SaltStack automation operation and maintenance practice

Latest release: 3000 (February 10, 2020)

Refer to the official documents of saltStack
ON THE SALT MASTER
Run these commands on the system that you want to use as the central management point.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M
Your Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.

ON EACH SALT MINION
Run these commands on each system that you want to manage using Salt.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P

The actual configuration server is as follows

master    192.168.0.120  centos120 
node1     192.168.0.121  centos121
node2      192.168.0.122  centos122

The above three services all turn off SELinux, firewalld, and set / etc/hosts, that is, they can access each other by hostname and the Internet. These simple operations are not shown here.

1. Start the installation below
On the master side

[root@centos120 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  283k  100  283k    0     0  51683      0  0:00:05  0:00:05 --:--:-- 70732

[root@centos120 ~]# ll install_salt.sh 
-rw-r--r-- 1 root root 290571 Mar  8 13:09 install_salt.sh
[root@centos120 ~]# 

[root@centos120 ~]# sh install_salt.sh -P -M
 *  INFO: Running version: 2020.02.24
 *  INFO: Executed by: sh
 *  INFO: Command line: 'install_salt.sh -P -M'

 *  INFO: System Information:
 *  INFO:   CPU:          GenuineIntel
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   3.10.0-957.el7.x86_64
 *  INFO:   Distribution: CentOS 7.6

 *  INFO: Installing minion
 *  INFO: Installing master
 *  INFO: Found function install_centos_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_centos_stable
 *  INFO: Found function install_centos_stable_post
 *  INFO: Found function install_centos_restart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_centos_check_services
 *  INFO: Running install_centos_stable_deps()

.......

Installed:
  salt-master.noarch 0:3000-1.el7        salt-minion.noarch 0:3000-1.el7       

Dependency Installed:
  libsodium.x86_64 0:1.0.18-1.el7                                               
  libtomcrypt.x86_64 0:1.17-26.el7                                              
  libtommath.x86_64 0:0.42.0-6.el7                                              
  openpgm.x86_64 0:5.2.122-2.el7                                                
  python-babel.noarch 0:0.9.6-8.el7                                             
  python-backports_abc.noarch 0:0.5-11.el7                                      
  python-jinja2.noarch 0:2.7.2-4.el7                                            
  python-markupsafe.x86_64 0:0.11-10.el7                                        
  python-requests.noarch 0:2.6.0-8.el7_7                                        
  python-singledispatch.noarch 0:3.4.0.3-16.el7                                 
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urllib3.noarch 0:1.10.2-7.el7                                          
  python-zmq.x86_64 0:15.3.0-3.el7                                              
  python2-crypto.x86_64 0:2.6.1-16.el7                                          
  python2-futures.noarch 0:3.1.1-5.el7                                          
  python2-msgpack.x86_64 0:0.6.2-2.el7                                          
  python2-psutil.x86_64 0:5.6.7-1.el7                                           
  salt.noarch 0:3000-1.el7                                                      
  systemd-python.x86_64 0:219-67.el7_7.3                                        
  zeromq.x86_64 0:4.1.4-7.el7                                                   

Dependency Updated:
  python-setuptools.noarch 0:36.6.0-2.ius.el7                                   
  systemd.x86_64 0:219-67.el7_7.3                                               
  systemd-libs.x86_64 0:219-67.el7_7.3                                          
  systemd-sysv.x86_64 0:219-67.el7_7.3                                          

Complete!
 *  INFO: Running install_centos_stable_post()
 *  INFO: Running install_centos_check_services()
 *  INFO: Running install_centos_restart_daemons()
 *  INFO: Running daemons_running()
 *  INFO: Salt installed!
[root@centos120 ~]# 

You can see from the above that the packages are installed. The master side is installed successfully, that is, the management node.

  1. Start to install minion node, which is the node to be managed (in production environment, such as web service node, database node, storage node, which need to publish code in batches, configure servers, etc.)
[root@centos121 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh

[root@centos121 ~]# ll  install_salt.sh
-rw-r--r-- 1 root root 290571 Mar  8 13:13 install_salt.sh
[root@centos121 ~]# 

[root@centos121 ~]# sh install_salt.sh -P
*  INFO: Running version: 2020.02.24
 *  INFO: Executed by: sh
 *  INFO: Command line: 'install_salt.sh -P'

 *  INFO: System Information:
 *  INFO:   CPU:          GenuineIntel
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   3.10.0-957.el7.x86_64
 *  INFO:   Distribution: CentOS 7.6

 *  INFO: Installing minion
 *  INFO: Found function install_centos_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_centos_stable
 *  INFO: Found function install_centos_stable_post
 *  INFO: Found function install_centos_restart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_centos_check_services
 *  INFO: Running install_centos_stable_deps()
 .............
 Installed:
  salt-minion.noarch 0:3000-1.el7                                               

Dependency Installed:
  libsodium.x86_64 0:1.0.18-1.el7                                               
  libtomcrypt.x86_64 0:1.17-26.el7                                              
  libtommath.x86_64 0:0.42.0-6.el7                                              
  openpgm.x86_64 0:5.2.122-2.el7                                                
  python-babel.noarch 0:0.9.6-8.el7                                             
  python-backports.x86_64 0:1.0-8.el7                                           
  python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7                    
  python-backports_abc.noarch 0:0.5-11.el7                                      
  python-ipaddress.noarch 0:1.0.16-2.el7                                        
  python-jinja2.noarch 0:2.7.2-4.el7                                            
  python-markupsafe.x86_64 0:0.11-10.el7                                        
  python-requests.noarch 0:2.6.0-8.el7_7                                        
  python-setuptools.noarch 0:36.6.0-2.ius.el7                                   
  python-singledispatch.noarch 0:3.4.0.3-16.el7                                 
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urllib3.noarch 0:1.10.2-7.el7                                          
  python-zmq.x86_64 0:15.3.0-3.el7                                              
  python2-crypto.x86_64 0:2.6.1-16.el7                                          
  python2-futures.noarch 0:3.1.1-5.el7                                          
  python2-msgpack.x86_64 0:0.6.2-2.el7                                          
  python2-psutil.x86_64 0:5.6.7-1.el7                                           
  salt.noarch 0:3000-1.el7                                                      
  systemd-python.x86_64 0:219-67.el7_7.3                                        
  zeromq.x86_64 0:4.1.4-7.el7                                                   

Dependency Updated:
  systemd.x86_64 0:219-67.el7_7.3        systemd-libs.x86_64 0:219-67.el7_7.3  
  systemd-sysv.x86_64 0:219-67.el7_7.3  

Complete!
 *  INFO: Running install_centos_stable_post()
 *  INFO: Running install_centos_check_services()
 *  INFO: Running install_centos_restart_daemons()
 *  INFO: Running daemons_running()
 *  INFO: Salt installed!
[root@centos121 ~]# 

The same as the CentOS 122 node minion, where the minion end installation is completed.

3. Start configuration below
Knowledge points to know before configuration:

A brief introduction to saltstack
Saltstack is a new way of infrastructure management. It is a centralized management platform of server infrastructure. It can be run in a few minutes. It is fast enough. The second level communication between servers has good scalability. It is easy to manage tens of thousands of servers in batches, significantly reducing the cost of human resources and operation and maintenance. It has the functions of configuration management, remote execution, monitoring, etc., which can generally It is understood as a simplified version of puppet and an enhanced version of func. By deploying the saltstack environment, commands can be executed in batches on thousands of servers, and configuration centralized management, file distribution, server data collection, operating system foundation and software package management can be performed according to different business characteristics. Saltstack is used by operation and maintenance personnel to improve work efficiency and standardize business configuration and operation Sharp weapon. Saltstack is implemented based on Python language, combined with lightweight message queuing (ZeroMQ) (the communication mode of saltstack can be divided into two modes: ZeroMQ and REAT. Considering that REAT is not too stable at present, it usually chooses the ZeroMQ mode) and python third-party modules (Pyzmq, PyCrypto, Pyjinjia2, Python msgpack, PyYAML, etc.) to build.

Saltstack operation mode:

Local: local, a machine to play, not recommended.

Master/Minion: it is managed by server/agent with high efficiency (batch management of 1000 machines, 25 seconds).

Salt SSH: the efficiency of SSH management is relatively low (batch management of 1000 machines in 83 seconds).

Three functions of Saltstack:

Remote execution (remote command execution)

Configuration management (status management)

Cloud management

Saltstack features:
1) Simple and convenient deployment;
2) Support most UNIX/Linux and Windows environments;
3) Centralized management of master and slave;
4) Simple configuration, powerful function and strong expansibility;
5) master and minion are based on certificate authentication, which is safe and reliable;
6) API and custom modules are supported, which can be easily extended through Python.

Master and Minion certification:
1) When minion is first started, it will automatically generate minion.pem (private key) and minion.pub (public key) under / etc/salt/pki/minion / (the path is set in / etc/salt/minion), and then send minion.pub to the master.

2) After the master receives the public key of minion, he / she accepts the public key of minion through the salt key command, so that the public key named minion id will be stored under / etc/salt/pki/master/minions of the master, and then the master can send instructions to minion.

Connection between Master and Minion:
1) After the SaltStack master is started, it will listen to two ports 4505 and 4506 by default. 4505 (publish_port) is the message publishing system of saltstack, and 4506 (ret_port) is the communication port between the client and the server of saltstack. If you use lsof to view the 4505 port, you will find that all minion s remain in the ESTABLISHED state at the 4505 port.

2) The communication mode between minion and master is as follows:

Now configure,

First check the files installed on the server:

[root@centos120 ~]# ll /etc/salt/
total 132
-rw------- 1 root root  2927 Feb  2 07:15 cloud
drwx------ 2 root root     6 Feb  5 02:46 cloud.conf.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.deploy.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.maps.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.profiles.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb  2 07:15 master
drwxr-xr-x 2 root root     6 Feb  5 02:46 master.d
-rw-r----- 1 root root 37370 Feb  2 07:15 minion
drwxr-xr-x 2 root root     6 Feb  5 02:46 minion.d
-rw-r--r-- 1 root root     9 Mar  8 13:13 minion_id
drwxr-xr-x 4 root root    34 Mar  8 13:13 pki
-rw-r----- 1 root root 28289 Feb  2 07:15 proxy
drwxr-xr-x 2 root root     6 Feb  5 02:46 proxy.d
-rw-r----- 1 root root   344 Feb  2 07:15 roster
[root@centos120 ~]# 

What files are installed in minion

[root@centos121 ~]# ll /etc/salt/
total 132
-rw------- 1 root root  2927 Feb  2 07:15 cloud
drwx------ 2 root root     6 Feb  5 02:46 cloud.conf.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.deploy.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.maps.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.profiles.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb  2 07:15 master
drwxr-xr-x 2 root root     6 Feb  5 02:46 master.d
-rw-r----- 1 root root 37370 Feb  2 07:15 minion
drwxr-xr-x 2 root root     6 Feb  5 02:46 minion.d
-rw-r--r-- 1 root root     9 Mar  8 13:45 minion_id
drwxr-xr-x 4 root root    34 Mar  8 13:45 pki
-rw-r----- 1 root root 28289 Feb  2 07:15 proxy
drwxr-xr-x 2 root root     6 Feb  5 02:46 proxy.d
-rw-r----- 1 root root   344 Feb  2 07:15 roster
[root@centos121 ~]# 

Configure the master:

[root@centos120 salt]# cp -p master master.bk.20200308
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308 
15c15
< interface: 192.168.0.120
---
> #interface: 0.0.0.0
[root@centos120 salt]# 

Configure the minion side. There are three minions in total:

[root@centos120 salt]# cp -p minion minion.bk.20200308
[root@centos120 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos120 salt]# 

[root@centos121 salt]# cp -p minion minion.bk.20200308
[root@centos121 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos121 salt]# 
[root@centos122 salt]# cp -p minion minion.bk.20200308
[root@centos122 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos122 salt]# 

Start the master service:

[root@centos120 salt]# systemctl start salt-master
[root@centos120 salt]# systemctl status  salt-master
● salt-master.service - The Salt Master Server
   Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-03-08 13:13:55 CST; 1h 3min ago
     Docs: man:salt-master(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 8295 (salt-master)
   CGroup: /system.slice/salt-master.service
           ├─8295 /usr/bin/python /usr/bin/salt-master
           ├─8302 /usr/bin/python /usr/bin/salt-master
           ├─8321 /usr/bin/python /usr/bin/salt-master
           ├─8323 /usr/bin/python /usr/bin/salt-master
           ├─8326 /usr/bin/python /usr/bin/salt-master
           ├─8327 /usr/bin/python /usr/bin/salt-master
           ├─8328 /usr/bin/python /usr/bin/salt-master
           ├─8329 /usr/bin/python /usr/bin/salt-master
           ├─8330 /usr/bin/python /usr/bin/salt-master
           ├─8331 /usr/bin/python /usr/bin/salt-master
           ├─8332 /usr/bin/python /usr/bin/salt-master
           ├─8340 /usr/bin/python /usr/bin/salt-master
           └─8342 /usr/bin/python /usr/bin/salt-master

Mar 08 13:13:53 centos120 systemd[1]: Starting The Salt Master Server...
Mar 08 13:13:54 centos120 salt-master[8295]: /usr/lib/python2.7/site-packages/salt/scripts.py:109: DeprecationWarni...ater.
Mar 08 13:13:55 centos120 systemd[1]: Started The Salt Master Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos120 salt]#

[root@centos120 salt]# netstat -antupl | grep python
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      8321/python         
tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      8328/python         
[root@centos120 salt]# 

[root@centos120 salt]# ps -ef | grep  salt
root       8295      1  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8302   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8321   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8322      1  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       8323   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8326   8295  0 13:13 ?        00:00:12 /usr/bin/python /usr/bin/salt-master
root       8327   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8328   8327  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8329   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8330   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8331   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8332   8295  0 13:13 ?        00:00:08 /usr/bin/python /usr/bin/salt-master
root       8340   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8342   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8365   8322  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-minion
root       8371   8365  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root      14012   7302  0 14:31 pts/0    00:00:00 grep --color=auto salt
[root@centos120 salt]# 

Start the minion service:

[root@centos122 salt]# systemctl start salt-minion
[root@centos122 salt]# systemctl status  salt-minion
● salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-03-08 14:00:46 CST; 27min ago
     Docs: man:salt-minion(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 7563 (salt-minion)
   CGroup: /system.slice/salt-minion.service
           ├─7563 /usr/bin/python /usr/bin/salt-minion
           ├─7567 /usr/bin/python /usr/bin/salt-minion
           └─7573 /usr/bin/python /usr/bin/salt-minion

Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos122 salt]# ll

[root@centos122 salt]# ps -ef | grep  salt
root       7563      1  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       7567   7563  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       7573   7567  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       8968   7030  0 14:29 pts/0    00:00:00 grep --color=auto salt
[root@centos122 salt]# 

The same is true for CentOS 120 and CentOS 121.

  1. Start configuration authentication:
    Restart all services:
[root@centos120 salt]# sytemctl restart salt-master 
[root@centos120 salt]# systemctl restart salt-minion
[root@centos121 salt]# systemctl restart salt-minion
[root@centos122 salt]# systemctl restart salt-minion

After salt minion is started, it will automatically send the public key to salt master,

So just accept it in salt master

Start accepting all salt minion public keys:

[root@centos120 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
centos120
centos121
centos122
Proceed? [n/Y] Y
Key for minion centos120 accepted.
Key for minion centos121 accepted.
Key for minion centos122 accepted.
[root@centos120 salt]# 

View the public key received by the salt minion side:

[root@centos120 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1674 Mar  8 14:42 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:42 minion.pub
[root@centos120 salt]# ll /etc/salt/pki/master/
total 8
-r-------- 1 root root 1678 Mar  8 13:13 master.pem
-rw-r--r-- 1 root root  450 Mar  8 13:13 master.pub
drwxr-xr-x 2 root root   57 Mar  8 14:45 minions
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_autosign
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_denied
drwxr-xr-x 2 root root    6 Mar  8 14:45 minions_pre
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_rejected
[root@centos120 salt]# cat /etc/salt/pki/minion/minion_master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTwWyV0gi7yFKKBt2tiS
thOEu6v1kn4OKM1TEcdIz7XzNUUS+ve/Jz51dH2X2ykW3lLkJqzM7AXunlWH0E5n
9vAzckMtXgjQ8/JrbRbIjDNiEAFqrJDMwDb5Zl4KUJUHZJW6LaT2WR5S9iCRNR+w
lK9SIpvCcBgfboUNt6u2ttIc4CW5UeIS7w6DGlrXv+9sD6djmjiWrmEjKJt0o9vR
myyJOQ3gXC9o/rv4HCmhJwSpqkDb93d4zs4M7jFssY2jfRKzY9paId/dgtkMcT1J
/J801mZv1DNV0mXZjEk8CqGFziO+8/UOFs/9yu1L3gDOQoysR5eAqOmTQN2pKgxL
FwIDAQAB
-----END PUBLIC KEY-----
[root@centos120 salt]#

To view the generated key:

[root@centos121 minion]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar  8 14:41 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:41 minion.pub
[root@centos121 minion]# 
[root@centos121 minion]# 
[root@centos121 minion]# ll /etc/salt/pki/master/
total 0
[root@centos121 minion]# 

[root@centos122 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar  8 14:42 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:42 minion.pub

[root@centos122 salt]# ll /etc/salt/pki/master/
total 0
[root@centos122 salt]# 

This completes the configuration of salt master and salt minion certificate authentication.

  1. Test batch processing
    Remote execution command:
[root@centos120 salt]# salt 'centos121' test.ping
centos121:
    True
[root@centos120 salt]# salt '*' test.ping
centos121:
    True
centos122:
    True
centos120:
    True
[root@centos120 salt]# 

[root@centos120 salt]# salt 'centos121' cmd.run 'df -h'
centos121:
    Filesystem               Size  Used Avail Use% Mounted on
    /dev/mapper/centos-root   17G  1.5G   16G   9% /
    devtmpfs                 475M     0  475M   0% /dev
    tmpfs                    487M   40K  487M   1% /dev/shm
    tmpfs                    487M  7.7M  479M   2% /run
    tmpfs                    487M     0  487M   0% /sys/fs/cgroup
    /dev/sdb2                105M  8.0M   97M   8% /gluster/brick2
    /dev/sda1               1014M  146M  869M  15% /boot
    /dev/sdb1                 92M  7.2M   85M   8% /gluster/brick1
    tmpfs                     98M     0   98M   0% /run/user/0

[root@centos120 salt]# salt 'centos121' cmd.run 'w'
centos121:
     14:52:54 up  1:45,  1 user,  load average: 0.08, 0.03, 0.05
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    192.168.0.101    13:08    3:10   0.10s  0.10s -bash
[root@centos120 salt]# 

Specify multiple server s remotely:

[root@centos120 salt]# salt -L 'centos120, centos121' cmd.run 'hostname'
centos121:
    centos121
centos120:
    centos120
[root@centos120 salt]# 
  1. Introduction to salt components

Introduction to grains of saltstack:
grains component is a very important component in saltstack, which is mainly used to record some static information of minion, such as CPU, memory, disk, network, etc. grains information is automatically reported to the master after the client starts. Once these static information changes, you need to restart minion or resynchronize grains.

grains is the information collected during minion startup, such as the type of operating system, network card IP, memory version, CPU information, etc.

[root@centos120 salt]# salt -L 'centos121' grains.ls
centos121:
    - SSDs
    - biosreleasedate
    - biosversion
    - cpu_flags
    - cpu_model
    - cpuarch
    - cwd
    - disks
    - dns
    - domain
    - fqdn
    - fqdn_ip4
    - fqdn_ip6
    - fqdns
    - gid
    - gpus
    - groupname
    - host
    - hwaddr_interfaces
    - id
    - init
    - ip4_gw
    - ip4_interfaces
    - ip6_gw
    - ip6_interfaces
    - ip_gw
    - ip_interfaces
    - ipv4
    - ipv6
    - kernel
    - kernelrelease
    - kernelversion
    - locale_info
    - localhost
    - lsb_distrib_codename
    - lsb_distrib_id
    - machine_id
    - manufacturer
    - master
    - mdadm
    - mem_total
    - nodename
    - num_cpus
    - num_gpus
    - os
    - os_family
    - osarch
    - oscodename
    - osfinger
    - osfullname
    - osmajorrelease
    - osrelease
    - osrelease_info
    - path
    - pid
    - productname
    - ps
    - pythonexecutable
    - pythonpath
    - pythonversion
    - saltpath
    - saltversion
    - saltversioninfo
    - selinux
    - serialnumber
    - server_id
    - shell
    - swap_total
    - systemd
    - uid
    - username
    - uuid
    - virtual
    - zfs_feature_flags
    - zfs_support
    - zmqversion
[root@centos120 salt]# 

View items:

[root@centos120 salt]# salt -L 'centos121' grains.items
centos121:
    ----------
    SSDs:
    biosreleasedate:
        07/02/2015
    biosversion:
        6.00
    cpu_flags:
        - fpu
        - vme
        - de
        - pse
        - tsc
        - msr
        - pae
        - mce
        - cx8
        - apic
        - sep
        - mtrr
        - pge
        - mca
        - cmov
        - pat
        - pse36
        - clflush
        - dts
        - mmx
        - fxsr
        - sse
        - sse2
        - ss
        - ht
        - syscall
        - nx
        - pdpe1gb
        - rdtscp
        - lm
        - constant_tsc
        - arch_perfmon
        - pebs
        - bts
        - nopl
        - xtopology
        - tsc_reliable
        - nonstop_tsc
        - aperfmperf
        - eagerfpu
        - pni
        - pclmulqdq
        - vmx
        - ssse3
        - fma
        - cx16
        - pcid
        - sse4_1
        - sse4_2
        - x2apic
        - movbe
        - popcnt
        - tsc_deadline_timer
        - aes
        - xsave
        - avx
        - f16c
        - rdrand
        - hypervisor
        - lahf_lm
        - abm
        - 3dnowprefetch
        - epb
        - tpr_shadow
        - vnmi
        - ept
        - vpid
        - fsgsbase
        - tsc_adjust
        - bmi1
        - avx2
        - smep
        - bmi2
        - invpcid
        - rdseed
        - adx
        - smap
        - xsaveopt
        - dtherm
        - ida
        - arat
        - pln
        - pts
        - hwp
        - hwp_notify
        - hwp_act_window
        - hwp_epp
    cpu_model:
        Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
    cpuarch:
        x86_64
    cwd:
        /
    disks:
        - sda
        - sdb
        - sr0
        - dm-0
        - dm-1
    dns:
        ----------
        domain:
        ip4_nameservers:
            - 192.168.0.1
            - 192.168.1.1
        ip6_nameservers:
        nameservers:
            - 192.168.0.1
            - 192.168.1.1
        options:
        search:
            - DHCP
            - HOST
        sortlist:
    domain:
    fqdn:
        centos121
    fqdn_ip4:
        - 192.168.0.121
    fqdn_ip6:
        - fe80::4eff:a5b2:4d5b:ae08
        - fe80::2f47:1e27:f7e1:ea88
    fqdns:
    gid:
        0
    gpus:
        |_
          ----------
          model:
              SVGA II Adapter
          vendor:
              vmware
    groupname:
        root
    host:
        centos121
    hwaddr_interfaces:
        ----------
        ens33:
            00:0c:29:51:46:50
        ens37:
            00:0c:29:51:46:5a
        lo:
            00:00:00:00:00:00
    id:
        centos121
    init:
        systemd
    ip4_gw:
        192.168.0.1
    ip4_interfaces:
        ----------
        ens33:
            - 192.168.0.121
        ens37:
            - 192.168.0.102
        lo:
            - 127.0.0.1
    ip6_gw:
        False
    ip6_interfaces:
        ----------
        ens33:
            - fe80::2f47:1e27:f7e1:ea88
        ens37:
            - fe80::4eff:a5b2:4d5b:ae08
        lo:
            - ::1
    ip_gw:
        True
    ip_interfaces:
        ----------
        ens33:
            - 192.168.0.121
            - fe80::2f47:1e27:f7e1:ea88
        ens37:
            - 192.168.0.102
            - fe80::4eff:a5b2:4d5b:ae08
        lo:
            - 127.0.0.1
            - ::1
    ipv4:
        - 127.0.0.1
        - 192.168.0.102
        - 192.168.0.121
    ipv6:
        - ::1
        - fe80::2f47:1e27:f7e1:ea88
        - fe80::4eff:a5b2:4d5b:ae08
    kernel:
        Linux
    kernelrelease:
        3.10.0-957.el7.x86_64
    kernelversion:
        #1 SMP Thu Nov 8 23:39:32 UTC 2018
    locale_info:
        ----------
        defaultencoding:
            UTF-8
        defaultlanguage:
            en_US
        detectedencoding:
            UTF-8
        timezone:
            unknown
    localhost:
        centos121
    lsb_distrib_codename:
        CentOS Linux 7 (Core)
    lsb_distrib_id:
        CentOS Linux
    machine_id:
        25f97b4fbbea4c2a8e8940747c895695
    manufacturer:
        VMware, Inc.
    master:
        192.168.0.120
    mdadm:
    mem_total:
        972
    nodename:
        centos121
    num_cpus:
        8
    num_gpus:
        1
    os:
        CentOS
    os_family:
        RedHat
    osarch:
        x86_64
    oscodename:
        CentOS Linux 7 (Core)
    osfinger:
        CentOS Linux-7
    osfullname:
        CentOS Linux
    osmajorrelease:
        7
    osrelease:
        7.6.1810
    osrelease_info:
        - 7
        - 6
        - 1810
    path:
        /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
    pid:
        9033
    productname:
        VMware Virtual Platform
    ps:
        ps -efHww
    pythonexecutable:
        /usr/bin/python
    pythonpath:
        - /usr/bin
        - /usr/lib64/python27.zip
        - /usr/lib64/python2.7
        - /usr/lib64/python2.7/plat-linux2
        - /usr/lib64/python2.7/lib-tk
        - /usr/lib64/python2.7/lib-old
        - /usr/lib64/python2.7/lib-dynload
        - /usr/lib64/python2.7/site-packages
        - /usr/lib/python2.7/site-packages
    pythonversion:
        - 2
        - 7
        - 5
        - final
        - 0
    saltpath:
        /usr/lib/python2.7/site-packages/salt
    saltversion:
        3000
    saltversioninfo:
        - 3000
        - None
        - None
        - 0
    selinux:
        ----------
        enabled:
            False
        enforced:
            Disabled
    serialnumber:
        VMware-56 4d f8 fe ac f0 e1 1a-34 0a 67 d6 1b 51 46 50
    server_id:
        1110840923
    shell:
        /bin/sh
    swap_total:
        2047
    systemd:
        ----------
        features:
            +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
        version:
            219
    uid:
        0
    username:
        root
    uuid:
        fef84d56-f0ac-1ae1-340a-67d61b514650
    virtual:
        VMware
    zfs_feature_flags:
        False
    zfs_support:
        False
    zmqversion:
        4.1.4
[root@centos120 salt]# 
  1. The information of starting grains is not dynamic and will not change from time to time. It is only collected when minion starts. We can do configuration management according to some information collected by grains, and support customization of some monitoring items.
[root@centos121 minion]# vi /etc/salt/grains 
[root@centos121 minion]# cat /etc/salt/grains
role: web1_server
env: test
myname: web1
myhostname: web1.com
[root@centos121 minion]#

Then restart minion

7.1 view the value just customized
8.

[root@centos120 salt]# salt -L 'centos121' grains.items | egrep -A 1  'role|env|myname|myhostname'
    env:
        test
--
    myhostname:
        web1.com
    myname:
        web1
--
    role:
        web1_server
[root@centos120 salt]# 

7.2 to view item s separately:

[root@centos120 salt]# salt -L 'centos121' grains.item env
centos121:
    ----------
    env:
        test
[root@centos120 salt]# 

7.3 we can use some attribute information of grains to execute some commands:

[root@centos120 salt]# salt -G env:test cmd.run 'w'
centos121:
     15:06:41 up  1:59,  1 user,  load average: 0.08, 0.03, 0.05
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    192.168.0.101    13:08    5:45   0.14s  0.14s -bash
[root@centos120 salt]# 
  1. Introduction to pilar of saltstack:
    Grain is used to store static data that is not easy to change, while pillar is generally used to store dynamic and sensitive data. Grain information can be configured and set or obtained through minion and master, while pillar information can only be configured at master and executed at minion.
    pillar is different from grains. It is defined on the master, and it is for some information defined on minion. You can customize variables, etc

To customize the pillar process:

8.1 configure pillar on the centos120 of the master end:
Find "pillar" and uncomment the following three lines

[root@centos120 salt]# cp -p master master.bk.20200308-2
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-2
837,839c837,839
<  pillar_roots:
<    base:
<      - /srv/pillar
---
> #pillar_roots:  
# base:
> #    - /srv/pillar

To create a directory for the pillar file:

[root@centos120 salt]#  mkdir -p /srv/pillar
[root@centos120 salt]#  cd !$
 cd /srv/pillar
[root@centos120 pillar]# 

Create a profile and edit the following:

[root@centos120 pillar]# vi httpd.sls
[root@centos120 pillar]# cat httpd.sls 
conf: /etc/httpd/conf/httpd.conf
servername: web1.com

Notice the space after the colon

Create the write entry configuration file, which is the top.sls file

[root@centos120 pillar]# pwd
/srv/pillar
[root@centos120 pillar]# vi top.sls
[root@centos120 pillar]# cat top.sls 
base:
  'centos121':
    - httpd
[root@centos120 pillar]# 

Note - space after

Restart the salt master service

[root@centos120 pillar]# systemctl restart salt-master
[root@centos120 pillar]# 

New status can be obtained by refreshing

[root@centos120 pillar]# salt '*' saltutil.refresh_pillar
centos121:
    True
centos122:
    True
centos120:
    True
[root@centos120 pillar]# 

See

[root@centos120 pillar]# salt '*' pillar.items
centos120:
    ----------
centos121:
    ----------
    conf:
        /etc/httpd/conf/httpd.conf
    servername:
        web1.com
centos122:
    ----------
[root@centos120 pillar]# 

9. Saltstack configuration management service
1. Configure and install apache

Uncomment the following three lines, paying attention to the space

[root@centos120 salt]# cp -p master master.bk.20200308-3
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-3
657,659c657,659
< file_roots:
<   base:
<     - /srv/salt/
---
> # file_roots:
> #   base:
> #     - /srv/salt/
[root@centos120 salt]# 

Create profile store directory and create portal file

[root@centos120 ~]# mkdir /srv/salt
[root@centos120 ~]# cd !$
cd /srv/salt
[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
[root@centos120 salt]# 

Restart service:

[root@centos120 salt]# !syste
systemctl restart salt-master
[root@centos120 salt]# 

Creating configuration files for writing apache modules

[root@centos120 salt]# vi apache.sls
[root@centos120 salt]# cat apache.sls 
apache-service:
  pkg.installed:
    - names:
        -httpd
        -httpd-devel
  service.running:
    - name: httpd
    - enable: True

[root@centos120 salt]# 

Note: line alignment - with spaces
Apache service is the name of ID, customized. pkg.installed is the package installation function. The following is the name of the package to be installed. service.running is also a function to ensure that the specified service is started. enable means start-up.

Configure files, execute

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: The following packages were installed/updated: httpd
     Started: 18:43:58.483864
    Duration: 18618.516 ms
     Changes:   
              ----------
              apr:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              httpd:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              mailcap:
                  ----------
                  new:
                      2.1.41-2.el7
                  old:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 18:44:17.118830
    Duration: 7455.336 ms
     Changes:   
              ----------
              apr-devel:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util-devel:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              cyrus-sasl:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              cyrus-sasl-devel:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              expat-devel:
                  ----------
                  new:
                      2.1.0-10.el7_3
                  old:
              httpd-devel:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              libdb:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-24.el7
              libdb-devel:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
              libdb-utils:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-24.el7
              openldap:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
                      2.4.44-20.el7
              openldap-devel:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 18:44:24.583323
    Duration: 211.858 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for centos121
------------
Succeeded: 3 (changed=3)
Failed:    0
------------
Total states run:     3
Total run time:  26.286 s
[root@centos120 salt]# 

As can be seen from the above results, it can be executed successfully

Check that httpd on the executed minion is indeed installed, started and enabled

[root@centos121 salt]# netstat -antupl | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      10233/httpd         
udp6       0      0 fe80::2f47:1e27:f7e:123 :::*                                6525/ntpd           
[root@centos121 salt]# 
[root@centos121 salt]# systemctl is-enabled httpd 
enabled
[root@centos121 salt]# 

10. Configure remote file management

Create a file management module

[root@centos120 salt]# pwd
/etc/salt
[root@centos120 salt]# vi filecopy.sls
[root@centos120 salt]# cat filecopy.sls 
filecopy:
  file.managed:
    - name: /tmp/test.file
    - source: salt://test/index.php
    - user: root
    - group: root
    - mode: 644
[root@centos120 salt]# 

Note: the filecopy in the first line is a self-defined name, indicating the name of the configuration segment, which can be referenced in other configuration segments; source specifies where to copy the file, where the test directory is equivalent to the / srv/salt/test directory; name specifies the file to be generated by the remote client.

Create a new source file to test

[root@centos120 srv]# mkdir -p /srv/salt/test
[root@centos120 srv]# echo "test salt file managed" > /srv/salt/test/index.php

Add module to entry file

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
     - filecopy
[root@centos120 salt]# 

Test execution

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:38:32.908055
    Duration: 760.4 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:38:33.668754
    Duration: 16.474 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:38:33.686516
    Duration: 46.938 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file updated
     Started: 22:38:33.753042
    Duration: 32.348 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644

Summary for centos121
------------
Succeeded: 4 (changed=1)
Failed:    0
------------
Total states run:     4
Total run time: 856.160 ms
[root@centos120 salt]# 

View results

[root@centos121 ~]# ll /tmp/test.file 
-rw-r--r-- 1 root root 23 Mar  8 22:38 /tmp/test.file
[root@centos121 ~]# cat !$
cat /tmp/test.file
test salt file managed
[root@centos121 ~]# 

12. Configure folder management:
Create a module for folder management

[root@centos120 salt]# cat filedir.sls 
file_dir:
  file.recurse:
    - name: /tmp/testdir
    - source: salt://test
    - user: root
    - group: root
    - file_mode: 644
    - dir_mode: 755
    - mkdir: True
    - clean: True

Add module to entry file

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
     - filecopy
     - filedir
[root@centos120 salt]# 

Test folder management

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:47:17.475869
    Duration: 636.77 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:47:18.112930
    Duration: 16.986 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:47:18.130854
    Duration: 45.213 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file is in the correct state
     Started: 22:47:18.179219
    Duration: 21.548 ms
     Changes:   
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: Recursively updated /tmp/testdir
     Started: 22:47:18.200950
    Duration: 86.558 ms
     Changes:   
              ----------
              /tmp/testdir/index.php:
                  ----------
                  diff:
                      New file
                  mode:
                      0644

Summary for centos121
------------
Succeeded: 5 (changed=1)
Failed:    0
------------
Total states run:     5
Total run time: 807.075 ms
[root@centos120 salt]# 

Check whether the client has / tmp/testdir directory

[root@centos121 ~]# ls -ltr /tmp/testdir
total 4
-rw-r--r-- 1 root root 23 Mar  8 22:47 index.php
[root@centos121 ~]# 
  1. saltstack remote command execution

To create a profile to execute a command:

[root@centos120 salt]# vi cmd.sls
[root@centos120 salt]# cat cmd.sls 
cmd_test:
  cmd.run:
  - unless: test -f /tmp/gnu.index
  - names:
      - touch /tmp/cmdfile.index
      - mkdir /tmp/cmd
  - user: root
[root@centos120 salt]#

Note: unless: indicates that if the / tmp/gnu.index file does not exist, that is, if the result is True, the command after - name will be executed; if it is false, the command after - name will not be executed; if the / tmp/gnu.index file exists, the command after will be executed; the two are exactly the opposite.

Add module to entry file

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - apache
     - filecopy
     - filedir
     - cmd
[root@centos120 salt]#

Test execution command

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:53:35.762137
    Duration: 635.316 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:53:36.397764
    Duration: 16.511 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:53:36.415052
    Duration: 44.985 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file is in the correct state
     Started: 22:53:36.463189
    Duration: 21.523 ms
     Changes:   
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: The directory /tmp/testdir is in the correct state
     Started: 22:53:36.484894
    Duration: 29.106 ms
     Changes:   
----------
          ID: cmd_test
    Function: cmd.run
        Name: touch /tmp/cmdfile.index
      Result: True
     Comment: Command "touch /tmp/cmdfile.index" run
     Started: 22:53:36.522364
    Duration: 31.084 ms
     Changes:   
              ----------
              pid:
                  11407
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: cmd_test
    Function: cmd.run
        Name: mkdir /tmp/cmd
      Result: True
     Comment: Command "mkdir /tmp/cmd" run
     Started: 22:53:36.553711
    Duration: 20.647 ms
     Changes:   
              ----------
              pid:
                  11409
              retcode:
                  0
              stderr:
              stdout:

Summary for centos121
------------
Succeeded: 7 (changed=2)
Failed:    0
------------
Total states run:     7
Total run time: 799.172 ms
[root@centos120 salt]# 

View client results

[root@centos121 ~]# ls -ltr /tmp/ | tail -2
-rw-r--r-- 1 root root     0 Mar  8 22:53 cmdfile.index
drwxr-xr-x 2 root root     6 Mar  8 22:53 cmd
[root@centos121 ~]# 

14.saltstack executes shell script remotely

Create execute shell script profile

[root@centos120 salt]# vi shell.sls
[root@centos120 salt]# cat shell.sls 
shell_test:
  cmd.script:
  - source: salt://test/gnu.sh
  - user: root
[root@centos120 salt]# 

Create a shell script

[root@centos120 salt]# vi test/gnu.sh
[root@centos120 salt]# cat test/gnu.sh 
#!/bin/bash
systemctl stop httpd >> /tmp/log

Add execution configuration in portal file

[root@centos120 salt]# cat top.sls 
base:
  'centos121':
     - shell
[root@centos120 salt]# 

Test execution

[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
          ID: shell_test
    Function: cmd.script
      Result: True
     Comment: Command 'shell_test' run
     Started: 23:03:13.523069
    Duration: 1064.226 ms
     Changes:   
              ----------
              pid:
                  11703
              retcode:
                  0
              stderr:
              stdout:

Summary for centos121
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   1.064 s
[root@centos120 salt]# 

View results

[root@centos121 ~]# cat /tmp/log 
[root@centos121 ~]# 

Tags: Linux Python saltstack Apache CentOS

Posted on Mon, 09 Mar 2020 00:14:24 -0400 by worldworld