saltstack自动化运维系列③之saltstack的常用模块使用

1.命令的常用方法：

指定主机运行命令

# salt 'mini1' cmd.run 'date'

mini1:

Fri Apr 7 14:18:13 CST 2017

指定IP执行命令

# salt -S '192.168.3.19' test.ping

node2.chinasoft.com:

True

# salt -C 'S@192.168.3.19 or G@web:nginx' test.ping

mini1:

True

node2.chinasoft.com:

True

2.服务的管理

# salt '*' service.available sshd

node2.chinasoft.com:

True

mini1:

True

# salt '*' service.get_all

服务的管理：

可参考

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#module-salt.modules.service

# salt '*' service.status httpd

node2.chinasoft.com:

True

mini1:

True

[root@mini1 ~]# salt '*' service.stop httpd

node2.chinasoft.com:

True

mini1:

True

[root@mini1 ~]# salt '*' service.status httpd

mini1:

False

node2.chinasoft.com:

False

3.权限控制模块：

可参考：https://docs.saltstack.com/en/latest/ref/publisheracl.html

修改目录权限

# chmod 755 /var/cache/salt /var/cache/salt/master /var/cache/salt/master/jobs /var/run/salt /var/run/salt/master

修改日志权限

# chmod 777 -R /var/log/salt/

# vim /etc/salt/master

client_acl:

jack:

- test.ping

- network.*

tom:

- mini*:

- test.ping

# useradd jack

# useradd tom

可以看到当切换到tom这个用户的时候可以在mini*开头的机器上执行test.ping

su - tom

$ salt 'mini*' test.ping

Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).

[tom@mini1 ~]$ salt 'mini*' test.ping

mini1:

True

[tom@mini1 ~]$ salt 'mini*' 'w'

Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).

切换到jack用户时可以执行test.ping

# su - jack

[jack@mini1 ~]$ salt '*' test.ping

mini1:

True

node2.chinasoft.com:

True