SaltStack基础 - 03模块与方法
SaltStack基础 - 03模块与方法
一、查看模块与方法
### function是 module提供的方法
[root@cl-server ~]# salt cl-node01 sys.list_modules
[root@cl-server ~]# salt cl-node01 sys.list_functions
[root@cl-server ~]# salt cl-node01 sys.list_functions cmd
[root@cl-server ~]# salt cl-node01 sys.doc cmd
[root@cl-server ~]# salt cl-node01 sys.doc cmd.run
[root@cl-server ~]# salt cl-node01 sys.doc > salt-command.txt
二、file模块
###2.1 从master向minion传输文件
[root@cl-server init]# cat files_test.sls
copy_file:
file.managed:
- name: /tmp/resolv.conf
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
[root@cl-server init]# salt cl-node01 state.sls init/files_test
cl-node01:
----------
ID: copy_file
Function: file.managed
Name: /tmp/resolv.conf
Result: True
Comment: File /tmp/resolv.conf updated
Started: 16:55:04.086735
Duration: 34.759 ms
Changes:
----------
diff:
New file
mode:
0644
Summary for cl-node01
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 34.759 ms
###2.2 在minion端创建文件夹
make_directory:
file.directory:
- name: /tmp/zabbix/zabbix_agentd.conf.d
- user: root
- group: root
- mode: 755
- makedirs: True ### 目录不存在自动创建
- recurse: ### 将属组权限递归到文件夹内的文件
- user
- group
- mode
###2.3 文件内容追加
append_file:
file.append:
- name: /tmp/resolv.conf
- text:
- "nameserver:192.168.234.1"
[root@cl-server init]# salt cl-node01 state.sls init/files_test
cl-node01:
----------
ID: copy_file
Function: file.managed
Name: /tmp/resolv.conf
Result: True
Comment: File /tmp/resolv.conf updated
Started: 16:57:05.886843
Duration: 51.475 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,4 @@
# Generated by NetworkManager
nameserver 114.114.114.114
nameserver 8.8.8.8
+nameserver 192.168.234.2
Summary for cl-node01
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 51.475 ms
###2.4 在远程主机minion端执行文件拷贝
### 命令行方式: salt cl-node01 file.copy /tmp/aa.txt /tmp/aa-01.txt
copy_file_on_remote:
file.copy:
- name: /tmp/zabbix/resolv.conf
- source: /tmp/resolv.conf
###2.5 文件软连接
### Created new symlink /tmp/zabbix-agent -> /tmp/zabbix/zabbix_agentd.conf.d/
make_link:
file.symlink:
- name: /tmp/zabbix-agent
- target: /tmp/zabbix/zabbix_agentd.conf.d/
[root@cl-server salt]# salt cl-node01 file.get_sum /etc/resolv.conf md5
### 获取文件的用户、组、时间、权限、大小、类型
[root@cl-server salt]# salt cl-node01 file.stats /etc/resolv.conf
### 使用jinja模板
file-managed-exp:
file.managed:
- name: /etc/http/conf/http.conf
- source: salt://apache/http.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
custom_var: "default value"
other_var: 123
{% if grains['os'] == 'Ubuntu' %}
- context:
custom_var: "override"
{% endif %}
### source- 指定源文件,使用第一个匹配到的文件,设置一个默认的文件。
/etc/foo.conf:
file.managed:
- source:
- salt://foo.conf.{{ grains['fqdn'] }}
- salt://foo.conf.fallback
- user: foo
- group: users
- mode: 644
- backup: minion
### 使用dev环境里的foo.conf文件
/etc/foo.conf:
file.managed:
- source:
- salt://foo.conf?saltenv=dev
- user: foo
- group: users
- mode: 644
- backup: minion
三、命令执行模块
[root@cl-server ~]# salt 'cl-node03' cmd.run 'uname -a'
### 在cl-node03上切换到/目录以soupman用户运行uname -a命令。
[root@cl-server ~]# salt 'cl-node03' cmd.run 'uname -a' cwd=/ user=soupman
[root@cl-server ~]# salt 'cl-node01' cmd.run 'netstat -tunlp'
[root@cl-server ~]# salt 'cl-node01' cmd.run 'df -h'
[root@cl-server ~]# salt 'cl-node01' cmd.run 'free -m'
[root@cl-server salt]# salt cl-node01 cmd.run "ls -l | grep super"
cl-node01:
-rwxr-xr-x 1 root root 8 Sep 25 2003 super_pi
-rw-r--r-- 1 root root 74961 Nov 20 2007 super_pi.tar.bz2
[root@cl-server salt]# salt cl-node01 cmd.run "ls -l | awk '/super/{print \$1}'"
cl-node01:
-rwxr-xr-x
-rw-r--r--
### 在minion端执行master上的脚本
[root@cl-server ~]# salt cl-node01 cmd.script salt://scripts/getDisk.sh
[root@cl-server ~]# salt '*' cmd.script salt://scripts/runme.sh
[root@cl-server ~]# salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
[root@cl-server ~]# salt '*' cmd.script salt://scripts/windows_task.ps1 args=' -Input c:\tmp\infile.txt' shell='powershell'
[root@cl-server ~]# salt '*' cmd.script salt://scripts/runme.sh stdin='one\ntwo\nthree\nfour\nfive\n'
四、user/group/shadow模块
### 设置加密密码
[root@cl-server init]# openssl passwd -1 Password: Verifying - Password: $1$.gbV8Cuu$3fxQbApoSCvfF2aiPoggr1
### 新增用户 [root@cl-server init]# cat create_user.sls create_group: group.present: - name: yunwei - gid: 600 - system: True create_user2: user.present: - name: developer - fullname: developer - shell: /bin/bash - home: /home/developer - uid: 4008 - gid: 600 - password: '$1$.bStQQby$QbItq0gA0zolzOycaGVDB.' [root@cl-server init]# salt cl-node03 state.sls init/create_user cl-node03: ---------- ID: create_group Function: group.present Name: yunwei Result: True Comment: Group yunwei is present and up to date Started: 14:13:07.339376 Duration: 1.921 ms Changes: ---------- ID: create_user2 Function: user.present Name: developer Result: True Comment: User developer is present and up to date Started: 14:13:07.341964 Duration: 33.821 ms Changes: Summary for cl-node03 ------------ Succeeded: 2 Failed: 0 ------------ Total states run: 2 Total run time: 35.742 ms
### 删除用户 [root@cl-server init]# cat delete_user.sls delete_developer: user.absent: - name: developer
[root@cl-server init]# pwd
/application/salt/init
[root@cl-server init]# cat useradd.sls
{% set user= 'mall' %}
{% set home= '/home/mall' %}
group_add:
group.present:
- name: {{ user }}
{{ user }}:
user.present:
- uid: 895
- gid_from_name: True
- home: {{ home }}
- createhome: True
- shell: /bin/bash
- maxdays: 90
- password: '$1$2nTddib7$PT1LxjTL7Jfc3p39zzMUM/'
cp_skel:
cmd.run:
- name: 'cp /etc/skel/.bash* {{ home }} && chown -R {{ user }}.{{ user }} {{ home }}'
- unless: test -f {{ home }}/.bashrc
[root@cl-server init]# salt cl-node01 state.sls init.useradd
### 修改密码
[root@cl-server pillar]# pwd /application/salt/pillar [root@cl-server pillar]# cat user.sls user_chpw: mall: '$1$2nTddib7$PT1LxjTL7Jfc3p39zzMUM/' adminx: '$1$2nTddib7$PT1LxjTL7Jfc3p39zzMUM/' [root@cl-server init]# cat chpw.sls {% for user, passwd in pillar.get('user_chpw',{}).items() %} {{ user }}: user.present: - password: {{ password }} {% endfor %} [root@cl-server init]# salt cl-node01 state.sls init.chpw
[root@cl-server init]# salt cl-node01 shadow.gen_password 'test8888' ###默认使用sha512
cl-node01:
$6$ePk84MXl$VrnRO8FnHpNHuQ62Ok6IcxVAoFpsjW/Knt4aR/2wIA.C0LOq1hjdEtqQ0MGBzSv.OEpJ9kmi88DPteURVFQms1
### 显示用户密码信息
[root@cl-server init]# salt cl-node01 shadow.info root
### 设置用户密码
[root@cl-server init]# salt cl-node01 shadow.set_password root '$6$I5wR7XBJ/tuVV7vK$LY51pyV5iI7a5eUdpNOH9yvjjJZfSmGhNj3pVFcesdPhp8g/UwiXxpwRaslWq7104sUHBpIhOU2rfUF/L1FFo/'
### 删除用户密码,删除后可无密码登录
[root@cl-server init]# salt cl-node01 shadow.del_password mall
### 显示指定用户的信息
[root@cl-server init]# salt cl-node01 user.info root
五、文件拷贝cp模块
cp.get_dir / cp.get_url / cp.push / cp.push_dir / cp.cache_file / cp.cache_files / cp.cache_master /
1. 复制目录,新增目录本身 [root@cl-server salt]# salt cl-node01 cp.get_dir salt://prod/haproxy/ /tmp/haproxy/ cl-node01: - /tmp/haproxy//haproxy/files/haproxy-2.4.4.tar.gz - /tmp/haproxy//haproxy/files/haproxy.init - /tmp/haproxy//haproxy/install.sls 2. 主节点访问的URL下载到从节点 [root@cl-server salt]# salt cl-node01 cp.get_url http://nginx.org/download/nginx-1.20.2.tar.gz /tmp/haproxy/ cl-node01: /tmp/haproxy/nginx-1.20.2.tar.gz 3. 把从节点的文件拷到主节点,需要salt-master开启 file_recv [root@cl-server salt]# salt cl-node01 cp.push /tmp/haproxy/nginx-1.20.2.tar.gz cl-node01: False
### 开启 file_recv [root@cl-server salt]# vi /etc/salt/master file_recv: True [root@cl-server salt]# systemctl restart salt-master
### 将minion的文件拷贝到指定目录, /var/cache/salt/master/minions/cl-node01/files [root@cl-server salt]# salt cl-node01 cp.push /tmp/haproxy/nginx-1.20.2.tar.gz cl-node01: True [root@cl-server salt]# ls /var/cache/salt/master/minions/cl-node01/files/tmp/haproxy/ nginx-1.20.2.tar.gz 4. 把从节点的目录拷贝到主节点。 # 拷贝到 /var/cache/salt/master/minions/cl-node01/files/root/redis-5.0.12/ [root@cl-server salt]# salt cl-node01 cp.push_dir /root/redis-5.0.12/ cl-node01: True # 指定路径,拷贝到 /var/cache/salt/master/minions/cl-node01/files/tmp [root@cl-server salt]# salt cl-node01 cp.push_dir /root/redis-5.0.12/ upload_path='/tmp/' cl-node01: True
### 只拷贝目录下的特定文件 [root@cl-server tmp]# rm -rf * [root@cl-server salt]# salt cl-node01 cp.push_dir /root/redis-5.0.12/ upload_path='/tmp/' glob='*.conf' [root@cl-server tmp]# tree . ├── redis.conf ├── sentinel.conf └── tests └── assets └── default.conf
### 拷贝链接文件时,指定拷贝原文件 [root@cl-server ~]# ls -l /etc/system-release lrwxrwxrwx. 1 root root 14 4月 8 2021 /etc/system-release -> centos-release [root@cl-server ~]# salt cl-node01 cp.push /etc/system-release keep_symlinks=True [root@cl-server ~]# cd /var/cache/salt/master/minions/cl-node01/files [root@cl-server files]# ls -l ./etc/system-release -rw-r--r-- 1 root root 37 12月 6 10:57 ./etc/system-release
### 拷贝master上的文件到minion端 [root@cl-server salt]# salt-cp cl-node01 /tmp/server06.txt /tmp/server-06.txt cl-node01: ---------- /tmp/server-06.txt: True ### 缓存文件到 minion 端 [root@cl-server salt]# salt cl-node01 cp.cache_file salt://init/files/resolv.conf cl-node01: /var/cache/salt/minion/files/base/init/files/resolv.conf ### 缓存多个文件到 minion 端 [root@cl-server salt]# salt cl-node01 cp.cache_files salt://init/files/resolv.conf,salt://top.sls ### 操作minion端备份本地文件到缓存目录中 [root@cl-server salt]# salt cl-node01 cp.cache_local_file /tmp/server-06.txt cl-node01: /var/cache/salt/minion/localfiles/tmp/server-06.txt ### 推送master上的全部文件到minion [root@cl-server salt]# salt cl-node01 cp.cache_master cl-node01: - /var/cache/salt/minion/files/base/_grains/node02.py - /var/cache/salt/minion/files/base/_grains/test.py ...... ### 拷贝master上的文件夹到minion端的指定位置 [root@cl-server salt]# salt cl-node01 cp.get_dir salt://crontab /tmp cl-node01: - /tmp/crontab/files/crontab.soupman ### 拷贝master上的文件到minion端cache中,返回文件内容 [root@cl-server files]# salt cl-node01 cp.get_file_str salt://crontab/files/crontab.soupman cl-node01: # test22 * * * * * echo "hello world" >> /tmp/aa.txt ### 查看minion端是否缓存了 [root@cl-server files]# salt cl-node01 cp.is_cached salt://crontab/files/crontab.soupman
### 列出minion 端 缓存的master的文件 [root@cl-server salt]# salt cl-node01 cp.list_master cl-node01: - _grains/node02.py - _grains/test.py - _returners/file.py ...... [root@cl-server salt]# salt cl-node01 cp.list_master saltenv=prod cl-node01: - cluster/files/haproxy-outside.cfg - cluster/haproxy-outside.sls - haproxy/files/haproxy-2.4.4.tar.gz - haproxy/files/haproxy.init - haproxy/install.sls - pkg/pkg-init.sls
六、定时任务模块cron
cron.set_job / cron.raw_cron / cron.rm_job
### 新增一个定时任务 [root@cl-server salt]# salt 'cl-node03' cron.set_job root '1' '*' '*' '*' '*' echo "test" cl-node03: new
### 查看用户的定时任务列表
[root@cl-server salt]# salt 'cl-node03' cron.raw_cron root cl-node03: */2 * * * * /usr/sbin/logrotate /etc/logrotate.d/logrotate-test # Lines below here are managed by Salt, do not edit 1 * * * * echo
### 新增任务,命令为 echo '123' > /tmp/aa.txt , 命令需要使用'' [root@cl-server salt]# salt 'cl-node03' cron.set_job root '0' '*/1' '*' '*' '*' echo '123' > /tmp/aa.txt "test123" ### 失败 [root@cl-server salt]# salt 'cl-node03' cron.raw_cron root cl-node03: */2 * * * * /usr/sbin/logrotate /etc/logrotate.d/logrotate-test # Lines below here are managed by Salt, do not edit # test123 0 */1 * * * echo [root@cl-server salt]# salt 'cl-node03' cron.set_job root '0' '*/1' '*' '*' '*' 'echo "123" > /tmp/aa.txt' "test1234" cl-node03: new [root@cl-server salt]# salt 'cl-node03' cron.raw_cron root cl-node03: */2 * * * * /usr/sbin/logrotate /etc/logrotate.d/logrotate-test # Lines below here are managed by Salt, do not edit # test123 0 */1 * * * echo 0 */1 * * * echo "123" > /tmp/aa.txt
### 更新定时任务 [root@cl-server salt]# salt 'cl-node03' cron.set_job root '*' '*' '*' '*' '*' 'echo "123" >> /tmp/aa.txt' "test12345" cl-node03: updated [root@cl-server salt]# salt 'cl-node03' cron.raw_cron root cl-node03: */2 * * * * /usr/sbin/logrotate /etc/logrotate.d/logrotate-test # Lines below here are managed by Salt, do not edit # test123 0 */1 * * * echo * * * * * echo "123" > /tmp/aa.txt ### 删除定时任务 格式: salt 'target' cron.rm_job user ${my_cron} ${exec_crondtion} [root@cl-server salt]# salt 'cl-node03' cron.rm_job root echo minute='0' hour='*/1' cl-node03: removed [root@cl-server salt]# salt 'cl-node03' cron.raw_cron root cl-node03: */2 * * * * /usr/sbin/logrotate /etc/logrotate.d/logrotate-test # Lines below here are managed by Salt, do not edit * * * * * echo "123" > /tmp/aa.txt [root@cl-server salt]# salt 'cl-node03' cron.rm_job root 'echo "123" > /tmp/aa.txt' ### 通过文件修改crontab任务 [root@cl-server salt]# vi crontab_soupman.sls [root@cl-server salt]# cat crontab_soupman.sls /var/spool/cron/soupman: file.managed: - source: salt://crontab/files/crontab.soupman - mode: 600 - user: soupman - group: soupman [root@cl-server salt]# mkdir -p crontab/files [root@cl-server salt]# cd crontab/files/ [root@cl-server files]# pwd /application/salt/crontab/files [root@cl-server files]# cat crontab.soupman # test22 * * * * * echo "hello world" >> /tmp/aa.txt [root@cl-server files]# salt 'cl-node03' state.sls crontab_soupman cl-node03: ---------- ID: /var/spool/cron/soupman Function: file.managed Result: True Comment: File /var/spool/cron/soupman updated Started: 11:39:33.553118 Duration: 41.725 ms Changes: ---------- diff: New file group: soupman user: soupman Summary for cl-node03 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 41.725 ms [root@cl-node03 ~]# crontab -l -u soupman # test22 * * * * * echo "hello world" >> /tmp/aa.txt
[root@cl-server salt]# cat cronadd.sls
touch_cron:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: 1-10
- month: '3,5'
- dayweek: '*'
[root@cl-server salt]# salt cl-node01 state.sls cronadd
七、service模块
[root@cl-server files]# salt cl-node01 service.status httpd
cl-node01:
True
[root@cl-server files]# salt cl-node01 service.reload httpd
cl-node01:
True
[root@cl-server files]# salt cl-node01 sys.list_functions service
cl-node01:
- service.available
- service.disable
- service.disabled
- service.enable
- service.enabled
- service.execs
- service.force_reload
- service.get_all
- service.get_disabled
- service.get_enabled
- service.get_running
- service.get_static
- service.mask
- service.masked
- service.missing
- service.reload
- service.restart
- service.show
- service.start
- service.status
- service.stop
- service.systemctl_reload
- service.unmask
八、软件安装模块 pkg
[root@cl-server salt]# cat install_empx.sls
emqx_env:
pkg.installed:
- pkgs:
- yum-utils
- device-mapper-persistent-data
- lvm2
emqx_yum_install:
pkg.installed:
- sources:
- {"emqx": "salt://temp/emqx-centos7-4.3.10-amd64.rpm"}
- require:
- pkg: emqx_env
emqx_start:
service.running:
- name: emqx
- enable: True
- reload: True
- require:
- pkg: emqx_yum_install
[root@cl-server ~]# salt 'cl-node02' pkg.install 'telnet'
cl-node02:
----------
telnet:
----------
new:
1:0.17-66.el7
old:
[root@cl-server ~]# salt 'cl-node02' pkg.version 'telnet'
cl-node02:
1:0.17-66.el7
[root@cl-server ~]# salt 'cl-node02' pkg.remove 'telnet'
cl-node02:
----------
telnet:
----------
new:
old:
1:0.17-66.el7
九、网络模块network
[root@cl-server salt]# salt '*' network.ip_addrs
cl-node01:
- 192.168.234.11
cl-node02:
- 192.168.234.12
[root@cl-server files]# salt cl-node01 sys.list_functions network
cl-node01:
- network.active_tcp
- network.arp
- network.calc_net
- network.connect
- network.convert_cidr
- network.default_route
- network.dig
- network.get_bufsize
- network.get_fqdn
- network.get_hostname
- network.get_route
- network.hw_addr
- network.hwaddr
- network.ifacestartswith
- network.in_subnet
- network.interface
- network.interface_ip
- network.interfaces
- network.ip_addrs
- network.ip_addrs6
- network.ip_in_subnet
- network.ipaddrs
- network.ipaddrs6
- network.iphexval
- network.is_loopback
- network.is_private
- network.mod_bufsize
- network.mod_hostname
- network.netstat
- network.ping
- network.reverse_ip
- network.routes
- network.subnets
- network.subnets6
- network.traceroute
- network.wol
十、解压缩模块archive
### 将minion端的aa.txt 压缩为 aa.txt.gz
[root@cl-server ~]# salt 'cl-node01' archive.gzip /tmp/aa.txt
### 将minion端的tar.gz文件解压到 /root目录下
[root@cl-server ~]# salt 'cl-node01' archive.tar zxf /tmp/redis-5.0.12.tar.gz
### 将minion端的 目录打包到一个文件中
[root@cl-server ~]# salt 'cl-node01' archive.tar zcf /tmp/playbook.tar.gz /tmp/ansible_playbooks/