saltstack 自动化运维工具管理命令的详细使用,获取指定数据集

Posted 抛物线.

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了saltstack 自动化运维工具管理命令的详细使用,获取指定数据集相关的知识,希望对你有一定的参考价值。

Salt,,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。

salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口;

salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制,如果连接断开,master对客户端就无能为力了。当然,客户端若检查到断开后会定期的一直连接master端的。

这是saltstack的官方手册:saltstack
https://docs.saltstack.com/en/latest/contents.html
首先来看一下help命令:下面针对经常使用到的进行操作解释。

[root@master ~]# salt --help
Usage: salt [options] '<target>' <function> [arguments]

Salt allows for commands to be executed across a swath of remote systems in
parallel, so they can be both controlled and queried with ease.

Options:
  --version             show program's version number and exit
  -V, --versions-report
                        Show program's dependencies version number and exit.
  -h, --help            show this help message and exit
  --saltfile=SALTFILE   Specify the path to a Saltfile. If not passed, one
                        will be searched for in the current working directory.
  -c CONFIG_DIR, --config-dir=CONFIG_DIR
                        Pass in an alternative configuration directory.
                        Default: '/etc/salt'.
  --module-executors=EXECUTOR_LIST
                        Set an alternative list of executors to override the
                        one set in minion config.
  --executor-opts=EXECUTOR_OPTS
                        Set alternate executor options if supported by
                        executor. Options set by minion config are used by
                        default.
  -t TIMEOUT, --timeout=TIMEOUT
                        Change the timeout, if applicable, for the running
                        command (in seconds). Default: 5.
  --args-stdin          Read additional options and/or arguments from stdin.
                        Each entry is newline separated.
  --hard-crash          Raise any original exception rather than exiting
                        gracefully. Default: False.
  --no-parse=argname1,argname2,...
                        Comma-separated list of named CLI arguments (i.e.
                        argname=value) which should not be parsed as Python
                        data types
  -s, --static          Return the data from minions as a group after they all
                        return.
  -p, --progress        Display a progress graph. Requires "progressbar"
                        python package.
  --failhard            Stop batch execution upon first "bad" return.
  --async               Run the salt command but don't wait for a reply.
  --subset=SUBSET       Execute the routine on a random subset of the targeted
                        minions. The minions will be verified that they have
                        the named function before executing.
  -v, --verbose         Turn on command verbosity, display jid and active job
                        queries.
  --hide-timeout        Hide minions that timeout.
  --show-jid            Display jid without the additional output of
                        --verbose.
  -b BATCH, --batch=BATCH, --batch-size=BATCH
                        Execute the salt job in batch mode, pass either the
                        number of minions to batch at a time, or the
                        percentage of minions to have running.
  --batch-wait=BATCH_WAIT
                        Wait the specified time in seconds after each job is
                        done before freeing the slot in the batch for the next
                        one.
  --batch-safe-limit=BATCH_SAFE_LIMIT
                        Execute the salt job in batch mode if the job would
                        have executed on more than this many minions.
  --batch-safe-size=BATCH_SAFE_SIZE
                        Batch size to use for batch jobs created by batch-
                        safe-limit.
  --return=RETURNER     Set an alternative return method. By default salt will
                        send the return data from the command back to the
                        master, but the return data can be redirected into any
                        number of systems, databases or applications.
  --return_config=RETURNER_CONF
                        Set an alternative return method. By default salt will
                        send the return data from the command back to the
                        master, but the return data can be redirected into any
                        number of systems, databases or applications.
  --return_kwargs=RETURNER_KWARGS
                        Set any returner options at the command line.
  -d, --doc, --documentation
                        Return the documentation for the specified module or
                        for all modules if none are specified.
  --args-separator=ARGS_SEPARATOR
                        Set the special argument used as a delimiter between
                        command arguments of compound commands. This is useful
                        when one wants to pass commas as arguments to some of
                        the commands in a compound command.
  --summary             Display summary information about a salt command.
  --metadata=METADATA   Pass metadata into Salt, used to search jobs.
  --output-diff         Report only those states that have changed.
  --config-dump         Dump the master configuration values
  --preview-target      Show the minions expected to match a target. Does not
                        issue any command.

  Logging Options:
    Logging options which override any settings defined on the
    configuration files.

    -l LOG_LEVEL, --log-level=LOG_LEVEL
                        Console logging log level. One of 'all', 'garbage',
                        'trace', 'debug', 'profile', 'info', 'warning',
                        'error', 'critical', 'quiet'. Default: 'warning'.
    --log-file=LOG_FILE
                        Log file path. Default: '/var/log/salt/master'.
    --log-file-level=LOG_LEVEL_LOGFILE
                        Logfile logging log level. One of 'all', 'garbage',
                        'trace', 'debug', 'profile', 'info', 'warning',
                        'error', 'critical', 'quiet'. Default: 'warning'.

  Target Options:
    Target selection options.

    -H, --hosts         List all known hosts to currently visible or other
                        specified rosters
    -E, --pcre          Instead of using shell globs to evaluate the target
                        servers, use pcre regular expressions.
    -L, --list          Instead of using shell globs to evaluate the target
                        servers, take a comma or whitespace delimited list of
                        servers.
    -G, --grain         Instead of using shell globs to evaluate the target
                        use a grain value to identify targets, the syntax for
                        the target is the grain key followed by a
                        globexpression: "os:Arch*".
    -P, --grain-pcre    Instead of using shell globs to evaluate the target
                        use a grain value to identify targets, the syntax for
                        the target is the grain key followed by a pcre regular
                        expression: "os:Arch.*".
    -N, --nodegroup     Instead of using shell globs to evaluate the target
                        use one of the predefined nodegroups to identify a
                        list of targets.
    -R, --range         Instead of using shell globs to evaluate the target
                        use a range expression to identify targets. Range
                        expressions look like %cluster.
    -C, --compound      The compound target option allows for multiple target
                        types to be evaluated, allowing for greater
                        granularity in target matching. The compound target is
                        space delimited, targets other than globs are preceded
                        with an identifier matching the specific targets
                        argument type: salt 'G@os:RedHat and webser* or
                        E@database.*'.
    -I, --pillar        Instead of using shell globs to evaluate the target
                        use a pillar value to identify targets, the syntax for
                        the target is the pillar key followed by a glob
                        expression: "role:production*".
    -J, --pillar-pcre   Instead of using shell globs to evaluate the target
                        use a pillar value to identify targets, the syntax for
                        the target is the pillar key followed by a pcre
                        regular expression: "role:prod.*".
    -S, --ipcidr        Match based on Subnet (CIDR notation) or IP address.

  Additional Target Options:
    Additional options for minion targeting.

    --delimiter=DELIMITER
                        Change the default delimiter for matching in multi-
                        level data structures. Default: ':'.

  External Authentication:
    -a EAUTH, --auth=EAUTH, --eauth=EAUTH, --external-auth=EAUTH
                        Specify an external authentication system to use.
    -T, --make-token    Generate and save an authentication token for re-use.
                        The token is generated and made available for the
                        period defined in the Salt Master.
    --username=USERNAME
                        Username for external authentication.
    --password=PASSWORD
                        Password for external authentication.

  Output Options:
    Configure your preferred output format.

    --out=OUTPUT, --output=OUTPUT
                        Print the output from the 'salt' command using the
                        specified outputter.
    --out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
                        Print the output indented by the provided value in
                        spaces. Negative values disables indentation. Only
                        applicable in outputters that support indentation.
    --out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
                        Write the output to the specified file.
    --out-file-append, --output-file-append
                        Append the output to the specified file.
    --no-color, --no-colour
                        Disable all colored output.
    --force-color, --force-colour
                        Force colored output.
    --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
                        Override the configured state_output value for minion
                        output. One of 'full', 'terse', 'mixed', 'changes' or
                        'filter'. Default: 'none'.
    --state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
                        Override the configured state_verbose value for minion
                        output. Set to True or False. Default: none.

You can find additional help about salt issuing "man salt" or on
http://docs.saltstack.com
[root@master ~]# 

一、salt相关的管理命令:

salt-run manage.up              # 查看存活的minion  

salt-run manage.down           # 查看死掉的minion

salt-run manage.down removekeys=True    # 查看down掉的minion,并将其删除

salt-run manage.status            # 查看minion的相关状态

salt-run manage.versions          # 查看salt的所有master和minion的版本信息

salt-run jobs.active                  # 查看哪些系统任务还在处理中

salt-run jobs.list_jobs                # 显示所有的已完成或部分完成的任务信息

salt '*' saltutil.running              # 查看运行的jobs ID

salt \\* saltutil.kill_job 20151209034239907625       # kill掉进程ID

salt -d                                    # 查看帮助文档

salt -d|grep service               # 查看service相关模块命令

salt '*' sys.doc                       # 查看帮助文档

salt-key  -L                              # 查询所有接收到的证书

salt-key  -a <证书名>              # 接收单个证书

salt-key  -A                             # 接受所有证书

salt-key  -d <证书名>              # 删除单个证书

salt-key  -D                              # 删除所有证书

salt '*' service.get_all               # 获取主机所有服务

salt '*' service.reload sshd     # 重载sshd服务

salt '*' pkg.list_pkgs                 # 显示软件包版本列表

salt '*' pkg.version python       # 显示软件包版本信息

salt '*' pkg.install httpd         # 安装软件包

salt 'node1.com' service.status mysql                   # 查看mysql服务状态

salt 'node1.com' service.start mysql                      # 启动mysql服务

salt 'node1.com' cmd.run 'service mysql status'    # 与上面一样查看服务

salt '*' sys.list_modules       # 模块列表

salt-cp '*'  /etc/hosts   /etc/hosts                              # 把master上的hosts文件分发到所有主机

salt '*' cp.get_file salt://ceshi/b /tmp/test                 # 把salt-master端相应的文件,分发文件到minion端

salt '*' cp.get_dir salt://zabbix /tmp                           # 把salt-master端相应的目录,分发文件到minion端

salt '*' file.copy /tmp/zabbix.sls /tmp/sls                   # 把salt-master端对应文件拷贝到minion端相应目录下

salt '*' cmd.run 'uptime'                                             # 远程命令执行测试 



二、远程执行脚本:

cmd.script

'cmd.script:'


        salt '*' cmd.script salt://scripts/runme.sh

        salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'

        salt '*' cmd.script salt://scripts/windows_task.ps1 args=' -Input c:\\tmp\\infile.txt' shell='powershell'

        salt '*' cmd.script salt://scripts/runme.sh stdin='one\\ntwo\\nthree\\nfour\\nfive\\n'

'cmd.shell

  This passes the cmd argument directly to the shell

        salt '*' cmd.shell "ls -l | awk '/foo/print \\$2'"

        salt '*' cmd.shell template=jinja "ls -l /tmp/grains.id | awk '/foo/print \\$2'"

        salt '*' cmd.shell "Get-ChildItem C:\\ " shell='powershell'

        salt '*' cmd.shell "grep f" stdin='one\\ntwo\\nthree\\nfour\\nfive\\n'

        salt '*' cmd.shell cmd='sed -e s/=/:/g'

'cmd.shells:'

        salt '*' cmd.shells

‘cmd.tty:’

'cmd.tty:'

        salt '*' cmd.tty tty0 'This is a test'

        salt '*' cmd.tty pts3 'This is a test'

‘cmd.which:’

    salt '*' cmd.which cat

grains选项:

salt '*' grains.ls                    # 查看grains分类

salt '*' grains.items                      # 查看grains所有信息

salt '*' grains.item osrelease                  # 查看grains某个信息

# 说明:state模块是salt state的管理模块,可以通过state模块简单的对minion操作sls状态

salt 'node1.com' state.highstate            # 更新指定minons的所有sls状态


salt 'node1.com' state.running              # 查看当前运行的sls状态


三、相关例子:

[root@master ~]# salt \\* saltutil.running

node02.saltstack.com:

    |_

      ----------

      arg:

          -  egrep -v ^#

      fun:

          cmd.run

      jid:

          20190901141733009548

      pid:

          5922

      ret:

      tgt:

          *

      tgt_type:

          glob

      user:

          root

    |_

      ----------

      arg:

          - egrep -v ^#

      fun:

          cmd.run

      jid:

          20190901141748160358

      pid:

          5927

      ret:

      tgt:

          *

      tgt_type:

          glob

      user:

          root

node01.saltstack.com:

    |_

      ----------

      arg:

          -  egrep -v ^#

      fun:

          cmd.run

      jid:

           20190901141733009548

      pid:

          6252

      ret:

      tgt:

          *

      tgt_type:

          glob

      user:

          root

    |_

      ----------

      arg:

          - egrep -v ^#

      fun:

          cmd.run

      jid:

           20190901141748160358

      pid:

          6256

      ret:

      tgt:

          *

      tgt_type:

          glob

      user:

          root

[root@master ~]# salt \\* saltutil.kill_job  20190901141748160358

node01.saltstack.com:

    Signal 9 sent to job  20190901141748160358 at pid 6256

node02.saltstack.com:

    Signal 9 sent to job  20190901141748160358 at pid 5927

[root@master ~]# salt \\* saltutil.kill_job  20190901141733009548

node02.saltstack.com:

    Signal 9 sent to job  20190901141733009548 at pid 5922

node01.saltstack.com:

    Signal 9 sent to job  20190901141733009548 at pid 6252

[root@master ~]# salt \\* saltutil.running

node01.saltstack.com:

node02.saltstack.com:

[root@master ~]# salt-run manage.versions 

Master:

    2015.5.10

Up to date:

    ----------

    node01.saltstack.com:

        2019.09.01

    node02.saltstack.com:

        2019.09.01

[root@RS1 states]# salt-run manage.status

down:

up:

    - minion.saltstack.com

    - minion2.saltstack.com

[root@RS1 ~]# salt-run manage.versions            # 查看salt的所有master和minion的版本信息

Master:

   2019.09.01

Up to date:

    ----------

    minion.saltstack.com:

       2019.09.01

    minion2.saltstack.com:

        2019.09.01

[root@RS1 ~]# salt '*' test.ping  -v          # 使用-v参数,能够查看到job的jid

Executing job with jid 20190901142709337088

-------------------------------------------

minion.saltstack.com:

    True

minion2.saltstack.com:

    True

说明:每执行一个任务,都会有一个对应的jid


[root@RS1 ~]# salt '*' saltutil.running             # 查看minion当前正在运的jobs

minion2.saltstack.com:

    |_

      ----------

      arg:

      fun:

          state.highstate

      jid:

          20190901143846076337

      pid:

          5488

      ret:

      tgt:

          *

      tgt_type:

          glob

      user:

          root

minion.saltstack.com:

    |_

      ----------

      arg:

      fun:

          state.highstate

      jid:

          20190901143846076337

      pid:

          6384

      ret:

      tgt:

          *

      tgt_type:

          glob

      user:

          root

[root@RS1 ~]# salt '*' saltutil.kill_job 20190901143846076337


取消正在执行的某个jid,例如:20190901143846076337


[root@master ~]# salt-run jobs.list_jobs

20190901155927733273:

    ----------

    Arguments:

    Function:

        state.running

    StartTime:

        2019, Nov 01 15:59:27.733273

    Target:

        node01.saltstack.com

    Target-type:

        glob

    User:

        root

20190901160325920754:

    ----------

    Arguments:

    Function:

        sys.doc

    StartTime:

        2019, Nov 01 16:03:25.920754

    Target:

        *

    Target-type:

        glob

    User:

        root

201900021161556599324:

    ----------

    Arguments:

        - cat

    Function:

        cmd.which

    StartTime:

        2019, Nov 01 16:15:56.599324

    Target:

        *

    Target-type:

        glob

    User:

        root

20190901161641114901:

    ----------

    Arguments:

    Function:

        grains.ls

    StartTime:

        2019, Nov 01 16:16:41.114901

    Target:

        *

    Target-type:

        glob

    User:

        root







远程执行是saltstack核心功能之一,使用salt模块可以给选定的minion端发送执行某条命令的指示,并获得返回结果,比如




[root@saltstack-node1 ~]# salt 'saltstack-node2.lichengbing.com' test.ping

saltstack-node2.lichengbing.com:

    True

  • salt → 命令

  • saltstack-node2.lichengbing.com → 管理对象

  • test.ping → 模块(这里的ping并不是指我们熟知的网络ping命令)

命令

  • salt是saltstack使用最多的一个管理minion命令,但是并不表示就这么一个命令,saltstack命令包括
/usr/bin/salt

/usr/bin/salt-cp

/usr/bin/salt-key

/usr/bin/salt-master

/usr/bin/salt-minion

/usr/bin/salt-run

/usr/bin/salt-unity

/usr/bin/salt-call

/usr/bin/salt-run

/usr/bin/salt-ssh

/usr/bin/salt-syndic

/usr/bin/salt-api

/usr/bin/salt-cloud

四、管理对象

管理对象是我们远程执行的操作主机,saltstack的主机选择支持很多方式,正则匹配、列表匹配、Granis匹配、组匹配、复合匹配、Pillar匹配、CIDR匹配等

  • 1)正则匹配
[root@saltstack-node1 ~]# salt -E 'salt*' test.ping          #salt*是一个简单的正则表达式

saltstack-node2.lichengbing.com:

    True

saltstack-node1.lichengbing.com:

    True
[root@saltstack-node1 ~]# salt -E 'saltstack-node[1|2]*' test.ping

saltstack-node2.lichengbing.com:

    True

saltstack-node1.lichengbing.com:

    True

  • 2)列表匹配
[root@saltstack-node1 ~]# salt -L saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com test.ping                    # L 主机用逗号分隔开



saltstack-node2.lichengbing.com:

    True

saltstack-node1.lichengbing.com:

    True




  • 3)Grains匹配
[root@saltstack-node1 ~]# salt -G  'os:CentOS' test.ping #选择Grains os键值为CentOS的主机



saltstack-node2.lichengbing.com:

    True

saltstack-node1.lichengbing.com:

    True


#Grains是minion启动时收集的一组系统相关的静态数据,后续会有讲解


#Pillar类似Grains

  • 4)组匹配

saltstack可以提前给minion定义组角色,然后以组名来批量匹配

修改master配置文件


[root@saltstack-node1 ~]# vim /etc/salt/master

nodegroups:

  web: 'L@saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com'
[root@saltstack-node1 ~]# salt -N web test.ping

saltstack-node2.lichengbing.com:

    True

saltstack-node1.lichengbing.com:

    True

  • 5)复合匹配
[root@saltstack-node1 ~]# salt -C 'G@os:CentOS or L@saltstack-node2.lichengbing.com' test.ping

saltstack-node2.lichengbing.com:

    True

saltstack-node1.lichengbing.com:

    True

#G@os:CentOS or L@saltstack-node2是使用的一个复合组合,支持 and or 关联多个条件

  • 6)CIDR匹配

CIDR就是网络中的无类别域间路由,网段匹配


[root@saltstack-node1 ~]# salt -S '172.16.2.0/24' test.ping

saltstack-node2.lichengbing.com:

    True

saltstack-node1.lichengbing.com:

    True



六、模块

模块是可以理解为saltstack已经为我们写好的一组可以操作minion主机的命令

saltstack自带的模块功能十分丰富和强大,当然我们也可以自定义一些相关模块(这里需要注意的是,saltstack自带的模块是Master端和Minion端同时存在的,如果在Master自定义模块需要先同步到Minion再执行才能得到返回结果,当然这个同步saltstack会帮我们完成)

以上是关于saltstack 自动化运维工具管理命令的详细使用,获取指定数据集的主要内容,如果未能解决你的问题,请参考以下文章

Saltstack 自动化运维工具详细介绍

自动化运维工具之Saltstack

自动化运维之saltstack

部署自动化运维工具SaltStack

自动化运维工具SaltStack详细部署

自动化运维工具SaltStack详细部署