1、软件环境:
|
1
2
3
4
5
|
[root@localhost ~]
# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@localhost ~]
# uname -a
Linux localhost.localdomain 3.10.0-514.el7.x86_64
#1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]
#
|
(1)修改selinux配置文件:
|
1
2
|
[root@localhost ~]
# vim /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
|
(2)关闭防火墙:
|
1
2
3
4
|
[root@localhost ~]
# systemctl disable firewalld
[root@localhost ~]
# systemctl stop firewalld
[root@localhost ~]
# iptables -F
[root@localhost ~]
# iptables -L
|
IP分配如下:
master 192.168.112.140
minion 192.168.112.141
minion 192.168.112.142
(3)master和minion端部署安装
master端执行:
|
1
2
|
[root@localhost ~]
# yum install epel-release
[root@localhost ~]
# yum install -y salt-master
|
minion端执行:
|
1
2
|
[root@localhost ~]
# yum install epel-release
[root@localhost ~]
# yum install salt-minion
|
(4)修改配置文件:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[root@localhost ~]
# vim /etc/salt/minion
master: 192.168.112.140
id
: server02
[root@localhost ~]
#
[root@localhost ~]
# systemctl start salt-minion
[root@localhost ~]
# ps -ef|grep salt-minion
root 2505 1 2 23:06 ? 00:00:00
/usr/bin/python
/usr/bin/salt-minion
root 2508 2505 8 23:06 ? 00:00:00
/usr/bin/python
/usr/bin/salt-minion
root 2536 2318 0 23:06 pts
/0
00:00:00
grep
--color=auto salt-minion
[root@localhost ~]
# netstat -lnupt|grep 4505
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2304
/python
[root@localhost ~]
#
[root@localhost ~]
#
[root@localhost ~]
# vim /etc/salt/minion
master: 192.168.112.140
id
: server03
[root@localhost ~]
#
[root@localhost ~]
# systemctl start salt-minion
[root@localhost ~]
# ps -ef|grep salt-minion
root 2487 1 1 23:05 ? 00:00:00
/usr/bin/python
/usr/bin/salt-minion
root 2490 2487 4 23:06 ? 00:00:00
/usr/bin/python
/usr/bin/salt-minion
root 2521 2320 0 23:06 pts
/0
00:00:00
grep
--color=auto salt-minion
[root@localhost ~]
#
[root@localhost ~]
#
[root@localhost ~]
#
|
(5)设置salt-master和salt-minion开机启动
|
1
2
3
4
5
6
|
[root@localhost ~]
# systemctl enable salt-master
Created
symlink
from
/etc/systemd/system/multi-user
.target.wants
/salt-master
.service to
/usr/lib/systemd/system/salt-master
.service.
[root@localhost ~]
#
[root@localhost ~]
# systemctl enable salt-minion
Created
symlink
from
/etc/systemd/system/multi-user
.target.wants
/salt-minion
.service to
/usr/lib/systemd/system/salt-minion
.service.
[root@localhost ~]
#
|
2、配置saltstack认证
salt-key //查看已经签名的客户端
salt-key -a //签名指定的主机
salt-key -A //签名所有的主机
salt-key -d //删除指定主机的签名
salt-key --help //查看各命令的用法
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@localhost ~]
# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server02
server03
Rejected Keys:
[root@localhost ~]
#
[root@localhost ~]
# salt-key -a server02
The following keys are going to be accepted:
Unaccepted Keys:
server02
Proceed? [n
/Y
] Y
Key
for
minion server02 accepted.
[root@localhost ~]
#
[root@localhost ~]
# salt-key
Accepted Keys:
server02
server03
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@localhost ~]
#
|
3、日常用法
test.ping用户检查master到minion端的网络连通性,返回True即正常,False为异常
|
1
2
3
4
5
6
|
[root@localhost ~]
# salt '*' test.ping
server02:
True
server03:
True
[root@localhost ~]
#
|
cmd.run 在minion端执行shell命令,记住这模块只能执行短连接命令,比如df命令;长连接的无法返回结果,比如top命令
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[root@localhost ~]
# salt '*' cmd.run 'hostname'
server03:
localhost.localdomain
server02:
localhost.localdomain
[root@localhost ~]
# salt '*' cmd.run 'df -Th'
server02:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3
xfs 90G 1.8G 89G 2% /
devtmpfs devtmpfs 231M 0 231M 0%
/dev
tmpfs tmpfs 241M 12K 241M 1%
/dev/shm
tmpfs tmpfs 241M 4.6M 236M 2%
/run
tmpfs tmpfs 241M 0 241M 0%
/sys/fs/cgroup
/dev/sda1
xfs 1014M 131M 884M 13%
/boot
tmpfs tmpfs 49M 0 49M 0%
/run/user/0
server03:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3
xfs 90G 1.8G 89G 2% /
devtmpfs devtmpfs 231M 0 231M 0%
/dev
tmpfs tmpfs 241M 12K 241M 1%
/dev/shm
tmpfs tmpfs 241M 4.6M 236M 2%
/run
tmpfs tmpfs 241M 0 241M 0%
/sys/fs/cgroup
/dev/sda1
xfs 1014M 131M 884M 13%
/boot
tmpfs tmpfs 49M 0 49M 0%
/run/user/0
[root@localhost ~]
#
|
显示被控主机的操作系统类型
|
1
2
3
4
5
6
7
8
9
10
|
[root@localhost ~]
# salt '*' grains.item os
server02:
----------
os:
CentOS
server03:
----------
os:
CentOS
[root@localhost ~]
#
|
远程代码执行测试
(1)(通配符*匹配)
|
1
2
3
4
5
6
7
8
|
[root@localhost ~]
# salt '*' cmd.exec_code python 'import sys;print sys.version'
server02:
2.7.5 (default, Nov 6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
server03:
2.7.5 (default, Nov 6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
[root@localhost ~]
#
|
(2)正则匹配
|
1
2
3
4
5
6
|
[root@localhost ~]
# salt -E 'server(02|03)' test.ping
server03:
True
server02:
True
[root@localhost ~]
#
|
(3)列表匹配
|
1
2
3
4
5
6
|
[root@localhost ~]
# salt -L 'server02,server03' test.ping
server02:
True
server03:
True
[root@localhost ~]
#
|
(4)grains匹配,其命令salt <target> grains.items
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
[root@localhost ~]
# salt 'server02' grains.items
server02:
----------
SSDs:
biosreleasedate:
07
/31/2013
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- ssse3
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- popcnt
- xsave
- avx
- f16c
- hypervisor
- lahf_lm
- arat
- epb
- pln
- pts
- dtherm
- fsgsbase
- smep
- xsaveopt
cpu_model:
Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
cpuarch:
x86_64
domain:
fqdn:
server02
fqdn_ip4:
- 192.168.112.141
fqdn_ip6:
- ::1
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
host:
server02
hwaddr_interfaces:
----------
eth0:
00:0c:29:0b:28:95
lo:
00:00:00:00:00:00
id
:
server02
init:
systemd
ip4_interfaces:
----------
eth0:
- 192.168.112.141
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
lo:
ip_interfaces:
----------
eth0:
- 192.168.112.141
lo:
- 127.0.0.1
ipv4:
- 127.0.0.1
- 192.168.112.141
ipv6:
kernel:
Linux
kernelrelease:
3.10.0-514.el7.x86_64
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
localhost:
server02
lsb_distrib_id:
CentOS Linux
machine_id:
09e12c5f3a7948af9747ee938feee87f
manufacturer:
VMware, Inc.
master:
192.168.112.140
mdadm:
mem_total:
480
nodename:
server02
num_cpus:
4
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
Core
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.3.1611
osrelease_info:
- 7
- 3
- 1611
path:
/usr/local/sbin
:
/usr/local/bin
:
/usr/sbin
:
/usr/bin
productname:
VMware Virtual Platform
ps
:
ps
-efH
pythonexecutable:
/usr/bin/python
pythonpath:
-
/usr/bin
-
/usr/lib64/python27
.zip
-
/usr/lib64/python2
.7
-
/usr/lib64/python2
.7
/plat-linux2
-
/usr/lib64/python2
.7
/lib-tk
-
/usr/lib64/python2
.7
/lib-old
-
/usr/lib64/python2
.7
/lib-dynload
-
/usr/lib64/python2
.7
/site-packages
-
/usr/lib64/python2
.7
/site-packages/gtk-2
.0
-
/usr/lib/python2
.7
/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2
.7
/site-packages/salt
saltversion:
2015.5.10
saltversioninfo:
- 2015
- 5
- 10
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d 19 57 3d 1d 44 0d-99 bf 1a ff c4 0b 28 95
server_id:
1264512667
shell:
/bin/sh
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
virtual:
VMware
zmqversion:
3.2.5
[root@localhost ~]
#
|
如果要获取具体某一项内容,可以直接在该命令后加项名,比如获取操作系统,则:
|
1
2
3
4
5
6
7
8
9
10
|
[root@localhost ~]
# salt -L 'server02,server03' grains.item os
server03:
----------
os:
CentOS
server02:
----------
os:
CentOS
[root@localhost ~]
#
|
同样可以获取host、ip_interfaces、fqdn_ipv4、cpu_model对应的值:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
[root@localhost ~]
# salt 'server02' grains.item host
server02:
----------
host:
server02
[root@localhost ~]
#
[root@localhost ~]
# salt 'server02' grains.item ip_interfaces
server02:
----------
ip_interfaces:
----------
eth0:
- 192.168.112.141
lo:
- 127.0.0.1
[root@localhost ~]
#
[root@localhost ~]
# salt 'server02' grains.item fqdn_ip4
server02:
----------
fqdn_ip4:
- 192.168.112.141
[root@localhost ~]
#
[root@localhost ~]
# salt 'server02' grains.item cpu_model
server02:
----------
cpu_model:
Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
[root@localhost ~]
#
|
4、常用模块介绍
(1)、cp模块(实现远程文件、目录的复制,以及下载URL文件等操作)
#将主服务器file_roots指定位置下的目录复制到被控主机
打开master文件中的
#file_roots:
base:
- /srv/salt
改为:
file_roots:
base:
- /srv/salt
# salt '*' cp.get_dir salt://test_dir /data
salt:// --->表示file_root指定的路径,这里是/srv/salt,salt://test_dir 表示/srv/salt/test_dir
/data --->表示目标主机上的根目录下的data目录
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@localhost ~]
# ll /srv/salt/test_dir/
total 672
-rw-r--r-- 1 root root 686011 May 7 22:37 nginx-1.0.10.
tar
.gz
[root@localhost ~]
# salt '*' cp.get_dir salt://test_dir /data
server02:
-
/data/test_dir/nginx-1
.0.10.
tar
.gz
server03:
-
/data/test_dir/nginx-1
.0.10.
tar
.gz
[root@localhost ~]
# salt '*' cmd.run 'ls -l /data'
server03:
total 0
drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir
server02:
total 0
drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir
[root@localhost ~]
#
|
#将主服务器file_roots指定位置下的文件复制到被控主机
# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@localhost salt]
# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
server02:
/root/nginx-1
.0.10.
tar
.gz
server03:
/root/nginx-1
.0.10.
tar
.gz
[root@localhost salt]
# salt '*' cmd.run 'ls -l /root/'
server02:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
server03:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
[root@localhost salt]
#
|
对于大文件,cp_get_file支持gzip压缩,在参数中指定gzip的压缩级别,如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@server01 salt]
# pwd
/srv/salt
[root@server01 salt]
# ll -th test
-rw-r--r-- 1 root root 1.0G Jun 13 22:04
test
[root@server01 salt]
# salt '*' cp.get_file salt://test /root/test gzip=5
server02:
/root/test
server03:
/root/test
[root@server01 salt]
#
[root@server01 salt]
# salt '*' cmd.run 'ls -htl /root/test'
server02:
-rw-r--r-- 1 root root 1.0G Jun 13 22:06
/root/test
server03:
-rw-r--r-- 1 root root 1.0G Jun 13 22:06
/root/test
[root@server01 salt]
#
|
其中,1代表最小压缩,9代表最大压缩,gzip参数是在传输过程中对文件进行压缩。
cp.get_file默认不会在客户端上建立目录,如果客户端上没有这个目录了,文件拷贝将失败,所以这里又有一个参数makedirs,当客户端上的目标目录不存在时,直接将该参数的值设置为True,即makedirs=True;
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
[root@server01 salt]
# salt '*' cmd.run 'ls -l /root/'
server02:
total 1049372
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06
test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
server03:
total 1049368
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06
test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
[root@server01 salt]
#
[root@server01 salt]
# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/web/nginx-1.0.10.tar.gz makedirs=True
server02:
/root/web/nginx-1
.0.10.
tar
.gz
server03:
/root/web/nginx-1
.0.10.
tar
.gz
[root@server01 salt]
#
[root@server01 salt]
# salt '*' cmd.run 'ls -l /root/'
server02:
total 1049372
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06
test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
server03:
total 1049368
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06
test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
[root@server01 salt]
#
|
注意:cp.get_file从字面上就可以看出是操作对象是文件,即只有在拷贝文件的时候,目标主机上对应的目录不存在使用makedirs参数才有用,否则该参数无效。
#下载指定URL内容到被控主机指定位置
salt '*' cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
cp.get_url 根据指定的url地址下载文件到被控端主机的对应目录下,这里被控端目录/root/下面
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@localhost salt]
# salt '*' cmd.run 'ls -l /root/'
server02:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
server03:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
[root@localhost salt]
# salt '*' cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
server03:
/root/GeoIP-1
.6.5.-1.e16.x86_64.rpm
server02:
/root/GeoIP-1
.6.5.-1.e16.x86_64.rpm
[root@localhost salt]
# salt '*' cmd.run 'ls -l /root/'
server02:
total 792
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
server03:
total 792
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.
tar
.gz
[root@localhost salt]
#
|
当然URL也可以是master上的路径(salt://)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@server01 salt]
# salt '*' cp.get_url salt://nginx-1.0.10.tar.gz /opt/nginx-1.0.10.tar.gz
server02:
/opt/nginx-1
.0.10.
tar
.gz
server03:
/opt/nginx-1
.0.10.
tar
.gz
[root@server01 salt]
# salt '*' cmd.run 'ls -l /opt'
server02:
total 672
-rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.
tar
.gz
server03:
total 672
-rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.
tar
.gz
[root@server01 salt]
#
|
#salt '*' cp.hash_file salt://test-file
cp.hash_file获取从主控端下发到被控端后文件的hash值,一般用于对比某个被控端某个文件的hash值
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@localhost ~]
# salt '*' cp.hash_file salt://nginx-1.0.10.tar.gz
server02:
----------
hash_type:
md5
hsum:
930b297b00fa1018fb0a1dd3e6b7e17e
server03:
----------
hash_type:
md5
hsum:
930b297b00fa1018fb0a1dd3e6b7e17e
[root@localhost ~]
#
|
(2)、cmd模块(实现远程的命令行调用执行)
# salt '*' cmd.run 'netstat -ntlp'
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@localhost salt]
# salt '*' cmd.run 'netstat -lnupt'
server02:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID
/Program
name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1184
/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2013
/master
tcp6 0 0 :::22 :::* LISTEN 1184
/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2013
/master
udp 0 0 0.0.0.0:32525 0.0.0.0:* 737
/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 672
/chronyd
udp 0 0 0.0.0.0:68 0.0.0.0:* 737
/dhclient
udp6 0 0 ::1:323 :::* 672
/chronyd
udp6 0 0 :::14472 :::* 737
/dhclient
server03:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID
/Program
name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1191
/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1835
/master
tcp6 0 0 :::22 :::* LISTEN 1191
/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1835
/master
udp 0 0 0.0.0.0:32525 0.0.0.0:* 729
/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 661
/chronyd
udp 0 0 0.0.0.0:68 0.0.0.0:* 729
/dhclient
udp6 0 0 ::1:323 :::* 661
/chronyd
udp6 0 0 :::14472 :::* 729
/dhclient
[root@localhost salt]
#
|
(3)、cron模块(实现被控主机的crontab操作)
## 为指定的被控主机、root用户添加crontab信息
# salt '*' cron.set_job root '*/5' '*' '*' '*' '*' 'date >/dev/null 2>&1'
# salt '*' cron.raw_cron root
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@localhost salt]
# salt '*' cron.set_job root '*/60' '*' '*' '*' '*' '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1'
server02:
new
server03:
new
[root@localhost salt]
#
[root@localhost salt]
# salt '*' cmd.run 'crontab -l'
server03:
# Lines below here are managed by Salt, do not edit
*
/60
* * * *
/usr/local/nginx/sbin/nginx
-s reload >
/dev/null
2>&1
server02:
# Lines below here are managed by Salt, do not edit
*
/60
* * * *
/usr/local/nginx/sbin/nginx
-s reload >
/dev/null
2>&1
[root@localhost salt]
#
|
## 删除指定的被控主机、root用户的crontab信息
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@localhost salt]
# salt '*' cron.rm_job root '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1'
server02:
removed
server03:
removed
[root@localhost salt]
# salt '*' cmd.run 'crontab -l'
server03:
# Lines below here are managed by Salt, do not edit
server02:
# Lines below here are managed by Salt, do not edit
[root@localhost salt]
#
|
(4)、dnsutil模块(实现被控主机通用DNS操作)
给被控制端添加指定的hosts配置项目,即host主机记录
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[root@localhost salt]
# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
server02:
The following line was added to
/etc/hosts
:
192.168.112.140 server01
server03:
The following line was added to
/etc/hosts
:
192.168.112.140 server01
[root@localhost salt]
# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
server03:
The following line was added to
/etc/hosts
:
192.168.112.141 server02
server02:
The following line was added to
/etc/hosts
:
192.168.112.141 server02
[root@localhost salt]
# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
server03:
The following line was added to
/etc/hosts
:
192.168.112.142 server03
server02:
The following line was added to
/etc/hosts
:
192.168.112.142 server03
[root@localhost salt]
# salt '*' cmd.run 'grep 192.168.112.* /etc/hosts'
server03:
192.168.112.140 server01
192.168.112.141 server02
192.168.112.142 server03
server02:
192.168.112.140 server01
192.168.112.141 server02
192.168.112.142 server03
[root@localhost salt]
#
|
(5)、file模块(被控主机文件常见操作,包括文件读写、权限、查找、校验等)
# salt '*' file.get_sum /etc/hosts md5
# salt '*' file.stats /etc/hosts
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
[root@localhost salt]
# salt '*' file.get_sum /etc/hosts md5
server03:
7895e4dd8df907aa29d026a75f2a035a
server02:
7895e4dd8df907aa29d026a75f2a035a
[root@localhost salt]
# salt '*' file.stats /etc/hosts
server02:
----------
atime:
1496299480.63
ctime:
1496299455.14
gid:
0
group:
root
inode:
67128992
mode:
0644
mtime:
1496299455.14
size:
234
target:
/etc/hosts
type
:
file
uid:
0
user:
root
server03:
----------
atime:
1496299480.62
ctime:
1496299455.14
gid:
0
group:
root
inode:
67109270
mode:
0644
mtime:
1496299455.14
size:
234
target:
/etc/hosts
type
:
file
uid:
0
user:
root
[root@localhost salt]
#
|
(6)、network模块(返回被控主机网络信息)
# salt '*' network.ip_addrs
# salt '*' network.interfaces
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
[root@localhost salt]
# salt '*' network.ip_addrs
server03:
- 192.168.112.142
server02:
- 192.168.112.141
[root@localhost salt]
# salt '*' network.interfaces
server02:
----------
eth0:
----------
hwaddr:
00:0c:29:0b:28:95
inet:
|_
----------
address:
192.168.112.141
broadcast:
192.168.112.255
label:
eth0
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::bf36:72fd:ae66:3183
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
server03:
----------
eth0:
----------
hwaddr:
00:0c:29:63:9d:12
inet:
|_
----------
address:
192.168.112.142
broadcast:
192.168.112.255
label:
eth0
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::7f27:a270:df5d:d68
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
[root@localhost salt]
#
|
(7)、pkg包管理模块(被控主机程序包管理,如yum、apt-get等)
# salt '*' pkg.install httpd --->安装Apache服务
# salt '*' pkg.file_list httpd---->查看Apache服务安装的路径及安装的文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[root@localhost ~]
# salt '*' pkg.install httpd
server03:
----------
httpd:
----------
new:
2.4.6-45.el7.centos.4
old:
httpd-tools:
----------
new:
2.4.6-45.el7.centos.4
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
server02:
----------
httpd:
----------
new:
2.4.6-45.el7.centos.4
old:
httpd-tools:
----------
new:
2.4.6-45.el7.centos.4
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
[root@localhost ~]
#
|
(8)、service 服务模块(被控主机程序包服务管理)
# salt '*' service.enable httpd
# salt '*' service.disable httpd
# salt '*' service.status httpd
# salt '*' service.stop httpd
# salt '*' service.start httpd
# salt '*' service.restart httpd
# salt '*' service.reload httpd
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[root@localhost ~]
# salt '*' service.enable httpd
server02:
True
server03:
True
[root@localhost ~]
# salt '*' service.disable httpd
server02:
True
server03:
True
[root@localhost ~]
# salt '*' service.status httpd
server02:
False
server03:
False
[root@localhost ~]
# salt '*' service.stop httpd
server02:
True
server03:
True
[root@localhost ~]
# salt '*' service.start httpd
server03:
True
server02:
True
[root@localhost ~]
# salt '*' service.reload httpd
server03:
True
server02:
True
[root@localhost ~]
# salt '*' cmd.run 'netstat -lnupt|grep httpd'
server03:
tcp6 0 0 :::80 :::* LISTEN 17294
/httpd
server02:
tcp6 0 0 :::80 :::* LISTEN 3231
/httpd
[root@localhost ~]
#
|
(9)、更多功能
更多的功能,比如:grains、pillar、states、modules、returner、runners、reactor等,还有如下高级命令的使用,以及模板配置的渲染、扩展模块的二次开发等,可以自己去深入学习,未完,待续........
本文转自027ryan 51CTO博客,原文链接:http://blog.51cto.com/ucode/1931327
,如需转载请自行联系原作者
