Targeting Minions文檔html
https://docs.saltstack.com/en/latest/contents.html
另請參見:自動化運維神器之saltstack (三)節點組及複合匹配器node
注意事項git
修改了master或者minion的配置文件,那麼必須重啓對應的服務。github
Letterweb |
Match Type正則表達式 |
Exampleexpress |
Alt Delimiter?apache |
G運維 |
Grains globdom |
G@os:Ubuntu |
Yes |
E |
PCRE Minion ID |
E@web\d+\.(dev|qa|prod)\.loc |
No |
P |
Grains PCRE |
P@os:(RedHat|Fedora|CentOS) |
Yes |
L |
List of minions |
L@minion1.example.com,minion3.domain.com or bl*.domain.com |
No |
I |
Pillar glob |
I@pdata:foobar |
Yes |
J |
Pillar PCRE |
J@pdata:^(foo|bar)$ |
Yes |
S |
Subnet/IP address |
S@192.168.1.0/24 or S@192.168.1.100 |
No |
R |
Range cluster |
R@%foo.bar |
No |
Matchers can be joined using boolean and, or, and not operators. 【複合匹配的時候】
1 [root@salt100 ~]# salt '*' test.ping 2 salt02: 3 True 4 salt100: 5 True 6 salt03: 7 True 8 salt01: 9 True
在 top file 中也仍然適用。【推薦使用】
1 # Match all minions: 2 salt '*' test.ping 3 4 # Match all minions in the example.net domain or any of the example domains: 5 salt '*.example.net' test.ping 6 salt '*.example.*' test.ping 7 8 # Match all the 「webN」 minions in the example.net domain (web1.example.net, web2.example.net … webN.example.net): 9 salt 'web?.example.net' test.ping 10 11 # Match the 「web1」 through 「web5」 minions: 12 salt 'web[1-5]' test.ping 13 14 # Match the 「web1」 and 「web3」 minions: 15 salt 'web[1,3]' test.ping 16 17 # Match the 「web-x」, 「web-y」, and 「web-z」 minions: 18 salt 'web-[x-z]' test.ping
使用較少,由於正則寫錯的概率會大些。
正則規則參見:
https://blog.csdn.net/woshizhangliang999/article/details/46859161
1 # Match both 「web1-prod」 and 「web1-devel」 minions: 2 salt -E 'web1-(prod|devel)' test.ping
1 base: 2 'web1-(prod|devel)': 3 - match: pcre # 使用正則匹配 4 - webserver
salt -L 'web1,web2,web3' test.ping
1 # For example, the following matches all CentOS minions: 2 salt -G 'os:CentOS' test.ping 3 4 # Match all minions with 64-bit CPUs, and return number of CPU cores for each matching minion: 5 salt -G 'cpuarch:x86_64' grains.item num_cpus
1 [root@salt100 ~]# salt -G 'ip_interfaces:eth0' test.ping 2 salt01: 3 True 4 salt02: 5 True 6 salt03: 7 True 8 salt100: 9 True 10 [root@salt100 ~]# salt -G 'ip_interfaces:eth0:*11*' test.ping 11 salt01: 12 True
像grains匹配同樣,也支持嵌套匹配。
1 # 具體匹配 2 salt -I 'somekey:specialvalue' test.ping
1 [root@salt100 ~]# salt -I 'level1:level2:my_user:*zhang*' test.ping 2 salt03: 3 True 4 salt02: 5 True
1 # Minions can easily be matched based on IP address, or by subnet 2 salt -S 172.16.1.11 test.ping # 具體地址 3 salt -S 172.16.1.0/24 test.ping # 網段 4 salt -S fe80::20c:29ff:fe95:1b7a test.ping # IPv 6 具體配置 5 salt -S 2001:db8::/64 test.ping # IPv 6 網段配置
1 # Ipcidr matching can also be used in compound matches 2 salt -C 'S@10.0.0.0/24 and G@os:Debian' test.ping
1 '172.16.0.0/12': 2 - match: ipcidr # 匹配方式 3 - internal
Matchers can be joined using boolean and, or, and not operators. 【複合匹配的時候】
1 # the following string matches all 「Debian minions」 with a hostname that begins with 「webserv」, as well as any minions that have a hostname which matches the regular expression 「web-dc1-srv.* 」: 2 salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping 3 4 # Excluding a minion based on its ID is also possible: 5 salt -C 'not web-dc1-srv' test.ping 6 7 # Versions prior to 2015.8.0 a leading 「not」 was not supported in compound matches. Instead, something like the following was required: 8 salt -C '* and not G@kernel:Darwin' test.ping 9 10 # Excluding a minion based on its ID was also possible: 11 salt -C '* and not web-dc1-srv' test.ping
1 base: 2 'webserv* and G@os:Debian or E@web-dc1-srv.*': 3 - match: compound # 複合匹配 4 - webserver
1 # 可使用括號實現優先匹配 2 # 必定要注意括號和目標之間須要「空格」。不遵照此規則可能致使錯誤的目標! 3 salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping
1 # 默認爲 「:」 改成其餘字符分割 2 salt -C 'J|@foo|bar|^foo:bar$ or J!@gitrepo!https://github.com:example/project.git' test.ping
案例1
1 [root@salt100 ~]# salt -C 'G@os:redhat03' test.ping 2 salt01: 3 True 4 [root@salt100 ~]# 5 [root@salt100 ~]# salt -C 'G|@os|redhat03' test.ping # 將分隔符從「:」 改成「|」 6 salt01: 7 True 8 [root@salt100 ~]# salt -C 'G!@os!redhat03' test.ping #將分隔符從「:」 改成「!」 9 salt01: 10 True 11 [root@salt100 ~]# salt -C 'G!@os!redhat03 or salt02' test.ping 12 salt02: 13 True 14 salt01: 15 True
案例2
1 [root@salt-master-7 ~]# salt '*' pillar.item getos 2 10.0.0.112: 3 ---------- 4 getos: 5 ---------- 6 apache: 7 httpd 8 git: 9 git 10 172.16.1.111: 11 ---------- 12 getos: 13 ---------- 14 apache: 15 apache2:kkk 16 git: 17 git-core 18 salt-master-7: 19 ---------- 20 getos: 21 ---------- 22 apache: 23 httpd 24 git: 25 git 26 [root@salt-master-7 ~]# salt -I 'getos:apache:apache2:kkk' test.ping 27 172.16.1.111: 28 True 29 [root@salt-master-7 ~]# salt -C 'I@getos:apache:apache2:kkk' test.ping # 由於有 apache2:kkk ,因此在某些狀況下會出現錯誤 30 172.16.1.111: 31 True 32 [root@salt-master-7 ~]# 33 [root@salt-master-7 ~]# salt -C 'I#@getos#apache#apache2:kkk' test.ping # 表示使用 # 做爲分隔符,而不是 : 34 172.16.1.111: 35 True
備註:
1 1、當向主配置文件添加或修改節點組時,必須從新啓動master,以便徹底識別這些更改。 2 2、在不重啓的狀況下,可使用命令行中 -N 做爲目標的有限功能。
1 # The nodegroups master config file parameter is used to define nodegroups. Here's an example nodegroup configuration within 「/etc/salt/master」: 2 nodegroups: 3 group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com' 4 group2: 'G@os:Debian and foo.domain.com' 5 group3: 'G@os:Debian and N@group1' 6 group4: 7 - 'G@foo:bar' 8 - 'or' 9 - 'G@foo:baz' 10 11 # As of the 2017.7.0 release of Salt, group names can also be prepended with a dash【破折號】. This brings the usage in line with many other areas of Salt. For example: 12 # 組節點也可使用 以下方式。 組名前面到破折號「-」 13 nodegroups: 14 - group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com' 15 16 注意: 17 Nodegroups能夠參考group3中看到的其餘Nodegroups,確保沒有循環引用。循環引用將被檢測到,並致使部分擴展產生日誌錯誤消息。 18 注意: 19 「N@」 不能在命令行和top file中使用,只能在master config 中使用
salt -N group1 test.ping
1 base: 2 group1: 3 - match: nodegroup # 使用節點組匹配 4 - webserver
1 # 常規的定義方式 2 nodegroups: 3 group1: L@host1,host2,host3 4 5 # YAML 定義方式 6 nodegroups: 7 group1: 8 - host1 9 - host2 10 - host3
1 # The 「-b」 (or 「--batch-size」) option allows commands to be executed on only a specified number of minions at a time. 2 # 同一時間執行多少 minion,支持百分比和數字。 3 salt '*' -b 10 test.ping # 同一時間執行 10 臺,完畢後執行另外 10 臺,依次執行下去 4 salt '*' -b 80% test.ping # 同一時間執行 80% 的minion 端,完畢後執行另外 80%【實際是最後的 20%】。 5 salt -G 'os:RedHat' --batch-size 25% apache.signal restart # 6 7 # --batch-wait minion返回後,等待多少秒在發送命令給新的minion 8 salt '*' -b 25% --batch-wait 5 test.ping # 第一批minion反饋後,等待 5 秒後,在發送命令給下一批的minion。