Common modules of SaltStack
SaltStack module introduction
Environmental description
role | host name | IP address |
---|---|---|
salt-master | master | 192.168.47.115 |
salt-minion | minion | 192.168.47.120 |
Official documents: https://docs.saltproject.io/en/latest/
Module is one of the components that SaltStack contacts most in daily use. It is used to manage object operations. It is also the entrance for SaltStack to manage by pushing. For example, our daily simple tasks such as executing commands, viewing package installation and service operation are realized through SaltStack Module.
After installing the Master and Minion packages, many modules will be installed on the system. You can view the list of all supported modules through the following command:
//View a list of all module s [root@master ~]# salt 'minion' sys.list_modules minion: - acl - aliases - alternatives - apache - archive - artifactory - baredoc - beacons - bigip - btrfs - buildout - chroot - cloud - cmd - composer - config - consul - container_resource - Omitted here N that 's ok //View all function s of the specified module [root@master ~]# salt 'minion' sys.list_functions cmd minion: - cmd.exec_code - cmd.exec_code_all - cmd.has_exec - cmd.powershell - cmd.powershell_all - cmd.retcode - cmd.run - cmd.run_all - cmd.run_bg - cmd.run_chroot - cmd.run_stderr - cmd.run_stdout - cmd.script - cmd.script_retcode - cmd.shell - cmd.shell_info - cmd.shells - cmd.tty - cmd.which - cmd.which_bin //View the usage of the specified module - cmd.which_bin [root@master ~]# salt 'minion' sys.doc cmd cmd.exec_code: Pass in two strings, the first naming the executable language, aka - python2, python3, ruby, perl, lua, etc. the second string containing the code you wish to execute. The stdout will be returned. All parameters from :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` except python_shell can be used. CLI Example: salt '*' cmd.exec_code ruby 'puts "cheese"' salt '*' cmd.exec_code ruby 'puts "cheese"' args='["arg1", "arg2"]' env='{"FOO": "bar"}' cmd.exec_code_all: Pass in two strings, the first naming the executable language, aka - python2, python3, ruby, perl, lua, etc. the second string containing the code you wish to execute. All cmd artifacts (stdout, stderr, retcode, pid) will be returned. All parameters from :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` except python_shell can be used. ...Omitted here N that 's ok... //SaltStack also supports the execution of multiple modules at a time by default. Module s are separated by commas. By default, parameters are separated by commas. It also supports specifying the parameter separator -- args separator = @ [root@master ~]# salt 'minion' test.echo,cmd.run,service.status apache,date,salt-minion minion: ---------- cmd.run: Thu Nov 4 02:00:33 CST 2021 service.status: True test.echo: apache
Common modules of SaltStack
network of common modules of SaltStack
network.active_tcp
Returns all active tcp connections
[root@master ~]# salt 'minion' network.active_tcp minion: ---------- 0: ---------- local_addr: 192.168.47.120 local_port: 22 remote_addr: 192.168.47.1 remote_port: 52971 1: ---------- local_addr: 192.168.47.120 local_port: 56166 remote_addr: 192.168.47.115 remote_port: 4505
network.calc_net
Calculate the network segment through IP and subnet mask
[root@master ~]# salt 'minion' network.calc_net 192.168.47.0 255.255.255.0 minion: 192.168.47.0/24 [root@master ~]# salt 'minion' network.calc_net 192.168.47.115 255.255.248.0 minion: 192.168.40.0/21
network.connect
Test whether the network from minion to a server is connected
[root@master ~]# salt 'minion' network.connect baidu.com 80 minion: ---------- comment: Successfully connected to baidu.com (220.181.38.148) on tcp port 80 result: True [root@master ~]# salt 'minion' network.connect 192.168.47.120 22 minion: ---------- comment: Successfully connected to 192.168.47.120 (192.168.47.120) on tcp port 22 result: True
network.default_route
View default routes
[root@master ~]# salt 'minion' network.default_route minion: |_ ---------- addr_family: inet destination: 0.0.0.0 flags: UG gateway: 192.168.47.2 interface: ens160 netmask: 0.0.0.0 |_ ---------- addr_family: inet6 destination: ::/0 flags: !n gateway: :: interface: lo netmask: |_ ---------- addr_family: inet6 destination: ::/0 flags: !n gateway: :: interface: lo netmask:
network.get_fqdn
View FQDN (fully qualified domain name) of the host
[root@master ~]# salt 'minion' network.get_fqdn minion: minion
network.get_hostname
Get host name
[root@master ~]# salt 'minion' network.get_hostname minion: minion #The hostname of the controlled end is modified here so that you can see the effect. After reading it, you can modify it back [root@minion ~]# hostnamectl set-hostname minion_minion [root@minion ~]# bash [root@master ~]# salt 'minion' network.get_hostname minion: minion_minion
network.get_route
Query the routing information of a target network
[root@master ~]# salt 'minion' network.get_route 192.168.200.0 minion: ---------- destination: 192.168.200.0 gateway: 192.168.47.2 interface: ens160 source: 192.168.47.120
network.hw_addr
Returns the MAC address of the specified network card
[root@master ~]# salt 'minion' network.hw_addr ens160 minion: 00:0c:29:da:55:0e
network.ifacestartswith
Retrieves the interface name from a specific CIDR
[root@master ~]# salt 'minion' network.ifacestartswith 192 minion: - ens160
network.in_subnet
Judge whether the current host is in a network segment
[root@master ~]# salt 'minion' network.in_subnet 192.168.144.0/24 minion: False [root@master ~]# salt 'minion' network.in_subnet 192.168.47.0/24 minion: True [root@master ~]# salt 'minion' network.in_subnet 192.168.0.0/16 minion: True
network.interface
Returns the information of the specified network card
[root@master ~]# salt 'minion' network.interface ens160 minion: |_ ---------- address: 192.168.47.120 broadcast: 192.168.47.255 label: ens160 netmask: 255.255.255.0
network.interface_ip
Returns the IP address of the specified network card
[root@master ~]# salt 'minion' network.interface_ip ens160 minion: 192.168.47.120
network.interfaces
Returns all network card information in the current system
[root@master ~]# salt 'minion' network.interfaces minion: ---------- ens160: ---------- hwaddr: 00:0c:29:da:55:0e inet: |_ ---------- address: 192.168.47.120 broadcast: 192.168.47.255 label: ens160 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::20c:29ff:feda:550e prefixlen: 64 scope: link up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 inet6: |_ ---------- address: ::1 prefixlen: 128 scope: host up: True
network.ip_addrs
Returns a list of IPv4 addresses
This function will ignore the address of 127.0.0.1
[root@master ~]# salt 'minion' network.ip_addrs minion: - 192.168.47.120
network.netstat
Returns all open ports and status
[root@master ~]# salt 'minion' network.netstat minion: |_ ---------- inode: 26515 local-address: 0.0.0.0:22 program: 1017/sshd proto: tcp recv-q: 0 remote-address: 0.0.0.0:* send-q: 0 state: LISTEN user: 0 |_ ---------- inode: 0 local-address: 192.168.47.120:39798 program: - proto: tcp recv-q: 0 remote-address: 192.168.47.115:4506 send-q: 0 state: TIME_WAIT user: 0 |_ ---------- inode: 0 local-address: 192.168.47.120:39794 program: - proto: tcp recv-q: 0 remote-address: 192.168.47.115:4506 send-q: 0 state: TIME_WAIT user: 0 |_ ---------- inode: 32049 local-address: 192.168.47.120:22 program: 1900/sshd: proto: tcp recv-q: 0 remote-address: 192.168.47.1:52971 send-q: 0 state: ESTABLISHED user: 0 |_ ---------- inode: 0 local-address: 192.168.47.120:39796 program: - proto: tcp recv-q: 0 remote-address: 192.168.47.115:4506 send-q: 0 state: TIME_WAIT user: 0 |_ ---------- inode: 30920 local-address: 192.168.47.120:56166 program: 1599/python3.6 proto: tcp recv-q: 0 remote-address: 192.168.47.115:4505 send-q: 0 state: ESTABLISHED user: 0 |_ ---------- inode: 26554 local-address: :::80 program: 1011/httpd proto: tcp6 recv-q: 0 remote-address: :::* send-q: 0 state: LISTEN user: 0 |_ ---------- inode: 26517 local-address: :::22 program: 1017/sshd proto: tcp6 recv-q: 0 remote-address: :::* send-q: 0 state: LISTEN user: 0 |_ ---------- inode: 26107 local-address: 127.0.0.1:323 program: 992/chronyd proto: udp recv-q: 0 remote-address: 0.0.0.0:* send-q: 0 user: 0 |_ ---------- inode: 26108 local-address: ::1:323 program: 992/chronyd proto: udp6 recv-q: 0 remote-address: :::* send-q: 0 user: 0
network.ping
Use the ping command to test connectivity to a host
[root@master ~]# salt 'minion' network.ping baidu.com minion: PING baidu.com (220.181.38.148) 56(84) bytes of data. 64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=24.6 ms 64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=2 ttl=128 time=29.3 ms 64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=3 ttl=128 time=50.8 ms 64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=4 ttl=128 time=72.5 ms --- baidu.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 9ms rtt min/avg/max/mdev = 24.575/44.296/72.489/19.051 ms
network.reverse_ip
Returns the reverse address of a specified IP address
root@master ~]# salt 'minion' network.reverse_ip 192.168.200.0 minion: 0.200.168.192.in-addr.arpa
service of common modules of SaltStack
service.available
Determine whether the specified service is available
//View the httpd service status on the minion side [root@minion ~]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2021-11-04 01:54:53 CST; 21min ago Docs: man:httpd.service(8) Main PID: 1011 (httpd) Status: "Running, listening on: port 80" Tasks: 213 (limit: 11300) Memory: 45.9M CGroup: /system.slice/httpd.service ├─1011 /usr/sbin/httpd -DFOREGROUND ├─1062 /usr/sbin/httpd -DFOREGROUND ├─1065 /usr/sbin/httpd -DFOREGROUND ├─1067 /usr/sbin/httpd -DFOREGROUND └─1069 /usr/sbin/httpd -DFOREGROUND 11 April 1:54:53 minion systemd[1]: Starting The Apache HTTP Server... 11 April 1:54:53 minion httpd[1011]: AH00558: httpd: Could not reliably determine the server's f> 11 April 1:54:53 minion systemd[1]: Started The Apache HTTP Server. 11 April 1:54:53 minion httpd[1011]: Server configured, listening on: port 80 //Execute the module on the master side to view the httpd status [root@master ~]# salt 'minion' service.available httpd minion: True //Execute the module on the master side to view the nginx status [root@minion ~]# systemctl status nginx Unit nginx.service could not be found. [root@master ~]# salt 'minion' service.available nginx minion: False
service.get_all
Get all running services
[root@master ~]# salt 'minion' service.get_all minion: - NetworkManager - NetworkManager-dispatcher - NetworkManager-wait-online - arp-ethers - auditd - autovt@ - basic.target - blk-availability - bluetooth.target - console-getty - container-getty@ - cpupower - crond - Omitted here N that 's ok
service.disabled
Check whether the specified service is started or not
#The past tense is to check whether the status is satisfied #If False, it indicates that it is started automatically [root@master ~]# salt 'minion' service.disabled httpd minion: False
service.enabled
Check whether the specified service starts automatically
[root@master ~]# salt 'minion' service.enabled httpd minion: True
service.disable
Set the specified service to start automatically
[root@master ~]# salt 'minion' service.disable httpd minion: True [root@master ~]# salt 'minion' service.enabled httpd minion: False
service.enable
Set the specified service to start automatically
[root@master ~]# salt 'minion' service.enable httpd minion: True [root@master ~]# salt 'minion' service.enabled httpd minion: True
service.reload
Reload the specified service
[root@master ~]# salt 'minion' service.reload httpd minion: True
service.stop
Stop the specified service
[root@master ~]# salt 'minion' service.stop httpd minion: True //View effect [root@minion ~]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: inactive (dead) since Thu 2021-11-04 02:23:29 CST; 8s ago Docs: man:httpd.service(8) Process: 45471 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS) Process: 1011 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS) Main PID: 1011 (code=exited, status=0/SUCCESS) Status: "Configuration loaded." 11 April 1:54:53 minion systemd[1]: Starting The Apache HTTP Server... 11 April 1:54:53 minion httpd[1011]: AH00558: httpd: Could not reliably determine the server's f> 11 April 1:54:53 minion systemd[1]: Started The Apache HTTP Server. 11 April 1:54:53 minion httpd[1011]: Server configured, listening on: port 80 11 April 2:23:05 minion systemd[1]: Reloading The Apache HTTP Server. 11 April 2:23:16 minion httpd[45471]: AH00558: httpd: Could not reliably determine the server's > 11 April 2:23:16 minion systemd[1]: Reloaded The Apache HTTP Server. 11 April 2:23:26 minion httpd[1011]: Server configured, listening on: port 80 11 April 2:23:28 minion systemd[1]: Stopping The Apache HTTP Server... 11 April 2:23:29 minion systemd[1]: Stopped The Apache HTTP Server.
service.start
Start the specified service
[root@master ~]# salt 'minion' service.start httpd minion: True //View effect [root@minion ~]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: reloading (reload) since Thu 2021-11-04 02:24:02 CST; 7s ago Docs: man:httpd.service(8) Process: 45471 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS) Main PID: 47253 (httpd) Status: "Reading configuration..." Tasks: 1 (limit: 11300) Memory: 3.4M CGroup: /system.slice/httpd.service └─47253 /usr/sbin/httpd -DFOREGROUND 11 April 2:24:02 minion systemd[1]: Starting The Apache HTTP Server... 11 April 2:24:02 minion httpd[47253]: AH00558: httpd: Could not reliably determine the server's > 11 April 2:24:02 minion systemd[1]: Started The Apache HTTP Server.
service.restart
Restart the specified service
[root@master ~]# salt 'minion' service.restart httpd minion: True
service.status
View the status of the specified service
[root@master ~]# salt 'minion' service.status httpd minion: True
pkg of common modules of SaltStack
pkg.download
Only download packages but do not install
This function will download the specified software package, but you need to install Yum utils on the minion side. You can use cmd.run for remote installation
[root@master ~]# salt 'minion' pkg.download wget minion: ---------- wget: /var/cache/yum/packages/wget-1.19.5-10.el8.x86_64.rpm #Put the downloaded software here //View effect [root@minion ~]# ll /var/cache/yum/packages/ Total consumption 736 -rw-r--r-- 1 root root 751256 11 April 2:24 wget-1.19.5-10.el8.x86_64.rpm
pkg.file_list
Lists the files for the specified package or all packages installed on the system
//Lists all files provided by the installed apache package [root@master ~]# salt 'minion' pkg.file_list httpd minion: ---------- errors: files: - /etc/logrotate.d/httpd - /etc/httpd/fastcgi.conf - /etc/httpd/fastcgi.conf.default - /etc/httpd/fastcgi_params - /etc/httpd/fastcgi_params.default - /etc/httpd/koi-utf - /etc/httpd/koi-win - /etc/httpd/mime.types - /etc/httpd/mime.types.default - /etc/httpd/httpd.conf - /etc/httpd/httpd.conf.default - /etc/httpd/scgi_params - /etc/httpd/scgi_params.default - /etc/httpd/uwsgi_params - /etc/httpd/uwsgi_params.default - /etc/httpd/win-utf - /usr/bin/httpd-upgrade - /usr/lib/.build-id - /usr/lib/.build-id/2d - /usr/lib/.build-id/2d/da6018ae12edb856ad3d2cf61bf586b6b4873c - /usr/lib/systemd/system/httpd.service - /usr/lib64/httpd/modules - /usr/sbin/httpd - /usr/share/doc/httpd - /usr/share/doc/httpd/CHANGES - /usr/share/doc/httpd/README - /usr/share/doc/httpd/README.dynamic - /usr/share/licenses/httpd - /usr/share/licenses/httpd/LICENSE - /usr/share/man/man3/httpd.3pm.gz - /usr/share/man/man8/httpd-upgrade.8.gz - /usr/share/man/man8/httpd.8.gz - /usr/share/httpd/html/404.html - /usr/share/httpd/html/50x.html - /usr/share/httpd/html/index.html - /usr/share/httpd/html/httpd-logo.png - /usr/share/httpd/html/poweredby.png - /usr/share/vim/vimfiles/ftdetect/httpd.vim - /usr/share/vim/vimfiles/indent/httpd.vim - /usr/share/vim/vimfiles/syntax/httpd.vim - /var/lib/httpd - /var/lib/httpd/tmp - /var/log/httpd //When no parameters are provided, the file list of all installed software in the current system will be listed [root@master ~]# salt 'minion' pkg.file_list minion: ---------- errors: files: VALUE_TRIMMED
pkg.group_info
View package group information
[root@master ~]# salt 'minion' pkg.group_info 'Development Tools' minion: ---------- conditional: default: - asciidoc - byacc - ctags - diffstat - elfutils-libelf-devel - git - intltool - jna - ltrace - patchutils - perl-Fedora-VSP - perl-Sys-Syslog - perl-generators - pesign - source-highlight - systemtap - valgrind - valgrind-devel description: A basic development environment. group: Development Tools id: None mandatory: - autoconf - automake - binutils - bison - flex - gcc - gcc-c++ - gdb - glibc-devel - libtool - make - pkgconf - pkgconf-m4 - pkgconf-pkg-config - redhat-rpm-config - rpm-build - rpm-sign - strace optional: - cmake - expect - rpmdevtools - rpmlint type: package group
pkg.group_list
Lists all package groups in the system
[root@master ~]# salt 'minion' pkg.group_list minion: ---------- available: - Conflicts BaseOS - Dial-up Networking Support - Hardware Monitoring Utilities - Hardware Support - Large Systems Performance - Legacy UNIX Compatibility - Python Web - Server product core - Windows File Server - Additional Development - Anaconda tools - Backup Client - Base - base-x - Conflicts AppStream - Container Management - Debugging Tools - Desktop Debugging and Performance Tools - Development Tools - .NET Core Development - File and Storage Server - Fonts - FTP Server - GNOME Applications - GNOME - Graphical Administration Tools - Graphics Creation Tools - Guest Agents - Guest Desktop Agents - Headless Management - Infiniband Support - Input Methods - Internet Applications - Internet Browser - Java Platform - Legacy X Window System Compatibility - Mail Server - Mainframe Access - Multimedia - Network File System Client - Network Servers - Networking Tools - Common NetworkManager submodules - Office Suite and Productivity - Atomic Host ostree support - Performance Tools - Platform Development - KVM platform specific packages - Hyper-v platform specific packages - Printing Client - Remote Desktop Clients - Remote Management for Linux - RPM Development Tools - Scientific Support - Security Tools - Smart Card Support - Standard - System Tools - TeX formatting system - Virtualization Client - Virtualization Hypervisor - Virtualization Platform - Virtualization Tools - Basic Web Server - Workstation product core available environments: - Server with GUI - Server - Workstation - Custom Operating System - Virtualization Host available languages: ---------- installed: - Core - VMware platform specific packages installed environments: - Minimal Install
pkg.install
Install software
#Description wget is installed [root@master ~]# salt 'minion' pkg.install wget minion: ---------- [root@master ~]# salt 'minion' pkg.install httpd minion: ---------- httpd: ---------- new: 2.4.37-39.module_el8.4.0+950+0577e6ac.1 old: 2.4.37-39.module_el8.4.0+778+c970deab httpd-filesystem: ---------- new: 2.4.37-39.module_el8.4.0+950+0577e6ac.1 old: 2.4.37-39.module_el8.4.0+778+c970deab httpd-tools: ---------- new: 2.4.37-39.module_el8.4.0+950+0577e6ac.1 old: 2.4.37-39.module_el8.4.0+778+c970deab
pkg.list_downloaded
Lists the packages that have been downloaded locally
[root@master ~]# salt 'minion' pkg.list_downloaded minion: ----------
pkg.list_pkgs
Lists the currently installed packages as a dictionary
[root@master ~]# salt 'minion' pkg.list_pkgs minion: ---------- NetworkManager: 1:1.22.8-4.el8 NetworkManager-libnm: 1:1.22.8-4.el8 NetworkManager-team: 1:1.22.8-4.el8 NetworkManager-tui: 1:1.22.8-4.el8 acl: 2.2.53-1.el8 ...Omitted here N that 's ok
pkg.owner
Lists which package provides the specified file
[root@master ~]# salt 'minion' pkg.owner /usr/bin/ls minion: coreutils [root@master ~]# salt 'minion' pkg.owner /etc/httpd/conf/httpd.conf minion: httpd
pkg.remove
Uninstall the specified software
[root@master ~]# salt 'minion' cmd.run 'rpm -qa|grep wget' minion: wget-1.19.5-10.el8.x86_64 [root@master ~]# salt 'minion' pkg.remove wget minion: ---------- wget: ---------- new: old: 1.19.5-10.el8 #To unload multiple files, separate them with commas
pkg.upgrade
Upgrade all software packages in the system or upgrade the specified software packages
[root@master ~]# salt 'minion' pkg.upgrade name=httpd minion: ---------- #If you want to upgrade all software packages in the system, remove the name parameter
state of common SaltStack modules
state.show_highstate
Displays the advanced status of the current system
[root@master ~]# cat /srv/salt/base/web/apache/install.sls httpd-install: pkg.installed: - name: httpd [root@master ~]# cat /srv/salt/base/top.sls base: 'os:Redhat': - match: grain - web.apache.install [root@master ~]# salt 'minion' state.show_highstate minion: ---------- httpd-install: ---------- __env__: base __sls__: web.apache.install pkg: |_ ---------- name: httpd - installed |_ ---------- order: 10000
state.highstate
Execute advanced status
[root@master ~]# salt 'minion' state.highstate web.apache.install minion: ---------- ID: httpd-install Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 02:49:29.353797 Duration: 583.489 ms Changes: Summary for minion ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 Total run time: 583.489 ms
state.show_state_usage
Displays the execution of advanced status in the current system
[root@master ~]# salt 'minion' state.show_state_usage minion: ---------- base: ---------- count_all: 2 count_unused: 1 count_used: 1 unused: - top used: - web.apache.install dev: ---------- count_all: 0 count_unused: 0 count_used: 0 unused: used: prod: ---------- count_all: 0 count_unused: 0 count_used: 0 unused: used: test: ---------- count_all: 0 count_unused: 0 count_used: 0 unused: used:
state.show_top
Returns the top-level data that minion will use for highstate
[root@master ~]# salt 'minion' state.show_top minion: ---------- base: - web.apache.install
state.top
Execute the specified top file instead of the default
[root@master ~]# salt 'minion' state.top top.sls minion: ---------- ID: httpd-install Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 02:50:27.247421 Duration: 570.522 ms Changes: Summary for minion ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 Total run time: 570.522 ms
state.show_sls
Displays the status data in a specific sls or sls file list on the master
[root@master ~]# salt 'minion' state.show_sls web.apache.install minion: ---------- httpd-install: ---------- __env__: base __sls__: web.apache.install pkg: |_ ---------- name: httpd - installed |_ ---------- order: 10000
user of common modules of SaltStack
- View the related functions of the user module
[root@master ~]# salt 'minion' sys.list_functions user minion: - user.add - user.chfullname - user.chgid - user.chgroups - user.chhome - user.chhomephone - user.chloginclass - user.chother - user.chroomnumber - user.chshell - user.chuid - user.chworkphone - user.delete - user.get_loginclass - user.getent - user.info - user.list_groups - user.list_users - user.primary_group - user.rename
user.add
Create a user on the minion side. Usage: salt '*' user.add name
[root@master ~]# salt 'minion' user.add tanjie minion: True
user.info
Returns the specified user information
[root@master ~]# salt 'minion' user.info tanjie minion: ---------- fullname: gid: 1001 groups: - tanjie home: /home/tanjie homephone: name: tanjie other: passwd: x roomnumber: shell: /bin/bash uid: 1001 workphone:
user.getent
Returns a list of all system user information
[root@master ~]# salt 'minion' user.getent minion: |_ ---------- fullname: root gid: 0 groups: - root home: /root homephone: name: root other: passwd: x roomnumber: shell: /bin/bash uid: 0 workphone: |_ ---------- fullname: bin gid: 1 groups: - bin home: /bin homephone: name: bin other: passwd: x roomnumber: shell: /sbin/nologin uid: 1 workphone: |_ ---------- fullname: daemon gid: 2 groups: - daemon home: /sbin homephone: name: daemon other: passwd: x roomnumber: shell: /sbin/nologin uid: 2 workphone: |_ ---------- fullname: adm gid: 4 groups: - adm home: /var/adm homephone: name: adm other: passwd: x roomnumber: shell: /sbin/nologin uid: 3 workphone: |_ ---------- fullname: lp gid: 7 groups: - lp home: /var/spool/lpd homephone: name: lp other: passwd: x roomnumber: shell: /sbin/nologin uid: 4 workphone: |_ ---------- fullname: sync gid: 0 groups: - root home: /sbin homephone: name: sync other: passwd: x roomnumber: shell: /bin/sync uid: 5 workphone: |_ ---------- fullname: shutdown gid: 0 groups: - root home: /sbin homephone: name: shutdown other: passwd: x roomnumber: shell: /sbin/shutdown uid: 6 workphone: |_ ---------- fullname: halt gid: 0 groups: - root home: /sbin homephone: name: halt other: passwd: x roomnumber: shell: /sbin/halt uid: 7 workphone: |_ ---------- fullname: mail gid: 12 groups: - mail home: /var/spool/mail homephone: name: mail other: passwd: x roomnumber: shell: /sbin/nologin uid: 8 workphone: |_ ---------- fullname: operator gid: 0 groups: - root home: /root homephone: name: operator other: passwd: x roomnumber: shell: /sbin/nologin uid: 11 workphone: |_ ---------- fullname: games gid: 100 groups: - users home: /usr/games homephone: name: games other: passwd: x roomnumber: shell: /sbin/nologin uid: 12 workphone: |_ ---------- fullname: FTP User gid: 50 groups: - ftp home: /var/ftp homephone: name: ftp other: passwd: x roomnumber: shell: /sbin/nologin uid: 14 workphone: |_ ---------- fullname: Kernel Overflow User gid: 65534 groups: - nobody home: / homephone: name: nobody other: passwd: x roomnumber: shell: /sbin/nologin uid: 65534 workphone: |_ ---------- fullname: System message bus gid: 81 groups: - dbus home: / homephone: name: dbus other: passwd: x roomnumber: shell: /sbin/nologin uid: 81 workphone: |_ ---------- fullname: systemd Core Dumper gid: 997 groups: - systemd-coredump home: / homephone: name: systemd-coredump other: passwd: x roomnumber: shell: /sbin/nologin uid: 999 workphone: |_ ---------- fullname: systemd Resolver gid: 193 groups: - systemd-resolve home: / homephone: name: systemd-resolve other: passwd: x roomnumber: shell: /sbin/nologin uid: 193 workphone: |_ ---------- fullname: Account used by the trousers package to sandbox the tcsd daemon gid: 59 groups: - tss home: /dev/null homephone: name: tss other: passwd: x roomnumber: shell: /sbin/nologin uid: 59 workphone: |_ ---------- fullname: User for polkitd gid: 996 groups: - polkitd home: / homephone: name: polkitd other: passwd: x roomnumber: shell: /sbin/nologin uid: 998 workphone: |_ ---------- fullname: Unbound DNS resolver gid: 995 groups: - unbound home: /etc/unbound homephone: name: unbound other: passwd: x roomnumber: shell: /sbin/nologin uid: 997 workphone: |_ ---------- fullname: User for sssd gid: 993 groups: - sssd home: / homephone: name: sssd other: passwd: x roomnumber: shell: /sbin/nologin uid: 996 workphone: |_ ---------- fullname: Privilege-separated SSH gid: 74 groups: - sshd home: /var/empty/sshd homephone: name: sshd other: passwd: x roomnumber: shell: /sbin/nologin uid: 74 workphone: |_ ---------- fullname: gid: 992 groups: - chrony home: /var/lib/chrony homephone: name: chrony other: passwd: x roomnumber: shell: /sbin/nologin uid: 995 workphone: |_ ---------- fullname: Random Number Generator Daemon gid: 991 groups: - rngd home: /var/lib/rngd homephone: name: rngd other: passwd: x roomnumber: shell: /sbin/nologin uid: 994 workphone: |_ ---------- fullname: tj gid: 1000 groups: - tj home: /home/tj homephone: name: tj other: passwd: x roomnumber: shell: /bin/bash uid: 1000 workphone: |_ ---------- fullname: Apache gid: 48 groups: - apache home: /usr/share/httpd homephone: name: apache other: passwd: x roomnumber: shell: /sbin/nologin uid: 48 workphone: |_ ---------- fullname: gid: 1001 groups: - tanjie home: /home/tanjie homephone: name: tanjie other: passwd: x roomnumber: shell: /bin/bash uid: 1001 workphone:
user.chgid
Change user GID
[root@master ~]# salt 'minion' cmd.run 'id tanjie' minion: uid=1001(tanjie) gid=1001(tanjie) groups=1001(tanjie) [root@master ~]# salt 'minion' user.chgid tanjie 1000 minion: True [root@master ~]# salt 'minion' cmd.run 'id tanjie' minion: uid=1001(tanjie) gid=1000(tj) groups=1000(tj)
user.chuid
Change user UID
[root@master ~]# salt 'minion' cmd.run 'id tanjie' minion: uid=1001(tanjie) gid=1000(tj) groups=1000(tj) [root@master ~]# salt 'minion' user.chuid tanjie 6666 minion: True [root@master ~]# salt 'minion' user.chuid tanjie 6666 minion: True [root@master ~]# salt 'minion' cmd.run 'id tanjie' minion: uid=6666(tanjie) gid=1000(tj) groups=1000(tj)
user.list_groups
Lists the groups to which the specified user belongs
[root@master ~]# salt 'minion' user.list_groups tanjie minion: - tj
user.rename
Modify the user name of the specified user
[root@master ~]# salt 'minion' cmd.run 'id tanjie' minion: uid=6666(tanjie) gid=1000(tj) groups=1000(tj) [root@master ~]# salt 'minion' user.rename tanjie jie minion: False minion: False #Although False is returned, the operation is successful [root@master ~]# salt 'minion' cmd.run 'id 6666' minion: uid=6666(jie) gid=1000(tj) groups=1000(tj)
user.delete
Delete a user on the minion side
[root@master ~]# salt 'minion' cmd.run 'id 6666' minion: uid=6666(jie) gid=1000(tj) groups=1000(tj) [root@master ~]# salt 'minion' user.delete jie minion: True [root@master ~]# salt 'minion' cmd.run 'id jie' minion: id: 'jie': no such user ERROR: Minions returned with non-zero exit code
cp of common modules of SaltStack
- View the related functions of the cp module
[root@master ~]# salt 'minion' sys.list_functions cp minion: - cp.cache_dest - cp.cache_dir - cp.cache_file - cp.cache_files - cp.cache_local_file - cp.cache_master - cp.envs - cp.get_dir - cp.get_file - cp.get_file_str - cp.get_template - cp.get_url - cp.hash_file - cp.is_cached - cp.list_master - cp.list_master_dirs - cp.list_master_symlinks - cp.list_minion - cp.list_states - cp.push - cp.push_dir - cp.recv - cp.recv_chunked - cp.stat_file
cp module
The client's operations on the file server are all in the cp module. Salt State system,
Salt CP can also be used instead
Basic explanation:
salt root directory: file in master_ Paths defined by roots
For example, suppose the master has the following definitions:
file_roots: base: - /srv/salt/base
Then: Salt: / / refers to the actual path: / srv/salt/base. The advantage of this is that it can meet the concept of environment in the state system.
cp.get_file
[root@master ~]# cd /srv/salt/base/ [root@master base]# ls top.sls web [root@master base]# salt 'minion' cp.get_file salt://top.sls /opt/ minion: /opt/top.sls [root@master base]# salt 'minion' cmd.run 'ls /opt' minion: top.sls #If the client directory is not present, create a directory [root@master base]# salt 'minion' cp.get_file salt://top.sls /test/ makedirs=True minion: /test/top.sls be careful: cp.get_file By default, no directory is created on the client. If there is no directory on the client and it is not specified makedirs=True,File copy will fail.
cp.get_url
Download the file from a URL. The URL can be a path on msater (salt: / /) or an http URL.
cp.push
Transferring files from the client to the master is an obvious security consideration. This function is not enabled by default. "
The opening method is as follows
[root@master ~]# vim /etc/salt/master file_recv: True [root@master ~]# systemctl restart salt-master