Common modules of SaltStack
SaltStack module introduction
Environmental description
| role | host name | IP address |
|---|---|---|
| salt-master | master | 192.168.47.115 |
| salt-minion | minion | 192.168.47.120 |
Official documents: https://docs.saltproject.io/en/latest/
Module is one of the components that SaltStack contacts most in daily use. It is used to manage object operations. It is also the entrance for SaltStack to manage by pushing. For example, our daily simple tasks such as executing commands, viewing package installation and service operation are realized through SaltStack Module.
After installing the Master and Minion packages, many modules will be installed on the system. You can view the list of all supported modules through the following command:
//View a list of all module s
[root@master ~]# salt 'minion' sys.list_modules
minion:
- acl
- aliases
- alternatives
- apache
- archive
- artifactory
- baredoc
- beacons
- bigip
- btrfs
- buildout
- chroot
- cloud
- cmd
- composer
- config
- consul
- container_resource
- Omitted here N that 's ok
//View all function s of the specified module
[root@master ~]# salt 'minion' sys.list_functions cmd
minion:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.powershell
- cmd.powershell_all
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_bg
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shell_info
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
//View the usage of the specified module
- cmd.which_bin
[root@master ~]# salt 'minion' sys.doc cmd
cmd.exec_code:
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. The stdout will be returned.
All parameters from :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` except python_shell can be used.
CLI Example:
salt '*' cmd.exec_code ruby 'puts "cheese"'
salt '*' cmd.exec_code ruby 'puts "cheese"' args='["arg1", "arg2"]' env='{"FOO": "bar"}'
cmd.exec_code_all:
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. All cmd artifacts (stdout, stderr, retcode, pid)
will be returned.
All parameters from :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` except python_shell can be used.
...Omitted here N that 's ok...
//SaltStack also supports the execution of multiple modules at a time by default. Module s are separated by commas. By default, parameters are separated by commas. It also supports specifying the parameter separator -- args separator = @
[root@master ~]# salt 'minion' test.echo,cmd.run,service.status apache,date,salt-minion
minion:
----------
cmd.run:
Thu Nov 4 02:00:33 CST 2021
service.status:
True
test.echo:
apache
Common modules of SaltStack
network of common modules of SaltStack
network.active_tcp
Returns all active tcp connections
[root@master ~]# salt 'minion' network.active_tcp
minion:
----------
0:
----------
local_addr:
192.168.47.120
local_port:
22
remote_addr:
192.168.47.1
remote_port:
52971
1:
----------
local_addr:
192.168.47.120
local_port:
56166
remote_addr:
192.168.47.115
remote_port:
4505
network.calc_net
Calculate the network segment through IP and subnet mask
[root@master ~]# salt 'minion' network.calc_net 192.168.47.0 255.255.255.0
minion:
192.168.47.0/24
[root@master ~]# salt 'minion' network.calc_net 192.168.47.115 255.255.248.0
minion:
192.168.40.0/21
network.connect
Test whether the network from minion to a server is connected
[root@master ~]# salt 'minion' network.connect baidu.com 80
minion:
----------
comment:
Successfully connected to baidu.com (220.181.38.148) on tcp port 80
result:
True
[root@master ~]# salt 'minion' network.connect 192.168.47.120 22
minion:
----------
comment:
Successfully connected to 192.168.47.120 (192.168.47.120) on tcp port 22
result:
True
network.default_route
View default routes
[root@master ~]# salt 'minion' network.default_route
minion:
|_
----------
addr_family:
inet
destination:
0.0.0.0
flags:
UG
gateway:
192.168.47.2
interface:
ens160
netmask:
0.0.0.0
|_
----------
addr_family:
inet6
destination:
::/0
flags:
!n
gateway:
::
interface:
lo
netmask:
|_
----------
addr_family:
inet6
destination:
::/0
flags:
!n
gateway:
::
interface:
lo
netmask:
network.get_fqdn
View FQDN (fully qualified domain name) of the host
[root@master ~]# salt 'minion' network.get_fqdn
minion:
minion
network.get_hostname
Get host name
[root@master ~]# salt 'minion' network.get_hostname
minion:
minion
#The hostname of the controlled end is modified here so that you can see the effect. After reading it, you can modify it back
[root@minion ~]# hostnamectl set-hostname minion_minion
[root@minion ~]# bash
[root@master ~]# salt 'minion' network.get_hostname
minion:
minion_minion
network.get_route
Query the routing information of a target network
[root@master ~]# salt 'minion' network.get_route 192.168.200.0
minion:
----------
destination:
192.168.200.0
gateway:
192.168.47.2
interface:
ens160
source:
192.168.47.120
network.hw_addr
Returns the MAC address of the specified network card
[root@master ~]# salt 'minion' network.hw_addr ens160
minion:
00:0c:29:da:55:0e
network.ifacestartswith
Retrieves the interface name from a specific CIDR
[root@master ~]# salt 'minion' network.ifacestartswith 192
minion:
- ens160
network.in_subnet
Judge whether the current host is in a network segment
[root@master ~]# salt 'minion' network.in_subnet 192.168.144.0/24
minion:
False
[root@master ~]# salt 'minion' network.in_subnet 192.168.47.0/24
minion:
True
[root@master ~]# salt 'minion' network.in_subnet 192.168.0.0/16
minion:
True
network.interface
Returns the information of the specified network card
[root@master ~]# salt 'minion' network.interface ens160
minion:
|_
----------
address:
192.168.47.120
broadcast:
192.168.47.255
label:
ens160
netmask:
255.255.255.0
network.interface_ip
Returns the IP address of the specified network card
[root@master ~]# salt 'minion' network.interface_ip ens160
minion:
192.168.47.120
network.interfaces
Returns all network card information in the current system
[root@master ~]# salt 'minion' network.interfaces
minion:
----------
ens160:
----------
hwaddr:
00:0c:29:da:55:0e
inet:
|_
----------
address:
192.168.47.120
broadcast:
192.168.47.255
label:
ens160
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::20c:29ff:feda:550e
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
network.ip_addrs
Returns a list of IPv4 addresses
This function will ignore the address of 127.0.0.1
[root@master ~]# salt 'minion' network.ip_addrs
minion:
- 192.168.47.120
network.netstat
Returns all open ports and status
[root@master ~]# salt 'minion' network.netstat
minion:
|_
----------
inode:
26515
local-address:
0.0.0.0:22
program:
1017/sshd
proto:
tcp
recv-q:
0
remote-address:
0.0.0.0:*
send-q:
0
state:
LISTEN
user:
0
|_
----------
inode:
0
local-address:
192.168.47.120:39798
program:
-
proto:
tcp
recv-q:
0
remote-address:
192.168.47.115:4506
send-q:
0
state:
TIME_WAIT
user:
0
|_
----------
inode:
0
local-address:
192.168.47.120:39794
program:
-
proto:
tcp
recv-q:
0
remote-address:
192.168.47.115:4506
send-q:
0
state:
TIME_WAIT
user:
0
|_
----------
inode:
32049
local-address:
192.168.47.120:22
program:
1900/sshd:
proto:
tcp
recv-q:
0
remote-address:
192.168.47.1:52971
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
0
local-address:
192.168.47.120:39796
program:
-
proto:
tcp
recv-q:
0
remote-address:
192.168.47.115:4506
send-q:
0
state:
TIME_WAIT
user:
0
|_
----------
inode:
30920
local-address:
192.168.47.120:56166
program:
1599/python3.6
proto:
tcp
recv-q:
0
remote-address:
192.168.47.115:4505
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
26554
local-address:
:::80
program:
1011/httpd
proto:
tcp6
recv-q:
0
remote-address:
:::*
send-q:
0
state:
LISTEN
user:
0
|_
----------
inode:
26517
local-address:
:::22
program:
1017/sshd
proto:
tcp6
recv-q:
0
remote-address:
:::*
send-q:
0
state:
LISTEN
user:
0
|_
----------
inode:
26107
local-address:
127.0.0.1:323
program:
992/chronyd
proto:
udp
recv-q:
0
remote-address:
0.0.0.0:*
send-q:
0
user:
0
|_
----------
inode:
26108
local-address:
::1:323
program:
992/chronyd
proto:
udp6
recv-q:
0
remote-address:
:::*
send-q:
0
user:
0
network.ping
Use the ping command to test connectivity to a host
[root@master ~]# salt 'minion' network.ping baidu.com
minion:
PING baidu.com (220.181.38.148) 56(84) bytes of data.
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=24.6 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=2 ttl=128 time=29.3 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=3 ttl=128 time=50.8 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=4 ttl=128 time=72.5 ms
--- baidu.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 24.575/44.296/72.489/19.051 ms
network.reverse_ip
Returns the reverse address of a specified IP address
root@master ~]# salt 'minion' network.reverse_ip 192.168.200.0
minion:
0.200.168.192.in-addr.arpa
service of common modules of SaltStack
service.available
Determine whether the specified service is available
//View the httpd service status on the minion side
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-11-04 01:54:53 CST; 21min ago
Docs: man:httpd.service(8)
Main PID: 1011 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11300)
Memory: 45.9M
CGroup: /system.slice/httpd.service
├─1011 /usr/sbin/httpd -DFOREGROUND
├─1062 /usr/sbin/httpd -DFOREGROUND
├─1065 /usr/sbin/httpd -DFOREGROUND
├─1067 /usr/sbin/httpd -DFOREGROUND
└─1069 /usr/sbin/httpd -DFOREGROUND
11 April 1:54:53 minion systemd[1]: Starting The Apache HTTP Server...
11 April 1:54:53 minion httpd[1011]: AH00558: httpd: Could not reliably determine the server's f>
11 April 1:54:53 minion systemd[1]: Started The Apache HTTP Server.
11 April 1:54:53 minion httpd[1011]: Server configured, listening on: port 80
//Execute the module on the master side to view the httpd status
[root@master ~]# salt 'minion' service.available httpd
minion:
True
//Execute the module on the master side to view the nginx status
[root@minion ~]# systemctl status nginx
Unit nginx.service could not be found.
[root@master ~]# salt 'minion' service.available nginx
minion:
False
service.get_all
Get all running services
[root@master ~]# salt 'minion' service.get_all
minion:
- NetworkManager
- NetworkManager-dispatcher
- NetworkManager-wait-online
- arp-ethers
- auditd
- autovt@
- basic.target
- blk-availability
- bluetooth.target
- console-getty
- container-getty@
- cpupower
- crond
- Omitted here N that 's ok
service.disabled
Check whether the specified service is started or not
#The past tense is to check whether the status is satisfied
#If False, it indicates that it is started automatically
[root@master ~]# salt 'minion' service.disabled httpd
minion:
False
service.enabled
Check whether the specified service starts automatically
[root@master ~]# salt 'minion' service.enabled httpd
minion:
True
service.disable
Set the specified service to start automatically
[root@master ~]# salt 'minion' service.disable httpd
minion:
True
[root@master ~]# salt 'minion' service.enabled httpd
minion:
False
service.enable
Set the specified service to start automatically
[root@master ~]# salt 'minion' service.enable httpd
minion:
True
[root@master ~]# salt 'minion' service.enabled httpd
minion:
True
service.reload
Reload the specified service
[root@master ~]# salt 'minion' service.reload httpd
minion:
True
service.stop
Stop the specified service
[root@master ~]# salt 'minion' service.stop httpd
minion:
True
//View effect
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2021-11-04 02:23:29 CST; 8s ago
Docs: man:httpd.service(8)
Process: 45471 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 1011 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 1011 (code=exited, status=0/SUCCESS)
Status: "Configuration loaded."
11 April 1:54:53 minion systemd[1]: Starting The Apache HTTP Server...
11 April 1:54:53 minion httpd[1011]: AH00558: httpd: Could not reliably determine the server's f>
11 April 1:54:53 minion systemd[1]: Started The Apache HTTP Server.
11 April 1:54:53 minion httpd[1011]: Server configured, listening on: port 80
11 April 2:23:05 minion systemd[1]: Reloading The Apache HTTP Server.
11 April 2:23:16 minion httpd[45471]: AH00558: httpd: Could not reliably determine the server's >
11 April 2:23:16 minion systemd[1]: Reloaded The Apache HTTP Server.
11 April 2:23:26 minion httpd[1011]: Server configured, listening on: port 80
11 April 2:23:28 minion systemd[1]: Stopping The Apache HTTP Server...
11 April 2:23:29 minion systemd[1]: Stopped The Apache HTTP Server.
service.start
Start the specified service
[root@master ~]# salt 'minion' service.start httpd
minion:
True
//View effect
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: reloading (reload) since Thu 2021-11-04 02:24:02 CST; 7s ago
Docs: man:httpd.service(8)
Process: 45471 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Main PID: 47253 (httpd)
Status: "Reading configuration..."
Tasks: 1 (limit: 11300)
Memory: 3.4M
CGroup: /system.slice/httpd.service
└─47253 /usr/sbin/httpd -DFOREGROUND
11 April 2:24:02 minion systemd[1]: Starting The Apache HTTP Server...
11 April 2:24:02 minion httpd[47253]: AH00558: httpd: Could not reliably determine the server's >
11 April 2:24:02 minion systemd[1]: Started The Apache HTTP Server.
service.restart
Restart the specified service
[root@master ~]# salt 'minion' service.restart httpd
minion:
True
service.status
View the status of the specified service
[root@master ~]# salt 'minion' service.status httpd
minion:
True
pkg of common modules of SaltStack
pkg.download
Only download packages but do not install
This function will download the specified software package, but you need to install Yum utils on the minion side. You can use cmd.run for remote installation
[root@master ~]# salt 'minion' pkg.download wget
minion:
----------
wget:
/var/cache/yum/packages/wget-1.19.5-10.el8.x86_64.rpm #Put the downloaded software here
//View effect
[root@minion ~]# ll /var/cache/yum/packages/
Total consumption 736
-rw-r--r-- 1 root root 751256 11 April 2:24 wget-1.19.5-10.el8.x86_64.rpm
pkg.file_list
Lists the files for the specified package or all packages installed on the system
//Lists all files provided by the installed apache package
[root@master ~]# salt 'minion' pkg.file_list httpd
minion:
----------
errors:
files:
- /etc/logrotate.d/httpd
- /etc/httpd/fastcgi.conf
- /etc/httpd/fastcgi.conf.default
- /etc/httpd/fastcgi_params
- /etc/httpd/fastcgi_params.default
- /etc/httpd/koi-utf
- /etc/httpd/koi-win
- /etc/httpd/mime.types
- /etc/httpd/mime.types.default
- /etc/httpd/httpd.conf
- /etc/httpd/httpd.conf.default
- /etc/httpd/scgi_params
- /etc/httpd/scgi_params.default
- /etc/httpd/uwsgi_params
- /etc/httpd/uwsgi_params.default
- /etc/httpd/win-utf
- /usr/bin/httpd-upgrade
- /usr/lib/.build-id
- /usr/lib/.build-id/2d
- /usr/lib/.build-id/2d/da6018ae12edb856ad3d2cf61bf586b6b4873c
- /usr/lib/systemd/system/httpd.service
- /usr/lib64/httpd/modules
- /usr/sbin/httpd
- /usr/share/doc/httpd
- /usr/share/doc/httpd/CHANGES
- /usr/share/doc/httpd/README
- /usr/share/doc/httpd/README.dynamic
- /usr/share/licenses/httpd
- /usr/share/licenses/httpd/LICENSE
- /usr/share/man/man3/httpd.3pm.gz
- /usr/share/man/man8/httpd-upgrade.8.gz
- /usr/share/man/man8/httpd.8.gz
- /usr/share/httpd/html/404.html
- /usr/share/httpd/html/50x.html
- /usr/share/httpd/html/index.html
- /usr/share/httpd/html/httpd-logo.png
- /usr/share/httpd/html/poweredby.png
- /usr/share/vim/vimfiles/ftdetect/httpd.vim
- /usr/share/vim/vimfiles/indent/httpd.vim
- /usr/share/vim/vimfiles/syntax/httpd.vim
- /var/lib/httpd
- /var/lib/httpd/tmp
- /var/log/httpd
//When no parameters are provided, the file list of all installed software in the current system will be listed
[root@master ~]# salt 'minion' pkg.file_list
minion:
----------
errors:
files:
VALUE_TRIMMED
pkg.group_info
View package group information
[root@master ~]# salt 'minion' pkg.group_info 'Development Tools'
minion:
----------
conditional:
default:
- asciidoc
- byacc
- ctags
- diffstat
- elfutils-libelf-devel
- git
- intltool
- jna
- ltrace
- patchutils
- perl-Fedora-VSP
- perl-Sys-Syslog
- perl-generators
- pesign
- source-highlight
- systemtap
- valgrind
- valgrind-devel
description:
A basic development environment.
group:
Development Tools
id:
None
mandatory:
- autoconf
- automake
- binutils
- bison
- flex
- gcc
- gcc-c++
- gdb
- glibc-devel
- libtool
- make
- pkgconf
- pkgconf-m4
- pkgconf-pkg-config
- redhat-rpm-config
- rpm-build
- rpm-sign
- strace
optional:
- cmake
- expect
- rpmdevtools
- rpmlint
type:
package group
pkg.group_list
Lists all package groups in the system
[root@master ~]# salt 'minion' pkg.group_list
minion:
----------
available:
- Conflicts BaseOS
- Dial-up Networking Support
- Hardware Monitoring Utilities
- Hardware Support
- Large Systems Performance
- Legacy UNIX Compatibility
- Python Web
- Server product core
- Windows File Server
- Additional Development
- Anaconda tools
- Backup Client
- Base
- base-x
- Conflicts AppStream
- Container Management
- Debugging Tools
- Desktop Debugging and Performance Tools
- Development Tools
- .NET Core Development
- File and Storage Server
- Fonts
- FTP Server
- GNOME Applications
- GNOME
- Graphical Administration Tools
- Graphics Creation Tools
- Guest Agents
- Guest Desktop Agents
- Headless Management
- Infiniband Support
- Input Methods
- Internet Applications
- Internet Browser
- Java Platform
- Legacy X Window System Compatibility
- Mail Server
- Mainframe Access
- Multimedia
- Network File System Client
- Network Servers
- Networking Tools
- Common NetworkManager submodules
- Office Suite and Productivity
- Atomic Host ostree support
- Performance Tools
- Platform Development
- KVM platform specific packages
- Hyper-v platform specific packages
- Printing Client
- Remote Desktop Clients
- Remote Management for Linux
- RPM Development Tools
- Scientific Support
- Security Tools
- Smart Card Support
- Standard
- System Tools
- TeX formatting system
- Virtualization Client
- Virtualization Hypervisor
- Virtualization Platform
- Virtualization Tools
- Basic Web Server
- Workstation product core
available environments:
- Server with GUI
- Server
- Workstation
- Custom Operating System
- Virtualization Host
available languages:
----------
installed:
- Core
- VMware platform specific packages
installed environments:
- Minimal Install
pkg.install
Install software
#Description wget is installed
[root@master ~]# salt 'minion' pkg.install wget
minion:
----------
[root@master ~]# salt 'minion' pkg.install httpd
minion:
----------
httpd:
----------
new:
2.4.37-39.module_el8.4.0+950+0577e6ac.1
old:
2.4.37-39.module_el8.4.0+778+c970deab
httpd-filesystem:
----------
new:
2.4.37-39.module_el8.4.0+950+0577e6ac.1
old:
2.4.37-39.module_el8.4.0+778+c970deab
httpd-tools:
----------
new:
2.4.37-39.module_el8.4.0+950+0577e6ac.1
old:
2.4.37-39.module_el8.4.0+778+c970deab
pkg.list_downloaded
Lists the packages that have been downloaded locally
[root@master ~]# salt 'minion' pkg.list_downloaded
minion:
----------
pkg.list_pkgs
Lists the currently installed packages as a dictionary
[root@master ~]# salt 'minion' pkg.list_pkgs
minion:
----------
NetworkManager:
1:1.22.8-4.el8
NetworkManager-libnm:
1:1.22.8-4.el8
NetworkManager-team:
1:1.22.8-4.el8
NetworkManager-tui:
1:1.22.8-4.el8
acl:
2.2.53-1.el8
...Omitted here N that 's ok
pkg.owner
Lists which package provides the specified file
[root@master ~]# salt 'minion' pkg.owner /usr/bin/ls
minion:
coreutils
[root@master ~]# salt 'minion' pkg.owner /etc/httpd/conf/httpd.conf
minion:
httpd
pkg.remove
Uninstall the specified software
[root@master ~]# salt 'minion' cmd.run 'rpm -qa|grep wget'
minion:
wget-1.19.5-10.el8.x86_64
[root@master ~]# salt 'minion' pkg.remove wget
minion:
----------
wget:
----------
new:
old:
1.19.5-10.el8
#To unload multiple files, separate them with commas
pkg.upgrade
Upgrade all software packages in the system or upgrade the specified software packages
[root@master ~]# salt 'minion' pkg.upgrade name=httpd
minion:
----------
#If you want to upgrade all software packages in the system, remove the name parameter
state of common SaltStack modules
state.show_highstate
Displays the advanced status of the current system
[root@master ~]# cat /srv/salt/base/web/apache/install.sls
httpd-install:
pkg.installed:
- name: httpd
[root@master ~]# cat /srv/salt/base/top.sls
base:
'os:Redhat':
- match: grain
- web.apache.install
[root@master ~]# salt 'minion' state.show_highstate
minion:
----------
httpd-install:
----------
__env__:
base
__sls__:
web.apache.install
pkg:
|_
----------
name:
httpd
- installed
|_
----------
order:
10000
state.highstate
Execute advanced status
[root@master ~]# salt 'minion' state.highstate web.apache.install
minion:
----------
ID: httpd-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 02:49:29.353797
Duration: 583.489 ms
Changes:
Summary for minion
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 583.489 ms
state.show_state_usage
Displays the execution of advanced status in the current system
[root@master ~]# salt 'minion' state.show_state_usage
minion:
----------
base:
----------
count_all:
2
count_unused:
1
count_used:
1
unused:
- top
used:
- web.apache.install
dev:
----------
count_all:
0
count_unused:
0
count_used:
0
unused:
used:
prod:
----------
count_all:
0
count_unused:
0
count_used:
0
unused:
used:
test:
----------
count_all:
0
count_unused:
0
count_used:
0
unused:
used:
state.show_top
Returns the top-level data that minion will use for highstate
[root@master ~]# salt 'minion' state.show_top
minion:
----------
base:
- web.apache.install
state.top
Execute the specified top file instead of the default
[root@master ~]# salt 'minion' state.top top.sls
minion:
----------
ID: httpd-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 02:50:27.247421
Duration: 570.522 ms
Changes:
Summary for minion
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 570.522 ms
state.show_sls
Displays the status data in a specific sls or sls file list on the master
[root@master ~]# salt 'minion' state.show_sls web.apache.install
minion:
----------
httpd-install:
----------
__env__:
base
__sls__:
web.apache.install
pkg:
|_
----------
name:
httpd
- installed
|_
----------
order:
10000
user of common modules of SaltStack
- View the related functions of the user module
[root@master ~]# salt 'minion' sys.list_functions user
minion:
- user.add
- user.chfullname
- user.chgid
- user.chgroups
- user.chhome
- user.chhomephone
- user.chloginclass
- user.chother
- user.chroomnumber
- user.chshell
- user.chuid
- user.chworkphone
- user.delete
- user.get_loginclass
- user.getent
- user.info
- user.list_groups
- user.list_users
- user.primary_group
- user.rename
user.add
Create a user on the minion side. Usage: salt '*' user.add name
[root@master ~]# salt 'minion' user.add tanjie
minion:
True
user.info
Returns the specified user information
[root@master ~]# salt 'minion' user.info tanjie
minion:
----------
fullname:
gid:
1001
groups:
- tanjie
home:
/home/tanjie
homephone:
name:
tanjie
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1001
workphone:
user.getent
Returns a list of all system user information
[root@master ~]# salt 'minion' user.getent
minion:
|_
----------
fullname:
root
gid:
0
groups:
- root
home:
/root
homephone:
name:
root
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
0
workphone:
|_
----------
fullname:
bin
gid:
1
groups:
- bin
home:
/bin
homephone:
name:
bin
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
1
workphone:
|_
----------
fullname:
daemon
gid:
2
groups:
- daemon
home:
/sbin
homephone:
name:
daemon
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
2
workphone:
|_
----------
fullname:
adm
gid:
4
groups:
- adm
home:
/var/adm
homephone:
name:
adm
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
3
workphone:
|_
----------
fullname:
lp
gid:
7
groups:
- lp
home:
/var/spool/lpd
homephone:
name:
lp
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
4
workphone:
|_
----------
fullname:
sync
gid:
0
groups:
- root
home:
/sbin
homephone:
name:
sync
other:
passwd:
x
roomnumber:
shell:
/bin/sync
uid:
5
workphone:
|_
----------
fullname:
shutdown
gid:
0
groups:
- root
home:
/sbin
homephone:
name:
shutdown
other:
passwd:
x
roomnumber:
shell:
/sbin/shutdown
uid:
6
workphone:
|_
----------
fullname:
halt
gid:
0
groups:
- root
home:
/sbin
homephone:
name:
halt
other:
passwd:
x
roomnumber:
shell:
/sbin/halt
uid:
7
workphone:
|_
----------
fullname:
mail
gid:
12
groups:
- mail
home:
/var/spool/mail
homephone:
name:
mail
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
8
workphone:
|_
----------
fullname:
operator
gid:
0
groups:
- root
home:
/root
homephone:
name:
operator
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
11
workphone:
|_
----------
fullname:
games
gid:
100
groups:
- users
home:
/usr/games
homephone:
name:
games
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
12
workphone:
|_
----------
fullname:
FTP User
gid:
50
groups:
- ftp
home:
/var/ftp
homephone:
name:
ftp
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
14
workphone:
|_
----------
fullname:
Kernel Overflow User
gid:
65534
groups:
- nobody
home:
/
homephone:
name:
nobody
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
65534
workphone:
|_
----------
fullname:
System message bus
gid:
81
groups:
- dbus
home:
/
homephone:
name:
dbus
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
81
workphone:
|_
----------
fullname:
systemd Core Dumper
gid:
997
groups:
- systemd-coredump
home:
/
homephone:
name:
systemd-coredump
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
999
workphone:
|_
----------
fullname:
systemd Resolver
gid:
193
groups:
- systemd-resolve
home:
/
homephone:
name:
systemd-resolve
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
193
workphone:
|_
----------
fullname:
Account used by the trousers package to sandbox the tcsd daemon
gid:
59
groups:
- tss
home:
/dev/null
homephone:
name:
tss
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
59
workphone:
|_
----------
fullname:
User for polkitd
gid:
996
groups:
- polkitd
home:
/
homephone:
name:
polkitd
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
998
workphone:
|_
----------
fullname:
Unbound DNS resolver
gid:
995
groups:
- unbound
home:
/etc/unbound
homephone:
name:
unbound
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
997
workphone:
|_
----------
fullname:
User for sssd
gid:
993
groups:
- sssd
home:
/
homephone:
name:
sssd
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
996
workphone:
|_
----------
fullname:
Privilege-separated SSH
gid:
74
groups:
- sshd
home:
/var/empty/sshd
homephone:
name:
sshd
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
74
workphone:
|_
----------
fullname:
gid:
992
groups:
- chrony
home:
/var/lib/chrony
homephone:
name:
chrony
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
995
workphone:
|_
----------
fullname:
Random Number Generator Daemon
gid:
991
groups:
- rngd
home:
/var/lib/rngd
homephone:
name:
rngd
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
994
workphone:
|_
----------
fullname:
tj
gid:
1000
groups:
- tj
home:
/home/tj
homephone:
name:
tj
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1000
workphone:
|_
----------
fullname:
Apache
gid:
48
groups:
- apache
home:
/usr/share/httpd
homephone:
name:
apache
other:
passwd:
x
roomnumber:
shell:
/sbin/nologin
uid:
48
workphone:
|_
----------
fullname:
gid:
1001
groups:
- tanjie
home:
/home/tanjie
homephone:
name:
tanjie
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1001
workphone:
user.chgid
Change user GID
[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
uid=1001(tanjie) gid=1001(tanjie) groups=1001(tanjie)
[root@master ~]# salt 'minion' user.chgid tanjie 1000
minion:
True
[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
uid=1001(tanjie) gid=1000(tj) groups=1000(tj)
user.chuid
Change user UID
[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
uid=1001(tanjie) gid=1000(tj) groups=1000(tj)
[root@master ~]# salt 'minion' user.chuid tanjie 6666
minion:
True
[root@master ~]# salt 'minion' user.chuid tanjie 6666
minion:
True
[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
uid=6666(tanjie) gid=1000(tj) groups=1000(tj)
user.list_groups
Lists the groups to which the specified user belongs
[root@master ~]# salt 'minion' user.list_groups tanjie
minion:
- tj
user.rename
Modify the user name of the specified user
[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
uid=6666(tanjie) gid=1000(tj) groups=1000(tj)
[root@master ~]# salt 'minion' user.rename tanjie jie
minion:
False
minion:
False #Although False is returned, the operation is successful
[root@master ~]# salt 'minion' cmd.run 'id 6666'
minion:
uid=6666(jie) gid=1000(tj) groups=1000(tj)
user.delete
Delete a user on the minion side
[root@master ~]# salt 'minion' cmd.run 'id 6666'
minion:
uid=6666(jie) gid=1000(tj) groups=1000(tj)
[root@master ~]# salt 'minion' user.delete jie
minion:
True
[root@master ~]# salt 'minion' cmd.run 'id jie'
minion:
id: 'jie': no such user
ERROR: Minions returned with non-zero exit code
cp of common modules of SaltStack
- View the related functions of the cp module
[root@master ~]# salt 'minion' sys.list_functions cp
minion:
- cp.cache_dest
- cp.cache_dir
- cp.cache_file
- cp.cache_files
- cp.cache_local_file
- cp.cache_master
- cp.envs
- cp.get_dir
- cp.get_file
- cp.get_file_str
- cp.get_template
- cp.get_url
- cp.hash_file
- cp.is_cached
- cp.list_master
- cp.list_master_dirs
- cp.list_master_symlinks
- cp.list_minion
- cp.list_states
- cp.push
- cp.push_dir
- cp.recv
- cp.recv_chunked
- cp.stat_file
cp module
The client's operations on the file server are all in the cp module. Salt State system,
Salt CP can also be used instead
Basic explanation:
salt root directory: file in master_ Paths defined by roots
For example, suppose the master has the following definitions:
file_roots:
base:
- /srv/salt/base
Then: Salt: / / refers to the actual path: / srv/salt/base. The advantage of this is that it can meet the concept of environment in the state system.
cp.get_file
[root@master ~]# cd /srv/salt/base/
[root@master base]# ls
top.sls web
[root@master base]# salt 'minion' cp.get_file salt://top.sls /opt/
minion:
/opt/top.sls
[root@master base]# salt 'minion' cmd.run 'ls /opt'
minion:
top.sls
#If the client directory is not present, create a directory
[root@master base]# salt 'minion' cp.get_file salt://top.sls /test/ makedirs=True
minion:
/test/top.sls
be careful: cp.get_file By default, no directory is created on the client. If there is no directory on the client and it is not specified makedirs=True,File copy will fail.
cp.get_url
Download the file from a URL. The URL can be a path on msater (salt: / /) or an http URL.
cp.push
Transferring files from the client to the master is an obvious security consideration. This function is not enabled by default. "
The opening method is as follows
[root@master ~]# vim /etc/salt/master file_recv: True [root@master ~]# systemctl restart salt-master