saltstack cheatsheet summary (key && compound matcher)

fjqzyc

Salt key management

Listing all Salt key registration requests
1.salt-key -L
Accepting all Salt key requests:
1.salt-key -A
Accepting a single Salt key request, where minion_id is the name of the Minion:
1.salt-key -a minion_id
Removing the key of a Salt Minion, where minion_id is the name of the Minion:
1.salt-key -d minion_id
Removing all the key of Salt minions
1.salt-key -D
　　


　　Query Salt in order to find out what Minions are online, offline or maybe even show both


salt-run manage.up # Shows what Minions are up
salt-run manage.down # Shows what Minions are down or not connected
salt-run manage.status # Shows both online and offline Minions

Matching the minion id

1.Globbing

Match all minions:
salt '*' test.ping
Match all minions in the example.net domain or any of the example domains:
salt '*.example.net' test.ping
salt '*.example.*' test.ping
Match all the webN minions in the example.net domain (web1.example.net, web2.example.net … webN.example.net):
salt 'web?.example.net' test.ping
Match the web1 through web5 minions:
salt 'web[1-5]' test.ping
Match the web1 and web3 minions:
salt 'web[1,3]' test.ping
Match the web-x, web-y, and web-z minions:
salt 'web-[x-z]' test.ping2.Regular expressions

Match both web1-prod and web1-devel minions:
salt -E 'web1-(prod|devel)' test.ping
using regular expressions in a State's top file
base:
'web1-(prod|devel)':
- match: pcre
- webserver3.Lists

salt -L 'web1,web2,web3' test.ping
　　Compound matchers
　　
Letter
Match Type
Example

G
Grains glob
G@os:Ubuntu
E
PCRE Minion ID
E@web\d+\.(dev|qa|prod)\.loc
P
Grains PCRE
P@os:(RedHat|Fedora|CentOS)
L
List of minions
L@minion1.example.com,minion3.domain.com
or bl*.domain.com
I
Pillar glob
I@pdata:foobar
S
Subnet/IP address
S@192.168.1.0/24 or
S@192.168.1.100
R
Range cluster
R@%foo.bar

　　Matchers can be joined using boolean and,
or, and
not operators.
　　eg:
　　salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
That same example expressed in a top file looks like the following:
base:
'webserv* and G@os:Debian or E@web-dc1-srv.*':
- match: compound
- webserver
Note that a leading not is not supported in compound matches
salt -C '* and not G@kernel:Darwin' test.ping
Excluding a minion based on its ID is also possible:
salt -C '* and not web-dc1-srv' test.ping
Matches can be grouped together with parentheses to explicitly declare precedence amongst groups.
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping

example:
　　salt '*' sys.doc
salt -E '.*' cmd.run 'ls -l | grep foo'
salt -L foo.bar.baz,quo.qux cmd.run 'ps aux | grep foo'
salt '*' grains.items
salt -G 'os:Fedora' test.ping
salt '*' pillar.items
salt 'supply.*' network.ip_addrs
salt '*' saltutil.refresh_pillar
salt '*' pillar.item mine_functions
salt '*' mine.get '*' grains.items
salt -C 'G@circle:live and G@data_volume_attached:True'
salt '*' state.sls sfym.app
salt -C 'E@^((?!frontline).)*$' cmd.run 'dpkg --purge nginx'
salt -C 'E@^((?!frontline).)*$' cmd.run 'rm -rf /etc/nginx/'
salt '*' state.highstate test=Tr