1、软件环境:
[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@localhost ~]# uname -a Linux localhost.localdomain 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost ~]#
(1)修改selinux配置文件:
[root@localhost ~]# vim /etc/sysconfig/selinux SELINUX=enforcing 改为 SELINUX=disabled
(2)关闭防火墙:
[root@localhost ~]# systemctl disable firewalld [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# iptables -F [root@localhost ~]# iptables -L
IP分配如下:
master 192.168.112.140
minion 192.168.112.141
minion 192.168.112.142
(3)master和minion端部署安装
master端执行:
[root@localhost ~]# yum install epel-release [root@localhost ~]# yum install -y salt-master
minion端执行:
[root@localhost ~]# yum install epel-release [root@localhost ~]# yum install salt-minion
(4)修改配置文件:
[root@localhost ~]# vim /etc/salt/minion master: 192.168.112.140 id: server02 [root@localhost ~]# [root@localhost ~]# systemctl start salt-minion [root@localhost ~]# ps -ef|grep salt-minion root 2505 1 2 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2508 2505 8 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2536 2318 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion [root@localhost ~]# netstat -lnupt|grep 4505 tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2304/python [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# vim /etc/salt/minion master: 192.168.112.140 id: server03 [root@localhost ~]# [root@localhost ~]# systemctl start salt-minion [root@localhost ~]# ps -ef|grep salt-minion root 2487 1 1 23:05 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2490 2487 4 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2521 2320 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion [root@localhost ~]# [root@localhost ~]# [root@localhost ~]#
(5)设置salt-master和salt-minion开机启动
[root@localhost ~]# systemctl enable salt-master Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service. [root@localhost ~]# [root@localhost ~]# systemctl enable salt-minion Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service. [root@localhost ~]#
2、配置saltstack认证
salt-key //查看已经签名的客户端
salt-key -a //签名指定的主机
salt-key -A //签名所有的主机
salt-key -d //删除指定主机的签名
salt-key –help //查看各命令的用法
[root@localhost ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: server02 server03 Rejected Keys: [root@localhost ~]# [root@localhost ~]# salt-key -a server02 The following keys are going to be accepted: Unaccepted Keys: server02 Proceed? [n/Y] Y Key for minion server02 accepted. [root@localhost ~]# [root@localhost ~]# salt-key Accepted Keys: server02 server03 Denied Keys: Unaccepted Keys: Rejected Keys: [root@localhost ~]#
3、日常用法
test.ping用户检查master到minion端的网络连通性,返回True即正常,False为异常
[root@localhost ~]# salt '*' test.ping server02: True server03: True [root@localhost ~]#
cmd.run 在minion端执行shell命令,记住这模块只能执行短连接命令,比如df命令;长连接的无法返回结果,比如top命令
[root@localhost ~]# salt '*' cmd.run 'hostname' server03: localhost.localdomain server02: localhost.localdomain [root@localhost ~]# salt '*' cmd.run 'df -Th' server02: Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 xfs 90G 1.8G 89G 2% / devtmpfs devtmpfs 231M 0 231M 0% /dev tmpfs tmpfs 241M 12K 241M 1% /dev/shm tmpfs tmpfs 241M 4.6M 236M 2% /run tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 131M 884M 13% /boot tmpfs tmpfs 49M 0 49M 0% /run/user/0 server03: Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 xfs 90G 1.8G 89G 2% / devtmpfs devtmpfs 231M 0 231M 0% /dev tmpfs tmpfs 241M 12K 241M 1% /dev/shm tmpfs tmpfs 241M 4.6M 236M 2% /run tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 131M 884M 13% /boot tmpfs tmpfs 49M 0 49M 0% /run/user/0 [root@localhost ~]#
显示被控主机的操作系统类型
[root@localhost ~]# salt '*' grains.item os server02: ---------- os: CentOS server03: ---------- os: CentOS [root@localhost ~]#
远程代码执行测试
(1)(通配符*匹配)
[root@localhost ~]# salt '*' cmd.exec_code python 'import sys;print sys.version' server02: 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] server03: 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] [root@localhost ~]#
(2)正则匹配
[root@localhost ~]# salt -E 'server(02|03)' test.ping server03: True server02: True [root@localhost ~]#
(3)列表匹配
[root@localhost ~]# salt -L 'server02,server03' test.ping server02: True server03: True [root@localhost ~]#
(4)grains匹配,其命令salt <target> grains.items
[root@localhost ~]# salt 'server02' grains.items server02: ---------- SSDs: biosreleasedate: 07/31/2013 biosversion: 6.00 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - dts - mmx - fxsr - sse - sse2 - ss - ht - syscall - nx - rdtscp - lm - constant_tsc - arch_perfmon - pebs - bts - nopl - xtopology - tsc_reliable - nonstop_tsc - aperfmperf - eagerfpu - pni - pclmulqdq - ssse3 - cx16 - pcid - sse4_1 - sse4_2 - x2apic - popcnt - xsave - avx - f16c - hypervisor - lahf_lm - arat - epb - pln - pts - dtherm - fsgsbase - smep - xsaveopt cpu_model: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz cpuarch: x86_64 domain: fqdn: server02 fqdn_ip4: - 192.168.112.141 fqdn_ip6: - ::1 gpus: |_ ---------- model: SVGA II Adapter vendor: unknown host: server02 hwaddr_interfaces: ---------- eth0: 00:0c:29:0b:28:95 lo: 00:00:00:00:00:00 id: server02 init: systemd ip4_interfaces: ---------- eth0: - 192.168.112.141 lo: - 127.0.0.1 ip6_interfaces: ---------- eth0: lo: ip_interfaces: ---------- eth0: - 192.168.112.141 lo: - 127.0.0.1 ipv4: - 127.0.0.1 - 192.168.112.141 ipv6: kernel: Linux kernelrelease: 3.10.0-514.el7.x86_64 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 localhost: server02 lsb_distrib_id: CentOS Linux machine_id: 09e12c5f3a7948af9747ee938feee87f manufacturer: VMware, Inc. master: 192.168.112.140 mdadm: mem_total: 480 nodename: server02 num_cpus: 4 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: Core osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.3.1611 osrelease_info: - 7 - 3 - 1611 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin productname: VMware Virtual Platform ps: ps -efH pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib64/python2.7/site-packages/gtk-2.0 - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 2015.5.10 saltversioninfo: - 2015 - 5 - 10 - 0 selinux: ---------- enabled: False enforced: Disabled serialnumber: VMware-56 4d 19 57 3d 1d 44 0d-99 bf 1a ff c4 0b 28 95 server_id: 1264512667 shell: /bin/sh systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 virtual: VMware zmqversion: 3.2.5 [root@localhost ~]#
如果要获取具体某一项内容,可以直接在该命令后加项名,比如获取操作系统,则:
[root@localhost ~]# salt -L 'server02,server03' grains.item os server03: ---------- os: CentOS server02: ---------- os: CentOS [root@localhost ~]#
同样可以获取host、ip_interfaces、fqdn_ipv4、cpu_model对应的值:
[root@localhost ~]# salt 'server02' grains.item host server02: ---------- host: server02 [root@localhost ~]# [root@localhost ~]# salt 'server02' grains.item ip_interfaces server02: ---------- ip_interfaces: ---------- eth0: - 192.168.112.141 lo: - 127.0.0.1 [root@localhost ~]# [root@localhost ~]# salt 'server02' grains.item fqdn_ip4 server02: ---------- fqdn_ip4: - 192.168.112.141 [root@localhost ~]# [root@localhost ~]# salt 'server02' grains.item cpu_model server02: ---------- cpu_model: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz [root@localhost ~]#
4、常用模块介绍
(1)、cp模块(实现远程文件、目录的复制,以及下载URL文件等操作)
#将主服务器file_roots指定位置下的目录复制到被控主机
打开master文件中的
#file_roots:
base:
– /srv/salt
改为:
file_roots:
base:
– /srv/salt
# salt ‘*’ cp.get_dir salt://test_dir /data
salt:// —>表示file_root指定的路径,这里是/srv/salt,salt://test_dir 表示/srv/salt/test_dir
/data —>表示目标主机上的根目录下的data目录
[root@localhost ~]# ll /srv/salt/test_dir/ total 672 -rw-r--r-- 1 root root 686011 May 7 22:37 nginx-1.0.10.tar.gz [root@localhost ~]# salt '*' cp.get_dir salt://test_dir /data server02: - /data/test_dir/nginx-1.0.10.tar.gz server03: - /data/test_dir/nginx-1.0.10.tar.gz [root@localhost ~]# salt '*' cmd.run 'ls -l /data' server03: total 0 drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir server02: total 0 drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir [root@localhost ~]#
#将主服务器file_roots指定位置下的文件复制到被控主机
# salt ‘*’ cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
[root@localhost salt]# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz server02: /root/nginx-1.0.10.tar.gz server03: /root/nginx-1.0.10.tar.gz [root@localhost salt]# salt '*' cmd.run 'ls -l /root/' server02: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz server03: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz [root@localhost salt]#
对于大文件,cp_get_file支持gzip压缩,在参数中指定gzip的压缩级别,如下:
[root@server01 salt]# pwd /srv/salt [root@server01 salt]# ll -th test -rw-r--r-- 1 root root 1.0G Jun 13 22:04 test [root@server01 salt]# salt '*' cp.get_file salt://test /root/test gzip=5 server02: /root/test server03: /root/test [root@server01 salt]# [root@server01 salt]# salt '*' cmd.run 'ls -htl /root/test' server02: -rw-r--r-- 1 root root 1.0G Jun 13 22:06 /root/test server03: -rw-r--r-- 1 root root 1.0G Jun 13 22:06 /root/test [root@server01 salt]#
其中,1代表最小压缩,9代表最大压缩,gzip参数是在传输过程中对文件进行压缩。
cp.get_file默认不会在客户端上建立目录,如果客户端上没有这个目录了,文件拷贝将失败,所以这里又有一个参数makedirs,当客户端上的目标目录不存在时,直接将该参数的值设置为True,即makedirs=True;
[root@server01 salt]# salt '*' cmd.run 'ls -l /root/' server02: total 1049372 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 web server03: total 1049368 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 web [root@server01 salt]# [root@server01 salt]# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/web/nginx-1.0.10.tar.gz makedirs=True server02: /root/web/nginx-1.0.10.tar.gz server03: /root/web/nginx-1.0.10.tar.gz [root@server01 salt]# [root@server01 salt]# salt '*' cmd.run 'ls -l /root/' server02: total 1049372 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 web server03: total 1049368 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz -rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test drwxr-xr-x 2 root root 33 Jun 13 22:54 web [root@server01 salt]#
注意:cp.get_file从字面上就可以看出是操作对象是文件,即只有在拷贝文件的时候,目标主机上对应的目录不存在使用makedirs参数才有用,否则该参数无效。
#下载指定URL内容到被控主机指定位置
salt ‘*’ cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
cp.get_url 根据指定的url地址下载文件到被控端主机的对应目录下,这里被控端目录/root/下面
[root@localhost salt]# salt '*' cmd.run 'ls -l /root/' server02: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz server03: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz [root@localhost salt]# salt '*' cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm server03: /root/GeoIP-1.6.5.-1.e16.x86_64.rpm server02: /root/GeoIP-1.6.5.-1.e16.x86_64.rpm [root@localhost salt]# salt '*' cmd.run 'ls -l /root/' server02: total 792 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz server03: total 792 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz [root@localhost salt]#
当然URL也可以是master上的路径(salt://)
[root@server01 salt]# salt '*' cp.get_url salt://nginx-1.0.10.tar.gz /opt/nginx-1.0.10.tar.gz server02: /opt/nginx-1.0.10.tar.gz server03: /opt/nginx-1.0.10.tar.gz [root@server01 salt]# salt '*' cmd.run 'ls -l /opt' server02: total 672 -rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.tar.gz server03: total 672 -rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.tar.gz [root@server01 salt]#
#salt ‘*’ cp.hash_file salt://test-file
cp.hash_file获取从主控端下发到被控端后文件的hash值,一般用于对比某个被控端某个文件的hash值
[root@localhost ~]# salt '*' cp.hash_file salt://nginx-1.0.10.tar.gz server02: ---------- hash_type: md5 hsum: 930b297b00fa1018fb0a1dd3e6b7e17e server03: ---------- hash_type: md5 hsum: 930b297b00fa1018fb0a1dd3e6b7e17e [root@localhost ~]#
(2)、cmd模块(实现远程的命令行调用执行)
# salt ‘*’ cmd.run ‘netstat -ntlp’
[root@localhost salt]# salt '*' cmd.run 'netstat -lnupt' server02: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1184/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2013/master tcp6 0 0 :::22 :::* LISTEN 1184/sshd tcp6 0 0 ::1:25 :::* LISTEN 2013/master udp 0 0 0.0.0.0:32525 0.0.0.0:* 737/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 672/chronyd udp 0 0 0.0.0.0:68 0.0.0.0:* 737/dhclient udp6 0 0 ::1:323 :::* 672/chronyd udp6 0 0 :::14472 :::* 737/dhclient server03: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1191/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1835/master tcp6 0 0 :::22 :::* LISTEN 1191/sshd tcp6 0 0 ::1:25 :::* LISTEN 1835/master udp 0 0 0.0.0.0:32525 0.0.0.0:* 729/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 661/chronyd udp 0 0 0.0.0.0:68 0.0.0.0:* 729/dhclient udp6 0 0 ::1:323 :::* 661/chronyd udp6 0 0 :::14472 :::* 729/dhclient [root@localhost salt]#
(3)、cron模块(实现被控主机的crontab操作)
## 为指定的被控主机、root用户添加crontab信息
# salt ‘*’ cron.set_job root ‘*/5’ ‘*’ ‘*’ ‘*’ ‘*’ ‘date >/dev/null 2>&1’
# salt ‘*’ cron.raw_cron root
[root@localhost salt]# salt '*' cron.set_job root '*/60' '*' '*' '*' '*' '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1' server02: new server03: new [root@localhost salt]# [root@localhost salt]# salt '*' cmd.run 'crontab -l' server03: # Lines below here are managed by Salt, do not edit */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1 server02: # Lines below here are managed by Salt, do not edit */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1 [root@localhost salt]#
## 删除指定的被控主机、root用户的crontab信息
[root@localhost salt]# salt '*' cron.rm_job root '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1' server02: removed server03: removed [root@localhost salt]# salt '*' cmd.run 'crontab -l' server03: # Lines below here are managed by Salt, do not edit server02: # Lines below here are managed by Salt, do not edit [root@localhost salt]#
(4)、dnsutil模块(实现被控主机通用DNS操作)
给被控制端添加指定的hosts配置项目,即host主机记录
#salt ‘*’ dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
#salt ‘*’ dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
#salt ‘*’ dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
[root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.140 server01 server02: The following line was added to /etc/hosts: 192.168.112.140 server01 server03: The following line was added to /etc/hosts: 192.168.112.140 server01 [root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.141 server02 server03: The following line was added to /etc/hosts: 192.168.112.141 server02 server02: The following line was added to /etc/hosts: 192.168.112.141 server02 [root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.142 server03 server03: The following line was added to /etc/hosts: 192.168.112.142 server03 server02: The following line was added to /etc/hosts: 192.168.112.142 server03 [root@localhost salt]# salt '*' cmd.run 'grep 192.168.112.* /etc/hosts' server03: 192.168.112.140 server01 192.168.112.141 server02 192.168.112.142 server03 server02: 192.168.112.140 server01 192.168.112.141 server02 192.168.112.142 server03 [root@localhost salt]#
(5)、file模块(被控主机文件常见操作,包括文件读写、权限、查找、校验等)
# salt ‘*’ file.get_sum /etc/hosts md5
# salt ‘*’ file.stats /etc/hosts
[root@localhost salt]# salt '*' file.get_sum /etc/hosts md5 server03: 7895e4dd8df907aa29d026a75f2a035a server02: 7895e4dd8df907aa29d026a75f2a035a [root@localhost salt]# salt '*' file.stats /etc/hosts server02: ---------- atime: 1496299480.63 ctime: 1496299455.14 gid: 0 group: root inode: 67128992 mode: 0644 mtime: 1496299455.14 size: 234 target: /etc/hosts type: file uid: 0 user: root server03: ---------- atime: 1496299480.62 ctime: 1496299455.14 gid: 0 group: root inode: 67109270 mode: 0644 mtime: 1496299455.14 size: 234 target: /etc/hosts type: file uid: 0 user: root [root@localhost salt]#
(6)、network模块(返回被控主机网络信息)
# salt ‘*’ network.ip_addrs
# salt ‘*’ network.interfaces
[root@localhost salt]# salt '*' network.ip_addrs server03: - 192.168.112.142 server02: - 192.168.112.141 [root@localhost salt]# salt '*' network.interfaces server02: ---------- eth0: ---------- hwaddr: 00:0c:29:0b:28:95 inet: |_ ---------- address: 192.168.112.141 broadcast: 192.168.112.255 label: eth0 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::bf36:72fd:ae66:3183 prefixlen: 64 scope: link up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 inet6: |_ ---------- address: ::1 prefixlen: 128 scope: host up: True server03: ---------- eth0: ---------- hwaddr: 00:0c:29:63:9d:12 inet: |_ ---------- address: 192.168.112.142 broadcast: 192.168.112.255 label: eth0 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::7f27:a270:df5d:d68 prefixlen: 64 scope: link up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 inet6: |_ ---------- address: ::1 prefixlen: 128 scope: host up: True [root@localhost salt]#
(7)、pkg包管理模块(被控主机程序包管理,如yum、apt-get等)
# salt ‘*’ pkg.install httpd —>安装Apache服务
# salt ‘*’ pkg.file_list httpd—->查看Apache服务安装的路径及安装的文件
[root@localhost ~]# salt '*' pkg.install httpd server03: ---------- httpd: ---------- new: 2.4.6-45.el7.centos.4 old: httpd-tools: ---------- new: 2.4.6-45.el7.centos.4 old: mailcap: ---------- new: 2.1.41-2.el7 old: server02: ---------- httpd: ---------- new: 2.4.6-45.el7.centos.4 old: httpd-tools: ---------- new: 2.4.6-45.el7.centos.4 old: mailcap: ---------- new: 2.1.41-2.el7 old: [root@localhost ~]#
(8)、service 服务模块(被控主机程序包服务管理)
# salt ‘*’ service.enable httpd
# salt ‘*’ service.disable httpd
# salt ‘*’ service.status httpd
# salt ‘*’ service.stop httpd
# salt ‘*’ service.start httpd
# salt ‘*’ service.restart httpd
# salt ‘*’ service.reload httpd
[root@localhost ~]# salt '*' service.enable httpd server02: True server03: True [root@localhost ~]# salt '*' service.disable httpd server02: True server03: True [root@localhost ~]# salt '*' service.status httpd server02: False server03: False [root@localhost ~]# salt '*' service.stop httpd server02: True server03: True [root@localhost ~]# salt '*' service.start httpd server03: True server02: True [root@localhost ~]# salt '*' service.reload httpd server03: True server02: True [root@localhost ~]# salt '*' cmd.run 'netstat -lnupt|grep httpd' server03: tcp6 0 0 :::80 :::* LISTEN 17294/httpd server02: tcp6 0 0 :::80 :::* LISTEN 3231/httpd [root@localhost ~]#
(9)、更多功能
更多的功能,比如:grains、pillar、states、modules、returner、runners、reactor等,还有如下高级命令的使用,以及模板配置的渲染、扩展模块的二次开发等,可以自己去深入学习,未完,待续……..
