09-saltstack远程管理

1. server服务

[root@salt-master ~]# salt '*' service.available sshd    #　显示活动的服务
salt-minion01: 
    True
salt-minion02:
    True
salt-master:
    True

root@salt-master ~]# salt '*' service.get_all 　　　＃ 显示所有服务
salt-minion02:
    - abrt-ccpp
    - abrtd
    - acpid
    - atd
    - auditd
    - blk-availability
    - control-alt-delete
    - cpuspeed

[root@salt-master ~]# salt '*' service.missing sshd   #　显示不活动的服务
salt-minion01:
    False
salt-minion02:
    False
salt-master:
    False

[root@salt-master ~]# salt '*' service.reload httpd   # 重载服务
salt-minion01:
    True
salt-master:
    True
salt-minion02:
    True
[root@salt-master ~]# salt '*' service.status httpd  # 查看状态
salt-minion01:
    True
salt-minion02:
    True
salt-master:
    True
[root@salt-master ~]# salt '*' service.stop httpd   # 停止服务
salt-minion01:
    True
salt-minion02:
    True
salt-master:
    True
[root@salt-master ~]# salt '*' service.status httpd  # 查看状态
salt-minion01:
    False
salt-master:
    False
salt-minion02:
    False
[root@salt-master ~]# salt '*' service.start httpd   　＃　启动服务 
salt-minion01:
    True
salt-master:
    True
salt-minion02:
    True

２.network服务

salt '*' network.active_tcp

salt '*' network.arp

salt '*' network.calc_net 172.17.0.5 255.255.255.240

salt '*' network.connect archlinux.org 80

salt '*' network.connect archlinux.org 80 timeout=3

salt '*' network.connect archlinux.org 80 timeout=3 family=ipv4

 3.访问控制

[root@salt-master ~]# vim /etc/salt/master     # 打开注释
publisher_acl:
  xiaoyi:
    - test.ping
    - network.*

[root@salt-master ~]# /etc/init.d/salt-master restart   # 重启服务
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]

[root@salt-master ~]# useradd xiaoyi
[root@salt-master ~]# passwd xiaoyi
Changing password for user xiaoyi.
New password: 
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password: 
passwd: all authentication tokens updated successfully.

[root@salt-master ~]# chmod 755 /var/cache/salt /var/cache/salt/master /var/cache/salt/master/jobs /var/run/salt /var/run/salt/master /var/log/salt/maste

[root@salt-master ~]# /etc/init.d/salt-master restart   # 重启服务

[root@salt-master ~]# su - xiaoyi                     
[xiaoyi@salt-master ~]$ salt '*' test.ping
[WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master?
salt-minion02:
    True
salt-minion01:
    True
salt-master:
    True
[xiaoyi@salt-master ~]$ salt '*' cmd.run 'w'
[WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master?
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).