saltstack自动化运维系列③之saltstack的常用模块使用

saltstack自动化运维系列③之saltstack的常用模块使用

1.命令的常用方法：

指定主机运行命令

# salt 'mini1' cmd.run 'date'
mini1:
Fri Apr 7 14:18:13 CST 2017

指定IP执行命令
# salt -S '192.168.3.19' test.ping
node2.chinasoft.com:
True

# salt -C 'S@192.168.3.19 or G@web:nginx' test.ping
mini1:
True
node2.chinasoft.com:
True

2.服务的管理
# salt '*' service.available sshd
node2.chinasoft.com:
True
mini1:
True

# salt '*' service.get_all

服务的管理：
可参考
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#module-salt.modules.service

# salt '*' service.status httpd
node2.chinasoft.com:
True
mini1:
True
[root@mini1 ~]# salt '*' service.stop httpd
node2.chinasoft.com:
True
mini1:
True
[root@mini1 ~]# salt '*' service.status httpd
mini1:
False
node2.chinasoft.com:
False

3.权限控制模块：
可参考：https://docs.saltstack.com/en/latest/ref/publisheracl.html
修改目录权限
# chmod 755 /var/cache/salt /var/cache/salt/master /var/cache/salt/master/jobs /var/run/salt /var/run/salt/master
修改日志权限
# chmod 777 -R /var/log/salt/

# vim /etc/salt/master

client_acl:
jack:
- test.ping
- network.*
tom:
- mini*:
- test.ping

# useradd jack
# useradd tom

可以看到当切换到tom这个用户的时候可以在mini*开头的机器上执行test.ping
su - tom

$ salt 'mini*' test.ping
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
[tom@mini1 ~]$ salt 'mini*' test.ping
mini1:
True

[tom@mini1 ~]$ salt 'mini*' 'w'
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).

切换到jack用户时可以执行test.ping
# su - jack
[jack@mini1 ~]$ salt '*' test.ping
mini1:
True
node2.chinasoft.com:
True