Automation
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
Linux automation and orchestration tools are essential for streamlining and managing complex IT tasks and workflows. Automation tools allow administrators to automate repetitive tasks, such as software installation, configuration management, and system updates. By reducing manual intervention, these tools increase efficiency, minimize errors, and free up time for more strategic activities.
Orchestration tools take automation a step further by coordinating and managing multiple automated tasks across different systems and environments. They enable the seamless integration of various processes, ensuring that tasks are executed in the correct order and dependencies are managed effectively. This is particularly important in environments with complex workflows, such as continuous integration and continuous deployment (CI/CD) pipelines.
One of the key benefits of automation and orchestration tools is their ability to ensure consistency and standardization across systems. By using predefined scripts and templates, administrators can ensure that configurations are applied uniformly, reducing the risk of configuration drift and inconsistencies. This leads to more reliable and predictable system behavior.
These tools also enhance scalability, allowing organizations to efficiently manage large-scale deployments and infrastructure. Automation and orchestration enable rapid provisioning and scaling of resources, ensuring that systems can handle varying workloads and demands. This is crucial for maintaining performance and availability in dynamic environments.
Overall, Linux automation and orchestration tools are indispensable for modern IT operations. They improve efficiency, consistency, and scalability, enabling organizations to manage their infrastructure more effectively. Whether for routine tasks or complex workflows, these tools play a vital role in optimizing system administration and ensuring smooth and reliable operations.
1 - 🖥️ansible
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the ansible command with important options and switches using examples.
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# █████╗ ███╗ ██╗███████╗██╗██████╗ ██╗ ███████╗
# ██╔══██╗████╗ ██║██╔════╝██║██╔══██╗██║ ██╔════╝
# ███████║██╔██╗ ██║███████╗██║██████╔╝██║ █████╗
# ██╔══██║██║╚██╗██║╚════██║██║██╔══██╗██║ ██╔══╝
# ██║ ██║██║ ╚████║███████║██║██████╔╝███████╗███████╗
# ╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝╚═╝╚═════╝ ╚══════╝╚══════╝
#-------------------------------------------------------------------------------------------------#
# Ping der Einzelhosts aus der Datei hosts
ansible pluto -i hosts -m ping
ansible mars-i hosts -m ping
ansible staturn -i hosts -m ping
ansible venus -i hosts -m ping
ansible testserver1 -i hosts -m ping
# Ping aller Hosts in der Datei hosts
ansible '*' -i hosts -m ping
ansible-doc apt
ansible venus.srv041.lxu.io -i hosts -m command -a uptime
ansible-playbook -h hosts -i web-notls.yml
ansible pluto -i hosts -m ping
ansible pluto -i hosts -m command -a uptime
ansible pluto -i hosts -a "tail /var/log/messages"
ansible pluto -m apt "name=ccze state=installed" -b
ansible pluto -i hosts -m user -a "name=tuxtux comment=\"CheffRocker\" shell=/bin/bash state=present" -b
ansible mars -m apt -i "name=ccze state=installed" -b
ansible '*' -i hosts -m command -a 'lsof -i'
ansible '*' -i hosts -m command -a 'apt update'
ansible '*' -i hosts -m command -a 'tail /var/log/syslog'
# für alle Systeme
- name: Stop and disable firewalld
service:
name: firewalld
state: stopped
enabled: no
ignore_errors: yes
# Für Debian und SUSE basierte Systeme Handler - Ein Handler ist ähnlich wie ein Task, läuft aber nur dann, wenn er von einem Task via notify aufgerufen wird. Ein Anfwendungsfall dafür ist zum Beispiel das Neustarten eines Diensts nach einer Änderung an einer Konfigurationsdatei.
# Wir starten den Apache via Handler neu wenn sich das static.html File geändert hat. Dies ist in der Praxis natürlich nicht nötig, der Einfachheit halber wird diese Datei aber als Apache-Konfigurationsdatei betrachtet.
handlers:
- name: Restart Apache
service:
name: apache2
state: restarted
#/home/ansible/playbooks/hosts
[testgruppe]
pluto ansible_ssh_host=10.17.1.204 ansible_ssh_user=root
mars ansible_ssh_host=10.17.1.192 ansible_ssh_user=root
saturn ansible_ssh_host=10.17.1.199 ansible_ssh_user=root
[testserver]
venus ansible_ssh_host=10.16.1.128 ansible_ssh_user=root
testserver1 ansible_ssh_host=10.14.5.41 ansible_ssh_user=root
#--------/home/ansible/palybooks/upgrade.yml------------------------------------#
---
# apt update && upgrade auf allen Servern der Gruppe update mit alter source.list :
- name: Config für update Hosts
hosts: update
become: true
tasks:
# wenn nicht vorhanden installiere htop:
- name: Install htop
apt:
name: htop
state: present
update_cache: yes
# wenn nicht vorhanden installiere ccze:
- name: Install ccze
apt:
name:
- ccze
- arp-scan
state: present
update_cache: yes
# wenn nicht vorhanden installiere nmap:
- name: Install nmap
apt:
name: nmap
state: present
update_cache: yes
# Über notify wird dann ein restart von Apache initiiert:
- name: Copy proxyfile to /etc/apt/apt.conf.d/
copy:
src: files/proxyfile
dest: /etc/apt/apt.conf.d/
# Über notify wird dann ein restart von Apache initiiert:
- name: Copy sources.list to /etc/apt/
copy:
src: files/sources.list
dest: /etc/apt/
# Für Debian und SUSE basierte Systeme Handler - Ein Handler ist ähnlich wie ein Task, läuft aber nur dann, wenn er von einem Task via notify aufgerufen wird. Ein Anfwendungsfall dafür ist zum Beispiel das Neustarten eines Diensts nach einer Änderung an einer Konfigurationsdatei. Wir starten den Apache via Handler neu wenn sich das static.html File geändert hat. Dies ist in der Praxis natürlich nicht nötig, der Einfachheit halber wird diese Datei aber als Apache-Konfigurationsdatei betrachtet.
handlers:
- name: Restart Apache
service:
name: apache2
state: restarted
# 7.2 Playbook für mehrere Distributionen -Durch das gesammelte Wissen über Facts können wir das Playbook für mehrere Distributionen verfügbar machen. Es wären noch mehr Änderungen am Playbook nötig (Services, Handlers), in der Kürze des Workshops wird allerdings nur beispielhaft die Installation gezeigt.
tasks:
- name: Install Apache on RHEL
yum:
name: httpd
state: present
when: ansible_os_family == “RedHat”
- name: Install Apache on Debian
apt:
name: apache2
state: present
update_cache: yes
when: ansible_os_family == “Debian”
- name: Install Apache on SUSE
zypper:
name: apache2
state: present
when: ansible_os_family == “Suse”
- name: Copy static.html
#--------/home/ansible/palybooks/upgrade.yml------------------------------------#
# ansible historytext
ansible raspberry -m apt -a 'upgrade=yes update_cache=yes cache_valid_time=864000' --become
ansible raspberry -m command -a 'ls'
ansible raspberry -m -m apt -a 'upgrade=yes update_cache=yes cache_valid_time=864000' --become
ansible raspberry -m ping
ansible Client -m ping
ansible-config
ansible ebook -m apt -a 'upgrade=yes update_cache=yes cache_valid_time=864000' --become
ansible ebook -m ping
ansible ebook -m test.ping
ansible --list-host
ansible '*' --list-hosts
ansible * --list-hosts
ansible '*' -m apt -a 'upgrade=yes update_cache=yes cache_valid_time=864000' --become
ansible '*' -m ping
ansible '*' -m ping
ansible * -m ping
ansible nas.fritz.box -m ping
ansible nas -m ping
ansible nas -m ping
ansible proxy -m ping
ansible salt -m ping
ansible raspydisplay -m apt -a 'apt upgrade'
ansible raspydisplay -m apt 'apt upgrade'
ansible raspycdisplay -m apt -a 'upgrade=yes update_cache=yes cache_valid_time=86400' --become
ansible raspydisplay -m cmd -a 'lsof -i'
ansible raspydisplay -m command -a 'apt upgrade'
ansible raspydisplay -m command -a 'lsof -i'
ansible raspydisplay -m ping
ansible raspydisplay -m shell -a 'apt update'
ansible raspydisplay -m shell -a 'apt upgrade'
ansible raspydisplay -m shell -a 'ifconfig'
ansible raspydisplay -m shell -a 'lsof -i'
ansible raspydisplay -m shell 'ifconfig'
ansible raspy* -m ping
cat /etc/ansible/hosts
cd /etc/ansible
history | grep ansible
vi /etc/ansible/hosts
ansible raspberry -m ping
# Parallel Prozesses
-f 'FORKS', --forks 'FORKS'
# specify number of parallel processes to use (default=5)
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command ansible in a clear format. This allows users to quickly access the needed information for ansible without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for ansible are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
2 - 🖥️at
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the at command with important options and switches using examples.
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# █████╗ ████████╗
# ██╔══██╗╚══██╔══╝
# ███████║ ██║
# ██╔══██║ ██║
# ██║ ██║ ██║
# ╚═╝ ╚═╝ ╚═╝
#==============================#
# CMD AT
#==============================##==============================#
# To schedule a one time task
at {time}
{command 0}
{command 1}
Ctrl-d
# {time} can be either
now | midnight | noon | teatime (4pm)
HH:MM
now + N {minutes | hours | days | weeks}
MM/DD/YY
# To list pending jobs
atq
# To remove a job (use id from atq)
atrm {id}
# Schedule a one-time task using "at" command and intuitive date specifications
at now + 30 minutes
# Explanation:
# The example will run something 30 minutes from now.
# Another example: at 0815 wed -- run something at 8:15am on the next Wednesday.
# With atq you can see the list of scheduled jobs, this is good to confirm that you specified the date correctly and the job will run when you want.
# With atrm you can cancel scheduled jobs, using the job id as parameter, which you can find in the atq output.
#==============================##==============================#
# CMD AT
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command at in a clear format. This allows users to quickly access the needed information for at without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for at are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
3 - 🖥️crontab
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the crontab command with important options and switches using examples.
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# ██████╗██████╗ ██████╗ ███╗ ██╗████████╗ █████╗ ██████╗
# ██╔════╝██╔══██╗██╔═══██╗████╗ ██║╚══██╔══╝██╔══██╗██╔══██╗
# ██║ ██████╔╝██║ ██║██╔██╗ ██║ ██║ ███████║██████╔╝
# ██║ ██╔══██╗██║ ██║██║╚██╗██║ ██║ ██╔══██║██╔══██╗
# ╚██████╗██║ ██║╚██████╔╝██║ ╚████║ ██║ ██║ ██║██████╔╝
# ╚═════╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝╚═════╝
# set a shell
SHELL=/bin/bash
# crontab format
* * * * * command_to_execute
- - - - -
| | | | |
| | | | +- day of week (0 - 7) (where sunday is 0 and 7)
| | | +--- month (1 - 12)
| | +----- day (1 - 31)
| +------- hour (0 - 23)
+--------- minute (0 - 59)
# example entries
# every 15 min
*/15 * * * * /home/user/command.sh
# every midnight
* 0 * * * /home/user/command.sh
# every Saturday at 8:05 AM
5 8 * * 6 /home/user/command.sh
# Allowed special character (*, -, /, ?, #)
#-------------------------------------------
Asterik(*) – Match all values in the field or any possible value.
Hyphen(-) – To define range.
Slash (/) – 1st field /10 meaning every ten minute or increment of range.
Comma (,) – To separate items.
# System Wide Cron Schedule
#===========================
# System administrator can use predefine cron directory as shown below.
/etc/cron.d
/etc/cron.daily
/etc/cron.hourly
/etc/cron.monthly
/etc/cron.weekly
# Special Strings for Common Schedule
#--------------------------------------
Strings Meanings
@reboot Command will run when the system reboot.
@daily Once per day or may use @midnight.
@weekly Once per week.
@yearly Once per year. we can use @annually keyword also.
# Multiple Commands with Double amper-sand(&&)
#---------------------------------------------
In below example command1 and command2 run daily.
# crontab -e
@daily <command1> && <command2>
# Disable Email Notification.
#------------------------------
# By default cron send mail to user account executing cronjob. If you want to disable it add your cron job similar to below example. Using >/dev/null 2>&1 option at the end of the file will redirect all the output of the cron results under /dev/null.
crontab -e
* * * * * >/dev/null 2>&1
crontab -l | tee crontab-backup.txt | sed 's/old/new/' | crontab –
# Send mail to root when crontab command fails to run
#Got a script that gets executed by crontab as the Apache user. Had a problem with my deployment script where it didn't give the Apache user permissions to execute the script after deploying it. Crontab would call the script and it would silently fail because the Apache user didn't have permissions to run it.
# I wanted to get notified when this happened outside of the normal notifications the script itself does, in case script fails to run altogether.
# Adding || mail -s "Error $? running $_" root to my script achieved this. What it does is emails root with the exit code and the command name in the subject line, e.g.: Subject: Error 126 running drush.cron. Bash exit code 126 means command not executable, e.g. permission denied.
# Example of how it looks in /etc/crontab:
*/15 * * * * www-data drush.cron || mail -s "Error $? running $_" root
# Another example with script's normal output (stdout) being discared (e.g. mail sent only if script exits with an error or script execution fails in the first place):
*/15 * * * * www-data drush.cron 1>/dev/null || mail -s "Error $? running $_" root
# Monitoring of Crons
"&&" is used to chain commands together, such that the next command is run if and only if the preceding command exited without errors (or, more accurately, exits with a return code of 0). - Source We ran our Symfony cron command with ping to OpsGenie like below:
bin/console our-cron:command && curl -X GET 'https://api.opsgenie.com/v2/heartbeats/our-cron/ping' --header 'Authorization: GenieKey '"$OPSGENIE_API_KEY"''
# We did a bit different variation to the above command and created a bash script where the command and name of the heartbeat were sent as parameters.
# Redirect stdout to /dev/null (only print output sent to stderr):
./test 1>/dev/null
# Redirect stderr to /dev/null (only print output sent to stdout):
./test 2>/dev/null
# Redirect all output to /dev/null (print nothing):
./test &>/dev/null
#==============================##==============================#
# CMD crontab #
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command crontab in a clear format. This allows users to quickly access the needed information for crontab without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for crontab are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
4 - 🖥️salt
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the salt command with important options and switches using examples.
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# ███████╗ █████╗ ██╗ ████████╗
# ██╔════╝██╔══██╗██║ ╚══██╔══╝
# ███████╗███████║██║ ██║
# ╚════██║██╔══██║██║ ██║
# ███████║██║ ██║███████╗██║
# ╚══════╝╚═╝ ╚═╝╚══════╝╚═╝
# Saltstack ist eine Softwareverwaltung für Linux und Windows, mit der eine große Anzahl von Systemen verwaltet werden kann
#------------#
# Todo Bei einem neuen Minion:
#-------------------------------#
1. apt install salt-minion
2. vi /etc/hosts muss die DMZ Adresse drin sein wie z.B.
# 10.254.253.47 salt
3. vi /etc/salt/minion_id >
# FQDN wie z.B. proxy.lxu.io
4. Am Salt Master schauen ob es neue Minions gibt
salt-key -L
5. DMZ
# Destination dmz.lxu.io (dmz Adresse) <-> DMZ = source
# Ports TCP 4505 und TCP 4506 müssen eingehen an der Inside Firewall offen sein
# DMZ muss in /etc/hosts eintrag rein:
# 10.254.254.10 salt
6. in der /etc/salt/minion_id
#muss der hostname in FQDN rein
### Installation
# -------------
# cname salt auf master einrichten -> salt.lxu.io
# Master
apt-get install salt-master
# Miniom
apt-get install salt-minion
### Administration (remote execution)
# ----------------------------------
# auf der Kommandozeile des Masters als root:
## Minions hinzufügen:
# -> zeigt accepted und unaccepted Clients an
salt-key -L
# -> fügt accepted Clients hinzu
salt-key -A
## Verwaltung:
salt-run manage.status
salt '*' test.ping
salt '*' cmr.run 'ls -l /etc/hosts'
salt '*' cmd.run 'lsb_release -d'
salt '*' network.interfaces
salt '*' status.loadavg
salt '*' disk.usage
salt '*' status.uptime
# Alle verfügbaren Module anschauen:
salt 'SERVER*' sys.doc | grep -E "^\w"
# Nur Befehle für pkg-Modul anschauen
salt 'SERVER*' sys.doc pkg
# Paket Version anschauen
salt 'SERVER.lxu.io' pkg.version vim
# Paket installieren
sealt 'SERVER.lxu.io' pkg.install vim
# Paket löschen
sealt 'LINUX-SERVER.lxu.io' pkg.purge vim
# Pakete updaten
salt 'SERVER*' pkg.list_upgrades
salt '*' pkg.upgrade
salt 'LINUX-SERVER.lxu.io' pkg.upgrade dryrun=True
# Achtung, nicht alle Maschinen gleichzeitig booten
salt 'LINUX-SERVER.lxu.io' system.reboot
# Password generieren
salt 'minion_id' shadow.gen_password 'Plaintext_Password'
# Passwort ändern
salt 'minion_id' shadow.set_password root 'Password_Hash'
### States (system states)
# ---------------------
# zuerst in /etc/salt/master fileserver konfigurieren
file_roots:
base:
- /srv/salt
# dann /etc/init.d/salt-master restart
/srv/salt/top.sls Kommandozentrale
/srv/salt/vim Pakte
# einen State ausführen:
salt -v 'LINUX-SERVER.lxu.io' state.sls vim
# state.apply = state.highstate oder state.sls
salt 'LINUX-SERVER' state.apply vim
### Pillars (system variables)
# --------------------------
### Garin (Oberflächenbild)
# ------------------------
# Grains auflisten
salt 'LINUX-SERVER.lxu.io' grains.items
# Grain addressieren
salt -G 'virtual:VMware' test.ping
### Addressieren von Minions
# -------------------------
## 1. Liste
# in top.sls
'LINUX-SERVER.lxu.io,proxy.lxu.io'
- match: list
# addressieren
salt -L
## 2. Nodegroups
# konfigurieren der Gruppe in /etc/salt/master
# in top.sls
proxy:
- match: nodegroup
# addressieren
salt -N ...
salt -N 'dnsdmz' state.sls bind
salt -N 'mailrelay' state.highstate postfixmailrelay
# oder
salt -N 'mailrelay' state.sls postfixmailrelay
# dazu muss postfixmailrelay nicht in top eingetragen sein
###########################################
# Verzeichnis auf lxu.io/srv/salt
#####################################
# alle hosts die mit dns beginnen werden angepingt
salt 'dns*' test.ping
# alle hosts die mit dns beginnen wird folgendes ausgeführt:
salt 'dns*' state.sls agentsdns
############ /srv/salt/agentsdns.sls ##########
# agent auf den sdns-Server installieren
# check-mk-agent:
# pkg.purged: []
# cmd.run:
# - name: rm -f /root/check-mk-agent*deb
# checkmkagent:
# cmd.run:
# - name: dpkg -i /root/check-mk-agent_1.2.8p18_all.deb
# - require:
# - file: /root/check-mk-agent_1.2.8p18_all.deb
# /root/check-mk-agent_1.2.8p18_all.deb:
# file.managed:
# - source: salt://deploy/checkmk/check-mk-agent_1.2.8p18_all.deb
# register:
# cmd.run:
# - name: cmk-update-agent register -vvv --secret SECRETPASS
# Packet Upgrades verfügber?
salt 'unix.lxu.io' pkg.list_upgrades
# Packete Upgraden
salt 'unix.lxu.io' pkg.upgrade
# dhcpdconfsdns.sls ausfürhen (alle configs auf allen dhcp server austauschen)
salt 'dhcp.lxu.*' state.sls dhcpdconfsdns
# config verzeichnis [email protected]:/srv/salt/deploy/dhcpdsdns
history | awk '{print $4,$5,$6,$7,$8,$9,$10}' | grep -i salt
cd /srv/salt/deploy/
salt-key -L
salt-key -L | grep voip
salt-key -L | grep prx
salt-key -A
salt-key -L | wc -l
salt 'dns.lxu.io' state.highstate
salt-cmd proxy.lxu.io test.ping
salt apache.lxu.io test.ping
# drüberkopieren
salt-cp dhcp.lxu.io ./sysctl.conf /etc/
salt-cp proxy.lxu.io ./sysctl.conf /etc/
salt nginx.lxu.io cmd.run 'sysctl -p'
salt nbinx.lxu.io cmd.run 'sysctl -p'
salt proxy.lxu.io cmd.run 'sysctl -p'
salt-key -d bind9.lxu.io
salt 'saltstack.lxu.io' state.highstate
# Anpingen eines Servers
salt unix-srv50.lxu.io test.ping
salt unix-srv360.lxu.io test.ping
salt '*' cmd.run 'lsb_release -d'
salt 'proxy*' pkg.update
salt 'server1.lxu.io' pkg.upgrade
salt '*.lxu.io' pkg.install linux-image-amd64
salt 'ssh.lxu.io' state.sls vim
salt '*.lxu.io' pkg.autoremove purge=True
salt 'dhcp.lxu.io' system.reboot
salt 'squidproxy*' cmd.run 'tail /var/log/squid/access.log'
salt -N 'mailrelay' state.sls postfixmailrelay
# Eine Nodegroup wird unter /etc/salt/master erstellt - z.b. nodegroup unix-srv:
unix-srv: '[email protected],unix-srv379.lxu.io,unix-srv380.lxu.io,unix-srv381.lxu.io,unix-srv383.lxu.io,unix-srv384.lxu.io,unix-srv389.lxu.io,unix-srv390.lxu.io,unix-srv391.lxu.io,unix-srv392.lxu.io,unix-srv393.lxu.io,unix-srv394.lxu.io,unix-srv770.lxu.io,unix-srv774.lxu.io,unix-srv777.lxu.io,unix-srv260.lxu.io,unix-srv260.lxu.io'
salt -N 'unix-srv' cmd.run 'lsb_release -d'
salt -N 'unix-srv' cmd.run 'tail -n 10 /var/log/daemon.log'
salt -N 'unix-srv' cmd.run 'tail -n 10 /var/log/daemon.log'
#-----------------------------------------------------------------------///
# Port 4506 Saltstack
#-----------------------------------------------------------------------///
# Beispiel: Benutzer anlegen
salt * user.add thorsten
# Benutzer auf allen Systemen anlegen
salt '*' ssh.set_auth_key admin AAAAB3NzaC2y…p8cxw==enc='rsa' comment='[email protected]'
# Einen öffentlichen SSH-Schlüssel hinterlegen
salt '*' user.chshell admin /bin/bash
salt * cmd.run "lsb_release -d"
salt * pkg.upgrade
# Beispiel: Benutzer anlegen
salt * user.add thorsten
# Benutzer auf allen Systemen anlegen
salt '*' ssh.set_auth_key admin AAAAB3NzaC2y…p8cxw==enc='rsa' comment='[email protected]'
# Einen öffentlichen SSH-Schlüssel hinterlegen
salt '*' user.chshell admin /bin/bash
# Minions adressieren (Grain = Oberflächenbild)
salt -G "os_family:RedHat" test.ping
# unter der Oberfläche
salt minion1.lxu.io grains.items
# States definieren in /etc/salt/master
file_roots:
base:
- /srv/salt
# Die Kommandobrücke: top.sls
/srv/salt/top.sls
# Benutzer verwalten
/srv/salt/create_user.sls
### Push & Pull
# -------------
# Pull - Minions holen sich alle States ab: root@minion2:~
salt-call state.highstate
# Push - Master schickt alle Sates (top.sls): root@master:~
salt minion1.lxu.io state.highstate
# Master schickt einen State: root@master:~#
salt minion1.lxu.io state.sls create_user
# dynamische Dateien mit Jinja
#-----------------------------------------------------------------------///
# Upgade Buster
/etc/apparmor.d/local/usr.sbin.named
# alle die mit linux- anfangen - rausfinden wie die wirktlich heißen
salt 'linux-*' cmd.run 'hostname'
# System testpingen
salt 'linux-sftp.lxu.io' test.ping
# System upgraden
salt 'linux-sftp.lxu.io' pkg.upgrade dist_upgrade=yes
# Alten system aufräumen
salt 'linux-sftp.lxu.io' pkg.autoremove
# System upgraden
salt 'linux-sftp.lxu.io' pkg.upgrade dist_upgrade=yes
# reboot
salt 'linux-sftp.lxu.io' system.reboot
# testen ob 10 läuft
salt 'linux-sftp.lxu.io' '*' cmd.run 'lsb_release -d'
# Shell Variable setzen
[email protected]:/srv/salt# MyServer=lxu.io
[email protected]:/srv/salt# echo $MyServer
#-----------------------------------------------------------------#
salt '$MyServer' pkg.upgrade dist_upgrade=yes
salt '$MyServer' state.sls upgrade
salt '$MyServer' pkg.upgrade dist_upgrade=yes
# -> Minion did not return. [Not connected]
# dauert weile -> 5min bis minion wieder da ist
salt '$MyServer' pkg.autoremove
salt '$MyServer' system.reboot
salt '$MyServer' test.ping
[email protected]:/srv/salt# MyServer=linux.lxu.io
[email protected]:/srv/salt# echo $MyServer
#-----------------------------------------------------------------#
salt -N '2upgrade' pkg.upgrade dist_upgrade=yes
salt -N '2upgrade' state.sls upgrade
salt -N '2upgrade' pkg.upgrade dist_upgrade=yes
# -> Minion did not return. [Not connected]
# dauert weile -> 5min bis minion wieder da ist
salt -N '2upgrade' pkg.autoremove
salt -N '2upgrade' system.reboot
salt -N '2upgrade' test.ping
# Tests
salt -N '2upgrade' cmd.run 'service isc-dhcp-server status'
salt -N '2upgrade' cmd.run 'service bind9 status'
salt -N '2upgrade' cmd.run 'tail -n 50 /var/log/daemon.log'
salt -N '2upgrade' cmd.run 'dig @localhost linux.lxu.io'
salt -N '2upgrade' cmd.run 'dig @localhost google.com'
## recive Files from salt-minion
# gehen ins verzeichnis: -> /var/cache/salt/master/minions/linux.lxu.io/files/root
# -> salt linux.lxu.io cp.push /root/testdatei
salt linux.lxu.io cp.push /root/testdatei
# copiert von remote nach /var/cache/salt/master/minions/mx.lxu.io/files/*
salt -N mxn cp.push_dir /etc/postfix/
salt linux.lxu.io cp.push /etc/dhcp/
salt mx.lxu.io cp.push_dir /etc/postfix/
salt mx.lxu.io cp.push_dir /etc/rspamd/
salt mx.lxu.io cp.push_dir /var/lib/clamav/
# von . local das script nach /usr/local/bin zu den minions kopieren
salt-cp dhcp.lxu.io 'dhcplease-monitor.sh' '/usr/local/bin'
# auf minions remote dateirecht des scripts ändern auf execuable
salt dhcp.lxu.io cmd.run 'chmod +x /usr/local/bin/dhcplease-monitor.sh'
# Testping auf dhcp.lxu.io
salt 'dhcp.lxu.io*' test.ping
# Copy des scripts nach /usr/local/bin
salt-cp 'dhcp.lxu.io*' 'dhcplease-monitor.sh' '/usr/local/bin'
# chmod eines scripts über
salt 'dhcp.lxu.io*' cmd.run 'chmod u+x /usr/local/bin/dhcplease-monitor.sh'
#==============================##==============================#
# CMD SALT #
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command salt in a clear format. This allows users to quickly access the needed information for salt without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for salt are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
5 - 🖥️saltstack
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the saltstack command with important options and switches using examples.
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# ███████╗ █████╗ ██╗ ████████╗███████╗████████╗ █████╗ ██████╗██╗ ██╗
# ██╔════╝██╔══██╗██║ ╚══██╔══╝██╔════╝╚══██╔══╝██╔══██╗██╔════╝██║ ██╔╝
# ███████╗███████║██║ ██║ ███████╗ ██║ ███████║██║ █████╔╝
# ╚════██║██╔══██║██║ ██║ ╚════██║ ██║ ██╔══██║██║ ██╔═██╗
# ███████║██║ ██║███████╗██║ ███████║ ██║ ██║ ██║╚██████╗██║ ██╗
# ╚══════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
#########################
# saltstack cheat sheet
############################
SaltStack master operations
salt-key -L -> Showing all minions
salt-key -a <minion_id> -> Accepting an unaccepted minion
salt-key -A -> Accepting all unaccepted minions
salt-key -d <minion_id> -> Removing a minion
salt '*' state.sls nginx -> Running formula
salt '*' cmd.run 'ls -l /etc'
salt '*' pkg.install vim
salt '*' network.interfaces
salt '*' test.echo 'foo: bar'
salt-call -> masterless minion.
salt '*' state.apply vim -> Run /srv/salt/vim.sls
sudo salt-key -F master
#Install master/node
#master node
#----------------------#
sudo apt-get update -y
sudo apt-get dist-upgrade -y
sudo apt-get install salt-master salt-ssh salt-cloud salt-doc -y
sudo vi /etc/salt/master
# The address of the interface to bind to:
interface: 192.168.39.11
sudo salt-key -a ubuntu
sudo salt-key -L
sudo service salt-master restart
sudo service salt-master status
sudo mkdir -p /srv/salt/
sudo mkdir -p /srv/salt/nginx
sudo vi /srv/salt/nginx/init.sls
nginx:
pkg:
- installed
sudo salt ubuntu state.sls nginx
sudo salt ubuntu test.ping
#slave node
#----------------------#
apt-get update -y
apt-get dist-upgrade -y
apt-get install salt-minion -y
sudo vi /etc/salt/minion
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: 192.168.39.11
sudo service salt-minion restart
################ # SaltStack Cheat Sheet ###########################
SaltStack Cheat Sheet .. My collection of often used commands on my Salt master.
This list is partly inspired by the fine lists on:
* http://www.xenuser.org/saltstack-cheat-sheet/
* https://github.com/saltstack/salt/wiki/Cheat-Sheet
- [SaltStack Cheat Sheet]
- [First things first : Documentation]
- [Documentation on the system]
- [Documentation on the web]
- [Minions]
- [Minion status]
- [Target minion with state files]
- [Grains]
- [Jobs in Salt]
- [Sysadmin specific]
- [System and status]
- [Packages]
- [Check status of a service and manipulate services]
- [Network]
- [Salt Cloud]
# Documentation
This is important because the help system is very good.
## Documentation on the system
#--------------------------------------#
salt '*' sys.doc # output sys.doc (= all documentation)
salt '*' sys.doc pkg # only sys.doc for pkg module
salt '*' sys.doc network # only sys.doc for network module
salt '*' sys.doc system # only sys.doc for system module
salt '*' sys.doc status # only sys.doc for status module
## Documentation on the web
#--------------------------------------#
- SaltStack documentation: http://docs.saltstack.com/en/latest/
- Salt-Cloud: http://docs.saltstack.com/en/latest/topics/cloud/
- Jobs: http://docs.saltstack.com/en/latest/topics/jobs/
# Minions
## Minion status
#--------------------------------------#
You can also use several commands to check if minions are alive and kicking but I prefer manage.status/up/down.
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run manage.up # Any minions that are up?
salt-run manage.down # Any minions that are down?
salt-run manage.alived # Show all alive minions
salt '*' test.version # Display salt version
salt '*' test.ping # Use test module to check if minion is up and responding.
# (Not an ICMP ping!)
## Target minion with state files
#--------------------------------------#
Apply a specific state file to a (group of..) minion(s). Do not use the .sls extension. (just like in the state files!)
salt '*' state.sls mystatefile # mystatefile.sls will be applied to *
salt 'minion1' state.sls prod.somefile # prod/somefile.sls will be applied to minion1
## Grains
#--------------------------------------#
List all grains on all minions
salt '*' grains.ls
Look at a single grains item to list the values.
salt '*' grains.item os # Show the value of the OS grain for every minion
salt '*' grains.item roles # Show the value of the roles grain for every minion
Manipulate grains.
salt 'minion1' grains.setval mygrain True # Set mygrain to True (create if it doesn't exist yet)
salt 'minion1' grains.delval mygrain # Delete the value of the grain
# Jobs in Salt
Some jobs operations that are often used. (http://docs.saltstack.com/en/latest/topics/jobs/)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
# Sysadmin specific
Some stuff that is specifically of interest for sysadmins.
## System and status
#--------------------------------------#
salt 'minion-x-*' system.reboot # Let's reboot all the minions that match minion-x-*
salt '*' status.uptime # Get the uptime of all our minions
## Packages
#--------------------------------------#
salt '*' pkg.list_upgrades # get a list of packages that need to be upgrade
salt '*' pkg.upgrade # Upgrades all packages via apt-get dist-upgrade (or similar)
salt '*' pkg.version bash # get current version of the bash package
salt '*' pkg.install bash # install or upgrade bash package
salt '*' pkg.install bash refresh=True # install or upgrade bash package but
# refresh the package database before installing.
## Check status of a service and manipulate services
#--------------------------------------#
salt '*' service.status <service name>
salt '*' service.available <service name>
salt '*' service.start <service name>
salt '*' service.restart <service name>
salt '*' service.stop <service name>
## Network
#--------------------------------------#
Do some network stuff on your minions.
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
salt 'minion1' network.traceroute <hostname> # Traceroute a host from your minion
salt 'minion1' network.get_hostname # Get hostname
salt 'minion1' network.mod_hostname # Modify hostname
# Salt Cloud
Salt Cloud is used to provision virtual machines in the cloud. (surprise!) (http://docs.saltstack.com/en/latest/topics/cloud/)
salt-cloud -p profile_do my-vm-name -l debug # Provision using profile_do as profile
# and my-vm-name as the virtual machine name while
# using the debug option.
salt-cloud -d my-vm-name # destroy the my-vm-name virtual machine.
salt-cloud -u # Update salt-bootstrap to latest develop version on GitHub.
############# # SaltStackCheatSheet # ####################
This code is a part from "SaltStack For DevOps" Book : https://leanpub.com/saltstackfordevops/
Official website: http://saltstackfordevops.com
[](https://leanpub.com/saltstackfordevops/)
## Installing SaltStack - Ubuntu 14.*
#--------------------------------------#
wget -O - https://repo.saltstack.com/apt/ubuntu/ubuntu14/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/apt/ubuntu/ubuntu14/latest trusty main' | sudo tee -a /etc/apt/sources.list
sudo apt-get update
# Master installation
apt-get install salt-master
# Minion installation
apt-get install salt-minion
# Salt ssh installation
apt-get install salt-ssh
# Salt syndic installation
apt-get install salt-syndic
# Salt API installation
apt-get install salt-api
## Bootstrapping Salt Minion
#--------------------------------------#
curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh install_salt.sh
## Salt Key Management
#--------------------------------------#
# Listing Salt requests
salt-key -L
# Accepting all requests
salt-key -A
# Accepting a single request (from myNode)
salt-key -a myNode
# Removing the key of a Salt 'myNode' Minion
salt-key -d minion_id
## Debugging
#--------------------------------------#
# Debugging the master
salt-master -l debug
# Debugging the minion
salt-minion -l debug
# Restarting the minion without cache
stop master/minion
rm -rf /var/cache/salt
start master/minion
## SaltStack Documentation
#--------------------------------------#
# Viewing all the documentation
salt '*' sys.doc
# Viewing a module documentation
salt '*' sys.doc module_name
#Examples:
salt '*' sys.doc status
salt '*' sys.doc pkg
salt '*' sys.doc network
salt '*' sys.doc system
salt '*' sys.doc cloud
# Viewing a function documentation
salt '*' sys.doc module_name function_name
# Examples:
salt '*' sys.doc auth django
salt '*' sys.doc sdb sqlite3
## SaltStack Modules And Functions
#--------------------------------------#
salt '*' sys.list_modules
salt '*' sys.list_functions
## Compound Matchers
#--------------------------------------#
| Letter | Match Type | Example | Alt Delimiter?] |
| --- | --- | --- | --- |
| G | Grains glob | G@os:Ubuntu | Yes |
| E | PCRE Minion ID | E@web\d+\.(dev\|qa\|prod)\.loc | No |
| P | Grains PCRE | P@os:(RedHat\|Fedora\|CentOS) | Yes |
| L | List of minions | [email protected],minion3.domain.com or bl*.domain.com | No |
| I | Pillar glob | I@pdata:foobar | Yes |
| J | Pillar PCRE | J@pdata:^(foo\|bar)$ | Yes |
| S | Subnet/IP address | [email protected]/24 or [email protected] | No |
| R | Range cluster | R@%foo.bar | No |
Other examples:
# Examples taken from: https://docs.saltstack.com/en/latest/topics/targeting/compound.html
# Joining
salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping
# Excluding
salt -C 'not web-dc1-srv' test.ping
## Upgrades & Versions
#--------------------------------------#
# Listing upgrades
salt '*' pkg.list_upgrades
# Upgrading
salt '*' pkg.upgrade
# List the packages currently installed as a dict
salt '*' pkg.list_pkgs versions_as_list=True
# Refresh the pkgutil repo database
salt '*' pkgutil.refresh_db
# Check the version of a package
salt '*' pkgutil.version mongodb
## Packages Manipulation
#--------------------------------------#
# Installation
salt '*' pkg.install apache2
# Latest version installation
salt '*' pkgutil.latest_version mysql-common
# Removing package(s)
salt '*' pkg.remove vim
# Purging package(s)
salt '*' pkg.purge apache2 mysql-server
## Reboot & Uptime
#--------------------------------------#
# Reboot
salt '*' system.reboot
#Uptime
salt '*' status.uptime
## Using Grains
#--------------------------------------#
# Syncing grains
salt '*' saltutil.sync_grains
# Available grains can be listed by using the ‘grains.ls’ module:
salt '*' grains.ls
# Grains data can be listed by using the ‘grains.items’ module:
salt '*' grains.items
# Grains have values that could be called via ‘grains.get <grain_name>’ (path is the name of a grain)
salt '*' grains.get path
## Syncing Data
#--------------------------------------#
# Syncing grains
salt '*' saltutil.sync_grains
# Syncing everything from grains to modules, outputters, renderers, returners, states and utils.
salt '*' saltutil.sync_all
## Running System Commands
#--------------------------------------#
salt "*" cmd.run "ls -lrth /data"
salt "*" cmd.run "df -kh /data"
salt "*" cmd.run "du -sh /data"
## Working With Services
#--------------------------------------#
# Apache example
# Checking if service is available
salt '*' service.available apache2
# Manipulating Apache2 service
salt '*' service.status apache2
salt '*' service.start apache2
salt '*' service.restart apache2
salt '*' service.stop apache2
## Network Management
#--------------------------------------#
# Get IP of your minion
salt '*' network.ip_addrs
# Ping a host from your minion
salt '*' network.ping localhost
# Traceroute a host from your minion
salt '*' network.traceroute localhost
# Get hostname
salt '*' network.get_hostname
# Modify hostname to 'myNode'
salt '*' network.mod_hostname myNode
# Information on all of the running TCP connections
salt '*' network.active_tcp
# Return the arp table from the minion
salt '*' network.arp
# Test connectivity
salt '*' network.connect google-public-dns-a.google.com port=53 proto=udp timeout=3
# Get default route
salt '*' network.default_route
# Execute dig
salt '*' network.dig eon01.com
# Get the MAC addres of eth0 interface
salt '*' network.hw_addr eth0
# Get the inet addres of eth1 interface
salt '*' network.interface eth1
# Get the IP addres of tun interface
salt '*' network.interface_ip tun
## Working With HTTP Requests
#--------------------------------------#
# Get the html source code of a page
salt-run http.query http://eon01.com text=true
# Get the header of a page
salt-run http.query http://eon01.com headers=true
# Get the response code from a web server
salt-run http.query http://eon01.com status=true
# Sending a post request
salt '*' http.query http://domain.com/ method=POST params='key1=val1&key2=val2'
## Job Management ##
#--------------------------------------#
# List active jobs
salt-run jobs.active
# List all jobs with the id and other information
salt-run jobs.list_jobs
# List multiple information about the job with the id:20151101225221651308 like the result output
salt-run jobs.lookup_jid 20151101225221651308
# Kill the job with the id:20151101225221651308
salt 'server' saltutil.kill_job 20151101225221651308
## Scheduling Feature ##
#--------------------------------------#
# Schedule a job called "scheduled_job"
salt '*' schedule.add scheduled_job function='cmd.run' job_args="['']" seconds=10
# Enable the job
salt '*' schedule.enable_job scheduled_job
# Disable the job
salt '*' schedule.disable_job scheduled_job
## Working With SLS
salt '*' state.show_sls
## Testing States ##
#--------------------------------------#
salt '*' state.highstate test=True
salt '*' state.sls test=True
salt '*' state.single test=True
## Load testing
#--------------------------------------#
# Starting 20 minions
wget https://raw.githubusercontent.com/saltstack/salt/develop/tests/minionswarm.py; python minionswarm.py -m 20 --master salt-master;
## State Declaration Structure ##
# Source: https://docs.saltstack.com/en/latest/ref/states/highstate.html#state-declaration
# Standard declaration
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Inline function and names
<ID Declaration>:
<State Module>.<Function>:
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Multiple states for single id
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
<State Module>:
- <Function>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
## SaltStack Github Repositories ##
- *Django* with SaltStack https://github.com/wunki/django-salted
- Salt GUI pad https://github.com/tinyclues/saltpad
- *Openstack* automation with SaltStack https://github.com/CSSCorp/openstack-automation
- A curated collection of working salt *states* and configurations for use in your saltstack setup. https://github.com/saltops/saltmine
- These are all of the configuration files needed to built a *Wordpress* development environment with *Vagrant*, *Virtual Box* and SaltStack https://github.com/paulehr/saltstack-wordpress
- *Java* bindings for the SaltStack API https://github.com/SUSE/saltstack-netapi-client-java
- *Vim* snippets for SaltStack *states* files https://github.com/StephenPCG/vim-snippets-salt
- Metrics for SaltStack https://github.com/pengyao/salt-metrics
- Salt GUI https://github.com/saltstack/halite
######### SaltStack examples ################ https://www.unixmen.com/saltstack-examples/
# SaltStack platform or Salt is a Python-based open source configuration management software and remote execution engine. Supporting the “Infrastructure as Code” approach to deployment and cloud management, it competes primarily with Puppet, Chef, and Ansible.
# We will use some of default functions., Please considerate the Link bellow about the installation of Saltstack master and nodes. and please remember all these solutions are tested in our Unixmen virtual machines, jut to be sure that every thing is working fine.
# Lets start :
Install and configure SaltStack server in Ubuntu x64
# Show disk usage for all minions:
sudo salt ‘*’ disk.usage
# Show exist documentations for all minions:
sudo salt ‘*’ sys.doc
# Check network status to all minions:
sudo salt ‘*’ test.ping
# Look at the /etc file system for all minions:
sudo salt ‘*’ cmd.run ‘ls -l /etc’
# Get system information from all minion installed servers:
/srv/pillar$ sudo salt “*” grains.items
# Check just FreeBSD minion:
/srv/pillar$ sudo salt -G ‘os:FreebSD’ test.ping
node4salt.opeensource.az:
True
# pkg function automatically get minion internal functionality. This means, the pkg.install command automatically will use yum for RedHat/Centos, for apt Ubuntu/Debian and pkg for FreeBSD.
# Install vim package to node4salt.opensource.az FreeBSD server as follows:
sudo salt ‘node4salt.opensource.az’ pkg.install vim
# Get information from all minions about network card names, IP address, subnets with masks and MAC address:
sudo salt ‘*’ network.interfaces
# Find python path’s from all minions:
sudo salt ‘*’ grains.item pythonpath –out=pprint
# With state.sls name have different execution module which needs argument as SLS file. In next steps we will use state.sls function in details.
# Create top.sls file in the already created /srv/salt folder and add the following lines (Default environment is base. In this syntax we told, * symbol is for all minions. The content of install.sls(this file must be in the same folder where placed top.sls file) file will be executed for all minions. Same for apache.sls file content must be as apache:
sudo cat /srv/salt/top.sls
base:
‘*’:
– install
– apache
sudo cat /srv/salt/install.sls
utilitler:
pkg.installed:
{% if grains[‘os’] == ‘CentOS‘ %}
– name: nload
{% elif grains[‘os’] == ‘Ubuntu‘ %}
– name: nload
{% elif grains[‘os’] == ‘FreeBSD‘ %}
– name: nload
{% endif %}
# The difference from configuration control utilities is SaltStack by default not execute state configurations. This is not by default but we can do this. With the following command we will apply all state configurations to all minions. This means state.sls call’s and execute top.sls file and top.sls calls and execute install.sls file. At the end in all minions will be installed nload package.
sudo salt ‘*’ state.highstate
# We can call and test any sls file with state.sls execution module. For example synchronize one file from saltmaster server to all minions. Add the following content to the /srv/salt/apache.sls file. In this lines we tell synchronize tesfile file from /srv/salt/fayllar folder to all minions /etc/testfile file path. The owner of file will be root and permissions will be 644:
/srv/salt$ sudo cat apache.sls
/etc/testfile:
file.managed:
– source: salt://fayllar/testfile
– user: root
– mode: 644
# Create the folder and add some lines to file placed in this folder:
/srv/salt$ sudo mkdir /srv/salt/fayllar
/srv/salt$ sudo cat /srv/salt/fayllar/testfile
dbname= db
dbpass= user
dbpass= pass
# Then send this file to all minions:
/srv/salt$ sudo salt ‘*’ state.sls apache
# For install a lot of packages to all minions in the same time, create file with /etc/srv/mypack.sls name and add the following lines. In this file we tell install packages with names mercurial and git to all minions.
/srv/salt$ sudo cat /etc/srv/mypack.sls
mypack:
pkg:
– installed
– pkgs:
– mercurial
– git
# Install selected packages to all minions:
/srv/salt$ sudo salt ‘*’ state.sls mypack
# For real-time debugging of minions we can use the following command:
sudo salt-minion -l debug
# About Pillar
Pillar gives tree structure possibility for data defining. With pillar we can control send only selected and secure data from master server to the minions.
# Sometimes you can be mistaken with grain and pillar. But remember grain’s saves data generated from minions. Information’s about CPU and OS places in grains. But pillar saves generated (on the SaltMaster server) information about minions.
# We can see the pillar information about minions with the following command:
/srv/pillar$ sudo salt ‘*’ pillar.items
# For test minions create some files and check. Firsly we create folder and needs SLS files.
/srv/pillar$ sudo mkdir -p /srv/pillar/{pkg,users}
# Add the following content to the top.sls file:
/srv/pillar$ sudo cat /srv/pillar/top.sls
base:
‘*’:
– data
– users
– pkg
# Then add needed calls path’s to the data.sls file.
/srv/pillar$ sudo cat /srv/pillar/data.sls
info: some data
# Set used data with UID:
/srv/pillar$ sudo cat /srv/pillar/users/init.sls
users:
thatch: 1000
shouse: 1001
utahdave: 1002
redbeard: 1003
#With the following example we define selected packages to the corresponding Linux/UNIX distributives:
/srv/pillar$ sudo cat /srv/pillar/pkg/init.sls
pkgs:
{% if grains[‘os_family’] == ‘CentOS’ %}
apache: httpd
vim: vim-enhanced
{% elif grains[‘os_family’] == ‘Ubuntu’ %}
apache: apache2
vim: vim
{% elif grains[‘os’] == ‘FreeBSD’ %}
mysql: mysql55-server
vim: vim
{% endif %}
# Send new pillar data’s to all minions:
/srv/pillar$ sudo salt ‘*’ saltutil.refresh_pillar
node1salt.opensource.az:
True
node4salt.opeensource.az:
True
node2salt.opensource.az:
True
node3salt.opensource.az:
True
# Salt States Sammlung
https://github.com/SS-archive/salt-states
https://github.com/nbari/my-salt
################
# Saltstack Infos/HowTos und Beispiele
##########################################
# Debian Stretch
wget -O - https://repo.saltstack.com/apt/debian/9/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
deb http://repo.saltstack.com/apt/debian/9/amd64/latest stretch main
# Ubuntu
deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main
deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2018.3/ xenial main
## Links zum Thema Saltstack
https://wyssmann.com/introduction-to-saltstack/
https://docs.saltstack.com/en/latest/ref/modules/all/
https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
http://www.xenuser.org/saltstack-cheat-sheet/
https://dev-eole.ac-dijon.fr/doc/cheatsheets/saltstack.html
https://github.com/eon01/SaltStackCheatSheet
https://github.com/harkx/saltstack-cheatsheet
https://www.youtube.com/watch?v=8ytAHUGponk
# Remote Befehl ausführen
salt * cmd.run "lsb_release -d"
# System Update/Upgrade
salt '*' pkg.upgrade
# User hinzufügen
salt * user.add thorsten
# Einen öffentlichen SSH Schlüssel hinterlegen
salt '*' ssh.set_auth_key thorsten AAAAB3NZACLY..p8cow==enc='rsa' comments='[email protected]'
# Standard-Shell ändern
salt '*' user.chshell thorsten /bin/bash
# Minions holen sich alle States ab:
root@minion# salt-call state.highstate
# Master schickt alle States (top.sls)
salt '*' state.highstate
# Master schickt einen State:
salt '*' state.sls create_user
# SaltStack examples
#-------------------#
SaltStack platform or Salt is a Python-based open source configuration management software and remote execution engine. Supporting the “Infrastructure as Code” approach to deployment and cloud management, it competes primarily with Puppet, Chef, and Ansible.
We will use some of default functions., Please considerate the Link bellow about the installation of Saltstack master and nodes. and please remember all these solutions are tested in our Unixmen virtual machines, jut to be sure that every thing is working fine.
Lets start :
INSTALL AND CONFIGURE SALTSTACK SERVER IN UBUNTU X64
Show disk usage for all minions:
jamal@saltmaster:~$ sudo salt ‘*’ disk.usage
Show exist documentations for all minions:
jamal@saltmaster:~$ sudo salt ‘*’ sys.doc
Check network status to all minions:
jamal@saltmaster:~$ sudo salt ‘*’ test.ping
Look at the /etc file system for all minions:
jamal@saltmaster:~$ sudo salt ‘*’ cmd.run ‘ls -l /etc’
Get system information from all minion installed servers:
jamal@saltmaster:/srv/pillar$ sudo salt “*” grains.items
Check just FreeBSD minion:
jamal@saltmaster:/srv/pillar$ sudo salt -G ‘os:FreebSD’ test.ping
node4salt.opeensource.az:
True
pkg function automatically get minion internal functionality. This means, the pkg.install command automatically will use yum for RedHat/Centos, for apt Ubuntu/Debian and pkg for FreeBSD.
Install vim package to node4salt.opensource.az FreeBSD server as follows:
jamal@saltmaster:~$ sudo salt ‘node4salt.opensource.az’ pkg.install vim
Get information from all minions about network card names, IP address, subnets with masks and MAC address:
jamal@saltmaster:~$ sudo salt ‘*’ network.interfaces
Find python path’s from all minions:
jamal@saltmaster:~$ sudo salt ‘*’ grains.item pythonpath –out=pprint
With state.sls name have different execution module which needs argument as SLS file. In next steps we will use state.sls function in details.
Create top.sls file in the already created /srv/salt folder and add the following lines (Default environment is base. In this syntax we told, * symbol is for all minions. The content of install.sls(this file must be in the same folder where placed top.sls file) file will be executed for all minions. Same for apache.sls file content must be as apache:
jamal@saltmaster:~$ sudo cat /srv/salt/top.sls
base:
‘*’:
– install
– apache
jamal@saltmaster:~$ sudo cat /srv/salt/install.sls
utilitler:
pkg.installed:
{% if grains[‘os’] == ‘CentOS‘ %}
– name: nload
{% elif grains[‘os’] == ‘Ubuntu‘ %}
– name: nload
{% elif grains[‘os’] == ‘FreeBSD‘ %}
– name: nload
{% endif %}
The difference from configuration control utilities is SaltStack by default not execute state configurations. This is not by default but we can do this. With the following command we will apply all state configurations to all minions. This means state.sls call’s and execute top.sls file and top.sls calls and execute install.sls file. At the end in all minions will be installed nload package.
jamal@saltmaster:~$ sudo salt ‘*’ state.highstate
We can call and test any sls file with state.sls execution module. For example synchronize one file from saltmaster server to all minions. Add the following content to the /srv/salt/apache.sls file. In this lines we tell synchronize tesfile file from /srv/salt/fayllar folder to all minions /etc/testfile file path. The owner of file will be root and permissions will be 644:
jamal@saltmaster:/srv/salt$ sudo cat apache.sls
/etc/testfile:
file.managed:
– source: salt://fayllar/testfile
– user: root
– mode: 644
Create the folder and add some lines to file placed in this folder:
jamal@saltmaster:/srv/salt$ sudo mkdir /srv/salt/fayllar
jamal@saltmaster:/srv/salt$ sudo cat /srv/salt/fayllar/testfile
dbname= db
dbpass= user
dbpass= pass
Then send this file to all minions:
jamal@saltmaster:/srv/salt$ sudo salt ‘*’ state.sls apache
For install a lot of packages to all minions in the same time, create file with /etc/srv/mypack.sls name and add the following lines. In this file we tell install packages with names mercurial and git to all minions.
jamal@saltmaster:/srv/salt$ sudo cat /etc/srv/mypack.sls
mypack:
pkg:
– installed
– pkgs:
– mercurial
– git
Install selected packages to all minions:
jamal@saltmaster:/srv/salt$ sudo salt ‘*’ state.sls mypack
For real-time debugging of minions we can use the following command:
jamal@node1salt:~$ sudo salt-minion -l debug
About Pillar
Pillar gives tree structure possibility for data defining. With pillar we can control send only selected and secure data from master server to the minions.
Sometimes you can be mistaken with grain and pillar. But remember grain’s saves data generated from minions. Information’s about CPU and OS places in grains. But pillar saves generated (on the SaltMaster server) information about minions.
We can see the pillar information about minions with the following command:
jamal@saltmaster:/srv/pillar$ sudo salt ‘*’ pillar.items
For test minions create some files and check. Firsly we create folder and needs SLS files.
jamal@saltmaster:/srv/pillar$ sudo mkdir -p /srv/pillar/{pkg,users}
Add the following content to the top.sls file:
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/top.sls
base:
‘*’:
– data
– users
– pkg
Then add needed calls path’s to the data.sls file.
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/data.sls
info: some data
Set used data with UID:
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/users/init.sls
users:
thatch: 1000
shouse: 1001
utahdave: 1002
redbeard: 1003
With the following example we define selected packages to the corresponding Linux/UNIX distributives:
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/pkg/init.sls
pkgs:
{% if grains[‘os_family’] == ‘CentOS’ %}
apache: httpd
vim: vim-enhanced
{% elif grains[‘os_family’] == ‘Ubuntu’ %}
apache: apache2
vim: vim
{% elif grains[‘os’] == ‘FreeBSD’ %}
mysql: mysql55-server
vim: vim
{% endif %}
Send new pillar data’s to all minions:
jamal@saltmaster:/srv/pillar$ sudo salt ‘*’ saltutil.refresh_pillar
node1salt.opensource.az:
True
node4salt.opeensource.az:
True
node2salt.opensource.az:
True
node3salt.opensource.az:
True
# Minion Installers
On Windows:
PS C:\ > $name = "win_"+$(hostname)+"_"+$(Get-Date -Format s)
PS C:\ > Salt-Minion-x64.exe /S /master=10.0.0.2 /minion-name=$name /start-service=1
On Linux w/ apt-get:
$ apt-get install salt-minion salt-common
$ wget http://10.0.0.2/minion
$ mv ./minion /etc/salt/minion
$ sudo service salt-minion start
Or install from a script:
$ wget http://10.0.0.2/saltmin.sh
$ chmod +x saltmin.sh
$ NOW=$(date +"%m-%d-%YT%k:%M:%S")
$ saltmin.sh -P -I -i "linux_`hostname`_`echo $NOW`" -A 10.0.0.2
Command Execution
Show which minions that are up:
salt-run manage.up
Show minions that are down:
salt-run manage.down
Show all minions status:
salt-run manage.status
Test all minions connectivity:
salt '*' test.ping
Check if a process is running on all minions:
salt '*' ps.grep apache
Check if a file on all minions contains a string:
salt "*" file.contains /etc/password "admin"
Pull a file from a subgroup of minions:
salt "linux*" cp.push /etc/passwd
Send a file from the master to a subgroup of minions:
salt-cp "linux*" script_to_copy.py /target-dir/copy_of_script.py
Run arbitrary commands on a subgroup of minions:
salt "linux*" cmd.run "ls -lah /home/"
Get networking info from all minions:
salt '*' network.ip_addrs
More available network modules:
network.ping, network.traceroute, network.get_hostname, network.mod_hostname
Get uptime of all minions:
salt '*' status.uptime
Reboot all minions:
salt '*' system.reboot
Service status:
salt '*' service.status
salt '*' service.start httpd
salt '*' service.stop httpd
Cheat Sheet Saltstack
March 23, 2018 Adrian 0 Comments
Below a summary of important Salt commands
General
Update the fileserver cache. If no backend is provided, then the cache for all configured backends will be updated.
ZSH
salt-run fileserver.update
# Narrow fileserver backends to a subset of the enabled ones
salt-run fileserver.update backend=roots,git
salt-run fileserver.update
# Narrow fileserver backends to a subset of the enabled ones
salt-run fileserver.update backend=roots,git
Forcibly removes all caches on a minion.
ZSH
salt '*' saltutil.clear_cache
salt '*' saltutil.clear_cache
States
Passing pillar data ad hoc
ZSH
salt '*' state.apply ftpsync pillar='{"ftpusername": "test", "ftppassword": "0ydyfww3giq8"}'
salt '*' state.apply ftpsync pillar='{"ftpusername": "test", "ftppassword": "0ydyfww3giq8"}'
Return a list of files from the salt fileserver
ZSH
salt-run fileserver.file_list
# Lists only files for fileserver environment 'prod'
salt-run fileserver.file_list saltenv=prod
# Narrow fileserver backends to git only
salt-run fileserver.file_list saltenv=dev backend=git
salt-run fileserver.file_list
# Lists only files for fileserver environment 'prod'
salt-run fileserver.file_list saltenv=prod
# Narrow fileserver backends to git only
salt-run fileserver.file_list saltenv=dev backend=git
Apply a state or states to
ZSH
# apply all configured states
salt '*' state.apply
# Custom Pillar values, passed as a dictionary of key-value pairs
salt '*' state.apply test pillar='{"foo": "bar"}'
# Exclude specific states from execution
salt '*' state.apply exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]"
# apply all configured states
salt '*' state.apply
# Custom Pillar values, passed as a dictionary of key-value pairs
salt '*' state.apply test pillar='{"foo": "bar"}'
# Exclude specific states from execution
salt '*' state.apply exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]"
Pillars
We are going to use the Salt pillar value we just configured, so let’s first refresh Salt pillar data on all minions:
ZSH
salt '*' saltutil.refresh_pillar
salt '*' saltutil.refresh_pillar
Grains
Available grains can and grain values can be listed
ZSH
# list grains
salt '*' grains.ls
# list grains data
salt '*' grains.items
# list grains
salt '*' grains.ls
# list grains data
salt '*' grains.items
List values for a specific grain for all minions
ZSH
salt '*' grains.get os
salt '*' grains.get os
https://github.com/harkx/saltstack-cheatsheet
SaltStack Cheat Sheet .. My collection of often used commands on my Salt master.
This list is partly inspired by the fine lists on:
http://www.xenuser.org/saltstack-cheat-sheet/
https://github.com/saltstack/salt/wiki/Cheat-Sheet
Table of Contents generated with DocToc
SaltStack Cheat Sheet
First things first : Documentation
Documentation on the system
Documentation on the web
Minions
Minion status
Target minion with state files
Grains
Jobs in Salt
Sysadmin specific
System and status
Packages
Check status of a service and manipulate services
Network
Salt Cloud
Documentation
This is important because the help system is very good.
Documentation on the system
salt '*' sys.doc # output sys.doc (= all documentation)
salt '*' sys.doc pkg # only sys.doc for pkg module
salt '*' sys.doc network # only sys.doc for network module
salt '*' sys.doc system # only sys.doc for system module
salt '*' sys.doc status # only sys.doc for status module
Documentation on the web
SaltStack documentation: http://docs.saltstack.com/en/latest/
Salt-Cloud: http://docs.saltstack.com/en/latest/topics/cloud/
Jobs: http://docs.saltstack.com/en/latest/topics/jobs/
Minions
Minion status
You can also use several commands to check if minions are alive and kicking but I prefer manage.status/up/down.
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run manage.up # Any minions that are up?
salt-run manage.down # Any minions that are down?
salt-run manage.alived # Show all alive minions
salt '*' test.version # Display salt version
salt '*' test.ping # Use test module to check if minion is up and responding.
# (Not an ICMP ping!)
Target minion with state files
Apply a specific state file to a (group of..) minion(s). Do not use the .sls extension. (just like in the state files!)
salt '*' state.sls mystatefile # mystatefile.sls will be applied to *
salt 'minion1' state.sls prod.somefile # prod/somefile.sls will be applied to minion1
Grains
List all grains on all minions
salt '*' grains.ls
Look at a single grains item to list the values.
salt '*' grains.item os # Show the value of the OS grain for every minion
salt '*' grains.item roles # Show the value of the roles grain for every minion
Manipulate grains.
salt 'minion1' grains.setval mygrain True # Set mygrain to True (create if it doesn't exist yet)
salt 'minion1' grains.delval mygrain # Delete the value of the grain
Jobs in Salt
Some jobs operations that are often used. (http://docs.saltstack.com/en/latest/topics/jobs/)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
Sysadmin specific
Some stuff that is specifically of interest for sysadmins.
System and status
salt 'minion-x-*' system.reboot # Let's reboot all the minions that match minion-x-*
salt '*' status.uptime # Get the uptime of all our minions
Packages
salt '*' pkg.list_upgrades # get a list of packages that need to be upgrade
salt '*' pkg.upgrade # Upgrades all packages via apt-get dist-upgrade (or similar)
salt '*' pkg.version bash # get current version of the bash package
salt '*' pkg.install bash # install or upgrade bash package
salt '*' pkg.install bash refresh=True # install or upgrade bash package but
# refresh the package database before installing.
Check status of a service and manipulate services
salt '*' service.status <service name>
salt '*' service.available <service name>
salt '*' service.start <service name>
salt '*' service.restart <service name>
salt '*' service.stop <service name>
Network
Do some network stuff on your minions.
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
salt 'minion1' network.traceroute <hostname> # Traceroute a host from your minion
salt 'minion1' network.get_hostname # Get hostname
salt 'minion1' network.mod_hostname # Modify hostname
Salt Cloud
Salt Cloud is used to provision virtual machines in the cloud. (surprise!) (http://docs.saltstack.com/en/latest/topics/cloud/)
salt-cloud -p profile_do my-vm-name -l debug # Provision using profile_do as profile
# and my-vm-name as the virtual machine name while
# using the debug option.
salt-cloud -d my-vm-name # destroy the my-vm-name virtual machine.
salt-cloud -u # Update salt-bootstrap to latest develop version on GitHub.
https://github.com/eon01/SaltStackCheatSheet
SaltStackCheatSheet
This code is a part from "SaltStack For DevOps" Book : https://leanpub.com/saltstackfordevops/
Official website: http://saltstackfordevops.com
SaltStack For DevOps
Installing SaltStack - Ubuntu 14.*
wget -O - https://repo.saltstack.com/apt/ubuntu/ubuntu14/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/apt/ubuntu/ubuntu14/latest trusty main' | sudo tee -a /etc/apt/sources.list
sudo apt-get update
# Master installation
apt-get install salt-master
# Minion installation
apt-get install salt-minion
# Salt ssh installation
apt-get install salt-ssh
# Salt syndic installation
apt-get install salt-syndic
# Salt API installation
apt-get install salt-api
Bootstrapping Salt Minion
curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh install_salt.sh
Salt Key Management
# Listing Salt requests
salt-key -L
# Accepting all requests
salt-key -A
# Accepting a single request (from myNode)
salt-key -a myNode
# Removing the key of a Salt 'myNode' Minion
salt-key -d minion_id
Debugging
# Debugging the master
salt-master -l debug
# Debugging the minion
salt-minion -l debug
# Restarting the minion without cache
stop master/minion
rm -rf /var/cache/salt
start master/minion
SaltStack Documentation
# Viewing all the documentation
salt '*' sys.doc
# Viewing a module documentation
salt '*' sys.doc module_name
#Examples:
salt '*' sys.doc status
salt '*' sys.doc pkg
salt '*' sys.doc network
salt '*' sys.doc system
salt '*' sys.doc cloud
# Viewing a function documentation
salt '*' sys.doc module_name function_name
# Examples:
salt '*' sys.doc auth django
salt '*' sys.doc sdb sqlite3
SaltStack Modules And Functions
salt '*' sys.list_modules
salt '*' sys.list_functions
Compound Matchers
Letter Match Type Example Alt Delimiter?]
G Grains glob G@os:Ubuntu Yes
E PCRE Minion ID E@web\d+.(dev|qa|prod).loc No
P Grains PCRE P@os:(RedHat|Fedora|CentOS) Yes
L List of minions [email protected],minion3.domain.com or bl*.domain.com No
I Pillar glob I@pdata:foobar Yes
J Pillar PCRE J@pdata:^(foo|bar)$ Yes
S Subnet/IP address [email protected]/24 or [email protected] No
R Range cluster R@%foo.bar No
Other examples:
# Examples taken from: https://docs.saltstack.com/en/latest/topics/targeting/compound.html
# Joining
salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping
# Excluding
salt -C 'not web-dc1-srv' test.ping
Upgrades & Versions
#
# Listing upgrades
salt '*' pkg.list_upgrades
# Upgrading
salt '*' pkg.upgrade
# List the packages currently installed as a dict
salt '*' pkg.list_pkgs versions_as_list=True
# Refresh the pkgutil repo database
salt '*' pkgutil.refresh_db
# Check the version of a package
salt '*' pkgutil.version mongodb
Packages Manipulation
# Installation
salt '*' pkg.install apache2
# Latest version installation
salt '*' pkgutil.latest_version mysql-common
# Removing package(s)
salt '*' pkg.remove vim
# Purging package(s)
salt '*' pkg.purge apache2 mysql-server
Reboot & Uptime
# Reboot
salt '*' system.reboot
#Uptime
salt '*' status.uptime
Using Grains
# Syncing grains
salt '*' saltutil.sync_grains
# Available grains can be listed by using the ‘grains.ls’ module:
salt '*' grains.ls
# Grains data can be listed by using the ‘grains.items’ module:
salt '*' grains.items
# Grains have values that could be called via ‘grains.get <grain_name>’ (path is the name of a grain)
salt '*' grains.get path
Syncing Data
# Syncing grains
salt '*' saltutil.sync_grains
# Syncing everything from grains to modules, outputters, renderers, returners, states and utils.
salt '*' saltutil.sync_all
Running System Commands
salt "*" cmd.run "ls -lrth /data"
salt "*" cmd.run "df -kh /data"
salt "*" cmd.run "du -sh /data"
Working With Services
# Apache example
# Checking if service is available
salt '*' service.available apache2
# Manipulating Apache2 service
salt '*' service.status apache2
salt '*' service.start apache2
salt '*' service.restart apache2
salt '*' service.stop apache2
Network Management
# Get IP of your minion
salt '*' network.ip_addrs
# Ping a host from your minion
salt '*' network.ping localhost
# Traceroute a host from your minion
salt '*' network.traceroute localhost
# Get hostname
salt '*' network.get_hostname
# Modify hostname to 'myNode'
salt '*' network.mod_hostname myNode
# Information on all of the running TCP connections
salt '*' network.active_tcp
# Return the arp table from the minion
salt '*' network.arp
# Test connectivity
salt '*' network.connect google-public-dns-a.google.com port=53 proto=udp timeout=3
# Get default route
salt '*' network.default_route
# Execute dig
salt '*' network.dig eon01.com
# Get the MAC addres of eth0 interface
salt '*' network.hw_addr eth0
# Get the inet addres of eth1 interface
salt '*' network.interface eth1
# Get the IP addres of tun interface
salt '*' network.interface_ip tun
Working With HTTP Requests
# Get the html source code of a page
salt-run http.query http://eon01.com text=true
# Get the header of a page
salt-run http.query http://eon01.com headers=true
# Get the response code from a web server
salt-run http.query http://eon01.com status=true
# Sending a post request
salt '*' http.query http://domain.com/ method=POST params='key1=val1&key2=val2'
#
Job Management
# List active jobs
salt-run jobs.active
# List all jobs with the id and other information
salt-run jobs.list_jobs
# List multiple information about the job with the id:20151101225221651308 like the result output
salt-run jobs.lookup_jid 20151101225221651308
# Kill the job with the id:20151101225221651308
salt 'server' saltutil.kill_job 20151101225221651308
Scheduling Feature
# Schedule a job called "scheduled_job"
salt '*' schedule.add scheduled_job function='cmd.run' job_args="['']" seconds=10
# Enable the job
salt '*' schedule.enable_job scheduled_job
# Disable the job
salt '*' schedule.disable_job scheduled_job
Working With SLS
salt '*' state.show_sls
Testing States
salt '*' state.highstate test=True
salt '*' state.sls test=True
salt '*' state.single test=True
Load testing
# Starting 20 minions
wget https://raw.githubusercontent.com/saltstack/salt/develop/tests/minionswarm.py; python minionswarm.py -m 20 --master salt-master;
State Declaration Structure
# Source: https://docs.saltstack.com/en/latest/ref/states/highstate.html#state-declaration
# Standard declaration
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Inline function and names
<ID Declaration>:
<State Module>.<Function>:
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Multiple states for single id
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
<State Module>:
- <Function>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
SaltStack Github Repositories
Django with SaltStack https://github.com/wunki/django-salted
Salt GUI pad https://github.com/tinyclues/saltpad
Openstack automation with SaltStack https://github.com/CSSCorp/openstack-automation
A curated collection of working salt states and configurations for use in your saltstack setup. https://github.com/saltops/saltmine
These are all of the configuration files needed to built a Wordpress development environment with Vagrant, Virtual Box and SaltStack https://github.com/paulehr/saltstack-wordpress
Java bindings for the SaltStack API https://github.com/SUSE/saltstack-netapi-client-java
Vim snippets for SaltStack states files https://github.com/StephenPCG/vim-snippets-salt
Metrics for SaltStack https://github.com/pengyao/salt-metrics
Salt GUI https://github.com/saltstack/halite
#==============================##==============================#
# CMD SALTSTACK #
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command saltstack in a clear format. This allows users to quickly access the needed information for saltstack without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for saltstack are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░