1. SaltStack模块介绍
Module是日常使用SaltStack接触最多的一个组件,其用于管理对象操作,这也是SaltStack通过Push的方式进行管理的入口,比如我们日常简单的执行命令、查看包安装情况、查看服务运行情况等工作都是通过SaltStack Module来实现的。
当安装好Master和Minion包后,系统上会安装很多Module,大家可以通过以下命令查看支持的所有Module列表:
//查看所有module列表
[root@vm1 ~]# salt 'vm1' sys.list_modules
vm1:
- acl
- aliases
- alternatives
- ansible
- archive
- artifactory
- beacons
- bigip
- btrfs
- buildout
- chroot
- cloud
- cmd
- composer
- config
- consul
- container_resource
- cp
- cron
- cryptdev
- data
- defaults
- devmap
- disk
- django
- dnsmasq
- dnsutil
- drbd
- environ
- etcd
- ethtool
- event
- extfs
- file
- firewalld
- freezer
- gem
- genesis
- glassfish
- gnome
- google_chat
- grafana4
- grains
- group
- hashutil
- highstate_doc
- hosts
- http
- incron
- ini
- inspector
- introspect
- iosconfig
- ip
- ipset
- iptables
- jboss7
- jboss7_cli
- jinja
- k8s
- kernelpkg
- key
- keyboard
- kmod
- locale
- locate
- log
- logrotate
- lowpkg
- lvm
- mandrill
- match
- mattermost
- mine
- minion
- modjk
- mount
- msteams
- nagios_rpc
- namecheap_domains
- namecheap_domains_dns
- namecheap_domains_ns
- namecheap_ssl
- namecheap_users
- network
- nexus
- nova
- nspawn
- nxos_api
- openscap
- openstack_config
- opsgenie
- out
- pagerduty
- pagerduty_util
- pam
- parallels
- partition
- peeringdb
- pillar
- pip
- pkg
- pkg_resource
- postfix
- ps
- publish
- pushover
- pyenv
- random
- random_org
- rbenv
- rest_sample_utils
- restartcheck
- ret
- rvm
- s3
- s6
- salt_proxy
- salt_version
- saltcheck
- saltutil
- schedule
- scsi
- sdb
- seed
- serverdensity_device
- service
- shadow
- slack
- slsutil
- smbios
- smtp
- solrcloud
- sqlite3
- ssh
- state
- status
- statuspage
- supervisord
- sys
- sysctl
- sysfs
- syslog_ng
- system
- telegram
- telemetry
- temp
- test
- timezone
- tuned
- udev
- uptime
- user
- vault
- vbox_guest
- virtualenv
- vsphere
- xfs
- xml
- zabbix
- zenoss
//查看指定module的所有function
[root@vm1 ~]# salt 'vm1' sys.list_functions cmd
vm1:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.powershell
- cmd.powershell_all
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_bg
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shell_info
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
//查看指定module的用法
[root@vm1 ~]# salt 'vm1' sys.doc cmd
----
Lists the valid shells on this system via the /etc/shells file
New in version 2015.5.0
CLI Example::
salt '*' cmd.shells
cmd.tty:
Echo a string to a specific tty
CLI Example:
salt '*' cmd.tty tty0 'This is a test'
salt '*' cmd.tty pts3 'This is a test'
cmd.which:
Returns the path of an executable available on the minion, None otherwise
CLI Example:
salt '*' cmd.which cat
---此处省略N行
//SaltStack默认也支持一次执行多个Module,Module之间通过逗号隔开,默认传参之间也是用逗号分隔,也支持指定传参分隔符号--args-separator=@即可
[root@vm1 ~]# salt 'vm1' test.echo,cmd.run,service.status hello,hostname,salt-minion
vm1:
----------
cmd.run:
vm1
service.status:
True
test.echo:
hello
2. SaltStack常用模块
2.1 SaltStack常用模块之network
2.1.1 network.active_tcp
返回所有活动的tcp连接
[root@vm1 ~]# salt '*' network.active_tcp
vm2:
----------
0:
----------
local_addr:
192.168.30.128
local_port:
60790
remote_addr:
192.168.30.100
remote_port:
4505
1:
----------
local_addr:
192.168.30.130
local_port:
22
remote_addr:
192.168.30.1
remote_port:
63915
vm1:
----------
0:
----------
local_addr:
192.168.30.100
local_port:
4505
remote_addr:
192.168.30.100
remote_port:
40642
1:
----------
local_addr:
192.168.30.100
local_port:
22
remote_addr:
192.168.30.1
remote_port:
63869
2:
----------
local_addr:
192.168.30.100
local_port:
4506
remote_addr:
192.168.30.128
remote_port:
50738
3:
----------
local_addr:
192.168.30.100
local_port:
40642
remote_addr:
192.168.30.100
remote_port:
4505
4:
----------
local_addr:
192.168.30.100
local_port:
4505
remote_addr:
192.168.30.128
remote_port:
60790
2.1.2 network.calc_net
通过IP和子网掩码计算出网段
[root@vm1 ~]# salt 'vm1' network.calc_net 192.168.30.110 255.255.255.0
vm1:
192.168.30.0/24
2.1.3 network.connect
测试minion至某一台服务器的网络是否连通
[root@vm1 ~]# salt '*' network.connect baidu.com 80
vm1:
----------
comment:
Successfully connected to baidu.com (39.156.69.79) on tcp port 80
result:
True
vm2:
----------
comment:
Successfully connected to baidu.com (39.156.69.79) on tcp port 80
result:
True
2.1.4 network.default_route
查看默认路由
[root@vm1 ~]# salt 'vm1' network.default_route
vm1:
|_
----------
addr_family:
inet
destination:
0.0.0.0
flags:
UG
gateway:
192.168.30.2
interface:
ens33
netmask:
0.0.0.0
2.1.5 network.get_fqdn
查看主机的fqdn(完全限定域名)
[root@vm1 ~]# salt '*' network.get_fqdn
vm1:
vm1
vm2:
vm2
2.1.6 network.get_hostname
获取主机名
[root@vm1 ~]# salt 'vm1' network.get_hostname
vm1:
vm1
2.1.7 network.get_route
查询到一个目标网络的路由信息
[root@vm1 ~]# salt 'vm1' network.get_route 172.25.0.10
vm1:
----------
destination:
172.25.0.10
gateway:
192.168.30.2
interface:
ens33
source:
192.168.30.100
2.1.8 network.hw_addr
返回指定网卡的MAC地址
[root@vm1 ~]# salt 'vm1' network.hw_addr ens33
vm1:
00:0c:29:e9:2e:d1
2.1.9 network.ifacestartswith
从特定CIDR检索接口名称
[root@vm1 ~]# salt '*' network.ifacestartswith 192.168
vm2:
- ens33
vm1:
- ens33
2.1.10 network.in_subnet
判断当前主机是否在某一个网段内
[root@vm1 ~]# salt 'vm1' network.in_subnet 192.168.30.0/24
vm1:
True
2.1.11 network.interface
返回指定网卡的信息
[root@vm1 ~]# salt 'vm1' network.interface ens33
vm1:
|_
----------
address:
192.168.30.100
broadcast:
192.168.30.255
label:
ens33
netmask:
255.255.255.0
2.1.12 network.interface_ip
返回指定网卡的IP地址
[root@vm1 ~]# salt 'vm1' network.interface_ip ens33
vm1:
192.168.30.100
2.1.13 network.interfaces
返回当前系统中所有的网卡信息
[root@vm1 ~]# salt 'vm1' network.interfaces
vm1:
----------
ens33:
----------
hwaddr:
00:0c:29:e9:2e:d1
inet:
|_
----------
address:
192.168.30.100
broadcast:
192.168.30.255
label:
ens33
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::20c:29ff:fee9:2ed1
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
2.1.14 network.ip_addrs
返回一个IPv4的地址列表
该函数将会忽略掉127.0.0.1的地址
[root@vm1 ~]# salt 'vm1' network.ip_addrs
vm1:
- 192.168.30.100
2.1.15 network.netstat
[root@vm1 ~]# salt 'vm1' network.netstat
vm1:
|_
----------
inode:
17166
local-address:
127.0.0.1:323
program:
chronyd
proto:
udp
recv-q:
0
remote-address:
*:*
send-q:
0
user:
0
|_
----------
inode:
17167
local-address:
::1:323
program:
chronyd
proto:
udp
recv-q:
0
remote-address:
:::*
send-q:
0
user:
0
|_
----------
inode:
19983
local-address:
*:22
program:
sshd
proto:
tcp
recv-q:
0
remote-address:
*:*
send-q:
128
state:
LISTEN
user:
0
|_
----------
inode:
83462
local-address:
*:4505
program:
salt-master
proto:
tcp
recv-q:
0
remote-address:
*:*
send-q:
128
state:
LISTEN
user:
0
|_
----------
inode:
20680
local-address:
127.0.0.1:25
program:
master
proto:
tcp
recv-q:
0
remote-address:
*:*
send-q:
100
state:
LISTEN
user:
0
|_
----------
inode:
83491
local-address:
*:4506
program:
salt-master
proto:
tcp
recv-q:
0
remote-address:
*:*
send-q:
128
state:
LISTEN
user:
0
|_
----------
inode:
84389
local-address:
192.168.30.100:4505
program:
salt-master
proto:
tcp
recv-q:
0
remote-address:
192.168.30.100:40642
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
80584
local-address:
192.168.30.100:22
program:
sshd
proto:
tcp
recv-q:
0
remote-address:
192.168.30.1:63869
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
0
local-address:
127.0.0.1:57652
program:
proto:
tcp
recv-q:
0
remote-address:
127.0.0.1:4506
send-q:
0
state:
TIME-WAIT
user:
0
|_
----------
inode:
84388
local-address:
192.168.30.100:40642
program:
salt-minion
proto:
tcp
recv-q:
0
remote-address:
192.168.30.100:4505
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
84465
local-address:
192.168.30.100:4505
program:
salt-master
proto:
tcp
recv-q:
0
remote-address:
192.168.30.128:60790
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
0
local-address:
127.0.0.1:57656
program:
proto:
tcp
recv-q:
0
remote-address:
127.0.0.1:4506
send-q:
0
state:
TIME-WAIT
user:
0
|_
----------
inode:
0
local-address:
192.168.30.100:40598
program:
proto:
tcp
recv-q:
0
remote-address:
192.168.30.100:4506
send-q:
0
state:
TIME-WAIT
user:
0
|_
----------
inode:
19992
local-address:
:::22
program:
sshd
proto:
tcp
recv-q:
0
remote-address:
:::*
send-q:
128
state:
LISTEN
user:
0
|_
----------
inode:
20681
local-address:
::1:25
program:
master
proto:
tcp
recv-q:
0
remote-address:
:::*
send-q:
100
state:
LISTEN
user:
0
2.1.16 network.ping
使用ping命令测试到某主机的连通性
[root@vm1 ~]# salt 'vm1' network.ping baidu.com
vm1:
PING baidu.com (39.156.69.79) 56(84) bytes of data.
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=128 time=23.9 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=2 ttl=128 time=23.2 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=3 ttl=128 time=23.7 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=4 ttl=128 time=24.2 ms
--- baidu.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 23.240/23.793/24.265/0.385 ms
2.1.17 network.reverse_ip
返回一个指定的IP地址的反向地址
[root@vm1 ~]# salt 'vm1' network.reverse_ip 192.168.101.110
vm1:
110.101.168.192.in-addr.arpa
2.2 SaltStack常用模块之service
2.2.1 service.available
判断指定的服务是否可用
[root@vm1 ~]# salt '*' service.available sshd
vm1:
True
vm2:
True
2.2.2 service.get_all
[root@vm1 ~]# salt 'vm1' service.get_all
vm1:
- NetworkManager
- NetworkManager-dispatcher
- NetworkManager-wait-online
- auditd
- autovt@
- basic.target
- blk-availability
- bluetooth.target
- brandbot
- brandbot.path
- chrony-dnssrv@
- chrony-dnssrv@.timer
- chrony-wait
- chronyd
- console-getty
- console-shell
- container-getty@
- cpupower
- crond
- cryptsetup-pre.target
- cryptsetup.target
- ctrl-alt-del.target
- dbus
- dbus-org.fedoraproject.FirewallD1
- dbus-org.freedesktop.NetworkManager
- dbus-org.freedesktop.hostname1
- dbus-org.freedesktop.import1
- dbus-org.freedesktop.locale1
- dbus-org.freedesktop.login1
- dbus-org.freedesktop.machine1
- dbus-org.freedesktop.nm-dispatcher
- dbus-org.freedesktop.timedate1
- dbus.socket
- debug-shell
- default.target
- dev-hugepages.mount
- dev-mqueue.mount
- dm-event
- dm-event.socket
- dracut-cmdline
- dracut-initqueue
- dracut-mount
- dracut-pre-mount
- dracut-pre-pivot
- dracut-pre-trigger
- dracut-pre-udev
- dracut-shutdown
- ebtables
- emergency
- emergency.target
- final.target
- firewalld
- fstrim
- fstrim.timer
- getty-pre.target
- getty.target
- getty@
- graphical.target
- halt-local
- halt.target
- hibernate.target
- hybrid-sleep.target
- initrd-cleanup
- initrd-fs.target
- initrd-parse-etc
- initrd-root-fs.target
- initrd-switch-root
- initrd-switch-root.target
- initrd-udevadm-cleanup-db
- initrd.target
- iprdump
- iprinit
- iprupdate
- iprutils.target
- irqbalance
- kdump
- kexec.target
- kmod-static-nodes
- local-fs-pre.target
- local-fs.target
- lvm2-lvmetad
- lvm2-lvmetad.socket
- lvm2-lvmpolld
- lvm2-lvmpolld.socket
- lvm2-monitor
- lvm2-pvscan@
- machines.target
- messagebus
- microcode
- multi-user.target
- netconsole
- network
- network-online.target
- network-pre.target
- network.target
- nss-lookup.target
- nss-user-lookup.target
- paths.target
- plymouth-halt
- plymouth-kexec
- plymouth-poweroff
- plymouth-quit
- plymouth-quit-wait
- plymouth-read-write
- plymouth-reboot
- plymouth-start
- plymouth-switch-root
- polkit
- postfix
- poweroff.target
- printer.target
- proc-sys-fs-binfmt_misc.automount
- proc-sys-fs-binfmt_misc.mount
- quotaon
- rc-local
- rdisc
- reboot.target
- remote-cryptsetup.target
- remote-fs-pre.target
- remote-fs.target
- rescue
- rescue.target
- rhel-autorelabel
- rhel-autorelabel-mark
- rhel-configure
- rhel-dmesg
- rhel-domainname
- rhel-import-state
- rhel-loadmodules
- rhel-readonly
- rpcbind.target
- rsyslog
- runlevel0.target
- runlevel1.target
- runlevel2.target
- runlevel3.target
- runlevel4.target
- runlevel5.target
- runlevel6.target
- salt-master
- salt-minion
- salt-proxy@
- salt-syndic
- selinux-policy-migrate-local-changes@
- serial-getty@
- shutdown.target
- sigpwr.target
- sleep.target
- slices.target
- smartcard.target
- sockets.target
- sound.target
- sshd
- sshd-keygen
- sshd.socket
- sshd@
- suspend.target
- swap.target
- sys-fs-fuse-connections.mount
- sys-kernel-config.mount
- sys-kernel-debug.mount
- sysinit.target
- syslog.socket
- system-update.target
- systemd-ask-password-console
- systemd-ask-password-console.path
- systemd-ask-password-plymouth
- systemd-ask-password-plymouth.path
- systemd-ask-password-wall
- systemd-ask-password-wall.path
- systemd-backlight@
- systemd-binfmt
- systemd-bootchart
- systemd-firstboot
- systemd-fsck-root
- systemd-fsck@
- systemd-halt
- systemd-hibernate
- systemd-hibernate-resume@
- systemd-hostnamed
- systemd-hwdb-updat