练习内容
远程执行其他模块
官方模块有很多超过300+
1.cmd.run
2.network
3.service
4.state
5.其它日常维护
演示
cmd.run模块
可以执行系统命令,超级模块有安全隐患,也可以更模块源代码限制危险命令执行比如(rm reboot等),二次开发一般不用此模块
[root@linux-node1 salt]# salt '*' cmd.run 'w' linux-node1.example.com: 17:36:55 up 12:00, 1 user, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.56.1 16:01 7.00s 1.27s 0.36s /usr/bin/python /usr/bin/salt * cmd.run w linux-node2.example.com: 17:36:56 up 12:00, 1 user, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.56.1 16:01 54:32 0.00s 0.00s -bash
network模块
network.active_tcp,arp,connect
[root@linux-node1 salt]# salt -S '192.168.56.12' network.active_tcp linux-node2.example.com: ---------- 0: ---------- local_addr: 0.0.0.0 local_port: 111 remote_addr: 0.0.0.0 remote_port: 0 1: ---------- local_addr: 192.168.56.12 local_port: 8080 remote_addr: 0.0.0.0 remote_port: 0 2: ---------- local_addr: 0.0.0.0 local_port: 22 remote_addr: 0.0.0.0 remote_port: 0 3: ---------- local_addr: 127.0.0.1 local_port: 25 remote_addr: 0.0.0.0 remote_port: 0 4: ---------- local_addr: 192.168.56.12 local_port: 55880 remote_addr: 192.168.56.11 remote_port: 4505 5: ---------- local_addr: 192.168.56.12 local_port: 22 remote_addr: 192.168.56.1 remote_port: 50617 6: ---------- local_addr: 192.168.56.12 local_port: 44782 remote_addr: 192.168.56.11 remote_port: 4506 7: ---------- local_addr: 192.168.56.12 local_port: 44862 remote_addr: 192.168.56.11 remote_port: 4506 8: ---------- local_addr: 192.168.56.12 local_port: 44864 remote_addr: 192.168.56.11 remote_port: 4506
[root@linux-node1 salt]# salt '*' network.arp linux-node2.example.com: ---------- 00:0c:29:3c:56:22: 192.168.56.11 00:50:56:c0:00:08: 192.168.56.1 00:50:56:e2:2f:59: 192.168.56.2 linux-node1.example.com: ---------- 00:0c:29:6d:87:0c: 192.168.56.12 00:50:56:c0:00:08: 192.168.56.1 00:50:56:e2:2f:59: 192.168.56.2
[root@linux-node1 salt]# salt -S '192.168.56.12' network.connect www.baidu.com 80 linux-node2.example.com: ---------- comment: Successfully connected to www.baidu.com (61.135.169.125) on tcp port 80 result: True
域名解析
salt '*' network.dig www.baidu.com
获取主机名
[root@linux-node1 salt]# salt '*' network.get_hostname linux-node1.example.com: linux-node1 linux-node2.example.com: linux-node2
获取网卡mac地址
[root@linux-node1 salt]# salt '*' network.hw_addr eth0 linux-node1.example.com: 00:0c:29:3c:56:22 linux-node2.example.com: 00:0c:29:6d:87:0c
获取网卡ip地址相关信息
[root@linux-node1 salt]# salt '*' network.interface eth0 linux-node1.example.com: |_ ---------- address: 192.168.56.11 broadcast: 192.168.56.255 label: eth0 netmask: 255.255.255.0 linux-node2.example.com: |_ ---------- address: 192.168.56.12 broadcast: 192.168.56.255 label: eth0 netmask: 255.255.255.0
只获取ip地址信息
[root@linux-node1 salt]# salt '*' network.interface_ip eth0 linux-node1.example.com: 192.168.56.11 linux-node2.example.com: 192.168.56.12
检查回环网卡信息
[root@linux-node1 salt]# salt '*' network.is_loopback 127.0.0.1 linux-node1.example.com: True linux-node2.example.com: True
获取网络连接信息
salt '*' network.netstat
网络ping
[root@linux-node1 salt]# salt '*' network.ping www.baidu.com linux-node1.example.com: PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. 64 bytes from 61.135.169.121: icmp_seq=1 ttl=128 time=41.2 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=128 time=50.1 ms 64 bytes from 61.135.169.121: icmp_seq=3 ttl=128 time=87.8 ms 64 bytes from 61.135.169.121: icmp_seq=4 ttl=128 time=86.0 ms --- www.a.shifen.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3008ms rtt min/avg/max/mdev = 41.298/66.354/87.884/20.883 ms linux-node2.example.com: PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. 64 bytes from 61.135.169.121: icmp_seq=1 ttl=128 time=47.3 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=128 time=45.0 ms 64 bytes from 61.135.169.121: icmp_seq=3 ttl=128 time=90.8 ms 64 bytes from 61.135.169.121: icmp_seq=4 ttl=128 time=88.2 ms --- www.a.shifen.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3006ms rtt min/avg/max/mdev = 45.089/67.892/90.865/21.685 ms
网络ping的其它参数
root@linux-node1 ~]# salt '*' network.ping archlinux.org timeout=3 linux-node2.example.com: PING archlinux.org (138.201.81.199) 56(84) bytes of data. 64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=1 ttl=128 time=247 ms 64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=2 ttl=128 time=260 ms 64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=3 ttl=128 time=268 ms 64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=4 ttl=128 time=296 ms --- archlinux.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms rtt min/avg/max/mdev = 247.004/268.189/296.863/18.292 ms linux-node1.example.com: PING archlinux.org (138.201.81.199) 56(84) bytes of data. 64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=1 ttl=128 time=208 ms 64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=2 ttl=128 time=221 ms 64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=3 ttl=128 time=232 ms 64 bytes from 138.201.81.199: icmp_seq=4 ttl=128 time=260 ms --- archlinux.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 208.509/230.999/260.674/19.194 ms [root@linux-node1 ~]# salt '*' network.ping archlinux.org return_boolean=True linux-node2.example.com: True linux-node1.example.com: True
service模块
service是一个虚拟模块,要调用不同类型系统的服务查看
[root@linux-node1 salt]# salt '*' service.get_all linux-node1.example.com: - -.mount - NetworkManager - NetworkManager-dispatcher - NetworkManager-wait-online ......
检查ssh服务
[root@linux-node1 salt]# salt '*' service.available sshd linux-node1.example.com: True linux-node2.example.com: True
重新加载web服务
[root@linux-node1 salt]# salt '*' service.reload httpd linux-node1.example.com: True linux-node2.example.com: True
查看服务状态
[root@linux-node1 salt]# salt '*' service.status httpd linux-node1.example.com: True linux-node2.example.com: True
执行模块state
This function will call state.highstate or state.sls based on the arguments passed to this function. It exists as a more intuitive way of applying state
salt '*' state.apply
加载本地的yml
salt '*' state.apply localconfig=/path/to/minion.yml
查看minion在top.sls配置信息
[root@linux-node1 salt]# salt '*node1*' state.show_top linux-node1.example.com: ---------- base: - web.lamp
单独执行pkg模块,执行模块直接就执行 ,状态模块先检查
root@linux-node1 ~]# salt 'linux-node1.example.com' state.single pkg.installed name=vim-enhanced linux-node1.example.com: ---------- ID: vim-enhanced Function: pkg.installed Result: True Comment: Package vim-enhanced is already installed. Started: 18:27:39.793850 Duration: 825.955 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 [root@linux-node1 ~]#
其它日常维护
mange检查节点状态
[root@linux-node1 ~]# salt-run manage.status down: up: - linux-node1.example.com - linux-node2.example.com
mange检查minion版本,有时候可能因为版本不同而导致执行失败
[root@linux-node1 ~]# salt-run manage.versions Master: 2015.5.10 Up to date: ---------- linux-node1.example.com: 2015.5.10 linux-node2.example.com: 2015.5.10
为了安全 可以先执行测试 test=True,没有问题在应用到服务器
salt "linux-node2*" state.highstate test=True
salt-cp拷贝文件
[root@linux-node1 ~]# salt-cp 'linux-node2.example.com' /etc/rc.local /mnt/ {'linux-node2.example.com': {'/mnt/rc.local': True}}
附:英文参考文档 全部模块
https://www.unixhot.com/docs/saltstack/ref/modules/all/