SaltStack相关命令
/usr/bin/salt --salt master核心操作命令
/usr/bin/salt-cp --salt 文件传输命令
/usr/bin/salt-key --salt 证书管理命令
/usr/bin/salt-master
/usr/bin/salt-run
/usr/bin/salt-unity
salt命令
salt 该命令执行salt的执行模块,通常在master端运行,也是我们最常用到的命令
语法: salt [options] '<target>' <function> [arguments]
如: salt '*' test.ping
Options:
--version show program's version number and exit
--versions-report show program's dependencies version number and exit
-h, --help show this help message and exit
--saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one
will be searched for in the current working directory
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-t TIMEOUT, --timeout=TIMEOUT
Change the timeout, if applicable, for the running
command; default=5
--hard-crash Raise any original exception rather than exiting
gracefully Default: False
-s, --static Return the data from minions as a group after they all
return.
-p, --progress Display a progress graph. [Requires `progressbar`
python package.]
--failhard Stop batch execution upon first "bad" return
--async Run the salt command but don't wait for a reply
--subset=SUBSET Execute the routine on a random subset of the targeted
minions. The minions will be verified that they have
the named function before executing
-v, --verbose Turn on command verbosity, display jid and active job
queries
--hide-timeout Hide minions that timeout
--show-jid Display jid without the additional output of --verbose
-b BATCH, --batch=BATCH, --batch-size=BATCH
Execute the salt job in batch mode, pass either the
number of minions to batch at a time, or the
percentage of minions to have running
-a EAUTH, --auth=EAUTH, --eauth=EAUTH, --external-auth=EAUTH
Specify an external authentication system to use.
-T, --make-token Generate and save an authentication token for re-use.
The token is generated and made available for the
period defined in the Salt Master.
--return=RETURNER Set an alternative return method. By default salt will
send the return data from the command back to the
master, but the return data can be redirected into any
number of systems, databases or applications.
--return_config=RETURNER_CONF
Set an alternative return method. By default salt will
send the return data from the command back to the
master, but the return data can be redirected into any
number of systems, databases or applications.
-d, --doc, --documentation
Return the documentation for the specified module or
for all modules if none are specified.
--args-separator=ARGS_SEPARATOR
Set the special argument used as a delimiter between
command arguments of compound commands. This is useful
when one wants to pass commas as arguments to some of
the commands in a compound command.
--summary Display summary information about a salt command
--username=USERNAME Username for external authentication
--password=PASSWORD Password for external authentication
--metadata=METADATA Pass metadata into Salt, used to search jobs.
Logging Options:
Logging options which override any settings defined on the
configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
Target Options:
Target Selection Options
-E, --pcre Instead of using shell globs to evaluate the target
servers, use pcre regular expressions
-L, --list Instead of using shell globs to evaluate the target
servers, take a comma or space delimited list of
servers.
-G, --grain Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a
globexpression: "os:Arch*"
--grain-pcre Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a pcre regular
expression: "os:Arch.*"
-N, --nodegroup Instead of using shell globs to evaluate the target
use one of the predefined nodegroups to identify a
list of targets.
-R, --range Instead of using shell globs to evaluate the target
use a range expression to identify targets. Range
expressions look like %cluster
-C, --compound The compound target option allows for multiple target
types to be evaluated, allowing for greater
granularity in target matching. The compound target is
space delimited, targets other than globs are preceded
with an identifier matching the specific targets
argument type: salt 'G@os:RedHat and webser* or
E@database.*'
-I, --pillar Instead of using shell globs to evaluate the target
use a pillar value to identify targets, the syntax for
the target is the pillar key followed by a glob
expression: "role:production*"
-J, --pillar-pcre Instead of using shell globs to evaluate the target
use a pillar value to identify targets, the syntax for
the target is the pillar key followed by a pcre
regular expression: "role:prod.*"
-S, --ipcidr Match based on Subnet (CIDR notation) or IPv4 address.
Additional Target Options:
Additional Options for Minion Targeting
--delimiter=DELIMITER
Change the default delimiter for matching in multi-
level data structures. default=':'
Output Options:
Configure your preferred output format
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt' command using the
specified outputter. The builtins are 'key', 'yaml',
'overstatestage', 'newline_values_only', 'pprint',
'txt', 'raw', 'virt_query', 'compact', 'json',
'highstate', 'nested', 'quiet', 'no_return'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file
--out-file-append, --output-file-append
Append the output to the specified file
--no-color, --no-colour
Disable all colored output
--force-color, --force-colour
Force colored output
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of full, terse, mixed, changes or filter.
Default: full.
salt-key命令
salt-key 密钥管理,通常在master端执行
语法: salt-key [options]
Salt key is used to manage Salt authentication keys
Options:
--version show program's version number and exit
--versions-report show program's dependencies version number and exit
-h, --help show this help message and exit
--saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one
will be searched for in the current working directory
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-u USER, --user=USER Specify user to run salt-key
--hard-crash Raise any original exception rather than exiting
gracefully Default: False
-q, --quiet Suppress output
-y, --yes Answer Yes to all questions presented, defaults to
False
--rotate-aes-key=ROTATE_AES_KEY
Setting this to False prevents the master from
refreshing the key session when keys are deleted or
rejected, this lowers the security of the key
deletion/rejection operation. Default is True.
Logging Options:
Logging options which override any settings defined on the
configuration files.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/key.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
Output Options:
Configure your preferred output format
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt-key' command using the
specified outputter. The builtins are 'key', 'yaml',
'overstatestage', 'newline_values_only', 'pprint',
'txt', 'raw', 'virt_query', 'compact', 'json',
'highstate', 'nested', 'quiet', 'no_return'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file
--out-file-append, --output-file-append
Append the output to the specified file
--no-color, --no-colour
Disable all colored output
--force-color, --force-colour
Force colored output
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of full, terse, mixed, changes or filter.
Default: full.
Actions:
-l ARG, --list=ARG List the public keys. The args "pre", "un", and
"unaccepted" will list unaccepted/unsigned keys. "acc"
or "accepted" will list accepted/signed keys. "rej" or
"rejected" will list rejected keys. "den" or "denied"
will list denied keys. Finally, "all" will list all
keys.
-L, --list-all List all public keys. (Deprecated: use "--list all")
-a ACCEPT, --accept=ACCEPT
Accept the specified public key (use --include-all to
match rejected keys in addition to pending keys).
Globs are supported.
-A, --accept-all Accept all pending keys
-r REJECT, --reject=REJECT
Reject the specified public key (use --include-all to
match accepted keys in addition to pending keys).
Globs are supported.
-R, --reject-all Reject all pending keys
--include-all Include non-pending keys when accepting/rejecting
-p PRINT, --print=PRINT
Print the specified public key
-P, --print-all Print all public keys
-d DELETE, --delete=DELETE
Delete the specified key. Globs are supported.
-D, --delete-all Delete all keys
-f FINGER, --finger=FINGER
Print the specified key's fingerprint
-F, --finger-all Print all keys' fingerprints
Key Generation Options:
--gen-keys=GEN_KEYS
Set a name to generate a keypair for use with salt
--gen-keys-dir=GEN_KEYS_DIR
Set the directory to save the generated keypair, only
works with "gen_keys_dir" option; default=.
--keysize=KEYSIZE Set the keysize for the generated key, only works with
the "--gen-keys" option, the key size must be 2048 or
higher, otherwise it will be rounded up to 2048; ;
default=2048
--gen-signature Create a signature file of the masters public-key
named master_pubkey_signature. The signature can be
send to a minion in the masters auth-reply and enables
the minion to verify the masters public-key
cryptographically. This requires a new signing-key-
pair which can be auto-created with the --auto-create
parameter
--priv=PRIV The private-key file to create a signature with
--signature-path=SIGNATURE_PATH
The path where the signature file should be written
--pub=PUB The public-key file to create a signature for
--auto-create Auto-create a signing key-pair if it does not yet
exist
salt-cp命令
salt-cp 分发文件到minion上,不支持目录分发,通常在master运行
语法: salt-cp [options] '<target>' SOURCE DEST
如:salt-cp '*' /root/m.txt /usr/local/m.txt
salt-cp is NOT intended to broadcast large files, it is intended to handle
text files. salt-cp can be used to distribute configuration files.
Options:
--version show program's version number and exit
--versions-report show program's dependencies version number and exit
-h, --help show this help message and exit
--saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one
will be searched for in the current working directory
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-t TIMEOUT, --timeout=TIMEOUT
Change the timeout, if applicable, for the running
command; default=5
--hard-crash Raise any original exception rather than exiting
gracefully Default: False
Logging Options:
Logging options which override any settings defined on the
configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
Target Options:
Target Selection Options
-E, --pcre Instead of using shell globs to evaluate the target
servers, use pcre regular expressions
-L, --list Instead of using shell globs to evaluate the target
servers, take a comma or space delimited list of
servers.
-G, --grain Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a
globexpression: "os:Arch*"
--grain-pcre Instead of using shell globs to evaluate the target
use a grain value to identify targets, the syntax for
the target is the grain key followed by a pcre regular
expression: "os:Arch.*"
-N, --nodegroup Instead of using shell globs to evaluate the target
use one of the predefined nodegroups to identify a
list of targets.
-R, --range Instead of using shell globs to evaluate the target
use a range expression to identify targets. Range
expressions look like %cluster
Additional Target Options:
Additional Options for Minion Targeting
--delimiter=DELIMITER
Change the default delimiter for matching in multi-
level data structures. default=':'
salt-master命令
salt-master master运行命令
语法: salt-master
如:
salt-master #前台运行master
salt-master -d #后台运行master
salt-master -l debug #前台debug输出
The Salt master, used to control the Salt minions.
Options:
--version show program's version number and exit
--versions-report show program's dependencies version number and exit
-h, --help show this help message and exit
--saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one
will be searched for in the current working directory
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-u USER, --user=USER Specify user to run salt-master
-d, --daemon Run the salt-master as a daemon
--pid-file=PIDFILE Specify the location of the pidfile. Default: /var/run
/salt-master.pid
Logging Options:
Logging options which override any settings defined on the
configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
salt-run命令
salt-run 该命令执行runner,通常在master端执行,比如经常用到的manage
语法: salt-run [options]
如:
salt-run manage.status #查看所有minion状态
salt-run manage.down #查看所有没在线minion
salt-run manged.up #查看所有在线minion
Options:
--version show program's version number and exit
--versions-report show program's dependencies version number and exit
-h, --help show this help message and exit
--saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one
will be searched for in the current working directory
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-t TIMEOUT, --timeout=TIMEOUT
Change the timeout, if applicable, for the running
command; default=1
--hard-crash Raise any original exception rather than exiting
gracefully Default: False
-d, --doc, --documentation
Display documentation for runners, pass a runner or
runner.function to see documentation on only that
runner or function.
--async Start the runner operation and immediately return
control.
Logging Options:
Logging options which override any settings defined on the
configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
Output Options:
Configure your preferred output format
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt-run' command using the
specified outputter. The builtins are 'key', 'yaml',
'overstatestage', 'newline_values_only', 'pprint',
'txt', 'raw', 'virt_query', 'compact', 'json',
'highstate', 'nested', 'quiet', 'no_return'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file
--out-file-append, --output-file-append
Append the output to the specified file
--no-color, --no-colour
Disable all colored output
--force-color, --force-colour
Force colored output
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of full, terse, mixed, changes or filter.
Default: full.
Output Options:
Configure your preferred output format
--quiet Do not display the results of the run