1、软件环境:
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@localhost ~]# uname -a
Linux localhost.localdomain 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]#
(1)修改selinux配置文件:
[root@localhost ~]# vim /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
(2)关闭防火墙:
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -L
IP分配如下:
master 192.168.112.140
minion 192.168.112.141
minion 192.168.112.142
(3)master和minion端部署安装
master端执行:
[root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install -y salt-master
minion端执行:
[root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install salt-minion
(4)修改配置文件:
[root@localhost ~]# vim /etc/salt/minion
master: 192.168.112.140
id: server02
[root@localhost ~]#
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]# ps -ef|grep salt-minion
root 2505 1 2 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 2508 2505 8 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 2536 2318 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion
[root@localhost ~]# netstat -lnupt|grep 4505
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2304/python
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# vim /etc/salt/minion
master: 192.168.112.140
id: server03
[root@localhost ~]#
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]# ps -ef|grep salt-minion
root 2487 1 1 23:05 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 2490 2487 4 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 2521 2320 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
(5)设置salt-master和salt-minion开机启动
[root@localhost ~]# systemctl enable salt-master
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[root@localhost ~]#
[root@localhost ~]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
[root@localhost ~]#
2、配置saltstack认证
salt-key //查看已经签名的客户端
salt-key -a //签名指定的主机
salt-key -A //签名所有的主机
salt-key -d //删除指定主机的签名
salt-key --help //查看各命令的用法
[root@localhost ~]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server02
server03
Rejected Keys:
[root@localhost ~]#
[root@localhost ~]# salt-key -a server02
The following keys are going to be accepted:
Unaccepted Keys:
server02
Proceed? [n/Y] Y
Key for minion server02 accepted.
[root@localhost ~]#
[root@localhost ~]# salt-key
Accepted Keys:
server02
server03
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@localhost ~]#
3、日常用法
test.ping用户检查master到minion端的网络连通性,返回True即正常,False为异常
[root@localhost ~]# salt '*' test.ping
server02:
True
server03:
True
[root@localhost ~]#
cmd.run 在minion端执行shell命令,记住这模块只能执行短连接命令,比如df命令;长连接的无法返回结果,比如top命令
[root@localhost ~]# salt '*' cmd.run 'hostname'
server03:
localhost.localdomain
server02:
localhost.localdomain
[root@localhost ~]# salt '*' cmd.run 'df -Th'
server02:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3 xfs 90G 1.8G 89G 2% /
devtmpfs devtmpfs 231M 0 231M 0% /dev
tmpfs tmpfs 241M 12K 241M 1% /dev/shm
tmpfs tmpfs 241M 4.6M 236M 2% /run
tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 131M 884M 13% /boot
tmpfs tmpfs 49M 0 49M 0% /run/user/0
server03:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3 xfs 90G 1.8G 89G 2% /
devtmpfs devtmpfs 231M 0 231M 0% /dev
tmpfs tmpfs 241M 12K 241M 1% /dev/shm
tmpfs tmpfs 241M 4.6M 236M 2% /run
tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 131M 884M 13% /boot
tmpfs tmpfs 49M 0 49M 0% /run/user/0
[root@localhost ~]#
显示被控主机的操作系统类型
[root@localhost ~]# salt '*' grains.item os
server02:
----------
os:
CentOS
server03:
----------
os:
CentOS
[root@localhost ~]#
远程代码执行测试
(1)(通配符*匹配)
[root@localhost ~]# salt '*' cmd.exec_code python 'import sys;print sys.version'
server02:
2.7.5 (default, Nov 6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
server03:
2.7.5 (default, Nov 6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
[root@localhost ~]#
(2)正则匹配
[root@localhost ~]# salt -E 'server(02|03)' test.ping
server03:
True
server02:
True
[root@localhost ~]#
(3)列表匹配
[root@localhost ~]# salt -L 'server02,server03' test.ping
server02:
True
server03:
True
[root@localhost ~]#
(4)grains匹配,其命令salt <target> grains.items
[root@localhost ~]# salt 'server02' grains.items
server02:
----------
SSDs:
biosreleasedate:
07/31/2013
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- ssse3
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- popcnt
- xsave
- avx
- f16c
- hypervisor
- lahf_lm
- arat
- epb
- pln
- pts
- dtherm
- fsgsbase
- smep
- xsaveopt
cpu_model:
Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
cpuarch:
x86_64
domain:
fqdn:
server02
fqdn_ip4:
- 192.168.112.141
fqdn_ip6:
- ::1
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
host:
server02
hwaddr_interfaces:
----------
eth0:
00:0c:29:0b:28:95
lo:
00:00:00:00:00:00
id:
server02
init:
systemd
ip4_interfaces:
----------
eth0:
- 192.168.112.141
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
lo:
ip_interfaces:
----------
eth0:
- 192.168.112.141
lo:
- 127.0.0.1
ipv4:
- 127.0.0.1
- 192.168.112.141
ipv6:
kernel:
Linux
kernelrelease:
3.10.0-514.el7.x86_64
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
localhost:
server02
lsb_distrib_id:
CentOS Linux
machine_id:
09e12c5f3a7948af9747ee938feee87f
manufacturer:
VMware, Inc.
master:
192.168.112.140
mdadm:
mem_total:
480
nodename:
server02
num_cpus:
4
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
Core
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.3.1611
osrelease_info:
- 7
- 3
- 1611
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
productname:
VMware Virtual Platform
ps:
ps -efH
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib64/python2.7/site-packages/gtk-2.0
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2015.5.10
saltversioninfo:
- 2015
- 5
- 10
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d 19 57 3d 1d 44 0d-99 bf 1a ff c4 0b 28 95
server_id:
1264512667
shell:
/bin/sh
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
virtual:
VMware
zmqversion:
3.2.5
[root@localhost ~]#
如果要获取具体某一项内容,可以直接在该命令后加项名,比如获取操作系统,则:
[root@localhost ~]# salt -L 'server02,server03' grains.item os
server03:
----------
os:
CentOS
server02:
----------
os:
CentOS
[root@localhost ~]#
同样可以获取host、ip_interfaces、fqdn_ipv4、cpu_model对应的值:
[root@localhost ~]# salt 'server02' grains.item host
server02:
----------
host:
server02
[root@localhost ~]#
[root@localhost ~]# salt 'server02' grains.item ip_interfaces
server02:
----------
ip_interfaces:
----------
eth0:
- 192.168.112.141
lo:
- 127.0.0.1
[root@localhost ~]#
[root@localhost ~]# salt 'server02' grains.item fqdn_ip4
server02:
----------
fqdn_ip4:
- 192.168.112.141
[root@localhost ~]#
[root@localhost ~]# salt 'server02' grains.item cpu_model
server02:
----------
cpu_model:
Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
[root@localhost ~]#
4、常用模块介绍
(1)、cp模块(实现远程文件、目录的复制,以及下载URL文件等操作)
#将主服务器file_roots指定位置下的目录复制到被控主机
打开master文件中的
#file_roots:
base:
- /srv/salt
改为:
file_roots:
base:
- /srv/salt
# salt '*' cp.get_dir salt://test_dir /data
salt:// --->表示file_root指定的路径,这里是/srv/salt,salt://test_dir 表示/srv/salt/test_dir
/data --->表示目标主机上的根目录下的data目录
[root@localhost ~]# ll /srv/salt/test_dir/
total 672
-rw-r--r-- 1 root root 686011 May 7 22:37 nginx-1.0.10.tar.gz
[root@localhost ~]# salt '*' cp.get_dir salt://test_dir /data
server02:
- /data/test_dir/nginx-1.0.10.tar.gz
server03:
- /data/test_dir/nginx-1.0.10.tar.gz
[root@localhost ~]# salt '*' cmd.run 'ls -l /data'
server03:
total 0
drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir
server02:
total 0
drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir
[root@localhost ~]#
#将主服务器file_roots指定位置下的文件复制到被控主机
# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
[root@localhost salt]# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
server02:
/root/nginx-1.0.10.tar.gz
server03:
/root/nginx-1.0.10.tar.gz
[root@localhost salt]# salt '*' cmd.run 'ls -l /root/'
server02:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
server03:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
[root@localhost salt]#
对于大文件,cp_get_file支持gzip压缩,在参数中指定gzip的压缩级别,如下:
[root@server01 salt]# pwd
/srv/salt
[root@server01 salt]# ll -th test
-rw-r--r-- 1 root root 1.0G Jun 13 22:04 test
[root@server01 salt]# salt '*' cp.get_file salt://test /root/test gzip=5
server02:
/root/test
server03:
/root/test
[root@server01 salt]#
[root@server01 salt]# salt '*' cmd.run 'ls -htl /root/test'
server02:
-rw-r--r-- 1 root root 1.0G Jun 13 22:06 /root/test
server03:
-rw-r--r-- 1 root root 1.0G Jun 13 22:06 /root/test
[root@server01 salt]#
其中,1代表最小压缩,9代表最大压缩,gzip参数是在传输过程中对文件进行压缩。
cp.get_file默认不会在客户端上建立目录,如果客户端上没有这个目录了,文件拷贝将失败,所以这里又有一个参数makedirs,当客户端上的目标目录不存在时,直接将该参数的值设置为True,即makedirs=True;
[root@server01 salt]# salt '*' cmd.run 'ls -l /root/'
server02:
total 1049372
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
server03:
total 1049368
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
[root@server01 salt]#
[root@server01 salt]# salt '*' cp.get_file salt://nginx-1.0.10.tar.gz /root/web/nginx-1.0.10.tar.gz makedirs=True
server02:
/root/web/nginx-1.0.10.tar.gz
server03:
/root/web/nginx-1.0.10.tar.gz
[root@server01 salt]#
[root@server01 salt]# salt '*' cmd.run 'ls -l /root/'
server02:
total 1049372
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 260 Jun 5 22:08 connect.py
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
server03:
total 1049368
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
-rw-r--r-- 1 root root 1073741824 Jun 13 22:06 test
drwxr-xr-x 2 root root 33 Jun 13 22:54 web
[root@server01 salt]#
注意:cp.get_file从字面上就可以看出是操作对象是文件,即只有在拷贝文件的时候,目标主机上对应的目录不存在使用makedirs参数才有用,否则该参数无效。
#下载指定URL内容到被控主机指定位置
salt '*' cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
cp.get_url 根据指定的url地址下载文件到被控端主机的对应目录下,这里被控端目录/root/下面
[root@localhost salt]# salt '*' cmd.run 'ls -l /root/'
server02:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
server03:
total 676
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
[root@localhost salt]# salt '*' cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
server03:
/root/GeoIP-1.6.5.-1.e16.x86_64.rpm
server02:
/root/GeoIP-1.6.5.-1.e16.x86_64.rpm
[root@localhost salt]# salt '*' cmd.run 'ls -l /root/'
server02:
total 792
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
server03:
total 792
-rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
-rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg
-rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz
[root@localhost salt]#
当然URL也可以是master上的路径(salt://)
[root@server01 salt]# salt '*' cp.get_url salt://nginx-1.0.10.tar.gz /opt/nginx-1.0.10.tar.gz
server02:
/opt/nginx-1.0.10.tar.gz
server03:
/opt/nginx-1.0.10.tar.gz
[root@server01 salt]# salt '*' cmd.run 'ls -l /opt'
server02:
total 672
-rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.tar.gz
server03:
total 672
-rw-r--r-- 1 root root 686011 Jun 13 23:05 nginx-1.0.10.tar.gz
[root@server01 salt]#
#salt '*' cp.hash_file salt://test-file
cp.hash_file获取从主控端下发到被控端后文件的hash值,一般用于对比某个被控端某个文件的hash值
[root@localhost ~]# salt '*' cp.hash_file salt://nginx-1.0.10.tar.gz
server02:
----------
hash_type:
md5
hsum:
930b297b00fa1018fb0a1dd3e6b7e17e
server03:
----------
hash_type:
md5
hsum:
930b297b00fa1018fb0a1dd3e6b7e17e
[root@localhost ~]#
(2)、cmd模块(实现远程的命令行调用执行)
# salt '*' cmd.run 'netstat -ntlp'
[root@localhost salt]# salt '*' cmd.run 'netstat -lnupt'
server02:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1184/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2013/master
tcp6 0 0 :::22 :::* LISTEN 1184/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2013/master
udp 0 0 0.0.0.0:32525 0.0.0.0:* 737/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 672/chronyd
udp 0 0 0.0.0.0:68 0.0.0.0:* 737/dhclient
udp6 0 0 ::1:323 :::* 672/chronyd
udp6 0 0 :::14472 :::* 737/dhclient
server03:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1191/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1835/master
tcp6 0 0 :::22 :::* LISTEN 1191/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1835/master
udp 0 0 0.0.0.0:32525 0.0.0.0:* 729/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 661/chronyd
udp 0 0 0.0.0.0:68 0.0.0.0:* 729/dhclient
udp6 0 0 ::1:323 :::* 661/chronyd
udp6 0 0 :::14472 :::* 729/dhclient
[root@localhost salt]#
(3)、cron模块(实现被控主机的crontab操作)
## 为指定的被控主机、root用户添加crontab信息
# salt '*' cron.set_job root '*/5' '*' '*' '*' '*' 'date >/dev/null 2>&1'
# salt '*' cron.raw_cron root
[root@localhost salt]# salt '*' cron.set_job root '*/60' '*' '*' '*' '*' '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1'
server02:
new
server03:
new
[root@localhost salt]#
[root@localhost salt]# salt '*' cmd.run 'crontab -l'
server03:
# Lines below here are managed by Salt, do not edit
*/60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1
server02:
# Lines below here are managed by Salt, do not edit
*/60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1
[root@localhost salt]#
## 删除指定的被控主机、root用户的crontab信息
[root@localhost salt]# salt '*' cron.rm_job root '/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1'
server02:
removed
server03:
removed
[root@localhost salt]# salt '*' cmd.run 'crontab -l'
server03:
# Lines below here are managed by Salt, do not edit
server02:
# Lines below here are managed by Salt, do not edit
[root@localhost salt]#
(4)、dnsutil模块(实现被控主机通用DNS操作)
给被控制端添加指定的hosts配置项目,即host主机记录
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
#salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
[root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
server02:
The following line was added to /etc/hosts:
192.168.112.140 server01
server03:
The following line was added to /etc/hosts:
192.168.112.140 server01
[root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
server03:
The following line was added to /etc/hosts:
192.168.112.141 server02
server02:
The following line was added to /etc/hosts:
192.168.112.141 server02
[root@localhost salt]# salt '*' dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
server03:
The following line was added to /etc/hosts:
192.168.112.142 server03
server02:
The following line was added to /etc/hosts:
192.168.112.142 server03
[root@localhost salt]# salt '*' cmd.run 'grep 192.168.112.* /etc/hosts'
server03:
192.168.112.140 server01
192.168.112.141 server02
192.168.112.142 server03
server02:
192.168.112.140 server01
192.168.112.141 server02
192.168.112.142 server03
[root@localhost salt]#
(5)、file模块(被控主机文件常见操作,包括文件读写、权限、查找、校验等)
# salt '*' file.get_sum /etc/hosts md5
# salt '*' file.stats /etc/hosts
[root@localhost salt]# salt '*' file.get_sum /etc/hosts md5
server03:
7895e4dd8df907aa29d026a75f2a035a
server02:
7895e4dd8df907aa29d026a75f2a035a
[root@localhost salt]# salt '*' file.stats /etc/hosts
server02:
----------
atime:
1496299480.63
ctime:
1496299455.14
gid:
0
group:
root
inode:
67128992
mode:
0644
mtime:
1496299455.14
size:
234
target:
/etc/hosts
type:
file
uid:
0
user:
root
server03:
----------
atime:
1496299480.62
ctime:
1496299455.14
gid:
0
group:
root
inode:
67109270
mode:
0644
mtime:
1496299455.14
size:
234
target:
/etc/hosts
type:
file
uid:
0
user:
root
[root@localhost salt]#
(6)、network模块(返回被控主机网络信息)
# salt '*' network.ip_addrs
# salt '*' network.interfaces
[root@localhost salt]# salt '*' network.ip_addrs
server03:
- 192.168.112.142
server02:
- 192.168.112.141
[root@localhost salt]# salt '*' network.interfaces
server02:
----------
eth0:
----------
hwaddr:
00:0c:29:0b:28:95
inet:
|_
----------
address:
192.168.112.141
broadcast:
192.168.112.255
label:
eth0
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::bf36:72fd:ae66:3183
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
server03:
----------
eth0:
----------
hwaddr:
00:0c:29:63:9d:12
inet:
|_
----------
address:
192.168.112.142
broadcast:
192.168.112.255
label:
eth0
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::7f27:a270:df5d:d68
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
[root@localhost salt]#
(7)、pkg包管理模块(被控主机程序包管理,如yum、apt-get等)
# salt '*' pkg.install httpd --->安装Apache服务
# salt '*' pkg.file_list httpd---->查看Apache服务安装的路径及安装的文件
[root@localhost ~]# salt '*' pkg.install httpd
server03:
----------
httpd:
----------
new:
2.4.6-45.el7.centos.4
old:
httpd-tools:
----------
new:
2.4.6-45.el7.centos.4
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
server02:
----------
httpd:
----------
new:
2.4.6-45.el7.centos.4
old:
httpd-tools:
----------
new:
2.4.6-45.el7.centos.4
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
[root@localhost ~]#
(8)、service 服务模块(被控主机程序包服务管理)
# salt '*' service.enable httpd
# salt '*' service.disable httpd
# salt '*' service.status httpd
# salt '*' service.stop httpd
# salt '*' service.start httpd
# salt '*' service.restart httpd
# salt '*' service.reload httpd
[root@localhost ~]# salt '*' service.enable httpd
server02:
True
server03:
True
[root@localhost ~]# salt '*' service.disable httpd
server02:
True
server03:
True
[root@localhost ~]# salt '*' service.status httpd
server02:
False
server03:
False
[root@localhost ~]# salt '*' service.stop httpd
server02:
True
server03:
True
[root@localhost ~]# salt '*' service.start httpd
server03:
True
server02:
True
[root@localhost ~]# salt '*' service.reload httpd
server03:
True
server02:
True
[root@localhost ~]# salt '*' cmd.run 'netstat -lnupt|grep httpd'
server03:
tcp6 0 0 :::80 :::* LISTEN 17294/httpd
server02:
tcp6 0 0 :::80 :::* LISTEN 3231/httpd
[root@localhost ~]#
(9)、更多功能
更多的功能,比如:grains、pillar、states、modules、returner、runners、reactor等,还有如下高级命令的使用,以及模板配置的渲染、扩展模块的二次开发等,可以自己去深入学习,未完,待续........