跟我学 Saltstack 常用模块及 API

Saltstack提供了非常丰富的功能模块，涉及操作系统的基础功能、常用工具支持等；

更多模块信息请见：

https://docs.saltstack.com/en/latest/ref/modules/all/index.html

当然，也可以通过sys模块列出当前版本支持的所有模块：

http://docs.saltstack.cn/ref/modules/all/index.html

[root@saltstack-master salt]# salt 'saltstack_web1group_1' sys.list_modules
saltstack_web1group_1:
- acl
- aliases
- alternatives
- apache
- archive
- artifactory
--------忽略部分内容--------

API原理：通过调用master client模块，实例化一个LocalClient对象，再调用cmd()方法来实现的，以一个标准的python字典形式的字符串返回，可以通过eval()函数转换成python的字典类型，方便后续的业务逻辑处理。

注意：将字符字典转换成python的字典类型，推荐使用ast模块的literal_eval()方法，可以过滤表达式中的恶意函数。

API实现test.ping的程序示例运行结果如下：

[root@saltstack-master salt]# python
Python 2.6.6 (r266:84292, Aug 18 2016, 15:13:37)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-17)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import salt.client
>>> client = salt.client.LocalClient()
>>> ret = client.cmd('*','test.ping')
>>> print ret
{'saltstack_web1group_1': True, 'saltstack_web1group_2': True}
>>>

Archive 模块

功能：实现系统层面的压缩包调用，支持gunzip、gzip、rar、tar、unrar、unzip等。

[root@saltstack_web1group_1 ~]# sed -n '18p' /etc/salt/minion
id: saltstack_web1group_1
[root@saltstack_web1group_1 ~]# touch test
[root@saltstack_web1group_1 ~]# gzip test
[root@saltstack_web1group_1 ~]# ll test.gz
-rw-r--r--. 1 root root 25 3月 20 05:31 test.gz
[root@saltstack-master salt]# salt 'saltstack_web1group_1' archive.gunzip /root/test.gz 采用gunzip解压被控制机的/root/test.gz包
saltstack_web1group_1:
[root@saltstack_web1group_1 ~]# ll test
-rw-r--r--. 1 root root 0 3月 20 05:31 test

采用gzip压缩被控制机的/root/test文件。

[root@saltstack-master salt]# salt 'saltstack_web1group_1' archive.gzip /root/test
saltstack_web1group_1:
[root@saltstack_web1group_1 ~]# ll test.gz
-rw-r--r--. 1 root root 25 3月 20 05:31 test.gz
[root@saltstack-master salt]# salt 'saltstack_web1group_1' archive.tar zcf /tmp/test1.tar.gz /root/test
saltstack_web1group_1:
- tar: Removing leading `/' from member names
[root@saltstack_web1group_1 ~]# ll /tmp/test1.tar.gz
-rw-r--r--. 1 root root 45 3月 20 05:41 /tmp/test1.tar.gz
[root@saltstack-master salt]# python
Python 2.6.6 (r266:84292, Aug 18 2016, 15:13:37)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-17)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import salt.client
c^H>>> client = salt.client.LocalClient()
>>> ret = client.cmd('saltstack_web1group_1', 'archive.gunzip', ['/root/test.gz'])
>>> print ret
{'saltstack_web1group_1': []}
>>>
[root@saltstack_web1group_1 ~]# ls -l test
-rw-r--r--. 1 root root 0 3月 20 05:31 test

cmd模块

功能:实现远程的命令行执行（默认具备root操作权限，使用时需评估风险）。

[root@saltstack-master salt]# salt 'saltstack_web1group_1' cmd.run "free -m" 获取所有主机内存情况；
saltstack_web1group_1:
total used free shared buffers cached
Mem: 230 221 9 0 18 26
-/+ buffers/cache: 176 54
Swap: 2083 207 1876
[root@saltstack-master salt]# mkdir /srv/salt/script -p
[root@saltstack-master salt]# cd /srv/salt/script/
[root@saltstack-master script]# ls
[root@saltstack-master script]# vim test.sh
#!/bin/bash
mkdir /tmp/testdir
[root@saltstack-master script]# salt '*' cmd.script salt://script/test.sh
saltstack_web1group_1:
----------
pid:
31237
retcode:
0
stderr:
stdout:
saltstack_web1group_2:
----------
pid:
65085
retcode:
0
stderr:
stdout:
[root@saltstack-master tmp]# chmod +x /srv/salt/script/test.sh
[root@saltstack-master tmp]# sh /srv/salt/script/test.sh
[root@saltstack-master tmp]# ls -ld /tmp/testdir/
drwxr-xr-x. 2 root root 4096 3月 20 05:56 /tmp/testdir/

cp模块

功能:实现远程文件、目录复制、以及下载URL文件等操作；

将指定minion的/etc/hosts文件复制到minion主机的本地的saltcache目录(/var/cache/salt/minion/localfiles/)

[root@saltstack-master tmp]# salt '*' cp.cache_local_file /etc/hosts
saltstack_web1group_1:
/var/cache/salt/minion/localfiles/etc/hosts
saltstack_web1group_2:
/var/cache/salt/minion/localfiles/etc/hosts
将master的file_roots指定位置下的目录复制到minion上
[root@saltstack-master tmp]# salt '*' cp.get_dir salt://script /tmp
saltstack_web1group_2:
- /tmp/script/test.sh
saltstack_web1group_1:
- /tmp/script/test.sh
[root@saltstack_web1group_1 ~]# ls /tmp/script/
test.sh

cp.get_url可以从一个URL地址下载文件，URL可以是msater上的路径（salt://），也可以是http网址。

[root@saltstack-master tmp]# salt '*' cp.get_url http://www.slashdot.org /tmp/index.html
saltstack_web1group_1:
/tmp/index.html
saltstack_web1group_2:
/tmp/index.html
[root@saltstack-master tmp]# salt '*' cp.get_url salt://test/10 /tmp/index.html
saltstack_web1group_1:
False
saltstack_web1group_2:
False

cron模块

功能:实现minion的crontab操作

查看指定minion、root用户的crontab清单

[root@saltstack_web1group_1 ~]# crontab -e
*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1
[root@saltstack-master ~]# salt 'saltstack_web1group_1' cron.raw_cron root
saltstack_web1group_1:
*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1
[root@saltstack-master ~]# salt 'saltstack_web1group_1' cron.set_job root '*' '*' '*' '*' 1 /usr/local/weekly 为指定minion、root用户添加作业任务
saltstack_web1group_1:
new
[root@saltstack_web1group_1 ~]# crontab -l
*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1
[root@saltstack-master ~]# salt 'saltstack_web1group_1' cron.rm_job root /usr/local/weekly 删除minion、root用户的crontab的/usr/local/weekly任务作业
saltstack_web1group_1:
absent
[root@saltstack_web1group_1 ~]# crontab -l
*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1

dnsutil模块
功能:实现minion主机通用DNS相关操作

[root@saltstack-master ~]# salt '*' dnsutil.hosts_append /etc/hosts 127.0.0.1 ad1.yuk.com,ad2.yuk.com 添加hosts主机配置项
saltstack_web1group_2:
The following line was added to /etc/hosts:
127.0.0.1 ad1.yuk.com ad2.yuk.com
saltstack_web1group_1:
The following line was added to /etc/hosts:
127.0.0.1 ad1.yuk.com ad2.yuk.com
[root@saltstack-master ~]# salt '*' dnsutil.hosts_remove /etc/hosts ad1.yuk.com 删除hosts主机配置项
saltstack_web1group_1:
None
saltstack_web1group_2:
None

file模块
功能:实现minion主机文件常见操作，包括文件读写，权限，查找，校验等

[root@saltstack-master ~]# salt '*' file.check_hash /etc/fstab md5=3498723948716623dc38328f 检测文件MD5
saltstack_web1group_2:
ERROR executing 'file.check_hash': The following keyword arguments are not valid: md5=3498723948716623dc38328f
saltstack_web1group_1:
ERROR executing 'file.check_hash': The following keyword arguments are not valid: md5=3498723948716623dc38328f
[root@saltstack-master ~]# salt '*' file.get_sum /etc/passwd 校验所有minion主机文件的加密信息，支持md5、sha1、sha224、sha256、sha384、sha512加密算法
saltstack_web1group_2:
3750a0f1618c426daecc6e31b425edd5e1ea3b1c7bed3cc863f95b2f1d6b5eb7
saltstack_web1group_1:
3750a0f1618c426daecc6e31b425edd5e1ea3b1c7bed3cc863f95b2f1d6b5eb7
[root@saltstack-master ~]# salt '*' file.chown /etc/passwd root root 修改文件所属用户
saltstack_web1group_2:
None
saltstack_web1group_1:
None
[root@saltstack-master ~]# salt '*' file.copy /path/to/src /path/to/dst 复制所有minion的/path/to/src 文件到/path/to/dst
saltstack_web1group_1:
The minion function caused an exception: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 1200, in _thread_return
return_data = func(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/salt/modules/file.py", line 2439, in copy
shutil.copyfile(src, dst)
File "/usr/lib64/python2.6/shutil.py", line 50, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/path/to/src'
saltstack_web1group_2:
The minion function caused an exception: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 1200, in _thread_return
return_data = func(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/salt/modules/file.py", line 2439, in copy
shutil.copyfile(src, dst)
File "/usr/lib64/python2.6/shutil.py", line 50, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/path/to/src'
[root@saltstack-master ~]# salt '*' file.directory_exists /etc 检测所有minion的/etc目录是否存在，检测文件使用file.file_exists
saltstack_web1group_2:
True
saltstack_web1group_1:
True
[root@saltstack-master ~]# salt '*' file.stats /etc/passwd 获取所有minion的stats信息
saltstack_web1group_1:
----------
atime:
1553064961.88
ctime:
1553064930.69
gid:
0
group:
root
inode:
667462
mode:
0644
mtime:
1464993067.26
size:
1714
target:
/etc/passwd
type:
file
uid:
0
user:
root
saltstack_web1group_2:
----------
atime:
1553034361.7
ctime:
1553034331.42
gid:
0
group:
root
inode:
667462
mode:
0644
mtime:
1464993067.26
size:
1714
target:
/etc/passwd
type:
file
uid:
0
user:
root
[root@saltstack-master ~]# salt '*' file.get_mode /etc/passwd 获取所有minion的/etc/passwd 的权限mode
saltstack_web1group_1:
0644
saltstack_web1group_2:
0644
[root@saltstack-master ~]# salt '*' file.set_mode /etc/passwd 0645 修改所有minion的/etc/passwd的权限mode为0645
saltstack_web1group_1:
0645
saltstack_web1group_2:
0645
[root@saltstack-master ~]# salt '*' file.mkdir /opt/test 在所有minion上创建目录/opt/test
saltstack_web1group_2:
None
saltstack_web1group_1:
None
[root@saltstack-master ~]# salt '*' file.sed /etc/httpd/httpd.conf 'LogLevel warn' 'LogLevel info' 将所有minion主机上的httpd.conf文件的LogLevel warn改成info
saltstack_web1group_1:
False
saltstack_web1group_2:
False
[root@saltstack-master ~]# salt '*' file.append /tmp/test/test.conf "maxclient 100" 将所有minion的/tmp/test/test.conf 文件后面追加maxclient 100
saltstack_web1group_2:
The minion function caused an exception: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 1200, in _thread_return
return_data = func(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/salt/modules/file.py", line 2043, in append
with salt.utils.fopen(path, "r+") as ofile:
File "/usr/lib/python2.6/site-packages/salt/utils/__init__.py", line 1046, in fopen
fhandle = open(*args, **kwargs)
IOError: [Errno 2] No such file or directory: '/tmp/test/test.conf'
saltstack_web1group_1:
The minion function caused an exception: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 1200, in _thread_return
return_data = func(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/salt/modules/file.py", line 2043, in append
with salt.utils.fopen(path, "r+") as ofile:
File "/usr/lib/python2.6/site-packages/salt/utils/__init__.py", line 1046, in fopen
fhandle = open(*args, **kwargs)
IOError: [Errno 2] No such file or directory: '/tmp/test/test.conf'
[root@saltstack-master ~]# salt '*' file.remove /tmp/foo 删除所有minion的/tmp/foo文件
saltstack_web1group_2:
False
saltstack_web1group_1:
False

iptables模块
功能:minion的iptables主持

[root@saltstack-master ~]# salt '*' iptabnles.append filter INPUT rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' 在所有minion主机追加规则
[root@saltstack-master ~]# salt '*' iptables.delete filter INPUT position=3 删除所有minion上的指定链编号为3的规则
[root@saltstack-master ~]# salt '*' iptables.save /etc/sysconfig/iptables 保存所有minion上的规则
saltstack_web1group_1:
Wrote 1 lines to "/etc/sysconfig/iptables"
saltstack_web1group_2:
Wrote 1 lines to "/etc/sysconfig/iptables"

network模块
功能:返回minion的网络信息

[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.dig www.jd.com 在minion上获取dig、ping、traceroute目录域名信息
saltstack_web1group_1:

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> www.jd.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47292
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.jd.com. IN A

;; ANSWER SECTION:
www.jd.com. 68 IN CNAME www.jd.com.gslb.qianxun.com.
www.jd.com.gslb.qianxun.com. 36 IN CNAME www.jdcdn.com.
www.jdcdn.com. 36 IN A 106.39.178.1

;; Query time: 29 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Mar 20 15:07:09 2019
;; MSG SIZE rcvd: 106
[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.ping www.jd.com
saltstack_web1group_1:
PING www.jdcdn.com (106.39.178.1) 56(84) bytes of data.
64 bytes from 106.39.178.1: icmp_seq=1 ttl=54 time=7.26 ms
64 bytes from 106.39.178.1: icmp_seq=2 ttl=54 time=5.62 ms
64 bytes from 106.39.178.1: icmp_seq=3 ttl=54 time=5.77 ms
64 bytes from 106.39.178.1: icmp_seq=4 ttl=54 time=5.11 ms

--- www.jdcdn.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3012ms
rtt min/avg/max/mdev = 5.116/5.944/7.269/0.807 ms
[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.traceroute www.jd.com
[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.hwaddr eth1 获取minion的mac地址
saltstack_web1group_1:
00:0c:29:f9:55:5b
[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.in_subnet 10.0.0.0/16 检测minion是否属于10.0.0.0/16这个子网
saltstack_web1group_1:
False
[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.interfaces 获取minion的网卡配置信息
saltstack_web1group_1:
----------
eth1:
----------
hwaddr:
00:0c:29:f9:55:5b
inet:
|_
----------
address:
192.168.1.183
broadcast:
192.168.1.255
label:
eth1
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::20c:29ff:fef9:555b
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.ip_addrs 获取minion的ip地址信息
saltstack_web1group_1:
- 192.168.1.183
[root@saltstack-master ~]# salt 'saltstack_web1group_1' network.subnets 获取minion的子网信息
saltstack_web1group_1:
- 192.168.1.0/24

pkg模块
功能:minion程序包管理，如yum、apt-get

[root@saltstack-master ~]# salt '*' pkg.install php 所有minion安装php
saltstack_web1group_2:
----------
php:
----------
new:
5.3.3-49.el6
old:
php-cli:
----------
new:
5.3.3-49.el6
old:
php-common:
----------
new:
5.3.3-49.el6
old:
saltstack_web1group_1:
----------
php:
----------
new:
5.3.3-49.el6
old:
php-cli:
----------
new:
5.3.3-49.el6
old:
php-common:
----------
new:
5.3.3-49.el6
old:
[root@saltstack-master ~]# salt '*' pkg.remove php 所有minion卸载php
saltstack_web1group_1:
----------
php:
----------
new:
old:
5.3.3-49.el6
saltstack_web1group_2:
----------
php:
----------
new:
old:
5.3.3-49.el6
[root@saltstack-master ~]# salt '*' pkg.upgrade 升级所有minion上所有的软件包

service模块
功能:管理minion的服务

[root@saltstack-master ~]# salt '*' service.status httpd
saltstack_web1group_1:
True
saltstack_web1group_2:
True
[root@saltstack-master ~]# salt '*' service.reload httpd
saltstack_web1group_1:
True
saltstack_web1group_2:
True