SaltStack日常维护-第七篇

elixiat

练习内容

远程执行其他模块

官方模块有很多超过300+
　　1.cmd.run
　　2.network
　　3.service
　　4.state
　　5.其它日常维护

演示

cmd.run模块

可以执行系统命令，超级模块有安全隐患，也可以更模块源代码限制危险命令执行比如（rm reboot等），二次开发一般不用此模块



[iyunv@linux-node1 salt]# salt '*' cmd.run 'w'
linux-node1.example.com:
17:36:55 up 12:00,  1 user,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.56.1     16:01    7.00s  1.27s  0.36s /usr/bin/python /usr/bin/salt * cmd.run w
linux-node2.example.com:
17:36:56 up 12:00,  1 user,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.56.1     16:01   54:32   0.00s  0.00s -bash
network模块

network.active_tcp，arp，connect





[iyunv@linux-node1 salt]# salt -S '192.168.56.12' network.active_tcp
linux-node2.example.com:
----------
0:
----------
local_addr:
0.0.0.0
local_port:
111
remote_addr:
0.0.0.0
remote_port:
0
1:
----------
local_addr:
192.168.56.12
local_port:
8080
remote_addr:
0.0.0.0
remote_port:
0
2:
----------
local_addr:
0.0.0.0
local_port:
22
remote_addr:
0.0.0.0
remote_port:
0
3:
----------
local_addr:
127.0.0.1
local_port:
25
remote_addr:
0.0.0.0
remote_port:
0
4:
----------
local_addr:
192.168.56.12
local_port:
55880
remote_addr:
192.168.56.11
remote_port:
4505
5:
----------
local_addr:
192.168.56.12
local_port:
22
remote_addr:
192.168.56.1
remote_port:
50617
6:
----------
local_addr:
192.168.56.12
local_port:
44782
remote_addr:
192.168.56.11
remote_port:
4506
7:
----------
local_addr:
192.168.56.12
local_port:
44862
remote_addr:
192.168.56.11
remote_port:
4506
8:
----------
local_addr:
192.168.56.12
local_port:
44864
remote_addr:
192.168.56.11
remote_port:
4506
salt -S '192.168.56.12' network.active_tcp




[iyunv@linux-node1 salt]# salt '*' network.arp
linux-node2.example.com:
----------
00:0c:29:3c:56:22:
192.168.56.11
00:50:56:c0:00:08:
192.168.56.1
00:50:56:e2:2f:59:
192.168.56.2
linux-node1.example.com:
----------
00:0c:29:6d:87:0c:
192.168.56.12
00:50:56:c0:00:08:
192.168.56.1
00:50:56:e2:2f:59:
192.168.56.2
salt '*' network.arp




[iyunv@linux-node1 salt]# salt -S '192.168.56.12' network.connect www.baidu.com 80
linux-node2.example.com:
----------
comment:
Successfully connected to www.baidu.com (61.135.169.125) on tcp port 80
result:
True
salt -S '192.168.56.12' network.connect www.baidu.com 80
域名解析



salt '*' network.dig www.baidu.com
获取主机名



[iyunv@linux-node1 salt]# salt '*' network.get_hostname
linux-node1.example.com:
linux-node1
linux-node2.example.com:
linux-node2
获取网卡mac地址



[iyunv@linux-node1 salt]# salt '*' network.hw_addr eth0
linux-node1.example.com:
00:0c:29:3c:56:22
linux-node2.example.com:
00:0c:29:6d:87:0c
获取网卡ip地址相关信息





[iyunv@linux-node1 salt]# salt '*' network.interface eth0
linux-node1.example.com:
|_
----------
address:
192.168.56.11
broadcast:
192.168.56.255
label:
eth0
netmask:
255.255.255.0
linux-node2.example.com:
|_
----------
address:
192.168.56.12
broadcast:
192.168.56.255
label:
eth0
netmask:
255.255.255.0
salt '*' network.interface eth0
只获取ip地址信息



[iyunv@linux-node1 salt]# salt '*' network.interface_ip eth0
linux-node1.example.com:
192.168.56.11
linux-node2.example.com:
192.168.56.12
检查回环网卡信息



[iyunv@linux-node1 salt]# salt '*' network.is_loopback 127.0.0.1
linux-node1.example.com:
True
linux-node2.example.com:
True
获取网络连接信息



salt '*' network.netstat
网络ping



[iyunv@linux-node1 salt]# salt '*' network.ping www.baidu.com
linux-node1.example.com:
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=128 time=41.2 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=128 time=50.1 ms
64 bytes from 61.135.169.121: icmp_seq=3 ttl=128 time=87.8 ms
64 bytes from 61.135.169.121: icmp_seq=4 ttl=128 time=86.0 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3008ms
rtt min/avg/max/mdev = 41.298/66.354/87.884/20.883 ms
linux-node2.example.com:
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=128 time=47.3 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=128 time=45.0 ms
64 bytes from 61.135.169.121: icmp_seq=3 ttl=128 time=90.8 ms
64 bytes from 61.135.169.121: icmp_seq=4 ttl=128 time=88.2 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 45.089/67.892/90.865/21.685 ms
网络ping的其它参数



root@linux-node1 ~]# salt '*' network.ping archlinux.org timeout=3
linux-node2.example.com:
PING archlinux.org (138.201.81.199) 56(84) bytes of data.
64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=1 ttl=128 time=247 ms
64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=2 ttl=128 time=260 ms
64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=3 ttl=128 time=268 ms
64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=4 ttl=128 time=296 ms
--- archlinux.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 247.004/268.189/296.863/18.292 ms
linux-node1.example.com:
PING archlinux.org (138.201.81.199) 56(84) bytes of data.
64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=1 ttl=128 time=208 ms
64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=2 ttl=128 time=221 ms
64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=3 ttl=128 time=232 ms
64 bytes from 138.201.81.199: icmp_seq=4 ttl=128 time=260 ms
--- archlinux.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 208.509/230.999/260.674/19.194 ms
[iyunv@linux-node1 ~]# salt '*' network.ping archlinux.org return_boolean=True
linux-node2.example.com:
True
linux-node1.example.com:
True
service模块

service是一个虚拟模块，要调用不同类型系统的服务查看



[iyunv@linux-node1 salt]# salt '*' service.get_all
linux-node1.example.com:
- -.mount
- NetworkManager
- NetworkManager-dispatcher
- NetworkManager-wait-online
......
检查ssh服务



[iyunv@linux-node1 salt]# salt '*' service.available sshd
linux-node1.example.com:
True
linux-node2.example.com:
True
重新加载web服务



[iyunv@linux-node1 salt]# salt '*' service.reload httpd
linux-node1.example.com:
True
linux-node2.example.com:
True
查看服务状态



[iyunv@linux-node1 salt]# salt '*' service.status httpd
linux-node1.example.com:
True
linux-node2.example.com:
True
执行模块state
　　This function will call state.highstate or state.sls based on the arguments passed to this function. It exists as a more intuitive way of applying state



salt '*' state.apply
加载本地的yml



salt '*' state.apply localconfig=/path/to/minion.yml
查看minion在top.sls配置信息



[iyunv@linux-node1 salt]# salt '*node1*' state.show_top
linux-node1.example.com:
----------
base:
- web.lamp
单独执行pkg模块，执行模块直接就执行 ，状态模块先检查



root@linux-node1 ~]# salt 'linux-node1.example.com' state.single pkg.installed name=vim-enhanced
linux-node1.example.com:
----------
ID: vim-enhanced
Function: pkg.installed
Result: True
Comment: Package vim-enhanced is already installed.
Started: 18:27:39.793850
Duration: 825.955 ms
Changes:   
Summary
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
[iyunv@linux-node1 ~]#
其它日常维护

mange检查节点状态



[iyunv@linux-node1 ~]# salt-run manage.status
down:
up:
- linux-node1.example.com
- linux-node2.example.com
mange检查minion版本，有时候可能因为版本不同而导致执行失败



[iyunv@linux-node1 ~]# salt-run manage.versions
Master:
2015.5.10
Up to date:
----------
linux-node1.example.com:
2015.5.10
linux-node2.example.com:
2015.5.10
为了安全 可以先执行测试 test=True，没有问题在应用到服务器



salt "linux-node2*" state.highstate test=True
salt-cp拷贝文件



[iyunv@linux-node1 ~]# salt-cp   'linux-node2.example.com' /etc/rc.local  /mnt/
{'linux-node2.example.com': {'/mnt/rc.local': True}}
　　附：英文参考文档 全部模块
　　https://www.unixhot.com/docs/saltstack/ref/modules/all/

az18

111111111