文章目录
- 1. SaltStack模块介绍
- 2. SaltStack常用模块
- 2.1 SaltStack常用模块network
- 2.1.1 network.active_tcp
- 2.1.2 network.calc_net
- 2.1.3 network.connect
- 2.1.4 network.arp
- 2.1.5 network.default_route
- 2.1.6 network.get_fqdn
- 2.1.7 network.get_hostname
- 2.1.8 network.get_route
- 2.1.9 network.hw_addr
- 2.1.10 network.ifacestartswith
- 2.1.11 network.in_subnet
- 2.1.12 network.interface
- 2.1.13 network.interface_ip
- 2.1.14 network.interfaces
- 2.1.15 network.ip_addrs
- 2.1.16 network.netstat
- 2.1.17network.ping
- 2.1.17 network.reverse_ip
- 2.2 SaltStack常用模块service
- 2.3 SaltStack常用模块pkg
- 2.4 SaltStack常用模块之state
- 2.5 SaltStack常用模块之salt-cp
- 2.6 SaltStack常用模块之useradd
- 2.7 SaltStack常用模块之cron
- 2.8 SaltStack常用模块之acl
1. SaltStack模块介绍
模块(module)是日常使用SaltStack接触最多的一个组件,其用于管理对象操作,这也是SaltStack通过Push的方式进行管理的入口。比如一些简单命令,查看包安装情况、查看服务运行情况等工作都是通过SaltStack Module来实现的。
官方地址:https://docs.saltproject.io/en/latest/ref/modules/all/index.html
当安装好master和minion包后,系统上会安装很多模块,大家可以通过以下命令查看支持的所有module列表:
[root@master ~]# salt 'minion' sys.list_modules
minion:
- acl
- aliases
- alternatives
- ansible
- apache
- archive
- artifactory
- baredoc
- beacons
- bigip
- btrfs
- buildout
- chroot
- cloud
- cmd
- composer
- config
- consul
- container_resource
- cp
此处省略n行...
//查看指定module的所有功能(function[root@master ~]# salt 'minion' sys.list_functions pkg
minion:
- pkg.available_version
- pkg.clean_metadata
- pkg.del_repo
- pkg.diff
- pkg.download
- pkg.file_dict
- pkg.file_list
- pkg.get_locked_packages
- pkg.get_repo
- pkg.group_diff
- pkg.group_info
- pkg.group_install
- pkg.group_list
- pkg.groupinstall
- pkg.hold
- pkg.info_installed
- pkg.install
- pkg.latest_version
- pkg.list_downloaded
- pkg.list_holds
- pkg.list_installed_patches
- pkg.list_patches
- pkg.list_pkgs
- pkg.list_repo_pkgs
- pkg.list_repos
- pkg.list_updates
- pkg.list_upgrades
- pkg.mod_repo
- pkg.modified
- pkg.normalize_name
- pkg.owner
- pkg.parse_arch
- pkg.purge
- pkg.refresh_db
- pkg.remove
- pkg.services_need_restart
- pkg.unhold
- pkg.update
- pkg.upgrade
- pkg.upgrade_available
- pkg.verify
- pkg.version
- pkg.version_cmp
)
//查看指定module的用法。执行此条命令会教你怎么使用这个模块
[root@master ~]# salt 'minion' sys.doc pkg.install
//SaltStack可以一次执行多个module,module之间通过逗号隔开,默认传参之间也是用逗号分隔,也支持指定传参分隔符号--args-separator=@即可
[root@master ~]# salt 'minion' test.echo,cmd.run,service.status hehe,date,httpd
minion:
----------
cmd.run:
Tue Jul 6 19:41:51 CST 2021
service.status:
True
test.echo:
hehe
2. SaltStack常用模块
2.1 SaltStack常用模块network
2.1.1 network.active_tcp
返回所有活动的tcp连接
[root@master ~]# salt 'minion' network.active_tcp
minion:
----------
0:
----------
local_addr:
192.168.249.145
local_port:
22
remote_addr:
192.168.249.1
remote_port:
59358
1:
----------
local_addr:
192.168.249.145
local_port:
37142
remote_addr:
192.168.249.141
remote_port:
4505
2:
----------
local_addr:
192.168.249.145
local_port:
22
remote_addr:
192.168.249.1
remote_port:
49193
//相当于下面的命令,查看活跃的端口
[root@minion ~]# netstat -antl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 36 192.168.249.145:22 192.168.249.1:59358 ESTABLISHED
tcp 0 0 192.168.249.145:37142 192.168.249.141:4505 ESTABLISHED
tcp 0 0 192.168.249.145:33842 147.75.83.237:80 TIME_WAIT
tcp 0 0 192.168.249.145:22 192.168.249.1:49193 ESTABLISHED
tcp 0 0 192.168.249.145:57470 116.211.183.135:80 TIME_WAIT
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::*
2.1.2 network.calc_net
通过IP和子网掩码可以自动计算出网络地址,不用我们自己算
[root@master ~]# salt 'minion' network.calc_net 192.168.249.145 255.255.254.0
minion:
192.168.248.0/23
2.1.3 network.connect
测试minion至某一台服务器的网络是否连通
[root@master ~]# salt 'minion' network.connect taobao.com 80
minion:
----------
comment:
Successfully connected to taobao.com (140.205.220.96) on tcp port 80
result:
True
2.1.4 network.arp
查看IP地址
[root@master ~]# salt 'minion' network.arp
minion:
----------
00:0c:29:48:79:5d:
192.168.249.141
00:50:56:c0:00:08:
192.168.249.1
00:50:56:f5:79:6c:
192.168.249.2
2.1.5 network.default_route
查看默认路由
[root@master ~]# salt 'minion' network.default_route
minion:
|_
----------
addr_family:
inet
destination:
0.0.0.0
flags:
UG
gateway:
192.168.249.2
interface:
ens33
netmask:
0.0.0.0
|_
----------
addr_family:
inet6
destination:
::/0
flags:
!n
gateway:
::
interface:
lo
netmask:
|_
----------
addr_family:
inet6
destination:
::/0
flags:
!n
gateway:
::
interface:
lo
netmask:
2.1.6 network.get_fqdn
查看主机的fqdn(完全限定域名)
[root@master ~]# salt 'minion' network.get_fqdn
minion:
minion
2.1.7 network.get_hostname
查看主机名
[root@master ~]# salt 'minion' network.get_hostname
minion:
minion
2.1.8 network.get_route
查询到一个目标网络的路由信息
[root@master ~]# salt 'minion' network.get_route 192.168.249.141
minion:
----------
destination:
192.168.249.141
gateway:
None
interface:
ens33
source:
192.168.249.145
2.1.9 network.hw_addr
返回指定网卡的MAC地址
[root@master ~]# salt 'minion' network.hw_addr ens33
minion:
00:0c:29:e3:d6:a4
2.1.10 network.ifacestartswith
查看某一网段所用网卡的名称
[root@master ~]# salt 'minion' network.ifacestartswith 192.168
minion:
- ens33
2.1.11 network.in_subnet
判断当前主机是否在某一个网段内
[root@master ~]# salt 'minion' network.in_subnet 192.168.249.0/24
minion:
True
2.1.12 network.interface
查看指定网卡的信息
[root@master ~]# salt 'minion' network.interface ens33
minion:
|_
----------
address:
192.168.249.145
broadcast:
192.168.249.255
label:
ens33
netmask:
255.255.255.0
2.1.13 network.interface_ip
返回指定网卡的IP地址
[root@master ~]# salt 'minion' network.interface_ip ens33
minion:
192.168.249.145
2.1.14 network.interfaces
返回当前系统中所有的网卡信息
[root@master ~]# salt 'minion' network.interfaces
minion:
----------
ens33:
----------
hwaddr:
00:0c:29:e3:d6:a4
inet:
|_
----------
address:
192.168.249.145
broadcast:
192.168.249.255
label:
ens33
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::dd3:b80d:8d2a:19ee
prefixlen:
64
scope:
link
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
inet6:
|_
----------
address:
::1
prefixlen:
128
scope:
host
up:
True
2.1.15 network.ip_addrs
查看一个IPv4的地址列表
该命令将会忽略掉127.0.0.1的地址
[root@master ~]# salt 'minion' network.ip_addrs
minion:
- 192.168.249.145
2.1.16 network.netstat
返回所有打开的端口和状态
[root@master ~]# salt 'minion' network.netstat
minion:
|_
----------
inode:
27849
local-address:
0.0.0.0:22
program:
1030/sshd
proto:
tcp
recv-q:
0
remote-address:
0.0.0.0:*
send-q:
0
state:
LISTEN
user:
0
|_
----------
inode:
0
local-address:
192.168.249.145:60696
program:
-
proto:
tcp
recv-q:
0
remote-address:
192.168.249.141:4506
send-q:
0
state:
TIME_WAIT
user:
0
|_
----------
inode:
31884
local-address:
192.168.249.145:22
program:
1894/sshd:
proto:
tcp
recv-q:
0
remote-address:
192.168.249.1:59358
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
30867
local-address:
192.168.249.145:37142
program:
1475/python3.6
proto:
tcp
recv-q:
0
remote-address:
192.168.249.141:4505
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
31545
local-address:
192.168.249.145:22
program:
1909/sshd:
proto:
tcp
recv-q:
0
remote-address:
192.168.249.1:49193
send-q:
0
state:
ESTABLISHED
user:
0
|_
----------
inode:
28957
local-address:
:::80
program:
1000/httpd
proto:
tcp6
recv-q:
0
remote-address:
:::*
send-q:
0
state:
LISTEN
user:
0
|_
----------
inode:
27851
local-address:
:::22
program:
1030/sshd
proto:
tcp6
recv-q:
0
remote-address:
:::*
send-q:
0
state:
LISTEN
user:
0
|_
----------
inode:
0
local-address:
192.168.249.145:68
program:
27962
proto:
udp
recv-q:
0
remote-address:
192.168.249.254:67
send-q:
0
user:
ESTABLISHED
2.1.17network.ping
使用ping命令测试到某主机的连通性
[root@master ~]# salt 'minion' network.ping taobao.com
minion:
PING taobao.com (140.205.220.96) 56(84) bytes of data.
64 bytes from 140.205.220.96 (140.205.220.96): icmp_seq=1 ttl=128 time=23.4 ms
64 bytes from 140.205.220.96 (140.205.220.96): icmp_seq=2 ttl=128 time=24.3 ms
64 bytes from 140.205.220.96 (140.205.220.96): icmp_seq=3 ttl=128 time=26.6 ms
64 bytes from 140.205.220.96 (140.205.220.96): icmp_seq=4 ttl=128 time=25.7 ms
--- taobao.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 23.425/24.996/26.597/1.234 ms
2.1.17 network.reverse_ip
返回一个指定的IP地址的反向地址
[root@master ~]# salt 'minion' network.reverse_ip 192.168.249.144
minion:
144.249.168.192.in-addr.arpa
2.2 SaltStack常用模块service
2.2.1 service.available
判断指定的服务是否可用
[root@master ~]# salt 'minion' service.available httpd
minion:
True
2.2.2 service.get_all
查看所有正在运行的服务
[root@master ~]# salt 'minion' service.get_all
minion:
- NetworkManager
- NetworkManager-dispatcher
- NetworkManager-wait-online
- arp-ethers
- auditd
- autovt@
- basic.target
- blk-availability
- bluetooth.target
- boot-complete.target
- console-getty
- container-getty@
- cpupower
- crond
后面省略...
2.2.3 service.disabled
查看指定服务是否开机不自启
[root@master ~]# salt 'minion' service.disabled httpd
minion:
False #说明httpd开机是自启的
2.2.4 service.enabled
查看指定服务是否开机自启
[root@master ~]# salt 'minion' service.enabled httpd
minion:
True
2.2.5 service.disable
设置指定服务开机不自启
[root@master ~]# salt 'minion' service.disable httpd
minion:
True
2.2.6 service.enable
设置指定服务开机自动启动
[root@master ~]# salt 'minion' service.enable httpd
minion:
True
2.2.7 service.reload
重新加载指定服务
[root@master ~]# salt 'minion' service.reload httpd
minion:
True
2.2.8 service.stop
停止指定服务
[root@master ~]# salt 'minion' service.stop httpd
minion:
True
2.2.9 service.start
启动指定服务
[root@master ~]# salt 'minion' service.start httpd
minion:
True
2.2.10 service.restart
重启指定服务
[root@master ~]# salt 'minion' service.restart httpd
minion:
True
2.2.11 service.status
查看指定服务的状态
[root@master ~]# salt 'minion' service.status httpd
minion:
True
2.3 SaltStack常用模块pkg
2.3.1 pkg.download
只下载软件包但不安装
此功能将会下载指定的软件包,但是需要在minion端安装yum-utils,可以使用 cmd.run 进行远程安装
[root@master ~]# salt 'minion' pkg.download vsftpd
minion:
----------
vsftpd:
/var/cache/yum/packages/vsftpd-3.0.3-34.el8.x86_64.rpm
//在minion查看
```bash
[root@minion ~]# cd /var/cache/yum/packages/
[root@minion packages]# ls
vsftpd-3.0.3-34.el8.x86_64.rpm
2.3.2 pkg.file_list
列出指定包或系统中已安装的所有包的文件
//列出已安装的httpd软件包提供的所有文件
[root@master ~]# salt 'minion' pkg.file_list httpd
minion:
----------
errors:
files:
- /etc/httpd/conf
- /etc/httpd/conf.d/autoindex.conf
- /etc/httpd/conf.d/userdir.conf
- /etc/httpd/conf.d/welcome.conf
- /etc/httpd/conf.modules.d
- /etc/httpd/conf.modules.d/00-base.conf
- /etc/httpd/conf.modules.d/00-dav.conf
- /etc/httpd/conf.modules.d/00-lua.conf
- /etc/httpd/conf.modules.d/00-mpm.conf
- /etc/httpd/conf.modules.d/00-optional.conf
- /etc/httpd/conf.modules.d/00-proxy.conf
- /etc/httpd/conf.modules.d/00-systemd.conf
- /etc/httpd/conf.modules.d/01-cgi.conf
- /etc/httpd/conf.modules.d/README
- /etc/httpd/conf/httpd.conf
- /etc/httpd/conf/magic
省略n行...
2.3.3 pkg.group_info
查看包组的信息
[root@master ~]# salt 'minion' pkg.group_info 'Development Tools'
minion:
----------
conditional:
default:
- asciidoc
- byacc
- ctags
- diffstat
- elfutils-libelf-devel
- git
- intltool
- jna
- ltrace
- patchutils
- perl-Fedora-VSP
- perl-Sys-Syslog
- perl-generators
- pesign
- source-highlight
- systemtap
- valgrind
- valgrind-devel
description:
A basic development environment.
group:
Development Tools
id:
None
mandatory:
- autoconf
- automake
- binutils
- bison
- flex
- gcc
- gcc-c++
- gdb
- glibc-devel
- libtool
- make
- pkgconf
- pkgconf-m4
- pkgconf-pkg-config
- redhat-rpm-config
- rpm-build
- rpm-sign
- strace
optional:
- cmake
- expect
- rpmdevtools
- rpmlint
type:
package group
2.3.4 pkg.group_list
列出系统中所有的包组
[root@master ~]# salt 'minion' pkg.group_list
minion:
----------
available:
- Backup Client
- base-x
- Conflicts AppStream
- Container Management
- Debugging Tools
- Desktop Debugging and Performance Tools
- .NET Core Development
- FTP Server
- GNOME Applications
- Graphics Creation Tools
- Guest Agents
- Guest Desktop Agents
- Input Methods
- Internet Applications
- Internet Browser
- Java Platform
- Legacy X Window System Compatibility
- Multimedia
- Office Suite and Productivity
- Atomic Host ostree support
- KVM platform specific packages
- Hyper-v platform specific packages
- Printing Client
- Remote Desktop Clients
- RPM Development Tools
- TeX formatting system
- Virtualization Client
- Virtualization Hypervisor
- Virtualization Platform
- Virtualization Tools
- Basic Web Server
- Additional Development
- Anaconda tools
- Base
- Conflicts BaseOS
- Development Tools
- Dial-up Networking Support
- File and Storage Server
- Fonts
- GNOME
- Graphical Administration Tools
- Hardware Monitoring Utilities
- Hardware Support
- Headless Management
- Infiniband Support
- Large Systems Performance
- Legacy UNIX Compatibility
- Mail Server
- Mainframe Access
- Network File System Client
- Network Servers
- Networking Tools
- Common NetworkManager submodules
- Performance Tools
- Platform Development
- Python Web
- Remote Management for Linux
- Scientific Support
- Security Tools
- Server product core
- Smart Card Support
- Windows File Server
- Standard
- System Tools
- Workstation product core
available environments:
- Server with GUI
- Server
- Workstation
- Virtualization Host
- Custom Operating System
available languages:
----------
installed:
- VMware platform specific packages
- Core
installed environments:
- Minimal Install
2.3.5 pkg.install
安装软件
[root@master ~]# salt 'minion' pkg.install bzip2
minion:
----------
bzip2:
----------
new:
1.0.6-26.el8
old:
2.3.6 pkg.list_pkgs
以字典的方式列出当前已安装的软件包
[root@master ~]# salt 'minion' pkg.list_pkgs
省略n行...
centos-gpg-keys:
1:8-2.el8
centos-logos-httpd:
85.5-1.el8
centos-stream-release:
8.4-1.el8
centos-stream-repos:
8-2.el8
chkconfig:
1.13-2.el8
colord-libs:
1.4.2-1.el8
coreutils:
8.30-8.el8
coreutils-common:
8.30-8.el8
cpio:
2.12-9.el8
cracklib:
2.9.6-15.el8
cracklib-dicts:
2.9.6-15.el8
cronie:
1.5.2-4.el8
省略n行...
2.3.7 pkg.owner
列出指定文件是由哪个包提供的
[root@master ~]# salt 'minion' pkg.owner /usr/sbin/apachectl
minion:
httpd
2.3.8 pkg.remove
卸载指定软件
[root@master ~]# salt 'minion' pkg.remove bzip2
minion:
----------
bzip2:
----------
new:
old:
1.0.6-26.el8
//也可以一条命令卸载多个软件,中间用逗号隔开。
2.3.9 pkg.upgrade
升级系统中所有的软件包或升级指定的软件包
[root@master ~]# salt 'minion' pkg.upgrade
[root@master ~]# salt 'minion' pkg.upgrade name=服务名
2.4 SaltStack常用模块之state
2.4.1 state.show_highstate
显示当前系统中有哪些高级状态
[root@master ~]# salt 'minion' state.show_highstate
minion:
----------
apache-install:
----------
__env__:
base
__sls__:
web.apache.install
pkg:
|_
----------
name:
httpd
- installed
|_
----------
order:
10000
apache-service:
----------
__env__:
base
__sls__:
web.apache.install
service:
|_
----------
name:
httpd
|_
----------
enable:
True
- running
|_
----------
order:
10001
2.4.2 state.highstate
执行高级状态
[root@master ~]# salt 'minion' state.highstate web.apache.install
2.4.3 state.show_top
查看minion将用于highstate的顶级数据
[root@master ~]# salt 'minion' state.show_top
minion:
----------
base:
- web.apache.install
2.4.4 state.top
执行指定的top file,而不是默认的。此功能很鸡肋,不建议使用,实际操作都用默认。
[root@master ~]# salt '*' state.top lxr.sls
2.4.5 state.show_sls
查看 master 上特定sls或sls文件列表中的状态数据
[root@master ~]# salt 'minion' state.show_sls web.apache.install
minion:
----------
apache-install:
----------
__env__:
base
__sls__:
web.apache.install
pkg:
|_
----------
name:
httpd
- installed
|_
----------
order:
10000
apache-service:
----------
__env__:
base
__sls__:
web.apache.install
service:
|_
----------
name:
httpd
|_
----------
enable:
True
- running
|_
----------
order:
10001
2.5 SaltStack常用模块之salt-cp
salt-cp能够很方便的把 master 上的文件批量传到 minion上
//将master上的abc拷贝到minion上面
[root@master ~]# cd /opt/
[root@master opt]# touch abc.txt
[root@master opt]# ls
abc.txt
[root@master opt]# salt-cp 'minion' /opt/abc.txt /opt/
minion:
----------
/opt/abc.txt:
True
//验证
[root@minion ~]# cd /opt/
[root@minion opt]# ls
[root@minion opt]# ls
abc.txt
//将多个文件进行拷贝
[root@master opt]# salt-cp 'minion' /opt/abc.txt /opt/haha /opt/xixi /opt/
minion:
----------
/opt/abc.txt:
True
/opt/haha:
True
/opt/xixi:
True
//验证
[root@master opt]# salt 'minion' cmd.run 'ls /opt/'
minion:
abc.txt
haha
xixi
2.6 SaltStack常用模块之useradd
2.6.1 user.add name
添加一个用户到minion
[root@master ~]# salt 'minion' user.add name=lxr
minion:
True
//验证
[root@master ~]# salt 'minion' cmd.run 'id lxr'
minion:
uid=1000(lxr) gid=1000(lxr) groups=1000(lxr)
2.6.2 user.chfullname
更改用户名
[root@master ~]# salt 'minion' user.chfullname lxr 'xixi'
minion:
True
2.6.3 user.chuid
更改用户UID
[root@master ~]# salt 'minion' user.chuid lxr 1001
minion:
True
//验证
[root@master ~]# salt 'minion' cmd.run 'id lxr'
minion:
uid=1001(lxr) gid=993(sssd) groups=993(sssd)
2.6.4 user.chgid
更改用户GID
[root@master ~]# salt 'minion' user.chgid lxr 993
minion:
True
[root@master ~]# salt 'minion' cmd.run 'id lxr'
minion:
uid=1000(lxr) gid=993(sssd) groups=993(sssd)
2.6.5 user.chgroups
更改用户属组,追加指定用户组
[root@master ~]# salt 'minion' user.chgroups lxr wheel,hehe True
minion:
True
[root@master ~]# salt 'minion' cmd.run 'id lxr'
minion:
uid=1001(lxr) gid=993(sssd) groups=993(sssd),10(wheel),990(hehe)
2.6.6 user.chhome
更改用户家目录,拷贝原家目录到新家目录
[root@master ~]# salt 'minion' user.chhome lxr /home/users/lxr True
minion:
True
2.7 SaltStack常用模块之cron
2.7.1 cron.present
为minion批量添加计划任务
//添加一个计划任务按计划任务去执行httpd.sh脚本
[root@master ~]# mkdir /scripts
[root@master ~]# vim /scripts/httpd.sh
#!/bin/bash
echo "你好!"
[root@master ~]# mkdir -p /srv/salt/base/cron
[root@master ~]# vim /srv/salt/base/cron/cron.sls
add_cron:
cron.present: #添加计划任务的模块
- name: /bin/sh /scripts/httpd.sh &>/dev/null #要执行的计划任务
- user: root #针对哪个用户执行任务计划
- minute: '*' #分
- hour: 20 #时
- daymonth: '*' #日
- month: '*' #月
- dayweek: '*' #周
//执行高级状态
[root@master ~]# salt 'minion' state.highstate
minion:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 23:50:14.000554
Duration: 1293.158 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 23:50:15.389742
Duration: 67.788 ms
Changes:
----------
ID: add_cron
Function: cron.present
Name: /bin/sh /scripts/httpd.sh &>/dev/null
Result: True
Comment: Cron /bin/sh /scripts/httpd.sh &>/dev/null added to root's crontab
Started: 23:50:15.501196
Duration: 235.567 ms
Changes:
----------
root:
/bin/sh /scripts/httpd.sh &>/dev/null
Summary for minion
------------
Succeeded: 3 (changed=1)
Failed: 0
------------
Total states run: 3
Total run time: 1.597 s
2.7.2 cron.absent
为minion设置批量删除计划任务
[root@master ~]# vim /scripts/rubbish.sh
#!/bin/bash
echo "删除垃圾文件"
[root@master ~]# vim /srv/salt/base/cron/absent.sls
rubbish_cron:
cron.absent: #删除计划任务的模块
- name: /bin/sh /scripts/rubbish.sh &>/dev/nul
- user: root
- minute: '*'
- hour: 20
- daymonth: '*'
- month: '*'
- dayweek: '*'
[root@master ~]# vim /srv/salt/base/top.sls
base:
'*':
- web.apache.install
- cron.cron
- cron.absent
//执行高级状态
[root@master ~]# salt 'minion' state.highstate
minion:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 00:07:17.447914
Duration: 1379.047 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 00:07:18.829568
Duration: 64.389 ms
Changes:
----------
ID: add_cron
Function: cron.present
Name: /bin/sh /scripts/httpd.sh &>/dev/null
Result: True
Comment: Cron /bin/sh /scripts/httpd.sh &>/dev/null already present
Started: 00:07:18.898284
Duration: 15.22 ms
Changes:
----------
ID: rubbish_cron
Function: cron.absent
Name: /bin/sh /scripts/rubbish.sh &>/dev/nul
Result: True
Comment: Cron /bin/sh /scripts/rubbish.sh &>/dev/nul already absent
Started: 00:07:18.914190
Duration: 13.97 ms
Changes:
Summary for minion
------------
Succeeded: 4
Failed: 0
------------
Total states run: 4
Total run time: 1.473 s
2.7.3 set_job
为指定用户添加计划任务
//为用户lxr添加计划任务,每天0:20分执行脚本rubbish.sh
[root@master ~]# salt 'minion' cron.set_job lxr 0 20 '*' '*' '*' /bin/sh /scripts/rubbish.sh
minion:
new
2.7.4 list_tab
查看指定用户具体的计划任务内容
[root@master ~]# salt 'minion' cron.list_tab lxr
minion:
----------
crons:
|_
----------
cmd:
/bin/sh
comment:
None
commented:
False
daymonth:
*
dayweek:
*
hour:
20
identifier:
None
minute:
0
month:
*
env:
pre:
special:
//或者
[root@master ~]# salt 'minion' cron.ls lxr
2.7.3 raw_cron
查看指定用户计划任务列表
[root@master ~]# salt 'minion' cron.raw_cron lxr
minion:
# Lines below here are managed by Salt, do not edit
0 20 * * * /bin/sh
2.7.4 rm_ job
删除指定用户的 计划任务,如果指定了任何日期/时间参数,则仅当指定的参数匹配时才会删除。
[root@master ~]# salt 'minion' cron.rm_job lxr /scripts/rubbish.sh hour=20
minion:
absent
2.7.5 rm_env
删除指定用户的环境变量
[root@master ~]# salt 'minion' cron.rm_env lxr MAILTO
minion:
absent
2.8 SaltStack常用模块之acl
2.8.1 getfacl
查看(非常详细)指定文件上的 FACL 映射
[root@master ~]# salt 'minion' acl.getfacl /tmp/vmware-root_958-2730693406
minion:
----------
/tmp/vmware-root_958-2730693406:
----------
comment:
----------
file:
/tmp/vmware-root_958-2730693406
group:
root
owner:
root
group:
|_
----------
root:
----------
octal:
0
permissions:
----------
execute:
False
read:
False
write:
False
other:
|_
----------
:
----------
octal:
0
permissions:
----------
execute:
False
read:
False
write:
False
user:
|_
----------
root:
----------
octal:
7
permissions:
----------
execute:
True
read:
True
write:
True
2.8.2 modfacl
添加或修改指定文件的 FACL
[root@master ~]# salt 'minion' acl.modfacl user lxr rw /tmp/vmware-root_958-2730693406
minion:
True
//在minion验证
[root@minion tmp]# getfacl /tmp/vmware-root_958-2730693406
getfacl: Removing leading '/' from absolute path names
# file: tmp/vmware-root_958-2730693406
# owner: root
# group: root
user::rwx
user:lxr:rw-
group::---
mask::rw-
other::---
2.8.3 version
从 getfacl --version 查看facl 版本
[root@master ~]# salt 'minion' acl.version
minion:
2.2.53
2.8.4 delfacl
从指定文件中删除特定 FACL
[root@master ~]# salt 'minion' acl.delfacl user lxr /tmp/vmware-root_958-2730693406
minion:
True
//验证
[root@minion tmp]# getfacl /tmp/vmware-root_958-2730693406
getfacl: Removing leading '/' from absolute path names
# file: tmp/vmware-root_958-2730693406
# owner: root
# group: root
user::rwx
group::---
mask::---
other::---
扫一扫
687
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
