文章目录
SaltStack模块介绍
Module是日常使用SaltStack接触最多的一个组件,其用于管理对象操作,这也是SaltStack通过Push的方式进行管理的入口,比如我们日常简单的执行命令、查看包安装情况、查看服务运行情况等工作都是通过SaltStack Module来实现的。
saltstack安装完成以后,系统上会安装很多Module
//查看所有module列表
[root@master ~]# salt 'node1' sys.list_modules
node1:
- acl
- aliases
- alternatives
- archive
- artifactory
- baredoc
- beacons
......
//查看指定module的所有function
[root@master ~]# salt 'node1' sys.list_functions network
node1:
- network.active_tcp
- network.arp
- network.calc_net
- network.connect
- network.convert_cidr
- network.default_route
- network.dig
- network.fqdns
- network.get_bufsize
- network.get_fqdn
- network.get_hostname
- network.get_route
- network.hw_addr
- network.hwaddr
......
//查看指定module的用法
[root@master ~]# salt 'node1' sys.list_function network
node1:
----------
sys.list_function:
'sys.list_function' is not available.
sys.list_functions:
List the functions for all modules. Optionally, specify a module or modules
from which to list.
CLI Example:
salt '*' sys.list_functions
salt '*' sys.list_functions sys
salt '*' sys.list_functions sys user
......
//SaltStack默认也支持一次执行多个Module,Module之间通过逗号隔开,默认传参之间也是用逗号分隔,也支持指定传参分隔符号--args-separator=@即可
[root@master ~]# salt 'node1' test.echo,cmd.run hello,date
node1:
----------
cmd.run:
Wed Nov 3 18:09:55 CST 2021
test.echo:
hello
//执行的顺序部分先后
SaltStack常用模块
SaltStack常用模块之network
network.active_tcp
返回所有活动的tcp连接
[root@master ~]# salt 'node1' network.active_tcp
node1:
----------
0:
----------
local_addr:
192.168.218.133
local_port:
38976
remote_addr:
192.168.218.132
remote_port:
4505
1:
----------
local_addr:
192.168.218.133
local_port:
22
remote_addr:
192.168.218.1
remote_port:
60833
network.calc_net
通过IP和子网掩码计算出网段
[root@master ~]# salt 'node1' network.calc_net 192.168.1.1 255.255.255.0
node1:
192.168.1.0/24
[root@master ~]# salt 'node1' network.calc_net 192.168.218.133 255.255.255.0
node1:
192.168.218.0/24
network.connect
测试minion至某一台服务器的网络是否连通
[root@master ~]# salt 'node1' network.connect www.baidu.com 80
node1:
----------
comment:
Successfully connected to www.baidu.com (182.61.200.7) on tcp port 80
result:
True
network.default_route
查看默认路由
[root@master ~]# salt 'node1' network.default_route
node1:
|_
----------
addr_family:
inet
destination:
0.0.0.0
flags:
UG
gateway:
192.168.218.2
interface:
ens160
netmask:
0.0.0.0
network.get_fqdn
查看主机的fqdn(完全限定域名)
[root@master ~]# salt 'node1' network.get_fqdn
node1:
node1
network.get_hostname
获取主机名
[root@master ~]# salt 'node1' network.get_hostname
node1:
node1
network.get_route
查询到一个目标网络的路由信息
[root@master ~]# salt 'node1' network.get_route 192.168.162.246
node1:
----------
destination:
192.168.162.246
gateway:
192.168.218.2
interface:
ens160
source:
192.168.218.133
network.hw_addr
返回指定网卡的MAC地址
[root@master ~]# salt 'node1' network.hw_addr ens160
node1:
00:0c:29:03:ca:ed
network.ifacestartswith
从特定CIDR检索接口名称(通过网络地址获取网卡名字)
[root@master ~]# salt '*' network.ifacestartswith 192.168
node1:
- ens160
master:
- ens160
network.in_subnet
判断当前主机是否在某一个网段内
[root@master ~]# salt '*' network.in_subnet 192.168.218.0/24
node1:
True
master:
True
network.interface
返回指定网卡的信息
[root@master ~]# salt '*' network.interface ens160
node1:
|_
----------
address:
192.168.218.133
broadcast:
192.168.218.255
label:
ens160
netmask:
255.255.255.0
master:
|_
----------
address:
192.168.218.132
broadcast:
192.168.218.255
label:
ens160
netmask:
255.255.255.0
network.interface_ip
返回指定网卡的IP地址
[root@master ~]# salt '*' network.interface_ip ens160
node1:
192.168.218.133
master:
192.168.218.132
network.interfaces
返回当前系统中所有的网卡信息
[root@master ~]# salt 'node1' network.interfaces
node1:
----------
ens160:
----------
hwaddr:
00:0c:29:03:ca:ed
inet:
|_
----------
address:
192.168.218.133
broadcast:
192.168.218.255
label:
ens160
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::6faa:c998:4390:2ee4
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
network.ip_addrs
返回一个IPv4的地址列表,该函数将会忽略掉127.0.0.1的地址
[root@master ~]# salt '*' network.ip_addrs
node1:
- 192.168.218.133
master:
- 192.168.218.132
network.netstat
返回所有打开的端口和状态
[root@master ~]# salt 'node1' network.netstat
node1:
|_
----------
inode:
47900
local-address:
192.168.218.133%ens160:68
program:
NetworkManager
proto:
udp
recv-q:
0
remote-address:
192.168.218.254:67
send-q:
0
user:
0
|_
----------
inode:
27652
local-address:
0.0.0.0:22
program:
sshd
proto:
tcp
recv-q:
0
remote-address:
0.0.0.0:*
send-q:
128
state:
LISTEN
user:
0
|_
----------
inode:
36908
local-address:
192.168.218.133:38976
program:
salt-minion
proto:
tcp
recv-q:
0
remote-address:
192.168.218.132:4505
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
47919
local-address:
192.168.218.133:22
program:
sshd
proto:
tcp
recv-q:
0
remote-address:
192.168.218.1:60833
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
0
local-address:
192.168.218.133:50236
program:
proto:
tcp
recv-q:
0
remote-address:
192.168.218.132:4506
send-q:
0
state:
TIME-WAIT
user:
0
|_
----------
inode:
27663
local-address:
[::]:22
program:
sshd
proto:
tcp
recv-q:
0
remote-address:
[::]:*
send-q:
128
state:
LISTEN
user:
0
network.ping
使用ping命令测试到某主机的连通性(默认ping四次)
[root@master ~]# salt 'node1' network.ping www.baidu.com
node1:
PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data.
64 bytes from localhost (182.61.200.6): icmp_seq=1 ttl=128 time=23.8 ms
64 bytes from localhost (182.61.200.6): icmp_seq=2 ttl=128 time=35.9 ms
64 bytes from localhost (182.61.200.6): icmp_seq=3 ttl=128 time=24.2 ms
64 bytes from localhost (182.61.200.6): icmp_seq=4 ttl=128 time=34.1 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 23.755/29.463/35.857/5.547 ms
network.reverse_ip
返回一个指定的IP地址的反向地址
[root@master ~]# salt 'node1' network.reverse_ip 192.168.162.246node1:
246.162.168.192.in-addr.arpa
SaltStack常用模块之service
service.available
判断指定的服务是否可用,针对的是服务是否安装,已安装返回True,没有安装返回False,至于启动或者没有启动没有关系
//node1主机没有安装httpd
[root@master ~]# salt 'node1' service.available httpd
node1:
False
//node1主机有安装nginx
[root@master ~]# salt 'node1' service.available nginx
node1:
True
service.get_all
获取所有正在运行的服务(准确说是后台正在运行的进程)
[root@master ~]# salt 'node1' service.get_all
node1:
- NetworkManager
- NetworkManager-dispatcher
- NetworkManager-wait-online
- auditd
- autovt@
......省略以下
service.disabled
检查指定服务是否开机不自动启动
//查看主机node1上的nginx状态
[root@node1 ~]# systemctl status nginx
nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@master ~]# salt 'node1' service.disabled nginx
node1:
True
service.enabled
检查指定服务是否开机自动启动
[root@master ~]# salt 'node1' service.enabled nginx
node1:
False
service.disable
设置指定服务开机不自动启动
[root@master ~]# salt 'node1' service.disable nginx
node1:
True
[root@node1 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vend>
Active: inactive (dead)
service.enable
设置指定服务开机自动启动
[root@master ~]# salt 'node1' service.enable nginx
node1:
True
[root@node1 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendo>
Active: inactive (dead)
service.reload
重新加载指定服务(只能重载正在运行的服务,已停止的服务不能重载)
//node1主机上nginx正在运行
[root@node1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:*
[root@master ~]# salt 'node1' service.reload nginx
node1:
True
//停掉node1主机上的nginx,再次重载就会报错
[root@master ~]# salt 'node1' service.stop nginx
node1:
True
[root@master ~]# salt 'node1' service.reload nginx
node1:
ERROR: nginx.service is not active, cannot reload.
ERROR: Minions returned with non-zero exit code
service.stop
停止指定服务
[root@master ~]# salt 'node1' service.stop nginx
node1:
True
service.start
启动指定服务
[root@master ~]# salt 'node1' service.start nginx
node1:
True
service.restart
重启指定服务
[root@master ~]# salt 'node1' service.restart nginx
node1:
True
service.status
查看指定服务的状态,运行状态返回True,停止状态返回False
//开启状态返回True
[root@master ~]# salt 'node1' service.status nginx
node1:
True
//停止状态
[root@master ~]# salt 'node1' service.stop nginx
node1:
True
[root@master ~]# salt 'node1' service.status nginx
node1:
False
service.status
查看指定服务的状态
//node1主机服务nginx已停止
[root@master ~]# salt 'node1' service.status nginx
node1:
False
//node1主机服务nginx已开启
[root@master ~]# salt 'node1' service.status nginx
node1:
True
SaltStack常用模块之pkg
pkg.download
只下载软件包但不安装,此功能将会下载指定的软件包,但是需要在minion端安装yum-utils,可以使用 cmd.run 进行远程安装
//安装yum-utils包
[root@master ~]# salt 'node1' cmd.run 'yum -y install yum-utils'
[root@master ~]# salt 'node1' pkg.download wget
node1:
----------
wget:
/var/cache/yum/packages/wget-1.19.5-10.el8.x86_64.rpm
pkg.file_list
列出指定包或系统中已安装的所有包的文件
//列出已安装的nginx软件包提供的所有文件
[root@master ~]# salt 'node1' pkg.file_list nginx
node1:
----------
errors:
files:
- /etc/logrotate.d/nginx
- /etc/nginx/fastcgi.conf
- /etc/nginx/fastcgi.conf.default
- /etc/nginx/fastcgi_params
- /etc/nginx/fastcgi_params.default
- /etc/nginx/koi-utf
- /etc/nginx/koi-win
......
//当不提供参数时,将会列出当前系统中所有已安装软件的文件列表
[root@master ~]# salt 'node1' pkg.file_list
pkg.group_info
查看包组的信息
//包组名一般中间会有空格,需要用引号引起来
[root@master ~]# salt 'node1' pkg.group_info 'Development Tools'
node1:
----------
conditional:
default:
- asciidoc
- byacc
- ctags
- diffstat
- elfutils-libelf-devel
- git
- intltool
- jna
- ltrace
- patchutils
- perl-Fedora-VSP
- perl-Sys-Syslog
- perl-generators
- pesign
- source-highlight
- systemtap
- valgrind
- valgrind-devel
description:
A basic development environment.
group:
Development Tools
id:
None
mandatory:
- autoconf
- automake
- binutils
- bison
- flex
- gcc
- gcc-c++
- gdb
- glibc-devel
- libtool
- make
- pkgconf
- pkgconf-m4
- pkgconf-pkg-config
- redhat-rpm-config
- rpm-build
- rpm-sign
- strace
optional:
- cmake
- expect
- rpmdevtools
- rpmlint
type:
package group
pkg.group_list
列出系统中所有的包组
[root@master ~]# salt 'node1' pkg.group_list
node1:
----------
available:
- Conflicts BaseOS
- Dial-up Networking Support
- Hardware Monitoring Utilities
- Hardware Support
- Large Systems Performance
- Legacy UNIX Compatibility
- Python Web
- Server product core
- Windows File Server
- Additional Development
- Anaconda tools
- Backup Client
- Base
- base-x
- Conflicts AppStream
- Container Management
- Debugging Tools
- Desktop Debugging and Performance Tools
- Development Tools
- .NET Core Development
- File and Storage Server
- Fonts
- FTP Server
- GNOME Applications
- GNOME
- Graphical Administration Tools
- Graphics Creation Tools
- Guest Agents
- Guest Desktop Agents
- Headless Management
- Infiniband Support
- Input Methods
- Internet Applications
- Internet Browser
- Java Platform
- Legacy X Window System Compatibility
- Mail Server
- Mainframe Access
- Multimedia
- Network File System Client
- Network Servers
- Networking Tools
- Common NetworkManager submodules
- Office Suite and Productivity
- Atomic Host ostree support
- Performance Tools
- Platform Development
- KVM platform specific packages
- Hyper-v platform specific packages
- Printing Client
- Remote Desktop Clients
- Remote Management for Linux
- RPM Development Tools
- Scientific Support
- Security Tools
- Smart Card Support
- Standard
- System Tools
- TeX formatting system
- Virtualization Client
- Virtualization Hypervisor
- Virtualization Platform
- Virtualization Tools
- Basic Web Server
- Workstation product core
available environments:
- Server with GUI
- Server
- Workstation
- Custom Operating System
- Virtualization Host
available languages:
----------
installed:
- Core
- VMware platform specific packages
installed environments:
- Minimal Install
pkg.install
安装软件
[root@master ~]# salt 'node1' pkg.install wget
node1:
----------
wget:
----------
new:
1.19.5-10.el8
old:
pkg.list_pkgs
以字典的方式列出当前已安装的软件包(此命令查看的已安装的软件包数和rpm -qa查看安装的包的数量不一致,仅供参考)
[root@master ~]# salt 'node1' pkg.list_pkgs
node1:
----------
which:
2.21-12.el8
xfsprogs:
5.0.0-4.el8
xkeyboard-config:
2.28-1.el8
xmlsec1:
1.2.25-4.el8
xmlsec1-openssl:
1.2.25-4.el8
xz:
5.2.4-3.el8
xz-libs:
5.2.4-3.el8
......
pkg.owner
列出指定文件或命令是由哪个包提供的
//查看命令是由哪个包提供
[root@master ~]# salt 'node1' pkg.owner /usr/bin/ls
node1:
coreutils
//查看文件由哪个包提供
[root@master ~]# salt 'node1' pkg.owner /etc/passwd
node1:
setup
pkg.remove
卸载指定软件
[root@master ~]# salt 'node1' pkg.remove wget
node1:
----------
wget:
----------
new:
old:
1.19.5-10.el8
pkg.upgrade
升级系统中所有的软件包或升级指定的软件包(已安装的才能升级)
SaltStack常用模块之state
state.show_highstate
显示当前系统中有哪些高级状态
[root@master ~]# salt 'node1' state.show_highstate
node1:
----------
nginx-install:
----------
__env__:
base
__sls__:
web.nginx.install
pkg:
|_
----------
name:
nginx
- installed
|_
----------
order:
10000
nginx-service:
----------
__env__:
base
__sls__:
web.nginx.install
service:
|_
----------
name:
nginx
|_
----------
enable:
True
- running
|_
----------
order:
10001
state.highstate
执行高级状态
[root@master ~]# salt 'node1' state.highstate web.nginx.install
node1:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: All specified packages are already installed
Started: 22:16:42.612376
Duration: 713.292 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: The service nginx is already running
Started: 22:16:43.327286
Duration: 42.178 ms
Changes:
Summary for node1
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 755.470 ms
state.show_state_usage
显示当前系统中的高级状态执行情况
[root@master ~]# salt 'node1' state.show_state_usage
node1:
----------
base:
----------
count_all:
3
count_unused:
2
count_used:
1
unused: //未使用
- top
- web.apache.install
used: //已使用
- web.nginx.install
dev:
----------
count_all:
0
count_unused:
0
count_used:
0
unused:
used:
prod:
----------
count_all:
0
count_unused:
0
count_used:
0
unused:
used:
test:
----------
count_all:
0
count_unused:
0
count_used:
0
unused:
used:
state.show_top
返回minion将用于highstate的顶级数据
[root@master ~]# salt 'node1' state.show_top
node1:
----------
base:
- web.nginx.install
state.top
执行指定的top file,而不是默认的,默认的top file是top.sls,但是 也可以不用写成默认的,但是在执行的时候需要加上名字
[root@master ~]# salt '*' state.top runtime.sls
192.168.69.202:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 20:17:20.129390
Duration: 917.659 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 20:17:21.048144
Duration: 46.958 ms
Changes:
Summary for 192.168.69.202
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 964.617 ms
state.show_sls
显示 master 上特定sls或sls文件列表中的状态数据
[root@master ~]# salt '*' state.show_sls web.nginx.install
node1:
----------
nginx-install:
----------
__env__:
base
__sls__:
web.nginx.install
pkg:
|_
----------
name:
nginx
- installed
|_
----------
order:
10000
nginx-service:
----------
__env__:
base
__sls__:
web.nginx.install
service:
|_
----------
name:
nginx
|_
----------
enable:
True
- running
|_
----------
order:
10001
master:
----------
nginx-install:
----------
__env__:
base
__sls__:
web.nginx.install
pkg:
|_
----------
name:
nginx
- installed
|_
----------
order:
10000
nginx-service:
----------
__env__:
base
__sls__:
web.nginx.install
service:
|_
----------
name:
nginx
|_
----------
enable:
True
- running
|_
----------
order:
10001
SaltStack常用模块之cp
cp.get_file
用于minion从master下载一个文件,目标路径必须是一个文件,而不是目录。
//语法:
文件在base环境下:salt ‘*’ cp.get_file salt://testfile /root/testfile
该命令表示minion从master端下载文件并拷贝到到/root/testfile文件中。注意:salt://表示的base环境。因此,testfille是位于base环境下——即/srv/salt/base目录中。
//举例演示:
[root@master salt]# tree base/
base/
├── top.sls
└── web
├── apache
│ └── install.sls
└── nginx
└── install.sls
[root@master ~]# salt 'node1' cp.get_file salt://top.sls /root/
node1:
/root/top.sls
[root@node1 ~]# ls
anaconda-ks.cfg top.sls
//目标文件只能是文件,不能是目录,web是base环境下的目录
[root@master ~]# salt 'node1' cp.get_file salt://web /root/
node1:
//没有返回值,对面查看也没有相应的目录
//如果cp.get_file过程中,如果目录不存在,cp.get_file是不会主动创建目录的,如果要做到这点,可以使用makedirs=True 参数
[root@master ~]# salt 'node1' cp.get_file salt://top.sls /root/test/
node1:
False //node1主机上/root/test目录不存在
[root@master ~]# salt 'node1' cp.get_file salt://top.sls /root/test/ makedirs=True
node1:
/root/test/top.sls //加上参数makedirs=True以后返回值正常
[root@node1 ~]# tree .
.
├── anaconda-ks.cfg
├── test
│ └── top.sls
└── top.sls
cp.get_dir
用于minion从master下载一个目录,用法基本同cp.get_file一致。
//web是base环境下的一个目录
[root@master ~]# salt 'node1' cp.get_dir salt://web /root/web
node1:
- /root/web/web/apache/install.sls
- /root/web/web/nginx/install.sls
[root@node1 ~]# ls
anaconda-ks.cfg test top.sls web
[root@node1 ~]# tree web/
web/
└── web
├── apache
│ └── install.sls
└── nginx
└── install.sls
cp.push
cp.push允许minion上传文件到master端,cp.push功能默认不开启,需要修改配置文件中的file_recv 环境,默认为False,上传的文件存放在master端的 /var/cache/salt/master/minions//files/ 目录下。
//开启cp.push功能
[root@master ~]# vim /etc/salt/master
......
file_recv: True
......
[root@master ~]# systemctl restart salt-master
//举例演示
[root@master ~]# salt 'node1' cp.push /root/anaconda-ks.cfg
node1:
True
[root@master root]# pwd
/var/cache/salt/master/minions/node1/files/root
[root@master root]# ls
anaconda-ks.cfg
SaltStack常用模块之user
user.add
添加用户到被管节点
//语法:
salt '*' user.add name [uid] [gid] [groups] [home] [shell]
//添加用户,可以指定uid,gid,groups,home,shell,也可以选择默认
[root@master ~]# salt 'node1' user.add tom
node1:
True
[root@node1 ~]# id tom
uid=1000(tom) gid=1000(tom) groups=1000(tom)
user.delete
删除被管节点用户
[root@master ~]# salt 'node1' user.delete tom
node1:
True
[root@node1 ~]# id tom
id: ‘tom’: no such user
user.chuid
更改用户UID
[root@master ~]# salt 'node1' user.chuid tom 1002
node1:
True
[root@node1 ~]# id tom
uid=1002(tom) gid=1000(tom) groups=1000(tom)
user.chgid
更改用户GID
[root@master ~]# salt 'node1' user.chgid tom 1002
node1:
True
[root@node1 ~]# id tom
uid=1002(tom) gid=1002(tom) groups=1000(tom)
user.rename
修改指定用户的用户名
[root@master ~]# salt 'node1' user.rename tom jerry
node1:
False
[root@node1 ~]# id jerry
uid=1000(jerry) gid=1000(tom) groups=1000(tom)
589
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
