saltstack自動化運維繫列③之saltstack的經常使用模塊使用

時間 2019-11-19

標籤 saltstack 自動化維繫經常使用模塊欄目測試自動化简体版

原文原文鏈接

saltstack自動化運維繫列③之saltstack的經常使用模塊使用html

1.命令的經常使用方法：node

指定主機運行命令nginx

# salt 'mini1' cmd.run 'date'
mini1:
Fri Apr 7 14:18:13 CST 2017web

指定IP執行命令
# salt -S '192.168.3.19' test.ping
node2.chinasoft.com:
Truevim

# salt -C 'S@192.168.3.19 or G@web:nginx' test.ping
mini1:
True
node2.chinasoft.com:
True運維

2.服務的管理
# salt '*' service.available sshd
node2.chinasoft.com:
True
mini1:
Truessh

# salt '*' service.get_allthis

服務的管理：
可參考
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#module-salt.modules.service日誌

# salt '*' service.status httpd
node2.chinasoft.com:
True
mini1:
True
[root@mini1 ~]# salt '*' service.stop httpd
node2.chinasoft.com:
True
mini1:
True
[root@mini1 ~]# salt '*' service.status httpd
mini1:
False
node2.chinasoft.com:
Falsehtm

3.權限控制模塊：
可參考：https://docs.saltstack.com/en/latest/ref/publisheracl.html
修改目錄權限
# chmod 755 /var/cache/salt /var/cache/salt/master /var/cache/salt/master/jobs /var/run/salt /var/run/salt/master
修改日誌權限
# chmod 777 -R /var/log/salt/

# vim /etc/salt/master

client_acl:
jack:
- test.ping
- network.*
tom:
- mini*:
- test.ping

# useradd jack
# useradd tom

能夠看到當切換到tom這個用戶的時候能夠在mini*開頭的機器上執行test.ping
su - tom

$ salt 'mini*' test.ping
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
[tom@mini1 ~]$ salt 'mini*' test.ping
mini1:
True

[tom@mini1 ~]$ salt 'mini*' 'w'
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).

切換到jack用戶時能夠執行test.ping# su - jack[jack@mini1 ~]$ salt '*' test.pingmini1: Truenode2.chinasoft.com: True