🖥️saltstack
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the saltstack command with important options and switches using examples.
30 minute read
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# ███████╗ █████╗ ██╗ ████████╗███████╗████████╗ █████╗ ██████╗██╗ ██╗
# ██╔════╝██╔══██╗██║ ╚══██╔══╝██╔════╝╚══██╔══╝██╔══██╗██╔════╝██║ ██╔╝
# ███████╗███████║██║ ██║ ███████╗ ██║ ███████║██║ █████╔╝
# ╚════██║██╔══██║██║ ██║ ╚════██║ ██║ ██╔══██║██║ ██╔═██╗
# ███████║██║ ██║███████╗██║ ███████║ ██║ ██║ ██║╚██████╗██║ ██╗
# ╚══════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
#########################
# saltstack cheat sheet
############################
SaltStack master operations
salt-key -L -> Showing all minions
salt-key -a <minion_id> -> Accepting an unaccepted minion
salt-key -A -> Accepting all unaccepted minions
salt-key -d <minion_id> -> Removing a minion
salt '*' state.sls nginx -> Running formula
salt '*' cmd.run 'ls -l /etc'
salt '*' pkg.install vim
salt '*' network.interfaces
salt '*' test.echo 'foo: bar'
salt-call -> masterless minion.
salt '*' state.apply vim -> Run /srv/salt/vim.sls
sudo salt-key -F master
#Install master/node
#master node
#----------------------#
sudo apt-get update -y
sudo apt-get dist-upgrade -y
sudo apt-get install salt-master salt-ssh salt-cloud salt-doc -y
sudo vi /etc/salt/master
# The address of the interface to bind to:
interface: 192.168.39.11
sudo salt-key -a ubuntu
sudo salt-key -L
sudo service salt-master restart
sudo service salt-master status
sudo mkdir -p /srv/salt/
sudo mkdir -p /srv/salt/nginx
sudo vi /srv/salt/nginx/init.sls
nginx:
pkg:
- installed
sudo salt ubuntu state.sls nginx
sudo salt ubuntu test.ping
#slave node
#----------------------#
apt-get update -y
apt-get dist-upgrade -y
apt-get install salt-minion -y
sudo vi /etc/salt/minion
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: 192.168.39.11
sudo service salt-minion restart
################ # SaltStack Cheat Sheet ###########################
SaltStack Cheat Sheet .. My collection of often used commands on my Salt master.
This list is partly inspired by the fine lists on:
* http://www.xenuser.org/saltstack-cheat-sheet/
* https://github.com/saltstack/salt/wiki/Cheat-Sheet
- [SaltStack Cheat Sheet]
- [First things first : Documentation]
- [Documentation on the system]
- [Documentation on the web]
- [Minions]
- [Minion status]
- [Target minion with state files]
- [Grains]
- [Jobs in Salt]
- [Sysadmin specific]
- [System and status]
- [Packages]
- [Check status of a service and manipulate services]
- [Network]
- [Salt Cloud]
# Documentation
This is important because the help system is very good.
## Documentation on the system
#--------------------------------------#
salt '*' sys.doc # output sys.doc (= all documentation)
salt '*' sys.doc pkg # only sys.doc for pkg module
salt '*' sys.doc network # only sys.doc for network module
salt '*' sys.doc system # only sys.doc for system module
salt '*' sys.doc status # only sys.doc for status module
## Documentation on the web
#--------------------------------------#
- SaltStack documentation: http://docs.saltstack.com/en/latest/
- Salt-Cloud: http://docs.saltstack.com/en/latest/topics/cloud/
- Jobs: http://docs.saltstack.com/en/latest/topics/jobs/
# Minions
## Minion status
#--------------------------------------#
You can also use several commands to check if minions are alive and kicking but I prefer manage.status/up/down.
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run manage.up # Any minions that are up?
salt-run manage.down # Any minions that are down?
salt-run manage.alived # Show all alive minions
salt '*' test.version # Display salt version
salt '*' test.ping # Use test module to check if minion is up and responding.
# (Not an ICMP ping!)
## Target minion with state files
#--------------------------------------#
Apply a specific state file to a (group of..) minion(s). Do not use the .sls extension. (just like in the state files!)
salt '*' state.sls mystatefile # mystatefile.sls will be applied to *
salt 'minion1' state.sls prod.somefile # prod/somefile.sls will be applied to minion1
## Grains
#--------------------------------------#
List all grains on all minions
salt '*' grains.ls
Look at a single grains item to list the values.
salt '*' grains.item os # Show the value of the OS grain for every minion
salt '*' grains.item roles # Show the value of the roles grain for every minion
Manipulate grains.
salt 'minion1' grains.setval mygrain True # Set mygrain to True (create if it doesn't exist yet)
salt 'minion1' grains.delval mygrain # Delete the value of the grain
# Jobs in Salt
Some jobs operations that are often used. (http://docs.saltstack.com/en/latest/topics/jobs/)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
# Sysadmin specific
Some stuff that is specifically of interest for sysadmins.
## System and status
#--------------------------------------#
salt 'minion-x-*' system.reboot # Let's reboot all the minions that match minion-x-*
salt '*' status.uptime # Get the uptime of all our minions
## Packages
#--------------------------------------#
salt '*' pkg.list_upgrades # get a list of packages that need to be upgrade
salt '*' pkg.upgrade # Upgrades all packages via apt-get dist-upgrade (or similar)
salt '*' pkg.version bash # get current version of the bash package
salt '*' pkg.install bash # install or upgrade bash package
salt '*' pkg.install bash refresh=True # install or upgrade bash package but
# refresh the package database before installing.
## Check status of a service and manipulate services
#--------------------------------------#
salt '*' service.status <service name>
salt '*' service.available <service name>
salt '*' service.start <service name>
salt '*' service.restart <service name>
salt '*' service.stop <service name>
## Network
#--------------------------------------#
Do some network stuff on your minions.
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
salt 'minion1' network.traceroute <hostname> # Traceroute a host from your minion
salt 'minion1' network.get_hostname # Get hostname
salt 'minion1' network.mod_hostname # Modify hostname
# Salt Cloud
Salt Cloud is used to provision virtual machines in the cloud. (surprise!) (http://docs.saltstack.com/en/latest/topics/cloud/)
salt-cloud -p profile_do my-vm-name -l debug # Provision using profile_do as profile
# and my-vm-name as the virtual machine name while
# using the debug option.
salt-cloud -d my-vm-name # destroy the my-vm-name virtual machine.
salt-cloud -u # Update salt-bootstrap to latest develop version on GitHub.
############# # SaltStackCheatSheet # ####################
This code is a part from "SaltStack For DevOps" Book : https://leanpub.com/saltstackfordevops/
Official website: http://saltstackfordevops.com
[](https://leanpub.com/saltstackfordevops/)
## Installing SaltStack - Ubuntu 14.*
#--------------------------------------#
wget -O - https://repo.saltstack.com/apt/ubuntu/ubuntu14/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/apt/ubuntu/ubuntu14/latest trusty main' | sudo tee -a /etc/apt/sources.list
sudo apt-get update
# Master installation
apt-get install salt-master
# Minion installation
apt-get install salt-minion
# Salt ssh installation
apt-get install salt-ssh
# Salt syndic installation
apt-get install salt-syndic
# Salt API installation
apt-get install salt-api
## Bootstrapping Salt Minion
#--------------------------------------#
curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh install_salt.sh
## Salt Key Management
#--------------------------------------#
# Listing Salt requests
salt-key -L
# Accepting all requests
salt-key -A
# Accepting a single request (from myNode)
salt-key -a myNode
# Removing the key of a Salt 'myNode' Minion
salt-key -d minion_id
## Debugging
#--------------------------------------#
# Debugging the master
salt-master -l debug
# Debugging the minion
salt-minion -l debug
# Restarting the minion without cache
stop master/minion
rm -rf /var/cache/salt
start master/minion
## SaltStack Documentation
#--------------------------------------#
# Viewing all the documentation
salt '*' sys.doc
# Viewing a module documentation
salt '*' sys.doc module_name
#Examples:
salt '*' sys.doc status
salt '*' sys.doc pkg
salt '*' sys.doc network
salt '*' sys.doc system
salt '*' sys.doc cloud
# Viewing a function documentation
salt '*' sys.doc module_name function_name
# Examples:
salt '*' sys.doc auth django
salt '*' sys.doc sdb sqlite3
## SaltStack Modules And Functions
#--------------------------------------#
salt '*' sys.list_modules
salt '*' sys.list_functions
## Compound Matchers
#--------------------------------------#
| Letter | Match Type | Example | Alt Delimiter?] |
| --- | --- | --- | --- |
| G | Grains glob | G@os:Ubuntu | Yes |
| E | PCRE Minion ID | E@web\d+\.(dev\|qa\|prod)\.loc | No |
| P | Grains PCRE | P@os:(RedHat\|Fedora\|CentOS) | Yes |
| L | List of minions | [email protected],minion3.domain.com or bl*.domain.com | No |
| I | Pillar glob | I@pdata:foobar | Yes |
| J | Pillar PCRE | J@pdata:^(foo\|bar)$ | Yes |
| S | Subnet/IP address | [email protected]/24 or [email protected] | No |
| R | Range cluster | R@%foo.bar | No |
Other examples:
# Examples taken from: https://docs.saltstack.com/en/latest/topics/targeting/compound.html
# Joining
salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping
# Excluding
salt -C 'not web-dc1-srv' test.ping
## Upgrades & Versions
#--------------------------------------#
# Listing upgrades
salt '*' pkg.list_upgrades
# Upgrading
salt '*' pkg.upgrade
# List the packages currently installed as a dict
salt '*' pkg.list_pkgs versions_as_list=True
# Refresh the pkgutil repo database
salt '*' pkgutil.refresh_db
# Check the version of a package
salt '*' pkgutil.version mongodb
## Packages Manipulation
#--------------------------------------#
# Installation
salt '*' pkg.install apache2
# Latest version installation
salt '*' pkgutil.latest_version mysql-common
# Removing package(s)
salt '*' pkg.remove vim
# Purging package(s)
salt '*' pkg.purge apache2 mysql-server
## Reboot & Uptime
#--------------------------------------#
# Reboot
salt '*' system.reboot
#Uptime
salt '*' status.uptime
## Using Grains
#--------------------------------------#
# Syncing grains
salt '*' saltutil.sync_grains
# Available grains can be listed by using the ‘grains.ls’ module:
salt '*' grains.ls
# Grains data can be listed by using the ‘grains.items’ module:
salt '*' grains.items
# Grains have values that could be called via ‘grains.get <grain_name>’ (path is the name of a grain)
salt '*' grains.get path
## Syncing Data
#--------------------------------------#
# Syncing grains
salt '*' saltutil.sync_grains
# Syncing everything from grains to modules, outputters, renderers, returners, states and utils.
salt '*' saltutil.sync_all
## Running System Commands
#--------------------------------------#
salt "*" cmd.run "ls -lrth /data"
salt "*" cmd.run "df -kh /data"
salt "*" cmd.run "du -sh /data"
## Working With Services
#--------------------------------------#
# Apache example
# Checking if service is available
salt '*' service.available apache2
# Manipulating Apache2 service
salt '*' service.status apache2
salt '*' service.start apache2
salt '*' service.restart apache2
salt '*' service.stop apache2
## Network Management
#--------------------------------------#
# Get IP of your minion
salt '*' network.ip_addrs
# Ping a host from your minion
salt '*' network.ping localhost
# Traceroute a host from your minion
salt '*' network.traceroute localhost
# Get hostname
salt '*' network.get_hostname
# Modify hostname to 'myNode'
salt '*' network.mod_hostname myNode
# Information on all of the running TCP connections
salt '*' network.active_tcp
# Return the arp table from the minion
salt '*' network.arp
# Test connectivity
salt '*' network.connect google-public-dns-a.google.com port=53 proto=udp timeout=3
# Get default route
salt '*' network.default_route
# Execute dig
salt '*' network.dig eon01.com
# Get the MAC addres of eth0 interface
salt '*' network.hw_addr eth0
# Get the inet addres of eth1 interface
salt '*' network.interface eth1
# Get the IP addres of tun interface
salt '*' network.interface_ip tun
## Working With HTTP Requests
#--------------------------------------#
# Get the html source code of a page
salt-run http.query http://eon01.com text=true
# Get the header of a page
salt-run http.query http://eon01.com headers=true
# Get the response code from a web server
salt-run http.query http://eon01.com status=true
# Sending a post request
salt '*' http.query http://domain.com/ method=POST params='key1=val1&key2=val2'
## Job Management ##
#--------------------------------------#
# List active jobs
salt-run jobs.active
# List all jobs with the id and other information
salt-run jobs.list_jobs
# List multiple information about the job with the id:20151101225221651308 like the result output
salt-run jobs.lookup_jid 20151101225221651308
# Kill the job with the id:20151101225221651308
salt 'server' saltutil.kill_job 20151101225221651308
## Scheduling Feature ##
#--------------------------------------#
# Schedule a job called "scheduled_job"
salt '*' schedule.add scheduled_job function='cmd.run' job_args="['']" seconds=10
# Enable the job
salt '*' schedule.enable_job scheduled_job
# Disable the job
salt '*' schedule.disable_job scheduled_job
## Working With SLS
salt '*' state.show_sls
## Testing States ##
#--------------------------------------#
salt '*' state.highstate test=True
salt '*' state.sls test=True
salt '*' state.single test=True
## Load testing
#--------------------------------------#
# Starting 20 minions
wget https://raw.githubusercontent.com/saltstack/salt/develop/tests/minionswarm.py; python minionswarm.py -m 20 --master salt-master;
## State Declaration Structure ##
# Source: https://docs.saltstack.com/en/latest/ref/states/highstate.html#state-declaration
# Standard declaration
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Inline function and names
<ID Declaration>:
<State Module>.<Function>:
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Multiple states for single id
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
<State Module>:
- <Function>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
## SaltStack Github Repositories ##
- *Django* with SaltStack https://github.com/wunki/django-salted
- Salt GUI pad https://github.com/tinyclues/saltpad
- *Openstack* automation with SaltStack https://github.com/CSSCorp/openstack-automation
- A curated collection of working salt *states* and configurations for use in your saltstack setup. https://github.com/saltops/saltmine
- These are all of the configuration files needed to built a *Wordpress* development environment with *Vagrant*, *Virtual Box* and SaltStack https://github.com/paulehr/saltstack-wordpress
- *Java* bindings for the SaltStack API https://github.com/SUSE/saltstack-netapi-client-java
- *Vim* snippets for SaltStack *states* files https://github.com/StephenPCG/vim-snippets-salt
- Metrics for SaltStack https://github.com/pengyao/salt-metrics
- Salt GUI https://github.com/saltstack/halite
######### SaltStack examples ################ https://www.unixmen.com/saltstack-examples/
# SaltStack platform or Salt is a Python-based open source configuration management software and remote execution engine. Supporting the “Infrastructure as Code” approach to deployment and cloud management, it competes primarily with Puppet, Chef, and Ansible.
# We will use some of default functions., Please considerate the Link bellow about the installation of Saltstack master and nodes. and please remember all these solutions are tested in our Unixmen virtual machines, jut to be sure that every thing is working fine.
# Lets start :
Install and configure SaltStack server in Ubuntu x64
# Show disk usage for all minions:
sudo salt ‘*’ disk.usage
# Show exist documentations for all minions:
sudo salt ‘*’ sys.doc
# Check network status to all minions:
sudo salt ‘*’ test.ping
# Look at the /etc file system for all minions:
sudo salt ‘*’ cmd.run ‘ls -l /etc’
# Get system information from all minion installed servers:
/srv/pillar$ sudo salt “*” grains.items
# Check just FreeBSD minion:
/srv/pillar$ sudo salt -G ‘os:FreebSD’ test.ping
node4salt.opeensource.az:
True
# pkg function automatically get minion internal functionality. This means, the pkg.install command automatically will use yum for RedHat/Centos, for apt Ubuntu/Debian and pkg for FreeBSD.
# Install vim package to node4salt.opensource.az FreeBSD server as follows:
sudo salt ‘node4salt.opensource.az’ pkg.install vim
# Get information from all minions about network card names, IP address, subnets with masks and MAC address:
sudo salt ‘*’ network.interfaces
# Find python path’s from all minions:
sudo salt ‘*’ grains.item pythonpath –out=pprint
# With state.sls name have different execution module which needs argument as SLS file. In next steps we will use state.sls function in details.
# Create top.sls file in the already created /srv/salt folder and add the following lines (Default environment is base. In this syntax we told, * symbol is for all minions. The content of install.sls(this file must be in the same folder where placed top.sls file) file will be executed for all minions. Same for apache.sls file content must be as apache:
sudo cat /srv/salt/top.sls
base:
‘*’:
– install
– apache
sudo cat /srv/salt/install.sls
utilitler:
pkg.installed:
{% if grains[‘os’] == ‘CentOS‘ %}
– name: nload
{% elif grains[‘os’] == ‘Ubuntu‘ %}
– name: nload
{% elif grains[‘os’] == ‘FreeBSD‘ %}
– name: nload
{% endif %}
# The difference from configuration control utilities is SaltStack by default not execute state configurations. This is not by default but we can do this. With the following command we will apply all state configurations to all minions. This means state.sls call’s and execute top.sls file and top.sls calls and execute install.sls file. At the end in all minions will be installed nload package.
sudo salt ‘*’ state.highstate
# We can call and test any sls file with state.sls execution module. For example synchronize one file from saltmaster server to all minions. Add the following content to the /srv/salt/apache.sls file. In this lines we tell synchronize tesfile file from /srv/salt/fayllar folder to all minions /etc/testfile file path. The owner of file will be root and permissions will be 644:
/srv/salt$ sudo cat apache.sls
/etc/testfile:
file.managed:
– source: salt://fayllar/testfile
– user: root
– mode: 644
# Create the folder and add some lines to file placed in this folder:
/srv/salt$ sudo mkdir /srv/salt/fayllar
/srv/salt$ sudo cat /srv/salt/fayllar/testfile
dbname= db
dbpass= user
dbpass= pass
# Then send this file to all minions:
/srv/salt$ sudo salt ‘*’ state.sls apache
# For install a lot of packages to all minions in the same time, create file with /etc/srv/mypack.sls name and add the following lines. In this file we tell install packages with names mercurial and git to all minions.
/srv/salt$ sudo cat /etc/srv/mypack.sls
mypack:
pkg:
– installed
– pkgs:
– mercurial
– git
# Install selected packages to all minions:
/srv/salt$ sudo salt ‘*’ state.sls mypack
# For real-time debugging of minions we can use the following command:
sudo salt-minion -l debug
# About Pillar
Pillar gives tree structure possibility for data defining. With pillar we can control send only selected and secure data from master server to the minions.
# Sometimes you can be mistaken with grain and pillar. But remember grain’s saves data generated from minions. Information’s about CPU and OS places in grains. But pillar saves generated (on the SaltMaster server) information about minions.
# We can see the pillar information about minions with the following command:
/srv/pillar$ sudo salt ‘*’ pillar.items
# For test minions create some files and check. Firsly we create folder and needs SLS files.
/srv/pillar$ sudo mkdir -p /srv/pillar/{pkg,users}
# Add the following content to the top.sls file:
/srv/pillar$ sudo cat /srv/pillar/top.sls
base:
‘*’:
– data
– users
– pkg
# Then add needed calls path’s to the data.sls file.
/srv/pillar$ sudo cat /srv/pillar/data.sls
info: some data
# Set used data with UID:
/srv/pillar$ sudo cat /srv/pillar/users/init.sls
users:
thatch: 1000
shouse: 1001
utahdave: 1002
redbeard: 1003
#With the following example we define selected packages to the corresponding Linux/UNIX distributives:
/srv/pillar$ sudo cat /srv/pillar/pkg/init.sls
pkgs:
{% if grains[‘os_family’] == ‘CentOS’ %}
apache: httpd
vim: vim-enhanced
{% elif grains[‘os_family’] == ‘Ubuntu’ %}
apache: apache2
vim: vim
{% elif grains[‘os’] == ‘FreeBSD’ %}
mysql: mysql55-server
vim: vim
{% endif %}
# Send new pillar data’s to all minions:
/srv/pillar$ sudo salt ‘*’ saltutil.refresh_pillar
node1salt.opensource.az:
True
node4salt.opeensource.az:
True
node2salt.opensource.az:
True
node3salt.opensource.az:
True
# Salt States Sammlung
https://github.com/SS-archive/salt-states
https://github.com/nbari/my-salt
################
# Saltstack Infos/HowTos und Beispiele
##########################################
# Debian Stretch
wget -O - https://repo.saltstack.com/apt/debian/9/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
deb http://repo.saltstack.com/apt/debian/9/amd64/latest stretch main
# Ubuntu
deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main
deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2018.3/ xenial main
## Links zum Thema Saltstack
https://wyssmann.com/introduction-to-saltstack/
https://docs.saltstack.com/en/latest/ref/modules/all/
https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
http://www.xenuser.org/saltstack-cheat-sheet/
https://dev-eole.ac-dijon.fr/doc/cheatsheets/saltstack.html
https://github.com/eon01/SaltStackCheatSheet
https://github.com/harkx/saltstack-cheatsheet
https://www.youtube.com/watch?v=8ytAHUGponk
# Remote Befehl ausführen
salt * cmd.run "lsb_release -d"
# System Update/Upgrade
salt '*' pkg.upgrade
# User hinzufügen
salt * user.add thorsten
# Einen öffentlichen SSH Schlüssel hinterlegen
salt '*' ssh.set_auth_key thorsten AAAAB3NZACLY..p8cow==enc='rsa' comments='[email protected]'
# Standard-Shell ändern
salt '*' user.chshell thorsten /bin/bash
# Minions holen sich alle States ab:
root@minion# salt-call state.highstate
# Master schickt alle States (top.sls)
salt '*' state.highstate
# Master schickt einen State:
salt '*' state.sls create_user
# SaltStack examples
#-------------------#
SaltStack platform or Salt is a Python-based open source configuration management software and remote execution engine. Supporting the “Infrastructure as Code” approach to deployment and cloud management, it competes primarily with Puppet, Chef, and Ansible.
We will use some of default functions., Please considerate the Link bellow about the installation of Saltstack master and nodes. and please remember all these solutions are tested in our Unixmen virtual machines, jut to be sure that every thing is working fine.
Lets start :
INSTALL AND CONFIGURE SALTSTACK SERVER IN UBUNTU X64
Show disk usage for all minions:
jamal@saltmaster:~$ sudo salt ‘*’ disk.usage
Show exist documentations for all minions:
jamal@saltmaster:~$ sudo salt ‘*’ sys.doc
Check network status to all minions:
jamal@saltmaster:~$ sudo salt ‘*’ test.ping
Look at the /etc file system for all minions:
jamal@saltmaster:~$ sudo salt ‘*’ cmd.run ‘ls -l /etc’
Get system information from all minion installed servers:
jamal@saltmaster:/srv/pillar$ sudo salt “*” grains.items
Check just FreeBSD minion:
jamal@saltmaster:/srv/pillar$ sudo salt -G ‘os:FreebSD’ test.ping
node4salt.opeensource.az:
True
pkg function automatically get minion internal functionality. This means, the pkg.install command automatically will use yum for RedHat/Centos, for apt Ubuntu/Debian and pkg for FreeBSD.
Install vim package to node4salt.opensource.az FreeBSD server as follows:
jamal@saltmaster:~$ sudo salt ‘node4salt.opensource.az’ pkg.install vim
Get information from all minions about network card names, IP address, subnets with masks and MAC address:
jamal@saltmaster:~$ sudo salt ‘*’ network.interfaces
Find python path’s from all minions:
jamal@saltmaster:~$ sudo salt ‘*’ grains.item pythonpath –out=pprint
With state.sls name have different execution module which needs argument as SLS file. In next steps we will use state.sls function in details.
Create top.sls file in the already created /srv/salt folder and add the following lines (Default environment is base. In this syntax we told, * symbol is for all minions. The content of install.sls(this file must be in the same folder where placed top.sls file) file will be executed for all minions. Same for apache.sls file content must be as apache:
jamal@saltmaster:~$ sudo cat /srv/salt/top.sls
base:
‘*’:
– install
– apache
jamal@saltmaster:~$ sudo cat /srv/salt/install.sls
utilitler:
pkg.installed:
{% if grains[‘os’] == ‘CentOS‘ %}
– name: nload
{% elif grains[‘os’] == ‘Ubuntu‘ %}
– name: nload
{% elif grains[‘os’] == ‘FreeBSD‘ %}
– name: nload
{% endif %}
The difference from configuration control utilities is SaltStack by default not execute state configurations. This is not by default but we can do this. With the following command we will apply all state configurations to all minions. This means state.sls call’s and execute top.sls file and top.sls calls and execute install.sls file. At the end in all minions will be installed nload package.
jamal@saltmaster:~$ sudo salt ‘*’ state.highstate
We can call and test any sls file with state.sls execution module. For example synchronize one file from saltmaster server to all minions. Add the following content to the /srv/salt/apache.sls file. In this lines we tell synchronize tesfile file from /srv/salt/fayllar folder to all minions /etc/testfile file path. The owner of file will be root and permissions will be 644:
jamal@saltmaster:/srv/salt$ sudo cat apache.sls
/etc/testfile:
file.managed:
– source: salt://fayllar/testfile
– user: root
– mode: 644
Create the folder and add some lines to file placed in this folder:
jamal@saltmaster:/srv/salt$ sudo mkdir /srv/salt/fayllar
jamal@saltmaster:/srv/salt$ sudo cat /srv/salt/fayllar/testfile
dbname= db
dbpass= user
dbpass= pass
Then send this file to all minions:
jamal@saltmaster:/srv/salt$ sudo salt ‘*’ state.sls apache
For install a lot of packages to all minions in the same time, create file with /etc/srv/mypack.sls name and add the following lines. In this file we tell install packages with names mercurial and git to all minions.
jamal@saltmaster:/srv/salt$ sudo cat /etc/srv/mypack.sls
mypack:
pkg:
– installed
– pkgs:
– mercurial
– git
Install selected packages to all minions:
jamal@saltmaster:/srv/salt$ sudo salt ‘*’ state.sls mypack
For real-time debugging of minions we can use the following command:
jamal@node1salt:~$ sudo salt-minion -l debug
About Pillar
Pillar gives tree structure possibility for data defining. With pillar we can control send only selected and secure data from master server to the minions.
Sometimes you can be mistaken with grain and pillar. But remember grain’s saves data generated from minions. Information’s about CPU and OS places in grains. But pillar saves generated (on the SaltMaster server) information about minions.
We can see the pillar information about minions with the following command:
jamal@saltmaster:/srv/pillar$ sudo salt ‘*’ pillar.items
For test minions create some files and check. Firsly we create folder and needs SLS files.
jamal@saltmaster:/srv/pillar$ sudo mkdir -p /srv/pillar/{pkg,users}
Add the following content to the top.sls file:
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/top.sls
base:
‘*’:
– data
– users
– pkg
Then add needed calls path’s to the data.sls file.
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/data.sls
info: some data
Set used data with UID:
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/users/init.sls
users:
thatch: 1000
shouse: 1001
utahdave: 1002
redbeard: 1003
With the following example we define selected packages to the corresponding Linux/UNIX distributives:
jamal@saltmaster:/srv/pillar$ sudo cat /srv/pillar/pkg/init.sls
pkgs:
{% if grains[‘os_family’] == ‘CentOS’ %}
apache: httpd
vim: vim-enhanced
{% elif grains[‘os_family’] == ‘Ubuntu’ %}
apache: apache2
vim: vim
{% elif grains[‘os’] == ‘FreeBSD’ %}
mysql: mysql55-server
vim: vim
{% endif %}
Send new pillar data’s to all minions:
jamal@saltmaster:/srv/pillar$ sudo salt ‘*’ saltutil.refresh_pillar
node1salt.opensource.az:
True
node4salt.opeensource.az:
True
node2salt.opensource.az:
True
node3salt.opensource.az:
True
# Minion Installers
On Windows:
PS C:\ > $name = "win_"+$(hostname)+"_"+$(Get-Date -Format s)
PS C:\ > Salt-Minion-x64.exe /S /master=10.0.0.2 /minion-name=$name /start-service=1
On Linux w/ apt-get:
$ apt-get install salt-minion salt-common
$ wget http://10.0.0.2/minion
$ mv ./minion /etc/salt/minion
$ sudo service salt-minion start
Or install from a script:
$ wget http://10.0.0.2/saltmin.sh
$ chmod +x saltmin.sh
$ NOW=$(date +"%m-%d-%YT%k:%M:%S")
$ saltmin.sh -P -I -i "linux_`hostname`_`echo $NOW`" -A 10.0.0.2
Command Execution
Show which minions that are up:
salt-run manage.up
Show minions that are down:
salt-run manage.down
Show all minions status:
salt-run manage.status
Test all minions connectivity:
salt '*' test.ping
Check if a process is running on all minions:
salt '*' ps.grep apache
Check if a file on all minions contains a string:
salt "*" file.contains /etc/password "admin"
Pull a file from a subgroup of minions:
salt "linux*" cp.push /etc/passwd
Send a file from the master to a subgroup of minions:
salt-cp "linux*" script_to_copy.py /target-dir/copy_of_script.py
Run arbitrary commands on a subgroup of minions:
salt "linux*" cmd.run "ls -lah /home/"
Get networking info from all minions:
salt '*' network.ip_addrs
More available network modules:
network.ping, network.traceroute, network.get_hostname, network.mod_hostname
Get uptime of all minions:
salt '*' status.uptime
Reboot all minions:
salt '*' system.reboot
Service status:
salt '*' service.status
salt '*' service.start httpd
salt '*' service.stop httpd
Cheat Sheet Saltstack
March 23, 2018 Adrian 0 Comments
Below a summary of important Salt commands
General
Update the fileserver cache. If no backend is provided, then the cache for all configured backends will be updated.
ZSH
salt-run fileserver.update
# Narrow fileserver backends to a subset of the enabled ones
salt-run fileserver.update backend=roots,git
salt-run fileserver.update
# Narrow fileserver backends to a subset of the enabled ones
salt-run fileserver.update backend=roots,git
Forcibly removes all caches on a minion.
ZSH
salt '*' saltutil.clear_cache
salt '*' saltutil.clear_cache
States
Passing pillar data ad hoc
ZSH
salt '*' state.apply ftpsync pillar='{"ftpusername": "test", "ftppassword": "0ydyfww3giq8"}'
salt '*' state.apply ftpsync pillar='{"ftpusername": "test", "ftppassword": "0ydyfww3giq8"}'
Return a list of files from the salt fileserver
ZSH
salt-run fileserver.file_list
# Lists only files for fileserver environment 'prod'
salt-run fileserver.file_list saltenv=prod
# Narrow fileserver backends to git only
salt-run fileserver.file_list saltenv=dev backend=git
salt-run fileserver.file_list
# Lists only files for fileserver environment 'prod'
salt-run fileserver.file_list saltenv=prod
# Narrow fileserver backends to git only
salt-run fileserver.file_list saltenv=dev backend=git
Apply a state or states to
ZSH
# apply all configured states
salt '*' state.apply
# Custom Pillar values, passed as a dictionary of key-value pairs
salt '*' state.apply test pillar='{"foo": "bar"}'
# Exclude specific states from execution
salt '*' state.apply exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]"
# apply all configured states
salt '*' state.apply
# Custom Pillar values, passed as a dictionary of key-value pairs
salt '*' state.apply test pillar='{"foo": "bar"}'
# Exclude specific states from execution
salt '*' state.apply exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]"
Pillars
We are going to use the Salt pillar value we just configured, so let’s first refresh Salt pillar data on all minions:
ZSH
salt '*' saltutil.refresh_pillar
salt '*' saltutil.refresh_pillar
Grains
Available grains can and grain values can be listed
ZSH
# list grains
salt '*' grains.ls
# list grains data
salt '*' grains.items
# list grains
salt '*' grains.ls
# list grains data
salt '*' grains.items
List values for a specific grain for all minions
ZSH
salt '*' grains.get os
salt '*' grains.get os
https://github.com/harkx/saltstack-cheatsheet
SaltStack Cheat Sheet .. My collection of often used commands on my Salt master.
This list is partly inspired by the fine lists on:
http://www.xenuser.org/saltstack-cheat-sheet/
https://github.com/saltstack/salt/wiki/Cheat-Sheet
Table of Contents generated with DocToc
SaltStack Cheat Sheet
First things first : Documentation
Documentation on the system
Documentation on the web
Minions
Minion status
Target minion with state files
Grains
Jobs in Salt
Sysadmin specific
System and status
Packages
Check status of a service and manipulate services
Network
Salt Cloud
Documentation
This is important because the help system is very good.
Documentation on the system
salt '*' sys.doc # output sys.doc (= all documentation)
salt '*' sys.doc pkg # only sys.doc for pkg module
salt '*' sys.doc network # only sys.doc for network module
salt '*' sys.doc system # only sys.doc for system module
salt '*' sys.doc status # only sys.doc for status module
Documentation on the web
SaltStack documentation: http://docs.saltstack.com/en/latest/
Salt-Cloud: http://docs.saltstack.com/en/latest/topics/cloud/
Jobs: http://docs.saltstack.com/en/latest/topics/jobs/
Minions
Minion status
You can also use several commands to check if minions are alive and kicking but I prefer manage.status/up/down.
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run manage.up # Any minions that are up?
salt-run manage.down # Any minions that are down?
salt-run manage.alived # Show all alive minions
salt '*' test.version # Display salt version
salt '*' test.ping # Use test module to check if minion is up and responding.
# (Not an ICMP ping!)
Target minion with state files
Apply a specific state file to a (group of..) minion(s). Do not use the .sls extension. (just like in the state files!)
salt '*' state.sls mystatefile # mystatefile.sls will be applied to *
salt 'minion1' state.sls prod.somefile # prod/somefile.sls will be applied to minion1
Grains
List all grains on all minions
salt '*' grains.ls
Look at a single grains item to list the values.
salt '*' grains.item os # Show the value of the OS grain for every minion
salt '*' grains.item roles # Show the value of the roles grain for every minion
Manipulate grains.
salt 'minion1' grains.setval mygrain True # Set mygrain to True (create if it doesn't exist yet)
salt 'minion1' grains.delval mygrain # Delete the value of the grain
Jobs in Salt
Some jobs operations that are often used. (http://docs.saltstack.com/en/latest/topics/jobs/)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
Sysadmin specific
Some stuff that is specifically of interest for sysadmins.
System and status
salt 'minion-x-*' system.reboot # Let's reboot all the minions that match minion-x-*
salt '*' status.uptime # Get the uptime of all our minions
Packages
salt '*' pkg.list_upgrades # get a list of packages that need to be upgrade
salt '*' pkg.upgrade # Upgrades all packages via apt-get dist-upgrade (or similar)
salt '*' pkg.version bash # get current version of the bash package
salt '*' pkg.install bash # install or upgrade bash package
salt '*' pkg.install bash refresh=True # install or upgrade bash package but
# refresh the package database before installing.
Check status of a service and manipulate services
salt '*' service.status <service name>
salt '*' service.available <service name>
salt '*' service.start <service name>
salt '*' service.restart <service name>
salt '*' service.stop <service name>
Network
Do some network stuff on your minions.
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
salt 'minion1' network.traceroute <hostname> # Traceroute a host from your minion
salt 'minion1' network.get_hostname # Get hostname
salt 'minion1' network.mod_hostname # Modify hostname
Salt Cloud
Salt Cloud is used to provision virtual machines in the cloud. (surprise!) (http://docs.saltstack.com/en/latest/topics/cloud/)
salt-cloud -p profile_do my-vm-name -l debug # Provision using profile_do as profile
# and my-vm-name as the virtual machine name while
# using the debug option.
salt-cloud -d my-vm-name # destroy the my-vm-name virtual machine.
salt-cloud -u # Update salt-bootstrap to latest develop version on GitHub.
https://github.com/eon01/SaltStackCheatSheet
SaltStackCheatSheet
This code is a part from "SaltStack For DevOps" Book : https://leanpub.com/saltstackfordevops/
Official website: http://saltstackfordevops.com
SaltStack For DevOps
Installing SaltStack - Ubuntu 14.*
wget -O - https://repo.saltstack.com/apt/ubuntu/ubuntu14/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/apt/ubuntu/ubuntu14/latest trusty main' | sudo tee -a /etc/apt/sources.list
sudo apt-get update
# Master installation
apt-get install salt-master
# Minion installation
apt-get install salt-minion
# Salt ssh installation
apt-get install salt-ssh
# Salt syndic installation
apt-get install salt-syndic
# Salt API installation
apt-get install salt-api
Bootstrapping Salt Minion
curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh install_salt.sh
Salt Key Management
# Listing Salt requests
salt-key -L
# Accepting all requests
salt-key -A
# Accepting a single request (from myNode)
salt-key -a myNode
# Removing the key of a Salt 'myNode' Minion
salt-key -d minion_id
Debugging
# Debugging the master
salt-master -l debug
# Debugging the minion
salt-minion -l debug
# Restarting the minion without cache
stop master/minion
rm -rf /var/cache/salt
start master/minion
SaltStack Documentation
# Viewing all the documentation
salt '*' sys.doc
# Viewing a module documentation
salt '*' sys.doc module_name
#Examples:
salt '*' sys.doc status
salt '*' sys.doc pkg
salt '*' sys.doc network
salt '*' sys.doc system
salt '*' sys.doc cloud
# Viewing a function documentation
salt '*' sys.doc module_name function_name
# Examples:
salt '*' sys.doc auth django
salt '*' sys.doc sdb sqlite3
SaltStack Modules And Functions
salt '*' sys.list_modules
salt '*' sys.list_functions
Compound Matchers
Letter Match Type Example Alt Delimiter?]
G Grains glob G@os:Ubuntu Yes
E PCRE Minion ID E@web\d+.(dev|qa|prod).loc No
P Grains PCRE P@os:(RedHat|Fedora|CentOS) Yes
L List of minions [email protected],minion3.domain.com or bl*.domain.com No
I Pillar glob I@pdata:foobar Yes
J Pillar PCRE J@pdata:^(foo|bar)$ Yes
S Subnet/IP address [email protected]/24 or [email protected] No
R Range cluster R@%foo.bar No
Other examples:
# Examples taken from: https://docs.saltstack.com/en/latest/topics/targeting/compound.html
# Joining
salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping
# Excluding
salt -C 'not web-dc1-srv' test.ping
Upgrades & Versions
#
# Listing upgrades
salt '*' pkg.list_upgrades
# Upgrading
salt '*' pkg.upgrade
# List the packages currently installed as a dict
salt '*' pkg.list_pkgs versions_as_list=True
# Refresh the pkgutil repo database
salt '*' pkgutil.refresh_db
# Check the version of a package
salt '*' pkgutil.version mongodb
Packages Manipulation
# Installation
salt '*' pkg.install apache2
# Latest version installation
salt '*' pkgutil.latest_version mysql-common
# Removing package(s)
salt '*' pkg.remove vim
# Purging package(s)
salt '*' pkg.purge apache2 mysql-server
Reboot & Uptime
# Reboot
salt '*' system.reboot
#Uptime
salt '*' status.uptime
Using Grains
# Syncing grains
salt '*' saltutil.sync_grains
# Available grains can be listed by using the ‘grains.ls’ module:
salt '*' grains.ls
# Grains data can be listed by using the ‘grains.items’ module:
salt '*' grains.items
# Grains have values that could be called via ‘grains.get <grain_name>’ (path is the name of a grain)
salt '*' grains.get path
Syncing Data
# Syncing grains
salt '*' saltutil.sync_grains
# Syncing everything from grains to modules, outputters, renderers, returners, states and utils.
salt '*' saltutil.sync_all
Running System Commands
salt "*" cmd.run "ls -lrth /data"
salt "*" cmd.run "df -kh /data"
salt "*" cmd.run "du -sh /data"
Working With Services
# Apache example
# Checking if service is available
salt '*' service.available apache2
# Manipulating Apache2 service
salt '*' service.status apache2
salt '*' service.start apache2
salt '*' service.restart apache2
salt '*' service.stop apache2
Network Management
# Get IP of your minion
salt '*' network.ip_addrs
# Ping a host from your minion
salt '*' network.ping localhost
# Traceroute a host from your minion
salt '*' network.traceroute localhost
# Get hostname
salt '*' network.get_hostname
# Modify hostname to 'myNode'
salt '*' network.mod_hostname myNode
# Information on all of the running TCP connections
salt '*' network.active_tcp
# Return the arp table from the minion
salt '*' network.arp
# Test connectivity
salt '*' network.connect google-public-dns-a.google.com port=53 proto=udp timeout=3
# Get default route
salt '*' network.default_route
# Execute dig
salt '*' network.dig eon01.com
# Get the MAC addres of eth0 interface
salt '*' network.hw_addr eth0
# Get the inet addres of eth1 interface
salt '*' network.interface eth1
# Get the IP addres of tun interface
salt '*' network.interface_ip tun
Working With HTTP Requests
# Get the html source code of a page
salt-run http.query http://eon01.com text=true
# Get the header of a page
salt-run http.query http://eon01.com headers=true
# Get the response code from a web server
salt-run http.query http://eon01.com status=true
# Sending a post request
salt '*' http.query http://domain.com/ method=POST params='key1=val1&key2=val2'
#
Job Management
# List active jobs
salt-run jobs.active
# List all jobs with the id and other information
salt-run jobs.list_jobs
# List multiple information about the job with the id:20151101225221651308 like the result output
salt-run jobs.lookup_jid 20151101225221651308
# Kill the job with the id:20151101225221651308
salt 'server' saltutil.kill_job 20151101225221651308
Scheduling Feature
# Schedule a job called "scheduled_job"
salt '*' schedule.add scheduled_job function='cmd.run' job_args="['']" seconds=10
# Enable the job
salt '*' schedule.enable_job scheduled_job
# Disable the job
salt '*' schedule.disable_job scheduled_job
Working With SLS
salt '*' state.show_sls
Testing States
salt '*' state.highstate test=True
salt '*' state.sls test=True
salt '*' state.single test=True
Load testing
# Starting 20 minions
wget https://raw.githubusercontent.com/saltstack/salt/develop/tests/minionswarm.py; python minionswarm.py -m 20 --master salt-master;
State Declaration Structure
# Source: https://docs.saltstack.com/en/latest/ref/states/highstate.html#state-declaration
# Standard declaration
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Inline function and names
<ID Declaration>:
<State Module>.<Function>:
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# Multiple states for single id
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
<State Module>:
- <Function>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
SaltStack Github Repositories
Django with SaltStack https://github.com/wunki/django-salted
Salt GUI pad https://github.com/tinyclues/saltpad
Openstack automation with SaltStack https://github.com/CSSCorp/openstack-automation
A curated collection of working salt states and configurations for use in your saltstack setup. https://github.com/saltops/saltmine
These are all of the configuration files needed to built a Wordpress development environment with Vagrant, Virtual Box and SaltStack https://github.com/paulehr/saltstack-wordpress
Java bindings for the SaltStack API https://github.com/SUSE/saltstack-netapi-client-java
Vim snippets for SaltStack states files https://github.com/StephenPCG/vim-snippets-salt
Metrics for SaltStack https://github.com/pengyao/salt-metrics
Salt GUI https://github.com/saltstack/halite
#==============================##==============================#
# CMD SALTSTACK #
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command saltstack in a clear format. This allows users to quickly access the needed information for saltstack without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for saltstack are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.