salt master/minion install
env init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202//机器信息
192.168.13.188 saltserver # CentOS 7.0
192.168.13.187 saltminion # CentOS 6.5
//salt-master
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
[root@localhost ~]# hostname saltserver && echo saltserver |tee /etc/hostname
[root@localhost ~]# $SHELL
[root@saltserver ~]# echo '192.168.13.188 saltserver' |tee -a /etc/hosts
[root@saltserver ~]# echo '192.168.13.187 saltminion' |tee -a /etc/hosts
[root@saltserver ~]# mkfs.xfs /dev/vdb
[root@saltserver ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab
[root@saltserver ~]# mount -a
[root@saltserver ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf
[root@saltserver ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf
[root@saltserver ~]# ls /etc/security/limits.d/|xargs rm -f
[root@saltserver ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup}
[root@saltserver ~]# curl -o /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@saltserver ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@saltserver ~]# curl -O https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[root@saltserver ~]# rpm --import RPM-GPG-KEY-CentOS-7
[root@saltserver ~]# rm -f RPM-GPG-KEY-CentOS-7
[root@saltserver ~]# yum clean all
[root@saltserver ~]# yum makecache
[root@saltserver ~]# yum -y install gcc gcc-c++ make cmake bison libtool autoconf automake zip unzip bzip2 zlib zlib-devel openssl openssl-devel openssl-static pcre pcre-devel bison-devel ncurses-devel tcl tcl-devel perl-Digest-SHA1 GeoIP GeoIP-devel gperftools gperftools-devel libatomic_ops-devel gtest gtest-devel glibc-devel unixODBC-devel fop libperl libpython readline readline-devel python-devel python2-pip python-crypto readline readline-devel readline-static sqlite-devel bzip2-devel bzip2-libs openldap-devel gdk-pixbuf2 gdk-pixbuf2-devel libffi libffi-devel libcurl libcurl-devel http-parser http-parser-devel libssh2 libssh2-devel git lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat
[root@saltserver ~]# setenforce 0
[root@saltserver ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config
[root@saltserver ~]# systemctl stop firewalld && systemctl disable firewalld
[root@saltserver ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@saltserver ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock
[root@saltserver ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone
[root@saltserver ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd
[root@saltserver ~]# ntpdate cn.pool.ntp.org
[root@saltserver ~]# cp -f /etc/{ntp.conf,ntp.conf.bak}
[root@saltserver ~]# cat > /etc/ntp.conf <<EOF
> driftfile /var/lib/ntp/drift
> restrict default nomodify notrap nopeer noquery
> restrict 127.0.0.1
> restrict ::1
> server cn.pool.ntp.org prefer
> server 0.centos.pool.ntp.org iburst
> server 1.centos.pool.ntp.org iburst
> server 2.centos.pool.ntp.org iburst
> server 3.centos.pool.ntp.org iburst
> includefile /etc/ntp/crypto/pw
> keys /etc/ntp/keys
> disable monitor
> EOF
[root@saltserver ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak}
[root@saltserver ~]# cat > /etc/ntp/step-tickers <<EOF
> cn.pool.ntp.org
> 0.centos.pool.ntp.org
> 1.centos.pool.ntp.org
> 2.centos.pool.ntp.org
> 3.centos.pool.ntp.org
> EOF
[root@saltserver ~]# systemctl start ntpd && systemctl enable ntpd
[root@saltserver ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}
[root@saltserver ~]# mkdir ~/.pip
[root@saltserver ~]# cat > ~/.pip/pip.conf <<EOF
> [global]
> trusted-host=mirrors.aliyun.com
> index-url=http://mirrors.aliyun.com/pypi/simple/
> [list]
> format=columns
> EOF
[root@saltserver ~]# pip install --upgrade pip
[root@saltserver ~]# python -V
Python 2.7.5
[root@saltserver app]# wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tar.xz
[root@saltserver app]# xz -d Python-2.7.13.tar.xz
[root@saltserver app]# tar xf Python-2.7.13.tar
[root@saltserver app]# cd Python-2.7.13
[root@saltserver Python-2.7.13]# ./configure --prefix=/usr/local/python27
[root@saltserver Python-2.7.13]# make
[root@saltserver Python-2.7.13]# make install
[root@saltserver Python-2.7.13]# wget https://bootstrap.pypa.io/get-pip.py
[root@saltserver Python-2.7.13]# /usr/local/python27/bin/python get-pip.py
[root@saltserver Python-2.7.13]# echo 'export PYTHON_PATH=/usr/local/python27' |tee /etc/profile.d/python27.sh
[root@saltserver Python-2.7.13]# echo 'export PYTHON_BIN=$PYTHON_PATH/bin' |tee -a /etc/profile.d/python27.sh
[root@saltserver Python-2.7.13]# echo 'export PATH=$PYTHON_BIN:$PATH' |tee -a /etc/profile.d/python27.sh
[root@saltserver Python-2.7.13]# source /etc/profile
[root@saltserver Python-2.7.13]# rm -f /usr/bin/{python,pip}
[root@saltserver Python-2.7.13]# sed -i s/python/python2.7/g /usr/bin/yum
[root@saltserver Python-2.7.13]# sed -i s/python/python2.7/g /usr/libexec/urlgrabber-ext-down
[root@saltserver Python-2.7.13]# python -V
Python 2.7.13
[root@saltserver Python-2.7.13]# pip -V
pip 9.0.1 from /usr/local/python27/lib/python2.7/site-packages (python 2.7)
//salt-minion
[root@localhost ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[root@localhost ~]# hostname saltminion && echo saltminion |tee /etc/hostname
[root@localhost ~]# $SHELL
[root@saltminion ~]# echo '192.168.13.188 saltserver' |tee -a /etc/hosts
[root@saltminion ~]# echo '192.168.13.187 saltminion' |tee -a /etc/hosts
[root@saltminion ~]# mkfs.xfs /dev/vdb
[root@saltminion ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab
[root@saltminion ~]# mount -a
[root@saltminion ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf
[root@saltminion ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf
[root@saltminion ~]# ls /etc/security/limits.d/|xargs rm -f
[root@saltminion ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup}
[root@saltminion ~]# curl -o /etc/yum.repos.d/epel-6.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@saltminion ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
[root@saltminion ~]# curl -O https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
[root@saltminion ~]# rpm --import RPM-GPG-KEY-CentOS-6
[root@saltminion ~]# rm -f RPM-GPG-KEY-CentOS-6
[root@saltminion ~]# yum clean all
[root@saltminion ~]# yum makecache
[root@saltminion ~]# yum groupinstall "Development tools"
[root@saltminion ~]# yum -y install gcc gcc-c++ make cmake bison libtool autoconf automake zip unzip bzip2 zlib zlib-devel openssl openssl-devel openssl-static pcre pcre-devel bison-devel ncurses-devel tcl tcl-devel perl-Digest-SHA1 GeoIP GeoIP-devel gperftools gperftools-devel libatomic_ops-devel gtest gtest-devel glibc-devel unixODBC-devel fop libperl libpython readline readline-devel python-devel python2-pip python-crypto readline readline-static sqlite-devel bzip2-devel bzip2-libs openldap-devel gdk-pixbuf2 gdk-pixbuf2-devel libffi libffi-devel libcurl libcurl-devel http-parser http-parser-devel libssh2 libssh2-devel tk-devel gdbm-devel db4-devel libpcap-devel xz xz-devel git lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat
[root@saltminion ~]# setenforce 0
[root@saltminion ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config
[root@saltminion ~]# /etc/init.d/iptables stop && chkconfig iptables off
[root@saltminion ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@saltminion ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock
[root@saltminion ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone
[root@saltminion ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd
[root@saltminion ~]# ntpdate cn.pool.ntp.org
[root@saltminion ~]# cp -f /etc/{ntp.conf,ntp.conf.bak}
[root@saltminion ~]# cat > /etc/ntp.conf <<EOF
> driftfile /var/lib/ntp/drift
> restrict default nomodify notrap nopeer noquery
> restrict 127.0.0.1
> restrict ::1
> server cn.pool.ntp.org prefer
> server 0.centos.pool.ntp.org iburst
> server 1.centos.pool.ntp.org iburst
> server 2.centos.pool.ntp.org iburst
> server 3.centos.pool.ntp.org iburst
> includefile /etc/ntp/crypto/pw
> keys /etc/ntp/keys
> disable monitor
> EOF
[root@saltminion ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak}
[root@saltminion ~]# cat > /etc/ntp/step-tickers <<EOF
> cn.pool.ntp.org
> 0.centos.pool.ntp.org
> 1.centos.pool.ntp.org
> 2.centos.pool.ntp.org
> 3.centos.pool.ntp.org
> EOF
[root@saltminion ~]# /etc/init.d/ntpd start && chkconfig ntpd on
[root@saltminion ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}
[root@saltminion ~]# mkdir ~/.pip
[root@saltminion ~]# cat > ~/.pip/pip.conf <<EOF
> [global]
> trusted-host=mirrors.aliyun.com
> index-url=http://mirrors.aliyun.com/pypi/simple/
> [list]
> format=columns
> EOF
[root@saltminion ~]# python -V
Python 2.6.6
[root@saltminion app]# wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tar.xz
[root@saltminion app]# xz -d Python-2.7.13.tar.xz
[root@saltminion app]# tar xf Python-2.7.13.tar
[root@saltminion app]# cd Python-2.7.13
[root@saltminion Python-2.7.13]# ./configure --prefix=/usr/local/python27
[root@saltminion Python-2.7.13]# make
[root@saltminion Python-2.7.13]# make install
[root@saltminion Python-2.7.13]# wget https://bootstrap.pypa.io/get-pip.py
[root@saltminion Python-2.7.13]# echo 'export PYTHON_PATH=/usr/local/python27' |tee /etc/profile.d/python27.sh
[root@saltminion Python-2.7.13]# echo 'export PYTHON_BIN=$PYTHON_PATH/bin' |tee -a /etc/profile.d/python27.sh
[root@saltminion Python-2.7.13]# echo 'export PATH=$PYTHON_BIN:$PATH' |tee -a /etc/profile.d/python27.sh
[root@saltminion Python-2.7.13]# source /etc/profile
[root@saltminion Python-2.7.13]# rm -f /usr/bin/{python,pip}
[root@saltminion Python-2.7.13]# sed -i s/python/python2.6/g /usr/bin/yum
[root@saltminion Python-2.7.13]# python -V
Python 2.7.13
[root@saltminion Python-2.7.13]# pip -V
pip 9.0.1 from /usr/local/python27/lib/python2.7/site-packages (python 2.7)salt master/minion install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26//salt-master
[root@saltserver ~]# pip install salt
[root@saltserver ~]# mkdir -p /etc/salt
[root@saltserver ~]# cat > /etc/salt/master <<EOF
> interface: 0.0.0.0
> ipv6: False
> publish_port: 4505
> ret_port: 4506
> user: root
> EOF
[root@saltserver ~]# salt-master -c /etc/salt -d //启动master
//salt-minon
[root@saltminion ~]# pip install salt
[root@saltminion ~]# mkdir -p /etc/salt
[root@saltminion ~]# cat > /etc/salt/minion <<EOF
> master: 192.168.13.188
> master_port: 4506
> user: root
> id: 192.168.13.187
> EOF
[root@saltminion ~]# salt-minion -c /etc/salt -d //启动minionsalt master与minion 建立连接
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37//salt-master 查看秘钥
[root@saltserver ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
192.168.13.187
Rejected Keys:
//salt-master 查看 minion 秘钥信息
[root@saltserver ~]# salt-key -f 192.168.13.187
Unaccepted Keys:
192.168.13.187: 34:6d:95:cf:17:98:fc:cf:99:2d:0f:2d:e9:ec:f8:95:ac:00:ba:f7:6c:71:ab:cf:aa:4a:05:7e:8c:04:97:81
//salt-minion 查看 minion 秘钥信息
[root@saltminion ~]# salt-call --local key.finger
local:
34:6d:95:cf:17:98:fc:cf:99:2d:0f:2d:e9:ec:f8:95:ac:00:ba:f7:6c:71:ab:cf:aa:4a:05:7e:8c:04:97:81
//salt-master 接受 minion 秘钥认证
[root@saltserver ~]# salt-key -a 192.168.13.187
The following keys are going to be accepted:
Unaccepted Keys:
192.168.13.187
Proceed? [n/Y] Y
Key for minion 192.168.13.187 accepted.
[root@saltserver ~]# salt-key -L
Accepted Keys:
192.168.13.187
Denied Keys:
Unaccepted Keys:
Rejected Keys:
//salt-master 自动签发证书
方法一:
echo 'auto_accept: True' |tee -a /etc/salt/master
方法二:
salt-key -A -ysalt-master测试指令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53//salt-master 给 所有的minion 发送指令
[root@saltserver ~]# salt '*' test.ping
192.168.13.187:
True
//salt-master 查找 minion test 函数列表
[root@saltserver ~]# salt '192.168.13.187' sys.list_functions test
192.168.13.187:
- test.arg
- test.arg_repr
- test.arg_type
- test.assertion
- test.attr_call
- test.collatz
- test.conf_test
- test.cross_test
- test.echo
- test.exception
- test.false
- test.fib
- test.get_opts
- test.kwarg
- test.module_report
- test.not_loaded
- test.opts_pkg
- test.outputter
- test.ping
- test.provider
- test.providers
- test.rand_sleep
- test.rand_str
- test.retcode
- test.sleep
- test.stack
- test.true
- test.try_
- test.tty
- test.version
- test.versions
- test.versions_information
- test.versions_report
//salt-master 查找 minion test 函数使用方法
[root@saltserver ~]# salt '192.168.13.187' sys.doc test.echo
test.echo:
Return a string - used for testing the connection
CLI Example:
salt '*' test.echo 'foo bar baz quo qux'
//salt-master 执行 minion test 函数
[root@saltserver ~]# salt '192.168.13.187' test.echo 'Hello WOrld!'
192.168.13.187:
Hello WOrld!salt 远程执行命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300salt [options] '<target>' <function> [arguments]
说明:
* 第一部分,salt命令本身
* 第二部分,命令行选项
* 第三部分,目标定位字符串
* 第四部分,slat模块函数
* 第五部分,远程执行函数参数
例如:
[root@saltserver ~]# salt --summary '192.168.13.187' cmd.run 'uptime'
192.168.13.187:
14:39:06 up 5:17, 1 user, load average: 2.00, 1.93, 1.30
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 0
-------------------------------------------
//第二部分,命令行选项
* -v,--verbose 描述命令执行后,会发生什么(命令执行过程)
[root@saltserver ~]# salt --verbose '*' cmd.run_all "echo my salt"
Executing job with jid 20170804144256968580
-------------------------------------------
192.168.13.187:
----------
pid:
26067
retcode:
0
stderr:
stdout:
my salt
* --summary 显示salt命令概要
[root@saltserver ~]# salt --summary '*' cmd.run_all "echo my salt"
192.168.13.187:
----------
pid:
26073
retcode:
0
stderr:
stdout:
my salt
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 0
-------------------------------------------
* --out 控制salt执行后的输出格式
[root@saltserver ~]# salt --out=json '*' cmd.run_all "echo my salt"
{
"192.168.13.187": {
"pid": 26079,
"retcode": 0,
"stderr": "",
"stdout": "my salt"
}
}
[root@saltserver ~]# salt --out=yaml '*' cmd.run_all "echo my salt"
192.168.13.187:
pid: 26085
retcode: 0
stderr: ''
stdout: my salt
[root@saltserver ~]# salt --out=raw '*' cmd.run_all "echo my salt"
{'192.168.13.187': {'pid': 26091, 'retcode': 0, 'stderr': '', 'stdout': 'my salt'}}
//第三部分,目标定位字符串
* 全局匹配
* 任意字符,可以是空字符串
? 一个字符,不可以是空字符串
[] 字符集合
例如:
salt '*' test.ping
salt '192.168.13.*' test.ping
salt 'minion[a-z]' test.ping
* 正则表达式匹配
abc 匹配自身abc
. 匹配任意字符(除换行符)
\ 转义字符
[..] 字符集,匹配字符集中的任意一个字符
\d 匹配数字[0-9]
\D 匹配非数字[^\d]
\s 匹配空白字符[<空格>\n\t\r\v\f]
\S 匹配非空字符[^\s]
\w 匹配单词字符[a-zA-Z0-9]
\W 匹配非单词字符[^\w]
* 匹配前一个字符0次或无限次
+ 匹配前一个字符1次或无限次
? 匹配前一个字符0次或1次
{m} 匹配前一个字符m次
{m,n} 匹配前一个字符m到n次
^ 匹配字符串开头
$ 匹配字符串结尾
| 逻辑或
(..) 表达式分组,作为一个整体
(?P<name>...) 指定别名
(?P<name>) 引用别名
例如:
salt -E 'minion' test.ping
salt -E '.*' test.ping
salt -E '^minion-*' test.ping
salt -E '*-minion$' test.ping
* 列表匹配
salt -L 'minion1' test.ping
salt -L 'minion1,minion2,minion3' test.ping
配置文件中定义nodegroups:
/etc/salt/master:
modegroups:
minions:
- minion1
- minion2
salt -N minions test.ping
* grain 和 pillar 匹配
grain和pillar都是以key/value形式存储的数据库
grain是由minion返回给master的数据;而pillar是存储在master上的数据
每个minion可以看到自己的pillar,grain可以看做是主机的元数据(metadata)
换言之,一个minion可以告诉master自己的grain数据,而minion需要从master索取pillar数据
* grains
grains可以认为是描述minion本身固有属性的静态数据
例如:
//检索所有属性
[root@saltserver ~]# salt --out=yaml '192.168.13.187' grains.items
//检索os属性
[root@saltserver ~]# salt --out=yaml '192.168.13.187' grains.item os
{
"192.168.13.187": {
"os": "CentOS"
}
}
//通过grain定位主机
[root@saltserver ~]# salt -G 'os:CentOS' test.ping
192.168.13.187:
True
//自定义grain
[root@saltserver ~]# salt '192.168.13.187' grains.setval cpu_num 8
or:
[root@saltserver ~]# salt '192.168.13.187' grains.setval cpu_info ['Intel','Xeon','8']
//删除自定义grain
[root@saltserver ~]# salt '192.168.13.187' grains.delval cpu_info
注意: 自定义grain一般存储在"/etc/salt/grains"文件中,修改该文件,删除自定义内容,重启salt-minion服务
* pillar
pillars数据类似grains,不同之处在于pillars数据可以定义为更加动态的形式,并且是一个安全的数据库
例如:
//列出主机所有pillar数据
[root@saltserver ~]# salt '192.168.13.187' pillar.items
192.168.13.187:
----------
//查看单个数据命令
[root@saltserver ~]# salt '192.168.13.187' pillar.item role
//pillar定位主机
[root@saltserver ~]# salt -I 'role:web' test.ping
* 复合匹配
G G@os:CentOS
E E@web\d+\(dev|qa|prod)\.loc
P P@os:(redhat|centos|fedora)
L L@minion1,minion2,minion3
I I@pdata:foobar
S S@192.168.1.0/24 or S@192.168.1.100
R R@%foo.bar
例如:
salt -C 'minion-* and G@os:CentOS not E@.*-two$' test.ping
//第四部分,slat模块函数 和 第五部分,远程执行函数参数
远程执行模块构成:
远程执行命令的最后一部分是我们需要运行的模块以及相关函数和对应的执行参数
模块可以认为是函数的逻辑分组,一系列的函数组合在一起构成一个模块
所有的远程执行命令格式都是"<module>.<function>"格式,例如:
[root@saltserver ~]# salt '192.168.13.187' sys.list_modules
[root@saltserver ~]# salt '192.168.13.187' sys.list_functions test
[root@saltserver ~]# salt '192.168.13.187' sys.doc test.sleep
* 远程命令执行模块
[root@saltserver ~]# salt '*' cmd.run 'ps aux|wc -l'
192.168.13.187:
139
[root@saltserver ~]# salt '*' cmd.run_all 'ps aux|wc -l'
192.168.13.187:
----------
pid:
26257
retcode:
0
stderr:
stdout:
139
* 安装包管理
[root@saltserver ~]# salt '192.168.13.187' pkg.install "httpd"
192.168.13.187:
----------
apr-util-ldap:
----------
new:
1.3.9-3.el6_0.1
old:
httpd:
----------
new:
2.2.15-60.el6.centos.4
old:
httpd-tools:
----------
new:
2.2.15-60.el6.centos.4
old:
[root@saltserver ~]# salt '192.168.13.187' pkg.version "httpd"
192.168.13.187:
2.2.15-60.el6.centos.4
[root@saltserver ~]# salt '192.168.13.187' pkg.remove "httpd"
192.168.13.187:
----------
httpd:
----------
new:
old:
2.2.15-60.el6.centos.4
* 管理服务模块
[root@saltserver ~]# salt '192.168.13.187' service.status "httpd"
192.168.13.187:
False
[root@saltserver ~]# salt '192.168.13.187' service.start "httpd"
192.168.13.187:
True
[root@saltserver ~]# salt '192.168.13.187' service.stop "httpd"
192.168.13.187:
True
* 文件管理模块
[root@saltserver ~]# salt '192.168.13.187' file.stats '/etc/yum.conf'
192.168.13.187:
----------
atime:
1501780111.82
ctime:
1499286732.05
gid:
0
group:
root
inode:
1044735
mode:
0644
mtime:
1361532394.0
size:
969
target:
/etc/yum.conf
type:
file
uid:
0
user:
root
.168.13.187:
None
[root@saltserver ~]# salt '192.168.13.187' file.chown /etc/yum.conf root root
192.168.13.187:
None
* 用户管理模块
slat '*' user.add <name> <uid> <gid> <groups> <home> <shell>
slat '*' user.delete <name>
slat '*' user.info <name>