模块介绍!!
Module是日常使用SaltStack接触最多的一个组件,其用于管理对象操作,这也是SaltStack通过Push的方式进行管理的入口,比如我们日常简单的执行命令、查看包安装情况、查看服务运行情况等工作都是通过SaltStack Module来实现的。
# 查看所有module列表
[root@master ~]# salt 'laolin' sys.list_modules
laolin:
- acl
- aliases
- alternatives
- ansible
- archive
- artifactory
- at
- beacons
- bigip
- btrfs
- buildout
- chroot
- cloud
- cmd
- composer
- config
......
......
......
# 查看指定module的所有function
[root@master ~]# salt 'laolin' sys.list_functions cmd
laolin:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.powershell
- cmd.powershell_all
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_bg
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shell_info
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
# 查看指定module的用法
[root@master ~]# salt 'laolin' sys.doc cmd
cmd.exec_code:
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. The stdout will be returned.
All parameters from :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` except python_shell can be used.
CLI Example:
salt '*' cmd.exec_code ruby 'puts "cheese"'
salt '*' cmd.exec_code ruby 'puts "cheese"' args='["arg1", "arg2"]' env='{"FOO": "bar"}'
......
......
......
2. SaltStack常用模块之network
2.1 network.active_tcp
# 返回所有活动的tcp连接
[root@master ~]# salt '*' network.active_tcp
laolin:
----------
0:
----------
local_addr:
192.168.160.111
local_port:
22
remote_addr:
192.168.160.1
remote_port:
58807
1:
----------
local_addr:
192.168.160.111
local_port:
56070
remote_addr:
192.168.160.110
remote_port:
4505
2:
----------
local_addr:
192.168.160.111
local_port:
22
remote_addr:
192.168.160.1
remote_port:
58808
此处省略N行......
2.2 network.calc_net
# 通过IP和子网掩码计算出网段
[root@master ~]# salt '*' network.calc_net 192.168.73.240 255.255.0.0
laolin:
192.168.0.0/16
master:
192.168.0.0/16
[root@master ~]# salt '*' network.calc_net 192.168.34.200 255.255.255.0
master:
192.168.34.0/24
laolin:
192.168.34.0/24
2.3 network.connect
# 测试minion至某一台服务器的网络是否连通
[root@master ~]# salt '*' network.connect baidu.com 80
laolin:
----------
comment:
Successfully connected to baidu.com (39.156.69.79) on tcp port 80
result:
True
master:
----------
comment:
Successfully connected to baidu.com (220.181.38.148) on tcp port 80
result:
True
2.4 network.default_route
# 查看默认路由
[root@master ~]# salt '*' network.default_route
laolin:
|_
----------
addr_family:
inet
destination:
0.0.0.0
flags:
UG
gateway:
192.168.160.2
interface:
ens33
netmask:
0.0.0.0
|_
----------
addr_family:
inet6
destination:
::/0
flags:
!n
gateway:
::
interface:
lo
netmask:
|_
----------
addr_family:
inet6
destination:
::/0
flags:
!n
gateway:
::
interface:
lo
netmask:
以下省略 master ......
2.5 network.get_fqdn
# 查看主机的fqdn(完全限定域名)
[root@master ~]# salt '*' network.get_fqdn
master:
master
laolin:
laolin
2.6 network.get_hostname
# 获取主机名
[root@master ~]# salt '*' network.get_hostname
master:
master
laolin:
laolin
2.7 network.get_route
# 查询到一个目标网络的路由信息
[root@master ~]# salt '*' network.get_route 192.168.160.190
master:
----------
destination:
192.168.160.190
gateway:
None
interface:
ens33
source:
192.168.160.110
laolin:
----------
destination:
192.168.160.190
gateway:
None
interface:
ens33
source:
192.168.160.111
2.8 network.hw_addr
# 返回指定网卡的MAC地址
[root@master ~]# salt '*' network.hw_addr ens33
laolin:
00:0c:29:a9:c4:b3
master:
00:0c:29:34:30:33
2.9 network.ifacestartswith
# 从特定CIDR检索接口名称
[root@master ~]# salt '*' network.ifacestartswith 192.168
master:
- ens33
- virbr0
laolin:
- ens33
- virbr0
2.10 network.in_subnet
# 判断当前主机是否在某一个网段内
[root@master ~]# salt '*' network.in_subnet 192.168.160.0/24
laolin:
True
master:
True
2.11 network.interface
# 返回指定网卡的信息
[root@master ~]# salt '*' network.interface ens33
master:
|_
----------
address:
192.168.160.110
broadcast:
192.168.160.255
label:
ens33
netmask:
255.255.255.0
laolin:
|_
----------
address:
192.168.160.111
broadcast:
192.168.160.255
label:
ens33
netmask:
255.255.255.0
2.12 network.interface_ip
# 返回指定网卡的IP地址
[root@master ~]# salt '*' network.interface_ip ens33
laolin:
192.168.160.111
master:
192.168.160.110
2.13 network.interfaces
# 返回当前系统中所有的网卡信息
[root@master ~]# salt '*' network.interfaces
laolin:
----------
ens33:
----------
hwaddr:
00:0c:29:a9:c4:b3
inet:
|_
----------
address:
192.168.160.111
broadcast:
192.168.160.255
label:
ens33
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::6020:443f:b781:ccf2
以下省略N行......
2.14 network.ip_addrs
# 返回一个IPv4的地址列表
# 该函数将会忽略掉127.0.0.1的地址
[root@master ~]# salt '*' network.ip_addrs
laolin:
- 192.168.122.1
- 192.168.160.111
master:
- 192.168.122.1
- 192.168.160.110
2.15 network.netstat
# 返回所有打开的端口和状态
[root@master ~]# salt '*' network.netstat
laolin:
|_
----------
inode:
18753
local-address:
0.0.0.0:111
program:
1/systemd
proto:
tcp
recv-q:
0
remote-address:
0.0.0.0:*
send-q:
0
state:
LISTEN
user:
0
|_
----------
inode:
36998
以下省略N行......
2.16 network.ping
# 使用ping命令测试到某主机的连通性
[root@master ~]# salt '*' network.ping baidu.com
laolin:
PING baidu.com (220.181.38.148) 56(84) bytes of data.
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=80.2 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=2 ttl=128 time=86.9 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=3 ttl=128 time=87.7 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=4 ttl=128 time=86.9 ms
--- baidu.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 80.210/85.428/87.745/3.040 ms
master:
PING baidu.com (220.181.38.148) 56(84) bytes of data.
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=98.9 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=2 ttl=128 time=40.1 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=3 ttl=128 time=41.1 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=4 ttl=128 time=41.0 ms
--- baidu.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 40.142/55.296/98.928/25.194 ms
2.17 network.reverse_ip
# 返回一个指定的IP地址的反向地址
[root@master ~]# salt '*' network.reverse_ip 192.168.160.200
laolin:
200.160.168.192.in-addr.arpa
master:
200.160.168.192.in-addr.arpa
3. SaltStack常用模块之service
3.1 service.available
# 判断指定的服务是否可用
[root@master ~]# salt '*' service.available sshd
laolin:
True
master:
True
[root@master ~]# salt '*' service.available vsftpd
master:
False
laolin:
False
3.2 service.get_all
# 获取所有正在运行的服务
[root@master ~]# salt '*' service.get_all
laolin:
- ModemManager
- NetworkManager
- NetworkManager-dispatcher
- NetworkManager-wait-online
- accounts-daemon
- alsa-restore
- alsa-state
- anaconda
- anaconda-direct
- anaconda-fips
- anaconda-nm-config
- anaconda-noshell
- anaconda-pre
- anaconda-shell@
- anaconda-sshd
- anaconda-tmux@
- anaconda.target
- arp-ethers
- atd
- auditd
- auth-rpcgss-module
以下省略N行......
3.3 service.disabled
# 检查指定服务是否开机不自动启动
[root@master ~]# salt '*' service.disabled httpd
master:
False
laolin:
False
3.4 service.enabled
# 检查指定服务是否开机自动启动
[root@master ~]# salt '*' service.enabled httpd
master:
True
laolin:
True
3.5 service.disable
# 设置指定服务开机不自动启动
[root@master ~]# salt '*' service.disable httpd
master:
True
laolin:
True
[root@master ~]# salt '*' service.enabled httpd
laolin:
False
master:
False
3.6 service.enable
# 设置指定服务开机自动启动
[root@master ~]# salt '*' service.enable httpd
master:
True
laolin:
True
[root@master ~]# salt '*' service.enabled httpd
master:
True
laolin:
True
3.7 service.reload
# 重新加载指定服务
[root@master ~]# salt '*' service.reload httpd
master:
True
laolin:
True
3.8 service.stop
# 停止指定服务
[root@master ~]# salt '*' service.stop httpd
laolin:
True
master:
True
[root@master ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:4505 0.0.0.0:*
LISTEN 0 128 0.0.0.0:4506 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
3.9 service.start
# 启动指定服务
[root@master ~]# salt '*' service.start httpd
master:
True
laolin:
True
[root@master ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:4505 0.0.0.0:*
LISTEN 0 128 0.0.0.0:4506 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
2.10 service.restart
# 重启指定服务
[root@master ~]# salt '*' service.restart httpd
laolin:
True
master:
True
2.11 service.status
# 查看指定服务的状态
[root@master ~]# salt '*' service.status httpd
master:
True
laolin:
True
3. SaltStack常用模块之pkg
3.1 pkg.download
# 只下载软件包但不安装
# 此功能将会下载指定的软件包,但是需要在minion端安装yum-utils,可以使用 cmd.run 进行远程安装
[root@master ~]# salt 'laolin' pkg.download wget
laolin:
----------
wget:
/var/cache/yum/packages/wget-1.19.5-10.el8.x86_64.rpm
3.2 pkg.file_list
# 列出指定包或系统中已安装的所有包的文件
[root@master ~]# salt 'laolin' pkg.file_list httpd
laolin:
----------
errors:
files:
- /etc/httpd/conf
- /etc/httpd/conf.d/autoindex.conf
- /etc/httpd/conf.d/userdir.conf
- /etc/httpd/conf.d/welcome.conf
- /etc/httpd/conf.modules.d
- /etc/httpd/conf.modules.d/00-base.conf
- /etc/httpd/conf.modules.d/00-dav.conf
- /etc/httpd/conf.modules.d/00-lua.conf
- /etc/httpd/conf.modules.d/00-mpm.conf
- /etc/httpd/conf.modules.d/00-optional.conf
- /etc/httpd/conf.modules.d/00-proxy.conf
- /etc/httpd/conf.modules.d/00-systemd.conf
- /etc/httpd/conf.modules.d/01-cgi.conf
- /etc/httpd/conf.modules.d/README
- /etc/httpd/conf/httpd.conf
- /etc/httpd/conf/magic
- /etc/httpd/logs
- /etc/httpd/modules
- /etc/httpd/run
- /etc/httpd/state
- /etc/logrotate.d/httpd
- /etc/sysconfig/htcacheclean
以下省略N行......
3.3 pkg.group_info
# 查看包组的信息
[root@master ~]# salt 'laolin' pkg.group_info 'Development Tools'
laolin:
----------
conditional:
default:
- asciidoc
- byacc
- ctags
- diffstat
- elfutils-libelf-devel
- git
- intltool
- jna
- ltrace
- patchutils
- perl-Fedora-VSP
- perl-Sys-Syslog
- perl-generators
- pesign
- source-highlight
- systemtap
- valgrind
- valgrind-devel
description:
A basic development environment.
group:
Development Tools
id:
None
mandatory:
- autoconf
- automake
- binutils
- bison
- flex
- gcc
- gcc-c++
- gdb
- glibc-devel
以下省略N行......
3.4 pkg.group_list
# 列出系统中所有的包组
[root@master ~]# salt 'laolin' pkg.group_list
laolin:
----------
available:
- Backup Client
- base-x
- Conflicts AppStream
- Container Management
- Debugging Tools
- Desktop Debugging and Performance Tools
- .NET Core Development
- FTP Server
- GNOME Applications
- Graphics Creation Tools
- Guest Agents
- Guest Desktop Agents
- Input Methods
- Internet Applications
- Internet Browser
- Java Platform
- Legacy X Window System Compatibility
- Multimedia
- Office Suite and Productivity
- Atomic Host ostree support
- KVM platform specific packages
- Hyper-v platform specific packages
- Printing Client
- Remote Desktop Clients
- RPM Development Tools
- TeX formatting system
- Virtualization Client
- Virtualization Hypervisor
- Virtualization Platform
以下省略N行......
3.5 pkg.install
# 安装软件
[root@master ~]# salt '*' pkg.install wget
master:
----------
wget:
----------
new:
1.19.5-10.el8
old:
laolin:
----------
wget:
----------
new:
1.19.5-10.el8
old:
3.6 pkg.list_downloaded
# 列出已下载到本地的软件包
[root@master ~]# salt '*' pkg.list_downloaded
master:
----------
laolin:
----------
3.7 pkg.list_pkgs
# 以字典的方式列出当前已安装的软件包
[root@master ~]# salt 'laolin' pkg.list_pkgs
laolin:
----------
NetworkManager:
1:1.30.0-0.3.el8
NetworkManager-libnm:
1:1.30.0-0.3.el8
NetworkManager-team:
1:1.30.0-0.3.el8
NetworkManager-tui:
1:1.30.0-0.3.el8
abattis-cantarell-fonts:
0.0.25-4.el8
acl:
2.2.53-1.el8
adwaita-cursor-theme:
3.28.0-2.el8
adwaita-icon-theme:
3.28.0-2.el8
apr:
1.6.3-11.el8
apr-util:
1.6.1-6.el8
apr-util-bdb:
1.6.1-6.el8
apr-util-openssl:
以下省略N行......
3.8 pkg.owner
# 列出指定文件是由哪个包提供的
[root@master ~]# salt 'laolin' pkg.owner /usr/sbin/apachectl
laolin:
httpd
[root@master ~]# salt 'laolin' pkg.owner /usr/sbin/apachectl /etc/httpd/conf/httpd.conf
laolin:
----------
/etc/httpd/conf/httpd.conf:
httpd
/usr/sbin/apachectl:
3.9 pkg.remove
# 卸载指定软件
[root@master ~]# salt 'laolin' cmd.run 'rpm -qa|grep wget'
laolin:
wget-1.19.5-10.el8.x86_64
3. 10 pkg.upgrade
# 升级系统中所有的软件包或升级指定的软件包
[root@master ~]# salt 'laolin' pkg.upgrade name=openssl
4. SaltStack常用模块之state
4.1 state.show_highstate
# 显示当前系统中有哪些高级状态
[root@master ~]# salt 'laolin' state.show_highstate
laolin:
----------
nginx-install:
----------
__env__:
base
__sls__:
web.nginx.install
pkg:
|_
----------
name:
nginx
4.2 state.highstate
# 执行高级状态
[root@master ~]# salt 'laolin' state.highstate web.nginx.install saltenv=base
laolin:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: All specified packages are already installed
Started: 07:48:01.215295
Duration: 614.568 ms
Changes:
4.3 state.show_state_usage
4.4 state.show_top
# 返回minion将用于highstate的顶级数据
root@master ~]# salt 'laolin' state.show_top
laolin:
----------
base:
- web.nginx.install
4.5 state.top
# 执行指定的top file,而不是默认的
[root@master ~]# salt 'laolin' state.top top.sls
laolin:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: All specified packages are already installed
Started: 07:51:31.599657
Duration: 635.913 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: The service nginx is already running
Started: 07:51:32.236725
Duration: 41.442 ms
Changes:
Summary for 192.168.11.132
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 677.355 ms
4.6 state.show_sls
# 显示 master 上特定sls或sls文件列表中的状态数据
[root@master ~]# salt 'laolin' state.show_sls web.nginx.install
laolin:
----------
nginx-install:
----------
__env__:
base
__sls__:
web.nginx.install
pkg:
|_
----------
name:
nginx
- installed
|_
----------
5. SaltStack常用模块之salt-cp
salt-cp能够很方便的把 master 上的文件批量传到 minion上
# 拷贝单个文件到目标主机的/opt目录下
[root@master ~]# salt 'laolin' cmd.run 'ls /opt'
laolin:
[root@master ~]# salt-cp 'laolin' /etc/laolin /opt
laolin:
----------
/opt/laolin:
True
[root@master ~]# salt 'laolin' cmd.run 'ls /opt'
laolin:
laolin
# 拷贝多个文件到目标主机的/opt目录下
[root@master ~]# salt-cp 'laolin' /etc/linjunjie /etc/ljj /opt
laolin:
----------
/opt/linjunjie:
True
/opt/ljj:
True
[root@master ~]# salt 'laolin' cmd.run 'ls /opt'
laolin:
laolin
linjunjie
ljj
6. SaltStack常用模块之user
6.1 user.add
# 创建用户,可以指定uid,gid,groups,home,shell
# 创建一个test用户
[root@master ~]# salt '*' user.add test
master:
True
laolin:
True
[root@master ~]# id test
uid=1001(test) gid=1001(test) 组=1001(test)
# 创建用户时指定shell
[root@master ~]# salt '*' user.add ljj shell=/sbin/nologin
master:
True
laolin:
True
# 创建用户是指定不创建家目录
[root@master ~]# salt '*' user.add gj createhome=False
master:
True
laolin:
True
# 创建用户时指定附加组
[root@master ~]# salt '*' user.add test3 groups=linjj
minion1:
True
master:
True
6.2 user.chgroups
# 将test用户加入到nginx组,此为附加组
[root@master ~]# salt '*' user.chgroups test linjj
laolin:
True
master:
True
6.3 user.list_groups test
# 查看test用户的所有的组
[root@master ~]# salt '*' user.list_groups test
laolin:
- linjj
- test
master:
- linjj
- test
6.4 user.delete
# 删除用户
[root@master ~]# salt '*' user.delete test remove=True
laolin:
True
master:
True
6.5 user.list_users
# 查看所有用户
[root@master ~]# salt '*' user.list_users
master:
- adm
- apache
- avahi
- bin
- chrony
- clevis
- cockpit-ws
- cockpit-wsinstance
- colord
- daemon
- dbus
- dnsmasq
- flatpak
- ftp
- games
- gdm
- geoclue
- gj
- gluster
以下省略N行......
7. SaltStack常用模块之cron
7.1 cron.set_job
# 为指定用户设置计划任务
[root@master ~]# salt '*' cron.set_job root 10 10 '*' '*' 5 /bin/bash /scripts/apache_install.sh
master:
new
laolin:
new
# 如果这个用户存在任务,则变成更改任务
[root@master ~]# salt '*' cron.set_job root 20 20 '*' '*' 6 /bin/bash /scripts/apache_install.sh
master:
updated
laolin:
updated
7.2 cron.list_tab
# 查看指定用户的计划任务
[root@master ~]# salt '*' cron.list_tab root
master:
----------
crons:
|_
----------
cmd:
/bin/bash
comment:
None
commented:
False
daymonth:
*
dayweek:
6
hour:
20
identifier:
None
minute:
20
month:
*
env:
pre:
special:
laolin:
----------
crons:
|_
----------
cmd:
/bin/bash
comment:
None
commented:
False
daymonth:
*
dayweek:
6
hour:
20
identifier:
None
minute:
20
month:
*
env:
pre:
special:
7.3 cron.raw_cron
# 查看指定用户的计划任务
[root@master ~]# salt '*' cron.raw_cron root
laolin:
# Lines below here are managed by Salt, do not edit
20 20 * * 6 /bin/bash
master:
# Lines below here are managed by Salt, do not edit
20 20 * * 6 /bin/bash
7.4 cron.rm_job
# 删除指定用户的计划任务、如果这个计划任务指定了时间,则需要指定的参数匹配的时候才会删除
[root@master ~]# salt '*' cron.rm_job root
master:
Passed invalid arguments to cron.rm_job: rm_job() missing 1 required positional argument: 'cmd'
Remove a cron job for a specified user. If any of the day/time params are
specified, the job will only be removed if the specified params match.
CLI Example:
.. code-block:: bash
salt '*' cron.rm_job root /usr/local/weekly
salt '*' cron.rm_job root /usr/bin/foo dayweek=1
laolin:
Passed invalid arguments to cron.rm_job: rm_job() missing 1 required positional argument: 'cmd'
Remove a cron job for a specified user. If any of the day/time params are
specified, the job will only be removed if the specified params match.
CLI Example:
.. code-block:: bash
salt '*' cron.rm_job root /usr/local/weekly
salt '*' cron.rm_job root /usr/bin/foo dayweek=1
[root@master ~]# salt '*' cron.rm_job root /bin/bash dayweek=6
laolin:
removed
master:
removed
8. SaltStack常用模块之acl\
8.1 acl.modfacl
# 为指定的文件添加或修改FACL
[root@master ~]# salt '*' acl.modfacl user test1 rwx /tmp/ll
master:
True
laolin:
True
[root@master ~]# getfacl /tmp/ll
getfacl: Removing leading '/' from absolute path names
# file: tmp/ll
# owner: root
# group: root
user::rw-
user:test1:rwx
group::r--
mask::rwx
other::r--
8.2 acl.getfacl
# 查看指定文件的访问控制列表
[root@master ~]# salt '*' acl.getfacl /tmp/ll
master:
----------
/tmp/ll:
----------
comment:
----------
file:
/tmp/ll
group:
root
owner:
root
group:
|_
----------
root:
----------
octal:
4
permissions:
----------
execute:
False
read:
True
write:
False
mask:
|_
----------
:
----------
octal:
7
permissions:
----------
execute:
True
read:
True
write:
True
以下省略N行......
8.3 acl.delfacl
# 从指定的文件中删除特定的FACL
[root@master ~]# salt '*' acl.delfacl user test2 /tmp/ll
master:
True
laolin:
True
[root@master ~]# getfacl /tmp/ll
getfacl: Removing leading '/' from absolute path names
# file: tmp/ll
# owner: root
# group: root
user::rw-
user:test1:rwx
group::r--
mask::rwx
other::r--
8.4 acl.wipefacls
# 从指定的文件中删除所有facl
[root@master ~]# salt '*' acl.wipefacls /tmp/ll
master:
True
laolin:
True
[root@master ~]# getfacl /tmp/ll
getfacl: Removing leading '/' from absolute path names
# file: tmp/ll
# owner: root
# group: root
user::rw-
group::r--
other::r--
9. SaltStack常用模块之file
9.1 file.access
检查指定路径是否存在
[root@master opt]# ls
abc
[root@master opt]# salt 'master' file.access /opt/abc f
master:
True
[root@master opt]# salt 'master' file.access /opt/abc/abc f
master:
False
检查指定文件的权限信息
[root@master opt]# salt 'master' file.access /opt/abc r
master:
True
[root@master opt]# salt 'master' file.access /opt/abc w
master:
True
9.2 file.append
往一个文件里追加内容,若此文件不存在则会报异常
此时 laolin 这台主机上的 /opt/abc 没有这个文件 所以会报错!!
[root@master opt]# salt '*' file.append /opt/abc "hello world" "haha" "xixi"
master:
Wrote 3 lines to "/opt/abc"
laolin:
The minion function caused an exception: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/salt/minion.py", line 1676, in _thread_return
return_data = minion_instance.executors[fname](opts, data, func, args, kwargs)
File "/usr/lib/python3.6/site-packages/salt/executors/direct_call.py", line 12, in execute
return func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/modules/file.py", line 3070, in append
with salt.utils.files.fopen(path, 'rb+') as ofile:
File "/usr/lib/python3.6/site-packages/salt/utils/files.py", line 399, in fopen
f_handle = open(*args, **kwargs) # pylint: disable=resource-leakage
FileNotFoundError: [Errno 2] No such file or directory: '/opt/abc'
ERROR: Minions returned with non-zero exit code
9.3 file.basename
获取指定路径的基名
[root@master opt]# salt '*' file.basename '/root/za/abc/wer'
laolin:
wer
master:
wer
9.4 file.dirname
获取指定路径的目录名
[root@master opt]# salt '*' file.dirname '/root/za/abc/wer'
master:
/root/za/abc
laolin:
/root/za/abc
9.5 file.check_hash
检查指定的文件与hash字符串是否匹配,匹配则返回 True 否则返回 False
[root@master opt]# md5sum abc
ac94e869094bb2e560acf3d34347ea07 abc
[root@master opt]# salt 'master' file.check_hash /opt/abc ac94e869094bb2e560acf3d34347ea07
master:
True
[root@master opt]# salt 'master' file.check_hash /opt/abc ac94e869094bb2e560acf3d34347ea08 从7 变成了 8 )
master:
False
9.6 file.chattr
修改指定文件的属性
属性 | 对文件的意义 | 对目录的意义 |
---|---|---|
a | 只允许在这个文件之后追加数据 不允许任何进程覆盖或截断这个文件 | 只允许在这个目录下建立和修改文件 而不允许删除任何文件 |
i | 不允许对这个文件进行任何的修改 不能删除、更改、移动 | 任何的进程只能修改目录之下的文件 不允许建立和删除文件 |
给指定文件添加属性
[root@master opt]# lsattr abc
-------------------- abc
[root@master opt]# salt 'master' file.chattr /opt/abc operator=add attributes=a
master:
True
[root@master opt]# lsattr abc
-----a-------------- abc
[root@master opt]# cat abc
123
234
345
hello world
haha
xixi
hello world
haha
xixi
[root@master opt]# echo "oooo" >> abc
[root@master opt]# cat abc
123
234
345
hello world
haha
xixi
hello world
haha
xixi
oooo
[root@master opt]# echo "oooo" > abc
-bash: abc: 不允许的操作
[root@master opt]# salt 'master' file.chattr /opt/ljj operator=add attributes=a
(ljj 为目录!!!)
master:
True
[root@master opt]# cd ljj
[root@master ljj]# touch abc
[root@master ljj]# mkdir qwe
[root@master ljj]# rm -rf abc
rm: 无法删除'abc': 不允许的操作
[root@master ljj]# rm -rf qwe
rm: 无法删除'qwe': 不允许的操作
给指定文件去除属性
[root@master opt]# salt 'master' file.chattr /opt/abc operator=remove attributes=a
master:
True
[root@master opt]# lsattr abc
-------------------- abc
9.7 file.chown
设置指定文件的属主、属组信息
[root@master opt]# ll
总用量 4
-rw-r--r--. 1 root root 61 7月 7 18:21 abc
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# salt 'master' file.chown /opt/abc tom tom
master:
None
[root@master opt]# ll
总用量 4
-rw-r--r--. 1 tom tom 61 7月 7 18:21 abc
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
9.8 file.copy
在远程主机上复制文件或目录
拷贝文件
[root@master opt]# ll
总用量 4
-rw-r--r--. 1 tom tom 61 7月 7 18:21 abc
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# salt 'master' file.copy /opt/abc /opt/jj
master:
True
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 tom tom 61 7月 7 18:21 abc
-rw-r--r--. 1 tom tom 61 7月 7 18:35 jj
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
覆盖并拷贝目录,将会覆盖同名文件或目录
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 tom tom 61 7月 7 18:21 abc
-rw-r--r--. 1 tom tom 61 7月 7 18:35 jj
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# salt '*' file.copy /tmp/ll /opt/qwe recurse=True
laolin:
True
master:
True
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 tom tom 61 7月 7 18:21 abc
-rw-r--r--. 1 tom tom 61 7月 7 18:35 jj
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
-rw-r--r--. 1 root root 0 7月 7 18:39 qwe
删除目标目录中同名的文件或目录并拷贝新内容至其中
[root@master opt]# cat linjunjie
qwe
rty
uio
eyp
[root@master opt]# cat /tmp/linjunjie
123
456
789
369
[root@master opt]# salt 'master' file.copy /tmp/linjunjie /opt/linjunjie recurse=True remove_existing=True
master:
True
[root@master opt]# cat /opt/linjunjie
123
456
789
369
9.9 file.ditectory_exists
判断指定目录是否存在,存在则返回 True ,否则返回 False
[root@master opt]# salt '*' file.directory_exists /opt/abc
laolin:
False
master:
False
[root@master opt]# ll
总用量 4
-rw-r--r--. 1 root root 16 7月 7 18:45 linjunjie
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# mkdir abc
[root@master opt]# salt '*' file.directory_exists /opt/abc
laolin:
False
master:
True
9.10 file.diskusage
递归计算指定路径的磁盘使用情况并以字节为单位返回
[root@master opt]# salt '*' file.diskusage /opt
master:
16
laolin:
32
9.11 file.file_exists
判断指定文件是否存在
[root@master opt]# salt '*' file.file_exists /opt/llll
laolin:
False
master:
True
9.12 file.find
类似 find 命令并返回符合指定条件的路径列表
The options include match criteria:
name = path-glob # case sensitive
iname = path-glob # case insensitive
regex = path-regex # case sensitive
iregex = path-regex # case insensitive
type = file-types # match any listed type
user = users # match any listed user
group = groups # match any listed group
size = [+-]number[size-unit] # default unit = byte
mtime = interval # modified since date
grep = regex # search file contents
and/or actions:
delete [= file-types] # default type = 'f'
exec = command [arg ...] # where {} is replaced by pathname
print [= print-opts]
and/or depth criteria:
maxdepth = maximum depth to transverse in path
mindepth = minimum depth to transverse before checking files or directories
The default action is print=path
path-glob:
* = match zero or more chars
? = match any char
[abc] = match a, b, or c
[!abc] or [^abc] = match anything except a, b, and c
[x-y] = match chars x through y
[!x-y] or [^x-y] = match anything except chars x through y
{a,b,c} = match a or b or c
path-regex: a Python Regex (regular expression) pattern to match pathnames
file-types: a string of one or more of the following:
a: all file types
b: block device
c: character device
d: directory
p: FIFO (named pipe)
f: plain file
l: symlink
s: socket
users: a space and/or comma separated list of user names and/or uids
groups: a space and/or comma separated list of group names and/or gids
size-unit:
b: bytes
k: kilobytes
m: megabytes
g: gigabytes
t: terabytes
interval:
[<num>w] [<num>d] [<num>h] [<num>m] [<num>s]
where:
w: week
d: day
h: hour
m: minute
s: second
print-opts: a comma and/or space separated list of one or more of the following:
group: group name
md5: MD5 digest of file contents
mode: file permissions (as integer)
mtime: last modification time (as time_t)
name: file basename
path: file absolute path
size: file size in bytes
type: file type
user: user name
salt '*' file.find / type=f name=\*.bak size=+10m
salt '*' file.find /var mtime=+30d size=+10m print=path,size,mtime
salt '*' file.find /var/log name=\*.[0-9] mtime=+30d size=+10m delete
9.13 file.get_gid
获取指定文件的gid
[root@master opt]# salt '*' file.get_gid /opt/llll
master:
0
laolin:
ERROR: Path not found: /opt/llll
ERROR: Minions returned with non-zero exit code
9.14 file.get_group
获取指定文件的组名
[root@master opt]# salt '*' file.get_group /opt/llll
laolin:
ERROR: Path not found: /opt/llll
master:
root
ERROR: Minions returned with non-zero exit code
9.15 file.get_hash
获取指定文件的hash值,该值通过 sha256 算法得来
[root@master opt]# sha256sum llll
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 llll
[root@master opt]# salt 'master' file.get_hash /opt/llll
master:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
9.16 file.get_mode
获取指定文件的权限,以数字方式显示
[root@master opt]# salt 'master' file.get_mode /opt/llll
master:
0644
9.17 file.get_selinux_context
获取指定文件的 SELINUX 上下文信息
[root@master opt]# salt 'master' file.get_selinux_context /opt/llll
master:
unconfined_u:object_r:usr_t:s0
9.18 file.get_sum
按照指定的算法计算指定文件的特征码并显示,默认使用的sha256算法。
该函数可使用的算法参数有:
- md5
- sha1
- sha224
- sha256 (default)
- sha384
- sha512
[root@master opt]# salt 'master' file.get_sum /opt/llll
master:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
[root@master opt]# salt 'master' file.get_sum /opt/llll md5
master:
d41d8cd98f00b204e9800998ecf8427e
9.19 file.get_uid与file.get_user
获取指定文件的 uid 或 用户名
[root@master opt]# salt 'master' file.get_uid /opt/llll
master:
0
[root@master opt]# salt 'master' file.get_user /opt/llll
master:
root
9.20 file.gid_to_group
将指定的 gid 转换为组名并显示
[root@master opt]# salt 'master' file.gid_to_group 1000
master:
lzz
[root@master opt]# salt '*' file.gid_to_group 0
master:
root
laolin:
root
9.21 file.group_to_gid
将指定的组名转换为 gid 并显示
[root@master opt]# salt '*' file.group_to_gid root
master:
0
laolin:
0
[root@master opt]# salt 'master' file.group_to_gid tom
master:
1009
9.22 file.grep
在指定文件中检索指定内容
该函数支持通配符,若在指定的路径中用通配符则必须用双引号引起来
[root@master opt]# salt '*' file.grep /etc/sysconfig/network-scripts/ifcfg-ens33 ipaddr -- -i -C2
master:
----------
pid:
1104517
retcode:
0
stderr:
stdout:
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.160.110
NETMASK=255.255.255.0
GATEWAY=192.168.160.2
laolin:
----------
pid:
738798
retcode:
0
stderr:
stdout:
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.160.111
NETMASK=255.255.255.0
GATEWAY=192.168.160.2
9.23 file.is_blkdev
判断指定的文件是否是块设备文件
[root@master opt]# salt '*' file.is_blkdev /dev/sr0
master:
True
laolin:
True
9.24 file.lsattr
检查并显示出指定文件的属性信息
[root@master opt]# salt 'master' file.lsattr /opt/llll
master:
----------
/opt/llll:
9.25 file.mkdir
创建目录并设置属主、属组及权限
[root@master opt]# salt '*' file.mkdir /opt/haha tom tom 400
master:
True
laolin:
True
[root@master opt]# ll
总用量 4
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rw-r--r--. 1 root root 16 7月 7 18:45 linjunjie
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
-rw-r--r--. 1 root root 0 7月 7 18:49 llll
9.26 file.move
移动或重命名
移动!!!
[root@master opt]# salt 'master' file.move /opt/llll /root/abc
master:
----------
comment:
'/opt/llll' moved to '/root/abc'
result:
True
重命名!!
[root@master opt]# ll
总用量 4
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rw-r--r--. 1 root root 16 7月 7 18:45 linjunjie
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# salt '*' file.move /opt/linjunjie /opt/laolin
master:
----------
comment:
'/opt/linjunjie' moved to '/opt/laolin'
result:
True
laolin:
----------
comment:
'/opt/linjunjie' moved to '/opt/laolin'
result:
True
[root@master opt]# ll
总用量 4
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rw-r--r--. 1 root root 16 7月 7 18:45 laolin
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
9.27 file.prepend
把文本插入指定文件的开头
[root@master opt]# salt 'master' file.prepend /opt/laolin "hehe" "xixi" "haha"
master:
Prepended 3 lines to "/opt/laolin"
[root@master opt]# cat laolin
hehe
xixi
haha
123
456
789
369
9.28 file.sed
修改文本文件的内容
[root@master opt]# cat laolin
hehe hehe hehe hehe
hehe hehe
123 hehe
456
789
369
[root@master opt]# salt 'master' file.sed /opt/laolin 'hehe' 'xixi'
master:
----------
pid:
16304
retcode:
0
stderr:
stdout:
[root@master opt]# cat laolin
xixi xixi xixi xixi
xixi xixi
123 xixi
456
789
369
[root@master opt]# cat laolin
xixi xixi xixi xixi
xixi xixi
123 xixi
456
789
369
[root@master opt]# salt 'master' file.sed /opt/laolin 'xixi' 'haha' flags=2
master:
----------
pid:
18365
retcode:
0
stderr:
stdout:
[root@master opt]# cat laolin
xixi haha xixi xixi
xixi haha
123 xixi
456
789
369
9.29 file.read
读取文件内容
[root@master opt]# salt 'master' file.read /opt/laolin
master:
xixi haha xixi xixi
xixi haha
123 xixi
456
789
369
9.30 file.readdir
列出指定目录下的所有文件或目录,包括隐藏文件
[root@master opt]# salt '*' file.readdir /root
laolin:
- .
- ..
- .bash_logout
- .bash_profile
- .bashrc
- .cshrc
- .tcshrc
- anaconda-ks.cfg
- .cache
- .dbus
- initial-setup-ks.cfg
- .ICEauthority
以下省略N行......
9.31 file.remove
删除指定的文件或目录,若给出的是目录,将递归删除
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 root root 0 7月 8 10:04 aa
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rwxrwxrwx. 1 root root 10 7月 8 10:01 laolin
-rw-r--r--. 1 root root 52 7月 8 09:56 linjunjie
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# ll
总用量 4
-rw-r--r--. 1 root root 0 7月 8 10:04 aa
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rwxrwxrwx. 1 root root 10 7月 8 10:01 laolin
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# salt 'master' file.remove /opt/haha
master:
True
[root@master opt]# ll
总用量 4
-rw-r--r--. 1 root root 0 7月 8 10:04 aa
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
-rwxrwxrwx. 1 root root 10 7月 8 10:01 laolin
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
9.32 file.rename
重命名文件或目录
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 root root 0 7月 8 10:04 aa
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rwxrwxrwx. 1 root root 10 7月 8 10:01 laolin
-rw-r--r--. 1 root root 52 7月 8 09:56 laolin.bak
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
[root@master opt]# salt 'master' file.rename /opt/laolin.bak /opt/linjunjie
master:
True
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 root root 0 7月 8 10:04 aa
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rwxrwxrwx. 1 root root 10 7月 8 10:01 laolin
-rw-r--r--. 1 root root 52 7月 8 09:56 linjunjie
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
9.33 file.set_mode
给指定文件设置权限
[root@master opt]# salt '*' file.set_mode /opt/laolin 0777
master:
0777
laolin:
0777
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 root root 0 7月 8 10:04 aa
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rwxrwxrwx. 1 root root 10 7月 8 10:01 laolin
-rw-r--r--. 1 root root 52 7月 8 09:56 laolin.bak
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
9.34 file.symlink
给指定的文件创建软链接
[root@master opt]# salt '*' file.symlink /opt/laolin /root/a
laolin:
True
master:
True
[root@master opt]# ll /root
总用量 12
lrwxrwxrwx. 1 root root 11 7月 8 10:05 a -> /opt/laolin
-rw-r--r--. 1 root root 0 7月 7 18:49 abc
-rw-------. 1 root root 1096 7月 6 14:30 anaconda-ks.cfg
-rw-r--r--. 1 root root 1 7月 7 09:05 EOF
-rw-r--r--. 1 root root 1387 7月 6 14:32 initial-setup-ks.cfg
9.35 file.touch
创建空文件或更新时间戳
[root@master opt]# salt '*' file.touch /opt/aa
laolin:
True
master:
True
[root@master opt]# ll
总用量 8
-rw-r--r--. 1 root root 0 7月 8 10:04 aa
drwxr-xr-x. 2 root root 6 7月 7 18:49 abc
dr--------. 2 tom tom 6 7月 7 19:22 haha
-rw-r--r--. 1 root root 10 7月 8 10:01 laolin
-rw-r--r--. 1 root root 52 7月 8 09:56 laolin.bak
drwxr-xr-x. 3 root root 28 7月 7 18:26 ljj
9.36 file.uid_to_user
将指定的 uid 转换成用户名显示出来
[root@master opt]# salt '*' file.uid_to_user 0
laolin:
root
master:
root
[root@master opt]# salt '*' file.uid_to_user 1007
laolin:
1007
master:
tom
9.37 file.user_to_uid
将指定的用户转换成 uid 并显示出来
[root@master opt]# salt '*' file.user_to_uid tom
laolin:
master:
1007
[root@master opt]# salt '*' file.user_to_uid root
laolin:
0
master:
0
9.38 file.write
往一个指定的文件里覆盖写入指定内容
[root@master opt]# salt 'master' file.write /opt/laolin "haha" "xixi"
master:
Wrote 2 lines to "/opt/laolin"
[root@master opt]# cat laolin
haha
xixi
10. Saltstack常用模块之lvs
10.1 lvs.add_service
添加调度器并设置连接方式和调度算法。调度算法默认为wlc
[root@master ~]# salt laolin lvs.add_service tcp 192.168.160.110:80 rr
laolin:
True
10.2 lvs.add_server
添加RS并设置调度模式和权重
[root@master ~]# salt laolin lvs.add_server tcp 192.168.160.110:80 192.168.160.111:80 nat 1
laolin:
True
10.3 lvs.check_server
检查指定的RS是否在指定的调度规则中
[root@master ~]# salt laolin lvs.check_server tcp 192.168.160.110:80 192.168.160.111:80
laolin:
True
10.4 lvs.check_service
检查指定的调度规则是否存在
[root@master ~]# salt laolin lvs.check_service tcp 192.168.160.110:80
laolin:
True
10.5 lvs.clear
清除ipvsadm规则
[root@master ~]# salt laolin lvs.clear
laolin:
True
[root@laolin ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
10.6 lvs.delete_server
将指定的RS从指定调度规则中删除
[root@master ~]# salt laolin lvs.delete_server tcp 192.168.160.110:80 192.168.160.111:80
laolin:
True
10.7 lvs.delete_service
将指定的调度规则删除
10.8 lvs.edit_server
修改映射端口、调度模式和权重
10.9 lvs.edit_service
修改调度算法
10. 10 lvs.get_rules
获取ipvsadm规则