Common modules of SaltStack

Common modules of SaltStack

SaltStack module introduction

Environmental description

rolehost nameIP address
salt-mastermaster192.168.47.115
salt-minionminion192.168.47.120

Official documents: https://docs.saltproject.io/en/latest/
Module is one of the components that SaltStack contacts most in daily use. It is used to manage object operations. It is also the entrance for SaltStack to manage by pushing. For example, our daily simple tasks such as executing commands, viewing package installation and service operation are realized through SaltStack Module.

After installing the Master and Minion packages, many modules will be installed on the system. You can view the list of all supported modules through the following command:

//View a list of all module s
[root@master ~]# salt 'minion' sys.list_modules
minion:
    - acl
    - aliases
    - alternatives
    - apache
    - archive
    - artifactory
    - baredoc
    - beacons
    - bigip
    - btrfs
    - buildout
    - chroot
    - cloud
    - cmd
    - composer
    - config
    - consul
    - container_resource
	- Omitted here N that 's ok

//View all function s of the specified module
[root@master ~]# salt 'minion' sys.list_functions cmd
minion:
    - cmd.exec_code
    - cmd.exec_code_all
    - cmd.has_exec
    - cmd.powershell
    - cmd.powershell_all
    - cmd.retcode
    - cmd.run
    - cmd.run_all
    - cmd.run_bg
    - cmd.run_chroot
    - cmd.run_stderr
    - cmd.run_stdout
    - cmd.script
    - cmd.script_retcode
    - cmd.shell
    - cmd.shell_info
    - cmd.shells
    - cmd.tty
    - cmd.which
    - cmd.which_bin

//View the usage of the specified module
    - cmd.which_bin
[root@master ~]# salt 'minion' sys.doc cmd
cmd.exec_code:

    Pass in two strings, the first naming the executable language, aka -
    python2, python3, ruby, perl, lua, etc. the second string containing
    the code you wish to execute. The stdout will be returned.

    All parameters from :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` except python_shell can be used.

    CLI Example:

        salt '*' cmd.exec_code ruby 'puts "cheese"'
        salt '*' cmd.exec_code ruby 'puts "cheese"' args='["arg1", "arg2"]' env='{"FOO": "bar"}'
    

cmd.exec_code_all:

    Pass in two strings, the first naming the executable language, aka -
    python2, python3, ruby, perl, lua, etc. the second string containing
    the code you wish to execute. All cmd artifacts (stdout, stderr, retcode, pid)
    will be returned.

    All parameters from :mod:`cmd.run_all <salt.modules.cmdmod.run_all>` except python_shell can be used.

...Omitted here N that 's ok...

//SaltStack also supports the execution of multiple modules at a time by default. Module s are separated by commas. By default, parameters are separated by commas. It also supports specifying the parameter separator -- args separator = @
[root@master ~]# salt 'minion' test.echo,cmd.run,service.status apache,date,salt-minion
minion:
    ----------
    cmd.run:
        Thu Nov  4 02:00:33 CST 2021
    service.status:
        True
    test.echo:
        apache

Common modules of SaltStack

network of common modules of SaltStack

network.active_tcp

Returns all active tcp connections

[root@master ~]# salt 'minion' network.active_tcp
minion:
    ----------
    0:
        ----------
        local_addr:
            192.168.47.120
        local_port:
            22
        remote_addr:
            192.168.47.1
        remote_port:
            52971
    1:
        ----------
        local_addr:
            192.168.47.120
        local_port:
            56166
        remote_addr:
            192.168.47.115
        remote_port:
            4505

network.calc_net

Calculate the network segment through IP and subnet mask

[root@master ~]# salt 'minion' network.calc_net 192.168.47.0 255.255.255.0
minion:
    192.168.47.0/24

[root@master ~]# salt 'minion' network.calc_net 192.168.47.115 255.255.248.0
minion:
    192.168.40.0/21

network.connect

Test whether the network from minion to a server is connected

[root@master ~]# salt 'minion' network.connect baidu.com 80
minion:
    ----------
    comment:
        Successfully connected to baidu.com (220.181.38.148) on tcp port 80
    result:
        True

        
[root@master ~]# salt 'minion' network.connect 192.168.47.120 22
minion:
    ----------
    comment:
        Successfully connected to 192.168.47.120 (192.168.47.120) on tcp port 22
    result:
        True

network.default_route

View default routes

[root@master ~]# salt 'minion' network.default_route
minion:
    |_
      ----------
      addr_family:
          inet
      destination:
          0.0.0.0
      flags:
          UG
      gateway:
          192.168.47.2
      interface:
          ens160
      netmask:
          0.0.0.0
    |_
      ----------
      addr_family:
          inet6
      destination:
          ::/0
      flags:
          !n
      gateway:
          ::
      interface:
          lo
      netmask:
    |_
      ----------
      addr_family:
          inet6
      destination:
          ::/0
      flags:
          !n
      gateway:
          ::
      interface:
          lo
      netmask:

network.get_fqdn

View FQDN (fully qualified domain name) of the host

[root@master ~]# salt 'minion' network.get_fqdn
minion:
    minion

network.get_hostname

Get host name

[root@master ~]# salt 'minion' network.get_hostname
minion:
    minion
    
#The hostname of the controlled end is modified here so that you can see the effect. After reading it, you can modify it back
[root@minion ~]# hostnamectl set-hostname minion_minion		
[root@minion ~]# bash
[root@master ~]# salt 'minion' network.get_hostname
minion:
    minion_minion

network.get_route

Query the routing information of a target network

[root@master ~]# salt 'minion' network.get_route 192.168.200.0
minion:
    ----------
    destination:
        192.168.200.0
    gateway:
        192.168.47.2
    interface:
        ens160
    source:
        192.168.47.120

network.hw_addr

Returns the MAC address of the specified network card

[root@master ~]# salt 'minion' network.hw_addr ens160
minion:
    00:0c:29:da:55:0e

network.ifacestartswith

Retrieves the interface name from a specific CIDR

[root@master ~]# salt 'minion' network.ifacestartswith 192
minion:
    - ens160

network.in_subnet

Judge whether the current host is in a network segment

[root@master ~]# salt 'minion' network.in_subnet 192.168.144.0/24
minion:
    False
[root@master ~]# salt 'minion' network.in_subnet 192.168.47.0/24
minion:
    True
[root@master ~]# salt 'minion' network.in_subnet 192.168.0.0/16
minion:
    True
    

network.interface

Returns the information of the specified network card

[root@master ~]# salt 'minion' network.interface ens160
minion:
    |_
      ----------
      address:
          192.168.47.120
      broadcast:
          192.168.47.255
      label:
          ens160
      netmask:
          255.255.255.0

network.interface_ip

Returns the IP address of the specified network card

[root@master ~]# salt 'minion' network.interface_ip ens160
minion:
    192.168.47.120

network.interfaces

Returns all network card information in the current system

[root@master ~]# salt 'minion' network.interfaces
minion:
    ----------
    ens160:
        ----------
        hwaddr:
            00:0c:29:da:55:0e
        inet:
            |_
              ----------
              address:
                  192.168.47.120
              broadcast:
                  192.168.47.255
              label:
                  ens160
              netmask:
                  255.255.255.0
        inet6:
            |_
              ----------
              address:
                  fe80::20c:29ff:feda:550e
              prefixlen:
                  64
              scope:
                  link
        up:
            True
    lo:
        ----------
        hwaddr:
            00:00:00:00:00:00
        inet:
            |_
              ----------
              address:
                  127.0.0.1
              broadcast:
                  None
              label:
                  lo
              netmask:
                  255.0.0.0
        inet6:
            |_
              ----------
              address:
                  ::1
              prefixlen:
                  128
              scope:
                  host
        up:
            True

network.ip_addrs

Returns a list of IPv4 addresses
This function will ignore the address of 127.0.0.1

[root@master ~]# salt 'minion' network.ip_addrs
minion:
    - 192.168.47.120

network.netstat

Returns all open ports and status

[root@master ~]# salt 'minion' network.netstat
minion:
    |_
      ----------
      inode:
          26515
      local-address:
          0.0.0.0:22
      program:
          1017/sshd
      proto:
          tcp
      recv-q:
          0
      remote-address:
          0.0.0.0:*
      send-q:
          0
      state:
          LISTEN
      user:
          0
    |_
      ----------
      inode:
          0
      local-address:
          192.168.47.120:39798
      program:
          -
      proto:
          tcp
      recv-q:
          0
      remote-address:
          192.168.47.115:4506
      send-q:
          0
      state:
          TIME_WAIT
      user:
          0
    |_
      ----------
      inode:
          0
      local-address:
          192.168.47.120:39794
      program:
          -
      proto:
          tcp
      recv-q:
          0
      remote-address:
          192.168.47.115:4506
      send-q:
          0
      state:
          TIME_WAIT
      user:
          0
    |_
      ----------
      inode:
          32049
      local-address:
          192.168.47.120:22
      program:
          1900/sshd:
      proto:
          tcp
      recv-q:
          0
      remote-address:
          192.168.47.1:52971
      send-q:
          0
      state:
          ESTABLISHED
      user:
          0
    |_
      ----------
      inode:
          0
      local-address:
          192.168.47.120:39796
      program:
          -
      proto:
          tcp
      recv-q:
          0
      remote-address:
          192.168.47.115:4506
      send-q:
          0
      state:
          TIME_WAIT
      user:
          0
    |_
      ----------
      inode:
          30920
      local-address:
          192.168.47.120:56166
      program:
          1599/python3.6
      proto:
          tcp
      recv-q:
          0
      remote-address:
          192.168.47.115:4505
      send-q:
          0
      state:
          ESTABLISHED
      user:
          0
    |_
      ----------
      inode:
          26554
      local-address:
          :::80
      program:
          1011/httpd
      proto:
          tcp6
      recv-q:
          0
      remote-address:
          :::*
      send-q:
          0
      state:
          LISTEN
      user:
          0
    |_
      ----------
      inode:
          26517
      local-address:
          :::22
      program:
          1017/sshd
      proto:
          tcp6
      recv-q:
          0
      remote-address:
          :::*
      send-q:
          0
      state:
          LISTEN
      user:
          0
    |_
      ----------
      inode:
          26107
      local-address:
          127.0.0.1:323
      program:
          992/chronyd
      proto:
          udp
      recv-q:
          0
      remote-address:
          0.0.0.0:*
      send-q:
          0
      user:
          0
    |_
      ----------
      inode:
          26108
      local-address:
          ::1:323
      program:
          992/chronyd
      proto:
          udp6
      recv-q:
          0
      remote-address:
          :::*
      send-q:
          0
      user:
          0

network.ping

Use the ping command to test connectivity to a host

[root@master ~]# salt 'minion' network.ping baidu.com
minion:
    PING baidu.com (220.181.38.148) 56(84) bytes of data.
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=24.6 ms
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=2 ttl=128 time=29.3 ms
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=3 ttl=128 time=50.8 ms
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=4 ttl=128 time=72.5 ms
    
    --- baidu.com ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 9ms
    rtt min/avg/max/mdev = 24.575/44.296/72.489/19.051 ms

network.reverse_ip

Returns the reverse address of a specified IP address

root@master ~]# salt 'minion' network.reverse_ip 192.168.200.0
minion:
    0.200.168.192.in-addr.arpa

service of common modules of SaltStack

service.available

Determine whether the specified service is available

//View the httpd service status on the minion side
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-11-04 01:54:53 CST; 21min ago
     Docs: man:httpd.service(8)
 Main PID: 1011 (httpd)
   Status: "Running, listening on: port 80"
    Tasks: 213 (limit: 11300)
   Memory: 45.9M
   CGroup: /system.slice/httpd.service
           ├─1011 /usr/sbin/httpd -DFOREGROUND
           ├─1062 /usr/sbin/httpd -DFOREGROUND
           ├─1065 /usr/sbin/httpd -DFOREGROUND
           ├─1067 /usr/sbin/httpd -DFOREGROUND
           └─1069 /usr/sbin/httpd -DFOREGROUND

11 April 1:54:53 minion systemd[1]: Starting The Apache HTTP Server...
11 April 1:54:53 minion httpd[1011]: AH00558: httpd: Could not reliably determine the server's f>
11 April 1:54:53 minion systemd[1]: Started The Apache HTTP Server.
11 April 1:54:53 minion httpd[1011]: Server configured, listening on: port 80

//Execute the module on the master side to view the httpd status
[root@master ~]# salt 'minion' service.available httpd
minion:
    True

//Execute the module on the master side to view the nginx status    
[root@minion ~]# systemctl status nginx
Unit nginx.service could not be found.
[root@master ~]# salt 'minion' service.available nginx
minion:
    False

service.get_all

Get all running services

[root@master ~]# salt 'minion' service.get_all
minion:
    - NetworkManager
    - NetworkManager-dispatcher
    - NetworkManager-wait-online
    - arp-ethers
    - auditd
    - autovt@
    - basic.target
    - blk-availability
    - bluetooth.target
    - console-getty
    - container-getty@
    - cpupower
    - crond
    - Omitted here N that 's ok

service.disabled

Check whether the specified service is started or not

#The past tense is to check whether the status is satisfied
#If False, it indicates that it is started automatically
[root@master ~]# salt 'minion' service.disabled httpd
minion:
    False

service.enabled

Check whether the specified service starts automatically

[root@master ~]# salt 'minion' service.enabled httpd
minion:
    True

service.disable

Set the specified service to start automatically

[root@master ~]# salt 'minion' service.disable httpd
minion:
    True
[root@master ~]# salt 'minion' service.enabled httpd
minion:
    False

service.enable

Set the specified service to start automatically

[root@master ~]# salt 'minion' service.enable httpd
minion:
    True
[root@master ~]# salt 'minion' service.enabled httpd
minion:
    True

service.reload

Reload the specified service

[root@master ~]# salt 'minion' service.reload httpd
minion:
    True

service.stop

Stop the specified service

[root@master ~]# salt 'minion' service.stop httpd
minion:
    True

//View effect
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2021-11-04 02:23:29 CST; 8s ago
     Docs: man:httpd.service(8)
  Process: 45471 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
  Process: 1011 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
 Main PID: 1011 (code=exited, status=0/SUCCESS)
   Status: "Configuration loaded."

11 April 1:54:53 minion systemd[1]: Starting The Apache HTTP Server...
11 April 1:54:53 minion httpd[1011]: AH00558: httpd: Could not reliably determine the server's f>
11 April 1:54:53 minion systemd[1]: Started The Apache HTTP Server.
11 April 1:54:53 minion httpd[1011]: Server configured, listening on: port 80
11 April 2:23:05 minion systemd[1]: Reloading The Apache HTTP Server.
11 April 2:23:16 minion httpd[45471]: AH00558: httpd: Could not reliably determine the server's >
11 April 2:23:16 minion systemd[1]: Reloaded The Apache HTTP Server.
11 April 2:23:26 minion httpd[1011]: Server configured, listening on: port 80
11 April 2:23:28 minion systemd[1]: Stopping The Apache HTTP Server...
11 April 2:23:29 minion systemd[1]: Stopped The Apache HTTP Server.

service.start

Start the specified service

[root@master ~]# salt 'minion' service.start httpd
minion:
    True

//View effect
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: reloading (reload) since Thu 2021-11-04 02:24:02 CST; 7s ago
     Docs: man:httpd.service(8)
  Process: 45471 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 47253 (httpd)
   Status: "Reading configuration..."
    Tasks: 1 (limit: 11300)
   Memory: 3.4M
   CGroup: /system.slice/httpd.service
           └─47253 /usr/sbin/httpd -DFOREGROUND

11 April 2:24:02 minion systemd[1]: Starting The Apache HTTP Server...
11 April 2:24:02 minion httpd[47253]: AH00558: httpd: Could not reliably determine the server's >
11 April 2:24:02 minion systemd[1]: Started The Apache HTTP Server.

service.restart

Restart the specified service

[root@master ~]# salt 'minion' service.restart httpd
minion:
    True

service.status

View the status of the specified service

[root@master ~]# salt 'minion' service.status httpd
minion:
    True

pkg of common modules of SaltStack

pkg.download

Only download packages but do not install
This function will download the specified software package, but you need to install Yum utils on the minion side. You can use cmd.run for remote installation

[root@master ~]# salt 'minion' pkg.download wget
minion:
    ----------
    wget:
        /var/cache/yum/packages/wget-1.19.5-10.el8.x86_64.rpm		#Put the downloaded software here

//View effect
[root@minion ~]# ll /var/cache/yum/packages/
Total consumption 736
-rw-r--r-- 1 root root 751256 11 April 2:24 wget-1.19.5-10.el8.x86_64.rpm

pkg.file_list

Lists the files for the specified package or all packages installed on the system

//Lists all files provided by the installed apache package
[root@master ~]# salt 'minion' pkg.file_list httpd
minion:
    ----------
    errors:
    files:
        - /etc/logrotate.d/httpd
        - /etc/httpd/fastcgi.conf
        - /etc/httpd/fastcgi.conf.default
        - /etc/httpd/fastcgi_params
        - /etc/httpd/fastcgi_params.default
        - /etc/httpd/koi-utf
        - /etc/httpd/koi-win
        - /etc/httpd/mime.types
        - /etc/httpd/mime.types.default
        - /etc/httpd/httpd.conf
        - /etc/httpd/httpd.conf.default
        - /etc/httpd/scgi_params
        - /etc/httpd/scgi_params.default
        - /etc/httpd/uwsgi_params
        - /etc/httpd/uwsgi_params.default
        - /etc/httpd/win-utf
        - /usr/bin/httpd-upgrade
        - /usr/lib/.build-id
        - /usr/lib/.build-id/2d
        - /usr/lib/.build-id/2d/da6018ae12edb856ad3d2cf61bf586b6b4873c
        - /usr/lib/systemd/system/httpd.service
        - /usr/lib64/httpd/modules
        - /usr/sbin/httpd
        - /usr/share/doc/httpd
        - /usr/share/doc/httpd/CHANGES
        - /usr/share/doc/httpd/README
        - /usr/share/doc/httpd/README.dynamic
        - /usr/share/licenses/httpd
        - /usr/share/licenses/httpd/LICENSE
        - /usr/share/man/man3/httpd.3pm.gz
        - /usr/share/man/man8/httpd-upgrade.8.gz
        - /usr/share/man/man8/httpd.8.gz
        - /usr/share/httpd/html/404.html
        - /usr/share/httpd/html/50x.html
        - /usr/share/httpd/html/index.html
        - /usr/share/httpd/html/httpd-logo.png
        - /usr/share/httpd/html/poweredby.png
        - /usr/share/vim/vimfiles/ftdetect/httpd.vim
        - /usr/share/vim/vimfiles/indent/httpd.vim
        - /usr/share/vim/vimfiles/syntax/httpd.vim
        - /var/lib/httpd
        - /var/lib/httpd/tmp
        - /var/log/httpd
        
//When no parameters are provided, the file list of all installed software in the current system will be listed
[root@master ~]# salt 'minion' pkg.file_list 
minion:
    ----------
    errors:
    files:
        VALUE_TRIMMED

pkg.group_info

View package group information

[root@master ~]# salt 'minion' pkg.group_info 'Development Tools'
minion:
    ----------
    conditional:
    default:
        - asciidoc
        - byacc
        - ctags
        - diffstat
        - elfutils-libelf-devel
        - git
        - intltool
        - jna
        - ltrace
        - patchutils
        - perl-Fedora-VSP
        - perl-Sys-Syslog
        - perl-generators
        - pesign
        - source-highlight
        - systemtap
        - valgrind
        - valgrind-devel
    description:
        A basic development environment.
    group:
        Development Tools
    id:
        None
    mandatory:
        - autoconf
        - automake
        - binutils
        - bison
        - flex
        - gcc
        - gcc-c++
        - gdb
        - glibc-devel
        - libtool
        - make
        - pkgconf
        - pkgconf-m4
        - pkgconf-pkg-config
        - redhat-rpm-config
        - rpm-build
        - rpm-sign
        - strace
    optional:
        - cmake
        - expect
        - rpmdevtools
        - rpmlint
    type:
        package group

pkg.group_list

Lists all package groups in the system

[root@master ~]# salt 'minion' pkg.group_list
minion:
    ----------
    available:
        - Conflicts BaseOS
        - Dial-up Networking Support
        - Hardware Monitoring Utilities
        - Hardware Support
        - Large Systems Performance
        - Legacy UNIX Compatibility
        - Python Web
        - Server product core
        - Windows File Server
        - Additional Development
        - Anaconda tools
        - Backup Client
        - Base
        - base-x
        - Conflicts AppStream
        - Container Management
        - Debugging Tools
        - Desktop Debugging and Performance Tools
        - Development Tools
        - .NET Core Development
        - File and Storage Server
        - Fonts
        - FTP Server
        - GNOME Applications
        - GNOME
        - Graphical Administration Tools
        - Graphics Creation Tools
        - Guest Agents
        - Guest Desktop Agents
        - Headless Management
        - Infiniband Support
        - Input Methods
        - Internet Applications
        - Internet Browser
        - Java Platform
        - Legacy X Window System Compatibility
        - Mail Server
        - Mainframe Access
        - Multimedia
        - Network File System Client
        - Network Servers
        - Networking Tools
        - Common NetworkManager submodules
        - Office Suite and Productivity
        - Atomic Host ostree support
        - Performance Tools
        - Platform Development
        - KVM platform specific packages
        - Hyper-v platform specific packages
        - Printing Client
        - Remote Desktop Clients
        - Remote Management for Linux
        - RPM Development Tools
        - Scientific Support
        - Security Tools
        - Smart Card Support
        - Standard
        - System Tools
        - TeX formatting system
        - Virtualization Client
        - Virtualization Hypervisor
        - Virtualization Platform
        - Virtualization Tools
        - Basic Web Server
        - Workstation product core
    available environments:
        - Server with GUI
        - Server
        - Workstation
        - Custom Operating System
        - Virtualization Host
    available languages:
        ----------
    installed:
        - Core
        - VMware platform specific packages
    installed environments:
        - Minimal Install

pkg.install

Install software

#Description wget is installed
[root@master ~]# salt 'minion' pkg.install wget
minion:
    ----------

[root@master ~]# salt 'minion' pkg.install httpd
minion:
    ----------
    httpd:
        ----------
        new:
            2.4.37-39.module_el8.4.0+950+0577e6ac.1
        old:
            2.4.37-39.module_el8.4.0+778+c970deab
    httpd-filesystem:
        ----------
        new:
            2.4.37-39.module_el8.4.0+950+0577e6ac.1
        old:
            2.4.37-39.module_el8.4.0+778+c970deab
    httpd-tools:
        ----------
        new:
            2.4.37-39.module_el8.4.0+950+0577e6ac.1
        old:
            2.4.37-39.module_el8.4.0+778+c970deab

pkg.list_downloaded

Lists the packages that have been downloaded locally

[root@master ~]# salt 'minion' pkg.list_downloaded
minion:
    ----------

pkg.list_pkgs

Lists the currently installed packages as a dictionary

[root@master ~]# salt 'minion' pkg.list_pkgs
minion:
    ----------
    NetworkManager:
        1:1.22.8-4.el8
    NetworkManager-libnm:
        1:1.22.8-4.el8
    NetworkManager-team:
        1:1.22.8-4.el8
    NetworkManager-tui:
        1:1.22.8-4.el8
    acl:
        2.2.53-1.el8
    ...Omitted here N that 's ok

pkg.owner

Lists which package provides the specified file

[root@master ~]# salt 'minion' pkg.owner /usr/bin/ls
minion:
    coreutils
    
[root@master ~]# salt 'minion' pkg.owner /etc/httpd/conf/httpd.conf
minion:
    httpd

pkg.remove

Uninstall the specified software

[root@master ~]# salt 'minion' cmd.run 'rpm -qa|grep wget'
minion:
    wget-1.19.5-10.el8.x86_64
[root@master ~]# salt 'minion' pkg.remove wget
minion:
    ----------
    wget:
        ----------
        new:
        old:
            1.19.5-10.el8
#To unload multiple files, separate them with commas

pkg.upgrade

Upgrade all software packages in the system or upgrade the specified software packages

[root@master ~]# salt 'minion' pkg.upgrade name=httpd
minion:
    ----------
#If you want to upgrade all software packages in the system, remove the name parameter

state of common SaltStack modules

state.show_highstate

Displays the advanced status of the current system

[root@master ~]# cat /srv/salt/base/web/apache/install.sls 
httpd-install:
  pkg.installed:
    - name: httpd

[root@master ~]# cat /srv/salt/base/top.sls
base:           
  'os:Redhat':
    - match: grain
    - web.apache.install    

[root@master ~]# salt 'minion' state.show_highstate
minion:
    ----------
    httpd-install:
        ----------
        __env__:
            base
        __sls__:
            web.apache.install
        pkg:
            |_
              ----------
              name:
                  httpd
            - installed
            |_
              ----------
              order:
                  10000

state.highstate

Execute advanced status

[root@master ~]# salt 'minion' state.highstate web.apache.install
minion:
----------
          ID: httpd-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 02:49:29.353797
    Duration: 583.489 ms
     Changes:   

Summary for minion
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time: 583.489 ms

state.show_state_usage

Displays the execution of advanced status in the current system

[root@master ~]# salt 'minion' state.show_state_usage
minion:
    ----------
    base:
        ----------
        count_all:
            2
        count_unused:
            1
        count_used:
            1
        unused:
            - top
        used:
            - web.apache.install
    dev:
        ----------
        count_all:
            0
        count_unused:
            0
        count_used:
            0
        unused:
        used:
    prod:
        ----------
        count_all:
            0
        count_unused:
            0
        count_used:
            0
        unused:
        used:
    test:
        ----------
        count_all:
            0
        count_unused:
            0
        count_used:
            0
        unused:
        used:

state.show_top

Returns the top-level data that minion will use for highstate

[root@master ~]# salt 'minion' state.show_top
minion:
    ----------
    base:
        - web.apache.install

state.top

Execute the specified top file instead of the default

[root@master ~]# salt 'minion' state.top top.sls
minion:
----------
          ID: httpd-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 02:50:27.247421
    Duration: 570.522 ms
     Changes:   

Summary for minion
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time: 570.522 ms

state.show_sls

Displays the status data in a specific sls or sls file list on the master

[root@master ~]# salt 'minion' state.show_sls web.apache.install
minion:
    ----------
    httpd-install:
        ----------
        __env__:
            base
        __sls__:
            web.apache.install
        pkg:
            |_
              ----------
              name:
                  httpd
            - installed
            |_
              ----------
              order:
                  10000

user of common modules of SaltStack

  • View the related functions of the user module
[root@master ~]# salt 'minion' sys.list_functions user
minion:
    - user.add
    - user.chfullname
    - user.chgid
    - user.chgroups
    - user.chhome
    - user.chhomephone
    - user.chloginclass
    - user.chother
    - user.chroomnumber
    - user.chshell
    - user.chuid
    - user.chworkphone
    - user.delete
    - user.get_loginclass
    - user.getent
    - user.info
    - user.list_groups
    - user.list_users
    - user.primary_group
    - user.rename

user.add

Create a user on the minion side. Usage: salt '*' user.add name

[root@master ~]# salt 'minion' user.add tanjie
minion:
    True

user.info

Returns the specified user information

[root@master ~]# salt 'minion' user.info tanjie
minion:
    ----------
    fullname:
    gid:
        1001
    groups:
        - tanjie
    home:
        /home/tanjie
    homephone:
    name:
        tanjie
    other:
    passwd:
        x
    roomnumber:
    shell:
        /bin/bash
    uid:
        1001
    workphone:

user.getent

Returns a list of all system user information

[root@master ~]#  salt 'minion' user.getent
minion:
    |_
      ----------
      fullname:
          root
      gid:
          0
      groups:
          - root
      home:
          /root
      homephone:
      name:
          root
      other:
      passwd:
          x
      roomnumber:
      shell:
          /bin/bash
      uid:
          0
      workphone:
    |_
      ----------
      fullname:
          bin
      gid:
          1
      groups:
          - bin
      home:
          /bin
      homephone:
      name:
          bin
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          1
      workphone:
    |_
      ----------
      fullname:
          daemon
      gid:
          2
      groups:
          - daemon
      home:
          /sbin
      homephone:
      name:
          daemon
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          2
      workphone:
    |_
      ----------
      fullname:
          adm
      gid:
          4
      groups:
          - adm
      home:
          /var/adm
      homephone:
      name:
          adm
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          3
      workphone:
    |_
      ----------
      fullname:
          lp
      gid:
          7
      groups:
          - lp
      home:
          /var/spool/lpd
      homephone:
      name:
          lp
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          4
      workphone:
    |_
      ----------
      fullname:
          sync
      gid:
          0
      groups:
          - root
      home:
          /sbin
      homephone:
      name:
          sync
      other:
      passwd:
          x
      roomnumber:
      shell:
          /bin/sync
      uid:
          5
      workphone:
    |_
      ----------
      fullname:
          shutdown
      gid:
          0
      groups:
          - root
      home:
          /sbin
      homephone:
      name:
          shutdown
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/shutdown
      uid:
          6
      workphone:
    |_
      ----------
      fullname:
          halt
      gid:
          0
      groups:
          - root
      home:
          /sbin
      homephone:
      name:
          halt
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/halt
      uid:
          7
      workphone:
    |_
      ----------
      fullname:
          mail
      gid:
          12
      groups:
          - mail
      home:
          /var/spool/mail
      homephone:
      name:
          mail
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          8
      workphone:
    |_
      ----------
      fullname:
          operator
      gid:
          0
      groups:
          - root
      home:
          /root
      homephone:
      name:
          operator
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          11
      workphone:
    |_
      ----------
      fullname:
          games
      gid:
          100
      groups:
          - users
      home:
          /usr/games
      homephone:
      name:
          games
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          12
      workphone:
    |_
      ----------
      fullname:
          FTP User
      gid:
          50
      groups:
          - ftp
      home:
          /var/ftp
      homephone:
      name:
          ftp
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          14
      workphone:
    |_
      ----------
      fullname:
          Kernel Overflow User
      gid:
          65534
      groups:
          - nobody
      home:
          /
      homephone:
      name:
          nobody
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          65534
      workphone:
    |_
      ----------
      fullname:
          System message bus
      gid:
          81
      groups:
          - dbus
      home:
          /
      homephone:
      name:
          dbus
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          81
      workphone:
    |_
      ----------
      fullname:
          systemd Core Dumper
      gid:
          997
      groups:
          - systemd-coredump
      home:
          /
      homephone:
      name:
          systemd-coredump
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          999
      workphone:
    |_
      ----------
      fullname:
          systemd Resolver
      gid:
          193
      groups:
          - systemd-resolve
      home:
          /
      homephone:
      name:
          systemd-resolve
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          193
      workphone:
    |_
      ----------
      fullname:
          Account used by the trousers package to sandbox the tcsd daemon
      gid:
          59
      groups:
          - tss
      home:
          /dev/null
      homephone:
      name:
          tss
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          59
      workphone:
    |_
      ----------
      fullname:
          User for polkitd
      gid:
          996
      groups:
          - polkitd
      home:
          /
      homephone:
      name:
          polkitd
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          998
      workphone:
    |_
      ----------
      fullname:
          Unbound DNS resolver
      gid:
          995
      groups:
          - unbound
      home:
          /etc/unbound
      homephone:
      name:
          unbound
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          997
      workphone:
    |_
      ----------
      fullname:
          User for sssd
      gid:
          993
      groups:
          - sssd
      home:
          /
      homephone:
      name:
          sssd
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          996
      workphone:
    |_
      ----------
      fullname:
          Privilege-separated SSH
      gid:
          74
      groups:
          - sshd
      home:
          /var/empty/sshd
      homephone:
      name:
          sshd
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          74
      workphone:
    |_
      ----------
      fullname:
      gid:
          992
      groups:
          - chrony
      home:
          /var/lib/chrony
      homephone:
      name:
          chrony
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          995
      workphone:
    |_
      ----------
      fullname:
          Random Number Generator Daemon
      gid:
          991
      groups:
          - rngd
      home:
          /var/lib/rngd
      homephone:
      name:
          rngd
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          994
      workphone:
    |_
      ----------
      fullname:
          tj
      gid:
          1000
      groups:
          - tj
      home:
          /home/tj
      homephone:
      name:
          tj
      other:
      passwd:
          x
      roomnumber:
      shell:
          /bin/bash
      uid:
          1000
      workphone:
    |_
      ----------
      fullname:
          Apache
      gid:
          48
      groups:
          - apache
      home:
          /usr/share/httpd
      homephone:
      name:
          apache
      other:
      passwd:
          x
      roomnumber:
      shell:
          /sbin/nologin
      uid:
          48
      workphone:
    |_
      ----------
      fullname:
      gid:
          1001
      groups:
          - tanjie
      home:
          /home/tanjie
      homephone:
      name:
          tanjie
      other:
      passwd:
          x
      roomnumber:
      shell:
          /bin/bash
      uid:
          1001
      workphone:

user.chgid

Change user GID

[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
    uid=1001(tanjie) gid=1001(tanjie) groups=1001(tanjie)
    
[root@master ~]# salt 'minion' user.chgid tanjie 1000
minion:
    True
    
[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
    uid=1001(tanjie) gid=1000(tj) groups=1000(tj)

user.chuid

Change user UID

[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
    uid=1001(tanjie) gid=1000(tj) groups=1000(tj)
    
[root@master ~]#  salt 'minion' user.chuid tanjie 6666
minion:
    True
    
[root@master ~]#  salt 'minion' user.chuid tanjie 6666
minion:
    True
    
[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
    uid=6666(tanjie) gid=1000(tj) groups=1000(tj)

user.list_groups

Lists the groups to which the specified user belongs

[root@master ~]# salt 'minion' user.list_groups tanjie
minion:
    - tj

user.rename

Modify the user name of the specified user

[root@master ~]# salt 'minion' cmd.run 'id tanjie'
minion:
    uid=6666(tanjie) gid=1000(tj) groups=1000(tj)

[root@master ~]# salt 'minion' user.rename tanjie jie
minion:
    False
minion:
    False		#Although False is returned, the operation is successful

[root@master ~]# salt 'minion' cmd.run 'id 6666'
minion:
    uid=6666(jie) gid=1000(tj) groups=1000(tj)

user.delete

Delete a user on the minion side

[root@master ~]# salt 'minion' cmd.run 'id 6666'
minion:
    uid=6666(jie) gid=1000(tj) groups=1000(tj)

[root@master ~]# salt 'minion' user.delete jie
minion:
    True

[root@master ~]# salt 'minion' cmd.run 'id jie'
minion:
    id: 'jie': no such user
ERROR: Minions returned with non-zero exit code

cp of common modules of SaltStack

  • View the related functions of the cp module
[root@master ~]# salt 'minion' sys.list_functions cp
minion:
    - cp.cache_dest
    - cp.cache_dir
    - cp.cache_file
    - cp.cache_files
    - cp.cache_local_file
    - cp.cache_master
    - cp.envs
    - cp.get_dir
    - cp.get_file
    - cp.get_file_str
    - cp.get_template
    - cp.get_url
    - cp.hash_file
    - cp.is_cached
    - cp.list_master
    - cp.list_master_dirs
    - cp.list_master_symlinks
    - cp.list_minion
    - cp.list_states
    - cp.push
    - cp.push_dir
    - cp.recv
    - cp.recv_chunked
    - cp.stat_file

cp module
The client's operations on the file server are all in the cp module. Salt State system,
Salt CP can also be used instead

Basic explanation:
salt root directory: file in master_ Paths defined by roots
For example, suppose the master has the following definitions:

file_roots:
  base:
    - /srv/salt/base

Then: Salt: / / refers to the actual path: / srv/salt/base. The advantage of this is that it can meet the concept of environment in the state system.

cp.get_file

[root@master ~]# cd /srv/salt/base/
[root@master base]# ls
top.sls  web
[root@master base]# salt 'minion' cp.get_file salt://top.sls /opt/
minion:
    /opt/top.sls
[root@master base]# salt 'minion' cmd.run 'ls /opt'
minion:
    top.sls


#If the client directory is not present, create a directory
[root@master base]# salt 'minion' cp.get_file salt://top.sls /test/ makedirs=True
minion:
    /test/top.sls
 be careful: cp.get_file By default, no directory is created on the client. If there is no directory on the client and it is not specified makedirs=True,File copy will fail. 

cp.get_url

Download the file from a URL. The URL can be a path on msater (salt: / /) or an http URL.

cp.push

Transferring files from the client to the master is an obvious security consideration. This function is not enabled by default. "
The opening method is as follows

[root@master ~]# vim /etc/salt/master
file_recv: True
[root@master ~]# systemctl restart salt-master

Tags: saltstack

Posted on Thu, 04 Nov 2021 00:20:51 -0400 by akrocks_extreme