1. SaltStack模块介绍

Module是日常使用SaltStack接触最多的一个组件，其用于管理对象操作，这也是SaltStack通过Push的方式进行管理的入口，比如我们日常简单的执行命令、查看包安装情况、查看服务运行情况等工作都是通过SaltStack Module来实现的。

当安装好Master和Minion包后，系统上会安装很多Module，大家可以通过以下命令查看支持的所有Module列表：

//查看所有module列表
[ ~]# salt 'node1*' sys.list_modules
node1:
    - acl
    - aliases
    - alternatives
    - ansible
    - archive
    - artifactory
    - beacons
    - bigip
    - btrfs
    - buildout
    - chroot
    - cloud
    - cmd
    - composer
    - config
    - consul
...

//查看指定module的所有function
[ ~]# salt 'node1*' sys.list_functions cmd
node1:
    - cmd.exec_code
    - cmd.exec_code_all
    - cmd.has_exec
    - cmd.powershell
    - cmd.powershell_all
    - cmd.retcode
    - cmd.run
    - cmd.run_all
    - cmd.run_bg
    - cmd.run_chroot
    - cmd.run_stderr
    - cmd.run_stdout
    - cmd.script
    - cmd.script_retcode
    - cmd.shell
    - cmd.shell_info
    - cmd.shells
    - cmd.tty
    - cmd.which
    - cmd.which_bin

//查看指定module的用法
[ ~]# salt 'node1*' sys.doc cmd
'cmd.exec_code:'

    Pass in two strings, the first naming the executable language, aka -
    python2, python3, ruby, perl, lua, etc. the second string containing
    the code you wish to execute. The stdout will be returned.

    CLI Example:

        salt '*' cmd.exec_code ruby 'puts "cheese"' 
...

2. SaltStack常用模块

2.1 SaltStack常用模块之network

2.1.1 network.active_tcp

[ ~]# salt '*' network.active_tcp
node1:
    ----------
    0:
        ----------
        local_addr:
            192.168.136.164
        local_port:
            4505
        remote_addr:
            192.168.136.164
        remote_port:
            41790
    1:
        ----------
        local_addr:
            192.168.136.164
        local_port:
            4505
        remote_addr:
            192.168.136.165
        remote_port:
            56486
    2:
        ----------
        local_addr:
            192.168.136.164
        local_port:
            41790
        remote_addr:
            192.168.136.164
        remote_port:
            4505
    3:
        ----------
        local_addr:
            192.168.136.164
        local_port:
            22
        remote_addr:
            192.168.136.1
        remote_port:
            52454
node2:
    ----------
    0:
        ----------
        local_addr:
            192.168.136.165
        local_port:
            56486
        remote_addr:
            192.168.136.164
        remote_port:
            4505
    1:
        ----------
        local_addr:
            192.168.136.165
        local_port:
            22
        remote_addr:
            192.168.136.1
        remote_port:
            52458

2.1.2 network.calc_net

通过IP和子网掩码计算出网段

[ ~]# salt '*' network.calc_net 192.168.136.164 255.255.255.0
node2:
    192.168.136.0/24
node1:
    192.168.136.0/24

2.1.3 network.connect

测试minion至某一台服务器的网络是否连通

[ ~]# salt '*' network.connect baidu.com 80
node1:
    ----------
    comment:
        Successfully connected to baidu.com (220.181.38.148) on tcp port 80
    result:
        True
node2:
    ----------
    comment:
        Successfully connected to baidu.com (220.181.38.148) on tcp port 80
    result:
        True

2.1.4 network.default_route

查看默认路由

[ ~]# salt '*' network.default_route
node2:
    |_
      ----------
      addr_family:
          inet
      destination:
          0.0.0.0
      flags:
          UG
      gateway:
          192.168.136.2
      interface:
          ens33
      netmask:
          0.0.0.0
    |_
      ----------
      addr_family:
          inet6
      destination:
          ::/0
      flags:
          !n
      gateway:
          ::
      interface:
          lo
      netmask:
    |_
      ----------
      addr_family:
          inet6
      destination:
          ::/0
      flags:
          !n
      gateway:
          ::
      interface:
          lo
      netmask:
node1:
    |_
      ----------
      addr_family:
          inet
      destination:
          0.0.0.0
      flags:
          UG
      gateway:
          192.168.136.2
      interface:
          ens33
      netmask:
          0.0.0.0
    |_
      ----------
      addr_family:
          inet6
      destination:
          ::/0
      flags:
          !n
      gateway:
          ::
      interface:
          lo
      netmask:
    |_
      ----------
      addr_family:
          inet6
      destination:
          ::/0
      flags:
          !n
      gateway:
          ::
      interface:
          lo
      netmask:

2.1.5 network.get_fqdn

查看主机的fqdn(完全限定域名)

[ ~]# salt '*' network.get_fqdn
node2:
    node2
node1:
    node1

2.1.6 network.get_hostname

获取主机名

[ ~]# salt '*' network.get_hostname
node2:
    node2
node1:
    node1

2.1.7 network.get_route

查询到一个目标网络的路由信息

[ ~]# salt '*' network.get_route 192.168.136.164
node2:
    ----------
    destination:
        192.168.136.164
    gateway:
        None
    interface:
        ens33
    source:
        192.168.136.165
node1:
    ----------
    destination:
        192.168.136.164
    gateway:
        None
    interface:
        lo
    source:
        192.168.136.164

2.1.8 network.hw_addr

返回指定网卡的MAC地址

[ ~]# salt '*' network.hw_addr ens33
node2:
    00:0c:29:00:52:6e
node1:
    00:0c:29:26:a4:52

2.1.9 network.ifacestartswith

从特定CIDR检索接口名称

[ ~]# salt '*' network.ifacestartswith 192.168
node2:
    - ens33
node1:
    - ens33

2.1.10 network.in_subnet

判断当前主机是否在某一个网段内

[ ~]# salt '*' network.in_subnet 192.168.136.0/24
node2:
    True
node1:
    True

2.1.11 network.interface

返回指定网卡的信息

[ ~]# salt '*' network.interface ens33
node1:
    |_
      ----------
      address:
          192.168.136.164
      broadcast:
          192.168.136.255
      label:
          ens33
      netmask:
          255.255.255.0
node2:
    |_
      ----------
      address:
          192.168.136.165
      broadcast:
          192.168.136.255
      label:
          ens33
      netmask:
          255.255.255.0

2.1.12 network.interface_ip

返回指定网卡的IP地址

[ ~]# salt '*' network.interface_ip ens33
node2:
    192.168.136.165
node1:
    192.168.136.164

2.1.13 network.interfaces

返回当前系统中所有的网卡信息

[ ~]# salt '*' network.interfaces
node1:
    ----------
    ens33:
        ----------
        hwaddr:
            00:0c:29:26:a4:52
        inet:
            |_
              ----------
              address:
                  192.168.136.164
              broadcast:
                  192.168.136.255
              label:
                  ens33
              netmask:
                  255.255.255.0
        inet6:
            |_
              ----------
              address:
                  fe80::ff7a:d77e:ff2:64bd
              prefixlen:
                  64
              scope:
                  link
        up:
            True
    ens38:
        ----------
        hwaddr:
            00:0c:29:26:a4:5c
        up:
            True
    ens39:
        ----------
        hwaddr:
            00:0c:29:26:a4:66
        up:
            True
    lo:
        ----------
        hwaddr:
            00:00:00:00:00:00
        inet:
            |_
              ----------
              address:
                  127.0.0.1
              broadcast:
                  None
              label:
                  lo
              netmask:
                  255.0.0.0
        inet6:
            |_
              ----------
              address:
                  ::1
              prefixlen:
                  128
              scope:
                  host
        up:
            True
node2:
    ----------
    ens33:
        ----------
        hwaddr:
            00:0c:29:00:52:6e
        inet:
            |_
              ----------
              address:
                  192.168.136.165
              broadcast:
                  192.168.136.255
              label:
                  ens33
              netmask:
                  255.255.255.0
        inet6:
            |_
              ----------
              address:
                  fe80::cb81:16ba:de26:872d
              prefixlen:
                  64
              scope:
                  link
        up:
            True
    lo:
        ----------
        hwaddr:
            00:00:00:00:00:00
        inet:
            |_
              ----------
              address:
                  127.0.0.1
              broadcast:
                  None
              label:
                  lo
              netmask:
                  255.0.0.0
        inet6:
            |_
              ----------
              address:
                  ::1
              prefixlen:
                  128
              scope:
                  host
        up:
            True

2.1.14 network.ip_addrs

返回一个IPv4的地址列表
该函数将会忽略掉127.0.0.1的地址

[ ~]# salt '*' network.ip_addrs
node2:
    - 192.168.136.165
node1:
    - 192.168.136.164

2.1.15 network.netstat

返回所有打开的端口和状态

[ ~]# salt '*' network.netstat
node2:
    |_
      ----------
      inode:
          19461
      local-address:
          0.0.0.0:22
      program:
          1005/sshd
      proto:
          tcp
      recv-q:
          0
      remote-address:
          0.0.0.0:*
      send-q:
          0
      state:
          LISTEN
      user:
          0
....

2.1.16 network.ping

使用ping命令测试到某主机的连通性

[ ~]# salt '*' network.ping baidu.com
node1:
    PING baidu.com (220.181.38.148) 56(84) bytes of data.
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=36.9 ms
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=2 ttl=128 time=92.2 ms
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=3 ttl=128 time=42.6 ms
    64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=4 ttl=128 time=98.2 ms
    
    --- baidu.com ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3006ms
    rtt min/avg/max/mdev = 36.962/67.500/98.216/27.863 ms
node2:
    PING baidu.com (39.156.69.79) 56(84) bytes of data.
    64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=128 time=36.8 ms
    64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=2 ttl=128 time=92.1 ms
    64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=3 ttl=128 time=42.5 ms
    64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=4 ttl=128 time=94.8 ms
    
    --- baidu.com ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3006ms
    rtt min/avg/max/mdev = 36.842/66.605/94.882/27.003 ms

2.1.17 network.reverse_ip

返回一个指定的IP地址的反向地址

[ ~]# salt '*' network.reverse_ip 192.168.136.164
node2:
    164.136.168.192.in-addr.arpa
node1:
    164.136.168.192.in-addr.arpa

2.2 SaltStack常用模块之service

2.2.1 service.available

判断指定的服务是否可用

[ ~]# salt '*' service.available sshd
node1:
    True
node2:
    True
[ ~]# salt '*' service.available vsftpd
node1:
    False
node2:
    False

2.2.2 service.get_all

获取所有正在运行的服务

[ ~]# salt '*' service.get_all
node1:
    - NetworkManager
    - NetworkManager-dispatcher
    - NetworkManager-wait-online
    - arp-ethers
    - auditd
    - 
    - basic.target
    - blk-availability
    - bluetooth.target
    - brandbot
    - brandbot.path
    - 
    - 
    - chrony-wait
    - chronyd
    - console-getty
    - console-shell
    - 
    - cpupower
    - crond
    - cryptsetup-pre.target
    - cryptsetup.target
    - ctrl-alt-del.target
...

2.2.3 service.disabled

检查指定服务是否开机不自动启动

[ ~]# salt '*' service.disabled firewalld
node1:
    True
node2:
    True

2.2.4 service.enabled

检查指定服务是否开机自动启动

[ ~]# salt '*' service.enabled firewalld
node2:
    False
node1:
    False

2.2.5 service.enable

设置指定服务开机自动启动

[ ~]# salt '*' service.enable firewalld
node2:
    True
node1:
    True

2.2.6 service.disable

设置指定服务开机不自动启动

[ ~]# salt '*' service.disable firewalld
node2:
    True
node1:
    True

SaltStack常用的模块