停止程序 [root@host106 ~]# salt '*' service.stop httpd host105: False host104: False ERROR: Minions returned with non-zero exit code service.reload命令重载配置 [root@host106 ~]# salt '*' service.reload httpd host105: ERROR: Running scope as unit run-7200.scope. Failed to reload httpd.service: Unit not found. host104: ERROR: Failed to reload httpd.service: Unit httpd.service not found. ERROR: Minions returned with non-zero exit code
API调用:
client.cmd('*','service.stop',['nginx'])
十、user模块
查看user模块的命令列表
[root@host106 ~]# salt '*' sys.list_functions user host104: - user.add - user.chfullname - user.chgid - user.chgroups - user.chhome - user.chhomephone - user.chloginclass - user.chroomnumber - user.chshell - user.chuid - user.chworkphone - user.delete - user.get_loginclass - user.getent - user.info - user.list_groups - user.list_users - user.primary_group - user.rename host105: - user.add - user.chfullname - user.chgid - user.chgroups - user.chhome - user.chhomephone - user.chloginclass - user.chother - user.chroomnumber - user.chshell - user.chuid - user.chworkphone - user.delete - user.get_loginclass - user.getent - user.info - user.list_groups - user.list_users - user.primary_group - user.rename
命令的帮助文档
View Code
具体添加和删除用户的命令
View Code
十一、正则表达式的使用
用-E,--pcre,通过正则表达式进行匹配,探索以host开头的主机id是否连通
[root@host106 ~]# salt -E '^host.*' test.ping host104: True host105: True
-L,--list,以主机id名列表的形式进行过滤,格式与Python的列表相似,即不同主机id名称使用逗号分离。
#获取主机id为:host104,host105主机的完整操作系统发行版名称
[root@host106 ~]# salt -L 'host104,host105' grains.item osfullname host104: ---------- osfullname: Ubuntu host105: ---------- osfullname: CentOS Linux
-I,--pillar,根据被控主机的pillar信息进行匹配过滤,格式为:"对象名称":"对象值"
-N,--nodegroup,根据主控端master配置文件中的分组名称进行过滤。
View Code
查看group1组主机的连通性情况
[root@host106 salt]# salt -N group1 test.ping host105: True
-C,--compound,根据条件运算符not、and、or去匹配不同规则的主机信息
#探测host开头并且操作系统版本为CentOS的主机的连通性 [root@host106 salt]# salt -C 'E@^host.* and G@os:CentOS' test.ping host105: True
-S,--ipcidr,根据被控主机的IP地址或IP子网进行匹配
View Code
十二、cron模块
查看cron模块对应的命令和帮助
[root@host106 salt]# salt '*' sys.doc cron cron.get_entry: Return the specified entry from user's crontab. identifier will be used if specified, otherwise will lookup cmd Either identifier or cmd should be specified. user: User's crontab to query identifier: Search for line with identifier cmd: Search for cron line with cmd CLI Example: salt '*' cron.get_entry root identifier=task1 cron.list_tab: Return the contents of the specified user's crontab CLI Example: salt '*' cron.list_tab root cron.ls: This function is an alias of ``list_tab``. Return the contents of the specified user's crontab CLI Example: salt '*' cron.list_tab root cron.raw_cron: Return the contents of the user's crontab CLI Example: salt '*' cron.raw_cron root cron.rm: This function is an alias of ``rm_job``. Remove a cron job for a specified user. If any of the day/time params are specified, the job will only be removed if the specified params match. CLI Example: salt '*' cron.rm_job root /usr/local/weekly salt '*' cron.rm_job root /usr/bin/foo dayweek=1 cron.rm_env: Remove cron environment variable for a specified user. CLI Example: salt '*' cron.rm_env root MAILTO cron.rm_job: Remove a cron job for a specified user. If any of the day/time params are specified, the job will only be removed if the specified params match. CLI Example: salt '*' cron.rm_job root /usr/local/weekly salt '*' cron.rm_job root /usr/bin/foo dayweek=1 cron.rm_special: Remove a special cron job for a specified user. CLI Example: salt '*' cron.rm_special root /usr/bin/foo cron.sdecode: Since we don't know where a string is coming from and that string will need to be safely decoded, this function will attempt to decode the string until it has a working string that does not stack trace cron.set_env: Set up an environment variable in the crontab. CLI Example: salt '*' cron.set_env root MAILTO user@example.com cron.set_job: Sets a cron job up for a specified user. CLI Example: salt '*' cron.set_job root '*' '*' '*' '*' 1 /usr/local/weekly cron.set_special: Set up a special command in the crontab. CLI Example: salt '*' cron.set_special root @hourly 'echo foobar' cron.write_cron_file: Writes the contents of a file to a user's crontab CLI Example: salt '*' cron.write_cron_file root /tmp/new_cron Changed in version 2015.8.9 Note: Some OS' do not support specifying user via the `crontab` command i.e. (Solaris, AIX) cron.write_cron_file_verbose: Writes the contents of a file to a user's crontab and return error message on error CLI Example: salt '*' cron.write_cron_file_verbose root /tmp/new_cron Changed in version 2015.8.9 Note: Some OS' do not support specifying user via the `crontab` command i.e. (Solaris, AIX)
查看被控主机root用户的crontab权限和计划
[root@host106 salt]# salt 'host104' cron.raw_cron root host104: # Edit this file to introduce tasks to be run by cron. # # Each task to run has to be defined through a single line # indicating with different fields when the task will be run # and what command to run for the task # # To define the time you can provide concrete values for # minute (m), hour (h), day of month (dom), month (mon), # and day of week (dow) or use '*' in these fields (for 'any').# # Notice that tasks will be started based on the cron's system # daemon's notion of time and timezones. # # Output of the crontab jobs (including errors) is sent through # email to the user the crontab file belongs to (unless redirected). # # For example, you can run a backup of all your user accounts # at 5 a.m every week with: # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command 0 */12 * * * ntpdate cn.pool.ntp.org */1 * * * * su - root -c "(rsync -vzurtopg /home/boao/ziyun /home/nginx8400/ljnh/ac2023)"
为被控主机添加任务,root用户crontab的/usr/local/weekly任务
[root@host106 salt]# salt 'host105' cron.set_job root '*' '*' '*' '*' 1 /usr/local/weekly host105: new
删除指定被控主机、root用户crontab的/usr/local/weekly任务
[root@host106 salt]# salt 'host105' cron.rm_job root /usr/local/weekly host105: removed
为host105增加同步时间的任务,###注意整个长命令含空格要加引号,否则后面的直接被当成注释
[root@host106 ~]# salt 'host105' cron.set_job root '*/1' '*' '*' '*' '*' "ntpdate s2c.time.edu.cn >> /dev/null 2>&1" host105: new
删除host105上的任务
[root@host106 ~]# salt 'host105' cron.rm_job ntpdate s2c.time.edu.cn host105: absent
API调用:
client.cmd('host105','cron.set_job'['root','','','','',1,'/usr/local/weekly'])
十三、iptables模块
查看该模块支持的命令
[root@host106 ~]# salt '*' sys.doc iptables iptables.append: Append a rule to the specified table/chain. This function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Example: salt '*' iptables.append filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' IPv6: salt '*' iptables.append filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 iptables.build_rule: Build a well-formatted iptables rule based on kwargs. A `table` and `chain` are not required, unless `full` is True. If `full` is `True`, then `table`, `chain` and `command` are required. `command` may be specified as either a short option ('I') or a long option (`--insert`). This will return the iptables command, exactly as it would be used from the command line. If a position is required (as with `-I` or `-D`), it may be specified as `position`. This will only be useful if `full` is True. If `connstate` is passed in, it will automatically be changed to `state`. To pass in jump options that doesn't take arguments, pass in an empty string. CLI Examples: salt '*' iptables.build_rule match=state \ connstate=RELATED,ESTABLISHED jump=ACCEPT salt '*' iptables.build_rule filter INPUT command=I position=3 \ full=True match=state state=RELATED,ESTABLISHED jump=ACCEPT salt '*' iptables.build_rule filter INPUT command=A \ full=True match=state state=RELATED,ESTABLISHED \ source='127.0.0.1' jump=ACCEPT .. Invert Rules salt '*' iptables.build_rule filter INPUT command=A \ full=True match=state state=RELATED,ESTABLISHED \ source='! 127.0.0.1' jump=ACCEPT salt '*' iptables.build_rule filter INPUT command=A \ full=True match=state state=RELATED,ESTABLISHED \ destination='not 127.0.0.1' jump=ACCEPT IPv6: salt '*' iptables.build_rule match=state \ connstate=RELATED,ESTABLISHED jump=ACCEPT \ family=ipv6 salt '*' iptables.build_rule filter INPUT command=I position=3 \ full=True match=state state=RELATED,ESTABLISHED jump=ACCEPT \ family=ipv6 iptables.check: Check for the existence of a rule in the table and chain This function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Example: salt '*' iptables.check filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' IPv6: salt '*' iptables.check filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 iptables.check_chain: New in version 2014.1.0 Check for the existence of a chain in the table CLI Example: salt '*' iptables.check_chain filter INPUT IPv6: salt '*' iptables.check_chain filter INPUT family=ipv6 iptables.delete: Delete a rule from the specified table/chain, specifying either the rule in its entirety, or the rule's position in the chain. This function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Examples: salt '*' iptables.delete filter INPUT position=3 salt '*' iptables.delete filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' IPv6: salt '*' iptables.delete filter INPUT position=3 family=ipv6 salt '*' iptables.delete filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 iptables.delete_chain: New in version 2014.1.0 Delete custom chain to the specified table. CLI Example: salt '*' iptables.delete_chain filter CUSTOM_CHAIN IPv6: salt '*' iptables.delete_chain filter CUSTOM_CHAIN family=ipv6 iptables.flush: Flush the chain in the specified table, flush all chains in the specified table if not specified chain. CLI Example: salt '*' iptables.flush filter INPUT IPv6: salt '*' iptables.flush filter INPUT family=ipv6 iptables.get_policy: Return the current policy for the specified table/chain CLI Example: salt '*' iptables.get_policy filter INPUT IPv6: salt '*' iptables.get_policy filter INPUT family=ipv6 iptables.get_rules: Return a data structure of the current, in-memory rules CLI Example: salt '*' iptables.get_rules IPv6: salt '*' iptables.get_rules family=ipv6 iptables.get_saved_policy: Return the current policy for the specified table/chain CLI Examples: salt '*' iptables.get_saved_policy filter INPUT salt '*' iptables.get_saved_policy filter INPUT \ conf_file=/etc/iptables.saved IPv6: salt '*' iptables.get_saved_policy filter INPUT family=ipv6 salt '*' iptables.get_saved_policy filter INPUT \ conf_file=/etc/iptables.saved family=ipv6 iptables.get_saved_rules: Return a data structure of the rules in the conf file CLI Example: salt '*' iptables.get_saved_rules IPv6: salt '*' iptables.get_saved_rules family=ipv6 iptables.insert: Insert a rule into the specified table/chain, at the specified position. This function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. If the position specified is a negative number, then the insert will be performed counting from the end of the list. For instance, a position of -1 will insert the rule as the second to last rule. To insert a rule in the last position, use the append function instead. CLI Examples: salt '*' iptables.insert filter INPUT position=3 \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' IPv6: salt '*' iptables.insert filter INPUT position=3 \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 iptables.new_chain: New in version 2014.1.0 Create new custom chain to the specified table. CLI Example: salt '*' iptables.new_chain filter CUSTOM_CHAIN IPv6: salt '*' iptables.new_chain filter CUSTOM_CHAIN family=ipv6 iptables.save: Save the current in-memory rules to disk CLI Example: salt '*' iptables.save /etc/sysconfig/iptables IPv6: salt '*' iptables.save /etc/sysconfig/iptables family=ipv6 iptables.set_policy: Set the current policy for the specified table/chain CLI Example: salt '*' iptables.set_policy filter INPUT ACCEPT IPv6: salt '*' iptables.set_policy filter INPUT ACCEPT family=ipv6 iptables.version: Return version from iptables --version CLI Example: salt '*' iptables.version IPv6: salt '*' iptables.version family=ipv6
添加规则
View Code
删除规则
[root@host106 ~]# salt 'host105' iptables.delete filter INPUT position=3 host105:
保存规则
保存所有被控主机端主机规则到本地硬盘(/etc/sysconfig/iptables) salt '*' iptables.save /etc/sysconfig/iptables
API调用
client.cmd('*','iptables.append',['filter','INPUT','rule=\'-p tcp --sport 80 -j ACCEPT\''])
其他模块
除了上述模块外,saltstack还提供了user(系统用户模块)、group(系统组模块)、partition(系统分区模块)、puppet(puppet管理模块)、system(系统重启、关机模块)、timezone(时区管理模块)、nginx(nginx管理模块)、mount(文件系统挂载模块)等等。当然我们也可以通过Python扩展模块来满足需求。
浙公网安备 33010602011771号