Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口;
salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制,如果连接断开,master对客户端就无能为力了。当然,客户端若检查到断开后会定期的一直连接master端的。
salt相关的管理命令:
salt-run manage.up# 查看存活的minion
salt-run manage.down # 查看死掉的minion
salt-run manage.down removekeys=True # 查看down掉的minion,并将其删除
salt-run manage.status # 查看minion的相关状态
salt-run manage.versions# 查看salt的所有master和minion的版本信息
salt-run jobs.active# 查看哪些系统任务还在处理中
salt-run jobs.list_jobs# 显示所有的已完成或部分完成的任务信息
salt '*' saltutil.running# 查看运行的jobs ID
salt \* saltutil.kill_job 20151209034239907625 # kill掉进程ID
salt -d# 查看帮助文档
salt -d|grep service# 查看service相关模块命令
salt '*' sys.doc# 查看帮助文档
salt-key -L # 查询所有接收到的证书
salt-key -a <证书名> # 接收单个证书
salt-key -A # 接受所有证书
salt-key -d <证书名> # 删除单个证书
salt-key -D # 删除所有证书
salt '*' service.get_all# 获取主机所有服务
salt '*' service.reload sshd# 重载sshd服务
salt '*' pkg.list_pkgs # 显示软件包版本列表
salt '*' pkg.version python# 显示软件包版本信息
salt '*' pkg.install httpd# 安装软件包
salt 'node1.com' service.status mysql# 查看mysql服务状态
salt 'node1.com' service.start mysql# 启动mysql服务
salt 'node1.com' cmd.run 'service mysql status'# 与上面一样查看服务
salt '*' sys.list_modules# 模块列表
salt-cp '*' /etc/hosts /etc/hosts# 把master上的hosts文件分发到所有主机
salt '*' cp.get_file salt://ceshi/b /tmp/test# 把salt-master端相应的文件,分发文件到minion端
salt '*' cp.get_dir salt://zabbix /tmp# 把salt-master端相应的目录,分发文件到minion端
salt '*' file.copy /tmp/zabbix.sls /tmp/sls# 把salt-master端对应文件拷贝到minion端相应目录下
salt '*' cmd.run 'uptime' # 远程命令执行测试
远程执行脚本:
'cmd.script:'
salt '*' cmd.script salt://scripts/runme.sh
salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
salt '*' cmd.script salt://scripts/windows_task.ps1 args=' -Input c:\tmp\infile.txt' shell='powershell'
salt '*' cmd.script salt://scripts/runme.sh stdin='one\ntwo\nthree\nfour\nfive\n'
'cmd.shell:'
This passes the cmd argument directly to the shell
salt '*' cmd.shell "ls -l | awk '/foo/{print \$2}'"
salt '*' cmd.shell template=jinja "ls -l /tmp/`grains`.`id` | awk '/foo/{print \$2}'"
salt '*' cmd.shell "Get-ChildItem C:\ " shell='powershell'
salt '*' cmd.shell "grep f" stdin='one\ntwo\nthree\nfour\nfive\n'
salt '*' cmd.shell cmd='sed -e s/=/:/g'
'cmd.shells:'
salt '*' cmd.shells
'cmd.tty:'
salt '*' cmd.tty tty0 'This is a test'
salt '*' cmd.tty pts3 'This is a test'
'cmd.which:'
salt '*' cmd.which cat
grains选项:
salt '*' grains.ls # 查看grains分类
salt '*' grains.items # 查看grains所有信息
salt '*' grains.item osrelease # 查看grains某个信息
说明:state模块是salt state的管理模块,可以通过state模块简单的对minion操作sls状态
salt 'node1.com' state.highstate # 更新指定minons的所有sls状态
salt 'node1.com' state.running # 查看当前运行的sls状态
相关例子:
[root@master ~]# salt \* saltutil.running
node02.saltstack.com:
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20170221141733009548
pid:
5922
ret:
tgt:
*
tgt_type:
glob
user:
root
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20170221141748160358
pid:
5927
ret:
tgt:
*
tgt_type:
glob
user:
root
node01.saltstack.com:
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20170221141733009548
pid:
6252
ret:
tgt:
*
tgt_type:
glob
user:
root
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20170221141748160358
pid:
6256
ret:
tgt:
*
tgt_type:
glob
user:
root
[root@master ~]# salt \* saltutil.kill_job 20170221141748160358
node01.saltstack.com:
Signal 9 sent to job 20170221141748160358 at pid 6256
node02.saltstack.com:
Signal 9 sent to job 20170221141748160358 at pid 5927
[root@master ~]# salt \* saltutil.kill_job 20170221141733009548
node02.saltstack.com:
Signal 9 sent to job 20170221141733009548 at pid 5922
node01.saltstack.com:
Signal 9 sent to job 20170221141733009548 at pid 6252
[root@master ~]# salt \* saltutil.running
node01.saltstack.com:
node02.saltstack.com:
[root@master ~]# salt-run manage.versions
Master:
2015.5.10
Up to date:
----------
node01.saltstack.com:
2015.5.10
node02.saltstack.com:
2015.5.10
[root@RS1 states]# salt-run manage.status
down:
up:
- minion.saltstack.com
- minion2.saltstack.com
[root@RS1 ~]# salt-run manage.versions # 查看salt的所有master和minion的版本信息
Master:
2015.5.10
Up to date:
----------
minion.saltstack.com:
2015.5.10
minion2.saltstack.com:
2015.5.10
[root@RS1 ~]# salt '*' test.ping -v # 使用-v参数,能够查看到job的jid
Executing job with jid 20170214142709337088
-------------------------------------------
minion.saltstack.com:
True
minion2.saltstack.com:
True
说明:每执行一个任务,都会有一个对应的jid
[root@RS1 ~]# salt '*' saltutil.running # 查看minion当前正在运的jobs
minion2.saltstack.com:
|_
----------
arg:
fun:
state.highstate
jid:
20170214143846076337
pid:
5488
ret:
tgt:
*
tgt_type:
glob
user:
root
minion.saltstack.com:
|_
----------
arg:
fun:
state.highstate
jid:
20170214143846076337
pid:
6384
ret:
tgt:
*
tgt_type:
glob
user:
root
[root@RS1 ~]# salt '*' saltutil.kill_job 20170214143846076337
取消正在执行的某个jid,例如:20170214143846076337
[root@master ~]# salt-run jobs.list_jobs
20170221155927733273:
----------
Arguments:
Function:
state.running
StartTime:
2017, Feb 21 15:59:27.733273
Target:
node01.saltstack.com
Target-type:
glob
User:
root
20170221160325920754:
----------
Arguments:
Function:
sys.doc
StartTime:
2017, Feb 21 16:03:25.920754
Target:
*
Target-type:
glob
User:
root
20170221161556599324:
----------
Arguments:
- cat
Function:
cmd.which
StartTime:
2017, Feb 21 16:15:56.599324
Target:
*
Target-type:
glob
User:
root
20170221161641114901:
----------
Arguments:
Function:
grains.ls
StartTime:
2017, Feb 21 16:16:41.114901
Target:
*
Target-type:
glob
User:
root
远程执行是saltstack核心功能之一,使用salt模块可以给选定的minion端发送执行某条命令的指示,并获得返回结果,比如
[root@saltstack-node1 ~]# salt 'saltstack-node2.lichengbing.com' test.ping
saltstack-node2.lichengbing.com:
True
salt → 命令
saltstack-node2.lichengbing.com → 管理对象
test.ping → 模块(这里的ping并不是指我们熟知的网络ping命令)
命令
salt是saltstack使用最多的一个管理minion命令,但是并不表示就这么一个命令,saltstack命令包括
/usr/bin/salt
/usr/bin/salt-cp
/usr/bin/salt-key
/usr/bin/salt-master
/usr/bin/salt-minion
/usr/bin/salt-run
/usr/bin/salt-unity
/usr/bin/salt-call
/usr/bin/salt-run
/usr/bin/salt-ssh
/usr/bin/salt-syndic
/usr/bin/salt-api
/usr/bin/salt-cloud
管理对象
管理对象是我们远程执行的操作主机,saltstack的主机选择支持很多方式,正则匹配、列表匹配、Granis匹配、组匹配、复合匹配、Pillar匹配、CIDR匹配等
1)正则匹配
[root@saltstack-node1 ~]# salt -E 'salt*' test.ping #salt*是一个简单的正则表达式
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
[root@saltstack-node1 ~]# salt -E 'saltstack-node[1|2]*' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
2)列表匹配
[root@saltstack-node1 ~]# salt -L saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com test.ping # L 主机用逗号分隔开
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
3)Grains匹配
[root@saltstack-node1 ~]# salt -G 'os:CentOS' test.ping #选择Grains os键值为CentOS的主机
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
#Grains是minion启动时收集的一组系统相关的静态数据,后续会有讲解
#Pillar类似Grains
4)组匹配
saltstack可以提前给minion定义组角色,然后以组名来批量匹配
修改master配置文件
[root@saltstack-node1 ~]# vim /etc/salt/master
nodegroups:
web: '[email protected],saltstack-node2.lichengbing.com'
[root@saltstack-node1 ~]# salt -N web test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
5)复合匹配
[root@saltstack-node1 ~]# salt -C 'G@os:CentOS or [email protected]' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
#G@os:CentOS or L@saltstack-node2是使用的一个复合组合,支持 and or 关联多个条件
6)CIDR匹配
CIDR就是网络中的无类别域间路由,网段匹配
[root@saltstack-node1 ~]# salt -S '172.16.2.0/24' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
模块
模块是可以理解为saltstack已经为我们写好的一组可以操作minion主机的命令
saltstack自带的模块功能十分丰富和强大,当然我们也可以自定义一些相关模块(这里需要注意的是,saltstack自带的模块是Master端和Minion端同时存在的,如果在Master自定义模块需要先同步到Minion再执行才能得到返回结果,当然这个同步saltstack会帮我们完成)
自带模块
saltstack自带模块参考:https://www.unixhot.com/docs/saltstack/contents.html
查看所有module列表
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_modules
saltstack-node1.lichengbing.com:
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_modules
saltstack-node1.lichengbing.com:
- acl
- aliases
- alternatives
- apache
- archive
- artifactory
- at
- augeas
- beacons
- bigip
- blockdev
- bridge
- btrfs
- buildout
- cloud
- cmd
- composer
- config
- consul
···
这里我们讨论几个平时生产实践中最常用到的模块 State Modules
1)sys.doc模块
sys.doc类似于我们Linux系统中man命令,可以很方便的查看相关模块介绍和用法
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.doc test.ping
test.ping:
Used to make sure the minion is up and responding. Not an ICMP ping.
Returns ``True``.
CLI Example:
salt '*' test.ping
2)cmd模块
查看指定模块的所有function
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_functions cmd
saltstack-node1.lichengbing.com:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.powershell
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_bg
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
查看指定模块的使用方法
[root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.doc cmd.run
CLI Example:
salt '*' cmd.run "ls -l | awk '/foo/{print \\$2}'"
The template arg can be set to 'jinja' or another supported template
engine to render the command arguments before execution.
For example:
salt '*' cmd.run template=jinja "ls -l /tmp/`grains`.`id` | awk '/foo/{print \\$2}'"
Specify an alternate shell with the shell parameter:
salt '*' cmd.run "Get-ChildItem C:\\ " shell='powershell'
A string of standard input can be specified for the command to be run using
the ``stdin`` parameter. This can be useful in cases where sensitive
information must be read from standard input.:
salt '*' cmd.run "grep f" stdin='one\\ntwo\\nthree\\nfour\\nfive\\n'
If an equal sign (``=``) appears in an argument to a Salt command it is
interpreted as a keyword argument in the format ``key=val``. That
processing can be bypassed in order to pass an equal sign through to the
remote shell command by manually specifying the kwarg:
salt '*' cmd.run cmd='sed -e s/=/:/g'
比如查看磁盘使用率
[root@saltstack-node1 ~]# salt 'saltstack-node1*' cmd.run "df -h|grep sda3"
saltstack-node1.lichengbing.com:
/dev/sda3 9.0G 2.7G 6.4G 29% /
3)cp模块
salt '*' sys.list_functions cp
- cp.cache_dir
- cp.cache_file
- cp.cache_files
- cp.cache_local_file
- cp.cache_master
- cp.get_dir
- cp.get_file
- cp.get_file_str
- cp.get_template
- cp.get_url
- cp.hash_file
- cp.is_cached
- cp.list_master
- cp.list_master_dirs
- cp.list_master_symlinks
- cp.list_minion
- cp.list_states
- cp.push
- cp.push_dir
- cp.recv
将指定minion下的指定文件拷贝到salt cache目录(/var/cache/salt/minion/localfiles),相当于备份
[root@saltstack-node1 ~]# salt 'saltstack-node1*' cp.cache_local_file /etc/hosts
saltstack-node1.lichengbing.com:
/var/cache/salt/minion/localfiles/etc/hosts
将master file_roots下的目录拷贝到minion
[root@saltstack-node1 salt]# salt 'saltstack-node1*' cp.get_dir salt://base/ minion/dest
#相当于命令
[root@saltstack-node1 minion]# salt-cp '*' /etc/hosts /tmp/123
下载文件到指定目录
[root@saltstack-node1 ~]# salt 'saltstack-node2*' cp.get_url http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm /tmp/1
saltstack-node2.lichengbing.com:
/tmp/1
4)status模块
[root@saltstack-node1 salt]# salt 'saltstack-node2*' sys.list_functions status
saltstack-node2.lichengbing.com:
- status.all_status
- status.cpuinfo
- status.cpustats
- status.custom
- status.diskstats
- status.diskusage
- status.loadavg
- status.master
- status.meminfo
- status.netdev
- status.netstats
- status.nproc
- status.pid
- status.ping_master
- status.procs
- status.time
- status.uptime
- status.version
- status.vmstats
- status.w
查看系统负载
[root@saltstack-node1 salt]# salt 'saltstack-node2*' status.loadavg
saltstack-node2.lichengbing.com:
----------
1-min:
0.08
15-min:
0.24
5-min:
0.22
5)cron模块
salt '*' sys.list_functions cron
- cron.list_tab
- cron.ls
- cron.raw_cron
- cron.rm
- cron.rm_env
- cron.rm_job
- cron.set_env
- cron.set_job
- cron.set_special
- cron.write_cron_file
- cron.write_cron_file_verbose
实现minion主机的定时任务操作
查看主机定时任务
[root@saltstack-node1 ~]# salt '*' cron.raw_cron root
saltstack-node2.lichengbing.com:
*/5 * * * * /usr/sbin/ntpdate time.nist.gov >dev/null 2>&1
saltstack-node1.lichengbing.com:
*/5 * * * * /usr/sbin/ntpdate time.nist.gov >dev/null 2>&1
为指定的minion添加定时任务
[root@saltstack-node1 ~]# salt '*' cron.set_job root '*' '*' '*' '*' 1 /usr/local/weekly
删除指定任务
[root@saltstack-node1 ~]# salt '*' cron.rm_job root '*' '*' '*' '*' 1 /usr/local/weekly
6)file模块
salt '*' sys.list_functions file
- file.access
- file.append
- file.basename
- file.blockreplace
- file.check_file_meta
- file.check_hash
- file.check_managed
- file.check_managed_changes
- file.check_perms
- file.chgrp
- file.chown
- file.comment
- file.comment_line
- file.contains
- file.contains_glob
- file.contains_regex
- file.contains_regex_multiline
- file.copy
- file.delete_backup
- file.directory_exists
- file.dirname
- file.diskusage
- file.extract_hash
- file.file_exists
- file.find
- file.get_devmm
- file.get_diff
- file.get_gid
- file.get_group
- file.get_hash
- file.get_managed
- file.get_mode
- file.get_selinux_context
- file.get_sum
- file.get_uid
- file.get_user
- file.gid_to_group
- file.grep
- file.group_to_gid
- file.is_blkdev
- file.is_chrdev
- file.is_fifo
- file.is_link
- file.join
- file.lchown
- file.link
- file.list_backup
- file.list_backups
- file.list_backups_dir
- file.lstat
- file.makedirs
- file.makedirs_perms
- file.manage_file
- file.mkdir
- file.mknod
- file.mknod_blkdev
- file.mknod_chrdev
- file.mknod_fifo
- file.move
- file.normpath
- file.open_files
- file.pardir
- file.patch
- file.path_exists_glob
- file.prepend
- file.psed
- file.readdir
- file.readlink
- file.remove
- file.remove_backup
- file.rename
- file.replace
- file.restore_backup
- file.restorecon
- file.rmdir
- file.search
- file.sed
- file.sed_contains
- file.seek_read
- file.seek_write
- file.set_mode
- file.set_selinux_context
- file.source_list
- file.stats
- file.statvfs
- file.symlink
- file.touch
- file.truncate
- file.uid_to_user
- file.uncomment
- file.user_to_uid
- file.write
被控主机文件常见操作,包括文件读写、权限、查找、校验等
修改所以minion 的/etc/passwd 文件的属组、用户权限,等价于chown root:root /etc/passwd
1
[root@saltstack-node1 ~]# salt '*' file.chown /etc/passwd root root
检查minion端/etc目录是否存在
[root@saltstack-node1 ~]# salt '*' file.directory_exists /etc
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
获取minion passwd文件stats信息
[root@saltstack-node1 ~]# salt '*' file.stats /etc/passwd
saltstack-node2.lichengbing.com:
----------
atime:
1475060056.71
ctime:
1474959828.71
gid:
0
group:
root
inode:
17844978
mode:
0644
mtime:
1474959828.71
size:
1513
target:
/etc/passwd
type:
file
uid:
0
user:
root
获取minion passwd权限信息
[root@saltstack-node1 ~]# salt '*' file.get_mode /etc/passwd
saltstack-node2.lichengbing.com:
0644
saltstack-node1.lichengbing.com:
0644
创建opt/test目录
[root@saltstack-node1 ~]# salt '*' file.mkdir /opt/test
saltstack-node2.lichengbing.com:
None
saltstack-node1.lichengbing.com:
None
删除
[root@saltstack-node1 ~]# salt '*' file.remove /opt/test
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
创建文件
[root@saltstack-node1 ~]# salt '*' file.touch /tmp/test.txt
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
追加内容
[root@saltstack-node1 ~]# salt '*' file.append /tmp/test.txt "10000"
saltstack-node2.lichengbing.com:
Wrote 1 lines to "/tmp/test.txt"
saltstack-node1.lichengbing.com:
Wrote 1 lines to "/tmp/test.txt"
修改内容
[root@saltstack-node1 ~]# salt '*' file.sed /tmp/test.txt "10000" "1"
saltstack-node2.lichengbing.com:
----------
pid:
57521
retcode:
0
stderr:
stdout:
saltstack-node1.lichengbing.com:
----------
pid:
42333
retcode:
0
stderr:
stdout:
收集文件校验
[root@saltstack-node1 ~]# salt '*' file.get_sum /etc/passwd md5
saltstack-node2.lichengbing.com:
500ef551a710b9b486ddb32602fb3f13
saltstack-node1.lichengbing.com:
8f683526b18c55429422442d1c06caa0
7)Network模块
salt '*' sys.list_functions network
- network.active_tcp
- network.arp
- network.connect
- network.default_route
- network.dig
- network.get_bufsize
- network.get_hostname
- network.get_route
- network.hw_addr
- network.hwaddr
- network.in_subnet
- network.interface
- network.interface_ip
- network.interfaces
- network.ip_addrs
- network.ip_addrs6
- network.ip_in_subnet
- network.ipaddrs
- network.ipaddrs6
- network.is_loopback
- network.is_private
- network.mod_bufsize
- network.mod_hostname
- network.netstat
- network.ping
- network.reverse_ip
- network.routes
- network.subnets
- network.traceroute
- network.wol
返回minion主机网络信息
获取主机dig网站域名信息
[root@saltstack-node1 ~]# salt '*' network.dig www.baidu.com
[root@saltstack-node1 ~]# salt '*' network.ping www.baidu.com
[root@saltstack-node1 ~]# salt '*' network.traceroute www.baidu.com
MAC地址
[root@saltstack-node1 ~]# salt '*' network.hwaddr eth0
saltstack-node1.lichengbing.com:
00:0c:29:94:18:ea
saltstack-node2.lichengbing.com:
00:0c:29:1a:87:b4
网卡配置信息
[root@saltstack-node1 ~]# salt '*' network.ip_addrs
saltstack-node2.lichengbing.com:
- 10.0.0.184
- 10.0.0.186
- 172.16.2.186
saltstack-node1.lichengbing.com:
- 10.0.0.185
- 172.16.2.185
判断是否属于子网
[root@saltstack-node1 ~]# salt '*' network.in_subnet 172.16.2.0/24
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
8)pkg模块
salt '*' sys.list_functions pkg
- pkg.available_version
- pkg.check_db
- pkg.clean_metadata
- pkg.del_repo
- pkg.diff
- pkg.download
- pkg.expand_repo_def
- pkg.file_dict
- pkg.file_list
- pkg.get_locked_packages
- pkg.get_repo
- pkg.group_diff
- pkg.group_info
- pkg.group_install
- pkg.group_list
- pkg.hold
- pkg.install
- pkg.latest_version
- pkg.list_holds
- pkg.list_pkgs
- pkg.list_repo_pkgs
- pkg.list_repos
- pkg.list_upgrades
- pkg.mod_repo
- pkg.modified
- pkg.normalize_name
- pkg.owner
- pkg.purge
- pkg.refresh_db
- pkg.remove
- pkg.unhold
- pkg.upgrade
- pkg.upgrade_available
- pkg.verify
- pkg.version
- pkg.version_cmp
minion端主机主机程序包管理
为被控主机安装PHP环境,根据不同系统发行版调用不同安装工具进行部署,如redhat平台的yum,等价于yum -y install php
[root@saltstack-node1 ~]# salt '*' pkg.install php
[root@saltstack-node1 ~]# salt '*' pkg.remove php
[root@saltstack-node1 ~]# salt '*' pkg.upgrade php
9)service模块
salt '*' sys.list_functions service
- service.available
- service.disable
- service.disabled
- service.enable
- service.enabled
- service.execs
- service.force_reload
- service.get_all
- service.get_disabled
- service.get_enabled
- service.mask
- service.missing
- service.reload
- service.restart
- service.show
- service.start
- service.status
- service.stop
- service.systemctl_reload
- service.unmask
minion端主机服务管理
开启、禁用Nginx开机自启动服务
[root@saltstack-node1 ~]# salt '*' service.enable nginx
[root@saltstack-node1 ~]# salt '*' service.disable nginx
常规服务操作
[root@saltstack-node1 ~]# salt '*' service.start nginx
[root@saltstack-node1 ~]# salt '*' service.stop nginx
[root@saltstack-node1 ~]# salt '*' service.restart nginx
[root@saltstack-node1 ~]# salt '*' service.reload nginx
[root@saltstack-node1 ~]# salt '*' service.status nginx
saltstack还有很多模块,如
user(系统用户模块)
- user.add
- user.chfullname
- user.chgid
- user.chgroups
- user.chhome
- user.chhomephone
- user.chloginclass
- user.chroomnumber
- user.chshell
- user.chuid
- user.chworkphone
- user.delete
- user.get_loginclass
- user.getent
- user.info
- user.list_groups
- user.list_users
- user.rename
group(系统组模块)
- group.add
- group.adduser
- group.chgid
- group.delete
- group.deluser
- group.getent
- group.info
- group.members
partition(系统分区模块)
puppet(puppet管理模块)
system(系统重启、关机模块)
- system.halt
- system.init
- system.poweroff
- system.reboot
- system.shutdown
timezone(时区管理模块)
nginx(Nginx管理模块)
iptables(被控主机iptables支持模块)
- iptables.append
- iptables.build_rule
- iptables.check
- iptables.check_chain
- iptables.delete
- iptables.delete_chain
- iptables.flush
- iptables.get_policy
- iptables.get_rules
- iptables.get_saved_policy
- iptables.get_saved_rules
- iptables.insert
- iptables.new_chain
- iptables.save
- iptables.set_policy
- iptables.version
mount(文件系统挂载模块) 等等...
- mount.active
- mount.automaster
- mount.fstab
- mount.is_fuse_exec
- mount.is_mounted
- mount.mount
- mount.remount
- mount.rm_automaster
- mount.rm_fstab
- mount.set_automaster
- mount.set_fstab
- mount.swapoff
- mount.swapon
- mount.swaps
- mount.umount
rsync模块
- rsync.config
- rsync.rsync
- rsync.version
sys 模块
- sys.argspec
- sys.doc
- sys.list_functions
- sys.list_modules
- sys.list_renderers
- sys.list_returner_functions
- sys.list_returners
- sys.list_runner_functions
- sys.list_runners
- sys.list_state_functions
- sys.list_state_modules
- sys.reload_modules
- sys.renderer_doc
- sys.returner_argspec
- sys.returner_doc
- sys.runner_argspec
- sys.runner_doc
- sys.state_argspec
- sys.state_doc
ssh 模块
- ssh.auth_keys
- ssh.check_key
- ssh.check_key_file
- ssh.check_known_host
- ssh.get_known_host
- ssh.hash_known_hosts
- ssh.host_keys
- ssh.recv_known_host
- ssh.rm_auth_key
- ssh.rm_known_host
- ssh.set_auth_key
- ssh.set_auth_key_from_file
- ssh.set_known_host
- ssh.user_keys
config 模块
- config.backup_mode
- config.dot_vals
- config.gather_bootstrap_script
- config.get
- config.manage_mode
- config.merge
- config.option
- config.valid_fileproto
salt '*' sys.list_modules
查看所有模块