saltstack 自动化运维工具管理命令的详细使用,获取指定数据集
Posted 抛物线.
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了saltstack 自动化运维工具管理命令的详细使用,获取指定数据集相关的知识,希望对你有一定的参考价值。
Salt,,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。
salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口;
salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制,如果连接断开,master对客户端就无能为力了。当然,客户端若检查到断开后会定期的一直连接master端的。
这是saltstack的官方手册:saltstack
https://docs.saltstack.com/en/latest/contents.html
首先来看一下help命令:下面针对经常使用到的进行操作解释。
[root@master ~]# salt --help
Usage: salt [options] '<target>' <function> [arguments]
Salt allows for commands to be executed across a swath of remote systems in
parallel, so they can be both controlled and queried with ease.
Options:
--version show program's version number and exit
-V, --versions-report
Show program's dependencies version number and exit.
-h, --help show this help message and exit
--saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one
will be searched for in the current working directory.
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: '/etc/salt'.
--module-executors=EXECUTOR_LIST
Set an alternative list of executors to override the
one set in minion config.
--executor-opts=EXECUTOR_OPTS
Set alternate executor options if supported by
executor. Options set by minion config are used by
default.
-t TIMEOUT, --timeout=TIMEOUT
Change the timeout, if applicable, for the running
command (in seconds). Default: 5.
--args-stdin Read additional options and/or arguments from stdin.
Each entry is newline separated.
--hard-crash Raise any original exception rather than exiting
gracefully. Default: False.
--no-parse=argname1,argname2,...
Comma-separated list of named CLI arguments (i.e.
argname=value) which should not be parsed as Python
data types
-s, --static Return the data from minions as a group after they all
return.
-p, --progress Display a progress graph. Requires "progressbar"
python package.
--failhard Stop batch execution upon first "bad" return.
--async Run the salt command but don't wait for a reply.
--subset=SUBSET Execute the routine on a random subset of the targeted
minions. The minions will be verified that they have
the named function before executing.
-v, --verbose Turn on command verbosity, display jid and active job
queries.
--hide-timeout Hide minions that timeout.
--show-jid Display jid without the additional output of
--verbose.
-b BATCH, --batch=BATCH, --batch-size=BATCH
Execute the salt job in batch mode, pass either the
number of minions to batch at a time, or the
percentage of minions to have running.
--batch-wait=BATCH_WAIT
Wait the specified time in seconds after each job is
done before freeing the slot in the batch for the next
one.
--batch-safe-limit=BATCH_SAFE_LIMIT
Execute the salt job in batch mode if the job would
have executed on more than this many minions.
--batch-safe-size=BATCH_SAFE_SIZE
Batch size to use for batch jobs created by batch-
safe-limit.
--return=RETURNER Set an alternative return method. By default salt will
send the return data from the command back to the
master, but the return data can be redirected into any
number of systems, databases or applications.
--return_config=RETURNER_CONF
Set an alternative return method. By default salt will
send the return data from the command back to the
master, but the return data can be redirected into any
number of systems, databases or applications.
--return_kwargs=RETURNER_KWARGS
Set any returner options at the command line.
-d, --doc, --documentation
Return the documentation for the specified module or
for all modules if none are specified.
--args-separator=ARGS_SEPARATOR
Set the special argument used as a delimiter between
command arguments of compound commands. This is useful
when one wants to pass commas as arguments to some of
the commands in a compound command.
--summary Display summary information about a salt command.
--metadata=METADATA Pass metadata into Salt, used to search jobs.
--output-diff Report only those states that have changed.
--config-dump Dump the master configuration values
--preview-target Show the minions expected to match a target. Does not
issue any command.
Logging Options:
Logging options which override any settings defined on the
configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of 'all', 'garbage',
'trace', 'debug', 'profile', 'info', 'warning',
'error', 'critical', 'quiet'. Default: 'warning'.
--log-file=LOG_FILE
Log file path. Default: '/var/log/salt/master'.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'profile', 'info', 'warning',
'error', 'critical', 'quiet'. Default: 'warning'.
Target Options:
Target selection options.
-H, --hosts List all known hosts to currently visible or other
specified rosters
-E, --pcre Instead of using shell globs to evaluate the target
servers, use pcre regular expressions.
-L, --list Instead of using shell globs to evaluate the target
servers, take a comma or whitespace delimited list of
servers.
-G, --grain Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a
globexpression: "os:Arch*".
-P, --grain-pcre Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a pcre regular
expression: "os:Arch.*".
-N, --nodegroup Instead of using shell globs to evaluate the target
use one of the predefined nodegroups to identify a
list of targets.
-R, --range Instead of using shell globs to evaluate the target
use a range expression to identify targets. Range
expressions look like %cluster.
-C, --compound The compound target option allows for multiple target
types to be evaluated, allowing for greater
granularity in target matching. The compound target is
space delimited, targets other than globs are preceded
with an identifier matching the specific targets
argument type: salt 'G@os:RedHat and webser* or
E@database.*'.
-I, --pillar Instead of using shell globs to evaluate the target
use a pillar value to identify targets, the syntax for
the target is the pillar key followed by a glob
expression: "role:production*".
-J, --pillar-pcre Instead of using shell globs to evaluate the target
use a pillar value to identify targets, the syntax for
the target is the pillar key followed by a pcre
regular expression: "role:prod.*".
-S, --ipcidr Match based on Subnet (CIDR notation) or IP address.
Additional Target Options:
Additional options for minion targeting.
--delimiter=DELIMITER
Change the default delimiter for matching in multi-
level data structures. Default: ':'.
External Authentication:
-a EAUTH, --auth=EAUTH, --eauth=EAUTH, --external-auth=EAUTH
Specify an external authentication system to use.
-T, --make-token Generate and save an authentication token for re-use.
The token is generated and made available for the
period defined in the Salt Master.
--username=USERNAME
Username for external authentication.
--password=PASSWORD
Password for external authentication.
Output Options:
Configure your preferred output format.
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt' command using the
specified outputter.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--out-file-append, --output-file-append
Append the output to the specified file.
--no-color, --no-colour
Disable all colored output.
--force-color, --force-colour
Force colored output.
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of 'full', 'terse', 'mixed', 'changes' or
'filter'. Default: 'none'.
--state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.
You can find additional help about salt issuing "man salt" or on
http://docs.saltstack.com
[root@master ~]#
一、salt相关的管理命令:
salt-run manage.up # 查看存活的minion
salt-run manage.down # 查看死掉的minion
salt-run manage.down removekeys=True # 查看down掉的minion,并将其删除
salt-run manage.status # 查看minion的相关状态
salt-run manage.versions # 查看salt的所有master和minion的版本信息
salt-run jobs.active # 查看哪些系统任务还在处理中
salt-run jobs.list_jobs # 显示所有的已完成或部分完成的任务信息
salt '*' saltutil.running # 查看运行的jobs ID
salt \\* saltutil.kill_job 20151209034239907625 # kill掉进程ID
salt -d # 查看帮助文档
salt -d|grep service # 查看service相关模块命令
salt '*' sys.doc # 查看帮助文档
salt-key -L # 查询所有接收到的证书
salt-key -a <证书名> # 接收单个证书
salt-key -A # 接受所有证书
salt-key -d <证书名> # 删除单个证书
salt-key -D # 删除所有证书
salt '*' service.get_all # 获取主机所有服务
salt '*' service.reload sshd # 重载sshd服务
salt '*' pkg.list_pkgs # 显示软件包版本列表
salt '*' pkg.version python # 显示软件包版本信息
salt '*' pkg.install httpd # 安装软件包
salt 'node1.com' service.status mysql # 查看mysql服务状态
salt 'node1.com' service.start mysql # 启动mysql服务
salt 'node1.com' cmd.run 'service mysql status' # 与上面一样查看服务
salt '*' sys.list_modules # 模块列表
salt-cp '*' /etc/hosts /etc/hosts # 把master上的hosts文件分发到所有主机
salt '*' cp.get_file salt://ceshi/b /tmp/test # 把salt-master端相应的文件,分发文件到minion端
salt '*' cp.get_dir salt://zabbix /tmp # 把salt-master端相应的目录,分发文件到minion端
salt '*' file.copy /tmp/zabbix.sls /tmp/sls # 把salt-master端对应文件拷贝到minion端相应目录下
salt '*' cmd.run 'uptime' # 远程命令执行测试
二、远程执行脚本:
cmd.script
'cmd.script:'
salt '*' cmd.script salt://scripts/runme.sh
salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
salt '*' cmd.script salt://scripts/windows_task.ps1 args=' -Input c:\\tmp\\infile.txt' shell='powershell'
salt '*' cmd.script salt://scripts/runme.sh stdin='one\\ntwo\\nthree\\nfour\\nfive\\n'
'cmd.shell
This passes the cmd argument directly to the shell
salt '*' cmd.shell "ls -l | awk '/foo/print \\$2'"
salt '*' cmd.shell template=jinja "ls -l /tmp/grains.id | awk '/foo/print \\$2'"
salt '*' cmd.shell "Get-ChildItem C:\\ " shell='powershell'
salt '*' cmd.shell "grep f" stdin='one\\ntwo\\nthree\\nfour\\nfive\\n'
salt '*' cmd.shell cmd='sed -e s/=/:/g'
'cmd.shells:'
salt '*' cmd.shells
‘cmd.tty:’
'cmd.tty:'
salt '*' cmd.tty tty0 'This is a test'
salt '*' cmd.tty pts3 'This is a test'
‘cmd.which:’
salt '*' cmd.which cat
grains选项:
salt '*' grains.ls # 查看grains分类
salt '*' grains.items # 查看grains所有信息
salt '*' grains.item osrelease # 查看grains某个信息
# 说明:state模块是salt state的管理模块,可以通过state模块简单的对minion操作sls状态
salt 'node1.com' state.highstate # 更新指定minons的所有sls状态
salt 'node1.com' state.running # 查看当前运行的sls状态
三、相关例子:
[root@master ~]# salt \\* saltutil.running
node02.saltstack.com:
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141733009548
pid:
5922
ret:
tgt:
*
tgt_type:
glob
user:
root
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141748160358
pid:
5927
ret:
tgt:
*
tgt_type:
glob
user:
root
node01.saltstack.com:
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141733009548
pid:
6252
ret:
tgt:
*
tgt_type:
glob
user:
root
|_
----------
arg:
- egrep -v ^#
fun:
cmd.run
jid:
20190901141748160358
pid:
6256
ret:
tgt:
*
tgt_type:
glob
user:
root
[root@master ~]# salt \\* saltutil.kill_job 20190901141748160358
node01.saltstack.com:
Signal 9 sent to job 20190901141748160358 at pid 6256
node02.saltstack.com:
Signal 9 sent to job 20190901141748160358 at pid 5927
[root@master ~]# salt \\* saltutil.kill_job 20190901141733009548
node02.saltstack.com:
Signal 9 sent to job 20190901141733009548 at pid 5922
node01.saltstack.com:
Signal 9 sent to job 20190901141733009548 at pid 6252
[root@master ~]# salt \\* saltutil.running
node01.saltstack.com:
node02.saltstack.com:
[root@master ~]# salt-run manage.versions
Master:
2015.5.10
Up to date:
----------
node01.saltstack.com:
2019.09.01
node02.saltstack.com:
2019.09.01
[root@RS1 states]# salt-run manage.status
down:
up:
- minion.saltstack.com
- minion2.saltstack.com
[root@RS1 ~]# salt-run manage.versions # 查看salt的所有master和minion的版本信息
Master:
2019.09.01
Up to date:
----------
minion.saltstack.com:
2019.09.01
minion2.saltstack.com:
2019.09.01
[root@RS1 ~]# salt '*' test.ping -v # 使用-v参数,能够查看到job的jid
Executing job with jid 20190901142709337088
-------------------------------------------
minion.saltstack.com:
True
minion2.saltstack.com:
True
说明:每执行一个任务,都会有一个对应的jid
[root@RS1 ~]# salt '*' saltutil.running # 查看minion当前正在运的jobs
minion2.saltstack.com:
|_
----------
arg:
fun:
state.highstate
jid:
20190901143846076337
pid:
5488
ret:
tgt:
*
tgt_type:
glob
user:
root
minion.saltstack.com:
|_
----------
arg:
fun:
state.highstate
jid:
20190901143846076337
pid:
6384
ret:
tgt:
*
tgt_type:
glob
user:
root
[root@RS1 ~]# salt '*' saltutil.kill_job 20190901143846076337
取消正在执行的某个jid,例如:20190901143846076337
[root@master ~]# salt-run jobs.list_jobs
20190901155927733273:
----------
Arguments:
Function:
state.running
StartTime:
2019, Nov 01 15:59:27.733273
Target:
node01.saltstack.com
Target-type:
glob
User:
root
20190901160325920754:
----------
Arguments:
Function:
sys.doc
StartTime:
2019, Nov 01 16:03:25.920754
Target:
*
Target-type:
glob
User:
root
201900021161556599324:
----------
Arguments:
- cat
Function:
cmd.which
StartTime:
2019, Nov 01 16:15:56.599324
Target:
*
Target-type:
glob
User:
root
20190901161641114901:
----------
Arguments:
Function:
grains.ls
StartTime:
2019, Nov 01 16:16:41.114901
Target:
*
Target-type:
glob
User:
root
远程执行是saltstack核心功能之一,使用salt模块可以给选定的minion端发送执行某条命令的指示,并获得返回结果,比如
[root@saltstack-node1 ~]# salt 'saltstack-node2.lichengbing.com' test.ping
saltstack-node2.lichengbing.com:
True
-
salt → 命令
-
saltstack-node2.lichengbing.com → 管理对象
-
test.ping → 模块(这里的ping并不是指我们熟知的网络ping命令)
命令
- salt是saltstack使用最多的一个管理minion命令,但是并不表示就这么一个命令,saltstack命令包括
/usr/bin/salt
/usr/bin/salt-cp
/usr/bin/salt-key
/usr/bin/salt-master
/usr/bin/salt-minion
/usr/bin/salt-run
/usr/bin/salt-unity
/usr/bin/salt-call
/usr/bin/salt-run
/usr/bin/salt-ssh
/usr/bin/salt-syndic
/usr/bin/salt-api
/usr/bin/salt-cloud
四、管理对象
管理对象是我们远程执行的操作主机,saltstack的主机选择支持很多方式,正则匹配、列表匹配、Granis匹配、组匹配、复合匹配、Pillar匹配、CIDR匹配等
- 1)正则匹配
[root@saltstack-node1 ~]# salt -E 'salt*' test.ping #salt*是一个简单的正则表达式
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
[root@saltstack-node1 ~]# salt -E 'saltstack-node[1|2]*' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 2)列表匹配
[root@saltstack-node1 ~]# salt -L saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com test.ping # L 主机用逗号分隔开
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 3)Grains匹配
[root@saltstack-node1 ~]# salt -G 'os:CentOS' test.ping #选择Grains os键值为CentOS的主机
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
#Grains是minion启动时收集的一组系统相关的静态数据,后续会有讲解
#Pillar类似Grains
- 4)组匹配
saltstack可以提前给minion定义组角色,然后以组名来批量匹配
修改master配置文件
[root@saltstack-node1 ~]# vim /etc/salt/master
nodegroups:
web: 'L@saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com'
[root@saltstack-node1 ~]# salt -N web test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
- 5)复合匹配
[root@saltstack-node1 ~]# salt -C 'G@os:CentOS or L@saltstack-node2.lichengbing.com' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
#G@os:CentOS or L@saltstack-node2是使用的一个复合组合,支持 and or 关联多个条件
- 6)CIDR匹配
CIDR就是网络中的无类别域间路由,网段匹配
[root@saltstack-node1 ~]# salt -S '172.16.2.0/24' test.ping
saltstack-node2.lichengbing.com:
True
saltstack-node1.lichengbing.com:
True
六、模块
模块是可以理解为saltstack已经为我们写好的一组可以操作minion主机的命令
saltstack自带的模块功能十分丰富和强大,当然我们也可以自定义一些相关模块(这里需要注意的是,saltstack自带的模块是Master端和Minion端同时存在的,如果在Master自定义模块需要先同步到Minion再执行才能得到返回结果,当然这个同步saltstack会帮我们完成)
以上是关于saltstack 自动化运维工具管理命令的详细使用,获取指定数据集的主要内容,如果未能解决你的问题,请参考以下文章