第三方调用saltstack
python api使用
实例及工作原理解析
指定target 函数,命令等等,就可以可以了。
[root@mcw01 ~]# python Python 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> exit() [root@mcw01 ~]# [root@mcw01 ~]# python3 Python 3.6.8 (default, Nov 14 2023, 16:29:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import salt.client >>> local = salt.client.LocalClient() >>> local.cmd('mcw03','cmd.run',['hostname']) {'mcw03': 'mcw03'} >>>
查找导入包的路径
>>> import salt >>> salt.__path__ ['/usr/lib/python3.6/site-packages/salt'] >>>
寻找上面LocalClient所在位置:
[root@mcw01 salt]# grep -Rn 'LocalClient' .|egrep 'class|def' ./client/__init__.py:133:class LocalClient: ./config/__init__.py:3997: :py:class:`~salt.client.LocalClient`. ./netapi/rest_cherrypy/app.py:285:* "local" uses :py:class:`LocalClient <salt.client.LocalClient>` which sends ./netapi/rest_cherrypy/app.py:504:via the ``expire_responses`` setting, and both :py:class:`LocalClient ./netapi/rest_cherrypy/app.py:505:<salt.client.LocalClient>` and :py:class:`RunnerClient ./netapi/rest_tornado/saltnado.py:1187: salt.client.LocalClient.run_job, chunk, is_class_method=True ./utils/event.py:999:class LocalClientEvent(MasterEvent): [root@mcw01 salt]#
这个文件
[root@mcw01 salt]# less ./client/__init__.py
[root@mcw01 salt]#
.. code-block:: python import salt.client local = salt.client.LocalClient() local.cmd('*', 'test.fib', [10]) """ .... def cmd( self, tgt, fun, arg=(), timeout=None, tgt_type="glob", ret="", jid="", full_return=False, kwarg=None, **kwargs ): .... was_listening = self.event.cpub try: pub_data = self.run_job( tgt, fun, arg, tgt_type, ret, timeout, jid, kwarg=kwarg, listen=True, **kwargs ) if not pub_data: return pub_data 运行了run_job ---- def run_job( self, tgt, fun, arg=(), tgt_type="glob", ret="", timeout=None, jid="", kwarg=None, listen=False, **kwargs ): """ Asynchronously send a command to connected minions Prep the job directory and publish a command to any targeted minions. :return: A dictionary of (validated) ``pub_data`` or an empty dictionary on failure. The ``pub_data`` contains the job ID and a list of all minions that are expected to return data. .. code-block:: python >>> local.run_job('*', 'test.sleep', [300]) {'jid': '20131219215650131543', 'minions': ['jerry']} """ arg = salt.utils.args.condition_input(arg, kwarg) try: pub_data = self.pub( tgt, fun, arg, tgt_type, ret, jid=jid, timeout=self._get_timeout(timeout), listen=listen, **kwargs ) except SaltClientError: # Re-raise error with specific message raise SaltClientError( "The salt master could not be contacted. Is master running?" ) except AuthenticationError as err: raise except AuthorizationError as err: raise except Exception as general_exception: # pylint: disable=broad-except # Convert to generic client error and pass along message raise SaltClientError(general_exception) return self._check_pub_data(pub_data, listen=listen)
通过api获取saltstack配置
获取master配置信息
[root@mcw01 ~]# python3 Python 3.6.8 (default, Nov 14 2023, 16:29:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import salt.config >>> master_opts=salt.config.client_config('/etc/salt/master') >>> dir(master_opts) #查看属性 ['__class__', '__contains__', '__delattr__', '__delitem__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__getitem__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__iter__', '__le__', '__len__', '__lt__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setitem__', '__sizeof__', '__str__', '__subclasshook__', 'clear', 'copy', 'fromkeys', 'get', 'items', 'keys', 'pop', 'popitem', 'setdefault', 'update', 'values'] >>> type(master_opts) #查看类型 <class 'dict'> >>> print(dict(master_opts)) #查看master配置,字典形式打印 {'token_file': '/root/salt_token', 'interface': '127.0.0.1', 'publish_port': 4505, 'zmq_backlog': 1000, 'pub_hwm': 1000, 'auth_mode': 1, 'user': 'root', 'worker_threads': 5, 'sock_dir': '/var/run/salt/master', 'sock_pool_size': 1, 'ret_port': 4506, 'timeout': 5, 'keep_jobs': 24, 'archive_jobs': False, 'root_dir': '/', 'pki_dir': '/etc/salt/pki/master', 'key_cache': '', 'cachedir': '/var/cache/salt/master', 'file_roots': {'base': ['/srv/salt/base', '/srv/salt/prod'], 'prod': ['/srv/salt/prod']}, 'master_roots': {'base': ['/srv/salt-master']}, 'pillar_roots': {'base': ['/srv/pillar/base'], 'prod': ['/srv/pillar/prod']}, 'on_demand_ext_pillar': ['libvirt', 'virtkey'], 'decrypt_pillar': [], 'decrypt_pillar_delimiter': ':', 'decrypt_pillar_default': 'gpg', 'decrypt_pillar_renderers': ['gpg'], 'thoriumenv': None, 'thorium_top': 'top.sls', 'thorium_interval': 0.5, 'thorium_roots': {'base': ['/srv/thorium']}, 'top_file_merging_strategy': 'merge', 'env_order': [], 'saltenv': None, 'lock_saltenv': False, 'pillarenv': None, 'default_top': 'base', 'file_client': 'local', 'local': True, 'roots_update_interval': 60, 'azurefs_update_interval': 60, 'gitfs_update_interval': 60, 'git_pillar_update_interval': 60, 'hgfs_update_interval': 60, 'minionfs_update_interval': 60, 's3fs_update_interval': 60, 'svnfs_update_interval': 60, 'git_pillar_base': 'master', 'git_pillar_branch': 'master', 'git_pillar_env': '', 'git_pillar_fallback': '', 'git_pillar_root': '', 'git_pillar_ssl_verify': True, 'git_pillar_global_lock': True, 'git_pillar_user': '', 'git_pillar_password': '', 'git_pillar_insecure_auth': False, 'git_pillar_privkey': '', 'git_pillar_pubkey': '', 'git_pillar_passphrase': '', 'git_pillar_refspecs': ['+refs/heads/*:refs/remotes/origin/*', '+refs/tags/*:refs/tags/*'], 'git_pillar_includes': True, 'git_pillar_verify_config': True, 'gitfs_remotes': [], 'gitfs_mountpoint': '', 'gitfs_root': '', 'gitfs_base': 'master', 'gitfs_fallback': '', 'gitfs_user': '', 'gitfs_password': '', 'gitfs_insecure_auth': False, 'gitfs_privkey': '', 'gitfs_pubkey': '', 'gitfs_passphrase': '', 'gitfs_saltenv_whitelist': [], 'gitfs_saltenv_blacklist': [], 'gitfs_global_lock': True, 'gitfs_ssl_verify': True, 'gitfs_saltenv': [], 'gitfs_ref_types': ['branch', 'tag', 'sha'], 'gitfs_refspecs': ['+refs/heads/*:refs/remotes/origin/*', '+refs/tags/*:refs/tags/*'], 'gitfs_disable_saltenv_mapping': False, 'hgfs_remotes': [], 'hgfs_mountpoint': '', 'hgfs_root': '', 'hgfs_base': 'default', 'hgfs_branch_method': 'branches', 'hgfs_saltenv_whitelist': [], 'hgfs_saltenv_blacklist': [], 'show_timeout': True, 'show_jid': False, 'unique_jid': False, 'svnfs_remotes': [], 'svnfs_mountpoint': '', 'svnfs_root': '', 'svnfs_trunk': 'trunk', 'svnfs_branches': 'branches', 'svnfs_tags': 'tags', 'svnfs_saltenv_whitelist': [], 'svnfs_saltenv_blacklist': [], 'max_event_size': 1048576, 'master_stats': False, 'master_stats_event_iter': 60, 'minionfs_env': 'base', 'minionfs_mountpoint': '', 'minionfs_whitelist': [], 'minionfs_blacklist': [], 'ext_pillar': [], 'pillar_version': 2, 'pillar_opts': False, 'pillar_safe_render_error': True, 'pillar_source_merging_strategy': 'smart', 'pillar_merge_lists': False, 'pillar_includes_override_sls': False, 'pillar_cache': False, 'pillar_cache_ttl': 3600, 'pillar_cache_backend': 'disk', 'gpg_cache': False, 'gpg_cache_ttl': 86400, 'gpg_cache_backend': 'disk', 'ping_on_rotate': False, 'peer': {}, 'preserve_minion_cache': False, 'syndic_master': 'masterofmasters', 'syndic_failover': 'random', 'syndic_forward_all_events': False, 'syndic_log_file': '/var/log/salt/syndic', 'syndic_pidfile': '/var/run/salt-syndic.pid', 'outputter_dirs': [], 'runner_dirs': [], 'utils_dirs': ['/var/cache/salt/master/extmods/utils'], 'client_acl_verify': True, 'publisher_acl': {}, 'publisher_acl_blacklist': {}, 'sudo_acl': False, 'external_auth': {}, 'token_expire': 43200, 'token_expire_user_override': False, 'permissive_acl': False, 'keep_acl_in_token': False, 'eauth_acl_module': '', 'eauth_tokens': 'localfs', 'extension_modules': '/var/cache/salt/master/extmods', 'module_dirs': [], 'file_recv': False, 'file_recv_max_size': 100, 'file_buffer_size': 1048576, 'file_ignore_regex': [], 'file_ignore_glob': [], 'fileserver_backend': ['roots'], 'fileserver_followsymlinks': True, 'fileserver_ignoresymlinks': False, 'fileserver_limit_traversal': False, 'fileserver_verify_config': True, 'max_open_files': 100000, 'hash_type': 'sha256', 'optimization_order': [0, 1, 2], 'conf_file': '/etc/salt/master', 'open_mode': False, 'auto_accept': False, 'renderer': 'jinja|yaml', 'renderer_whitelist': [], 'renderer_blacklist': [], 'failhard': False, 'state_top': 'top.sls', 'state_top_saltenv': None, 'master_tops': {}, 'master_tops_first': False, 'order_masters': False, 'job_cache': True, 'ext_job_cache': '', 'master_job_cache': 'local_cache', 'job_cache_store_endtime': False, 'minion_data_cache': True, 'enforce_mine_cache': False, 'ipc_mode': 'ipc', 'ipc_write_buffer': 0, 'req_server_niceness': None, 'pub_server_niceness': None, 'fileserver_update_niceness': None, 'mworker_niceness': None, 'mworker_queue_niceness': None, 'maintenance_niceness': None, 'event_return_niceness': None, 'event_publisher_niceness': None, 'reactor_niceness': None, 'ipv6': None, 'tcp_master_pub_port': 4512, 'tcp_master_pull_port': 4513, 'tcp_master_publish_pull': 4514, 'tcp_master_workers': 4515, 'log_file': '/var/log/salt/master', 'log_level': 'warning', 'log_level_logfile': None, 'log_datefmt': '%H:%M:%S', 'log_datefmt_logfile': '%Y-%m-%d %H:%M:%S', 'log_fmt_console': '[%(levelname)-8s] %(message)s', 'log_fmt_logfile': '%(asctime)s,%(msecs)03d [%(name)-17s:%(lineno)-4d][%(levelname)-8s][%(process)d] %(message)s', 'log_fmt_jid': '[JID: %(jid)s]', 'log_granular_levels': {}, 'log_rotate_max_bytes': 0, 'log_rotate_backup_count': 0, 'pidfile': '/var/run/salt-master.pid', 'publish_session': 86400, 'range_server': 'range:80', 'reactor': [{'salt/test': ['/srv/reactor/test.sls']}, {'salt/minion/Minion/restart': ['/srv/reactor/auto.sls']}], 'reactor_refresh_interval': 60, 'reactor_worker_threads': 10, 'reactor_worker_hwm': 10000, 'engines': [], 'event_return': '', 'event_return_queue': 0, 'event_return_whitelist': [], 'event_return_blacklist': [], 'event_match_type': 'startswith', 'runner_returns': True, 'serial': 'msgpack', 'test': False, 'state_verbose': True, 'state_output': 'full', 'state_output_diff': False, 'state_output_profile': True, 'state_auto_order': True, 'state_events': False, 'state_aggregate': False, 'search': '', 'loop_interval': 60, 'nodegroups': {'mcwgroup1': 'L@mcw01,mcw03 or vm2.cluster.com', 'mcwgroup2': 'G@myname:mcw and L@mcw01,mcw03', 'mcwgroup3': 'G@myname:mcw and N@mcwgroup1', 'mcwgroup4': ['G@myname:mcw', 'or', 'G@myname:xiaoma']}, 'ssh_list_nodegroups': {}, 'ssh_use_home_key': False, 'cython_enable': False, 'enable_gpu_grains': False, 'key_logfile': '/var/log/salt/key', 'verify_env': True, 'permissive_pki_access': False, 'key_pass': None, 'signing_key_pass': None, 'default_include': 'master.d/*.conf', 'winrepo_dir': '/srv/salt/win/repo', 'winrepo_dir_ng': '/srv/salt/win/repo-ng', 'winrepo_cachefile': 'winrepo.p', 'winrepo_remotes': ['https://github.com/saltstack/salt-winrepo.git'], 'winrepo_remotes_ng': ['https://github.com/saltstack/salt-winrepo-ng.git'], 'winrepo_branch': 'master', 'winrepo_fallback': '', 'winrepo_ssl_verify': True, 'winrepo_user': '', 'winrepo_password': '', 'winrepo_insecure_auth': False, 'winrepo_privkey': '', 'winrepo_pubkey': '', 'winrepo_passphrase': '', 'winrepo_refspecs': ['+refs/heads/*:refs/remotes/origin/*', '+refs/tags/*:refs/tags/*'], 'syndic_wait': 5, 'jinja_env': {}, 'jinja_sls_env': {}, 'jinja_lstrip_blocks': False, 'jinja_trim_blocks': False, 'tcp_keepalive': True, 'tcp_keepalive_idle': 300, 'tcp_keepalive_cnt': -1, 'tcp_keepalive_intvl': -1, 'sign_pub_messages': True, 'keysize': 2048, 'transport': 'zeromq', 'gather_job_timeout': 10, 'syndic_event_forward_timeout': 0.5, 'syndic_jid_forward_cache_hwm': 100, 'regen_thin': False, 'ssh_passwd': '', 'ssh_priv_passwd': '', 'ssh_port': '22', 'ssh_sudo': False, 'ssh_sudo_user': '', 'ssh_timeout': 60, 'ssh_user': 'root', 'ssh_scan_ports': '22', 'ssh_scan_timeout': 0.01, 'ssh_identities_only': False, 'ssh_log_file': '/var/log/salt/ssh', 'ssh_config_file': '/root/.ssh/config', 'cluster_mode': False, 'sqlite_queue_dir': '/var/cache/salt/master/queues', 'queue_dirs': [], 'cli_summary': False, 'max_minions': 0, 'master_sign_key_name': 'master_sign', 'master_sign_pubkey': False, 'master_pubkey_signature': 'master_pubkey_signature', 'master_use_pubkey_signature': False, 'zmq_filtering': False, 'zmq_monitor': False, 'con_cache': False, 'rotate_aes_key': True, 'cache_sreqs': True, 'dummy_pub': False, 'http_connect_timeout': 20.0, 'http_request_timeout': 3600.0, 'http_max_body': 107374182400, 'cache': 'localfs', 'memcache_expire_seconds': 0, 'memcache_max_items': 1024, 'memcache_full_cleanup': False, 'memcache_debug': False, 'thin_extra_mods': '', 'min_extra_mods': '', 'ssl': None, 'extmod_whitelist': {}, 'extmod_blacklist': {}, 'clean_dynamic_modules': True, 'django_auth_path': '', 'django_auth_settings': '', 'allow_minion_key_revoke': True, 'salt_cp_chunk_size': 98304, 'require_minion_sign_messages': False, 'drop_messages_signature_fail': False, 'discovery': False, 'schedule': {}, 'auth_events': True, 'minion_data_cache_events': True, 'enable_ssh_minions': False, 'netapi_allow_raw_shell': False, 'fips_mode': False, 'detect_remote_minions': False, 'remote_minions_port': 22, '__role': 'master', '__cli': '', 'token_dir': '/var/cache/salt/master/tokens', 'syndic_dir': '/var/cache/salt/master/syndics', 'id': 'mcw01_master', 'master_uri': 'tcp://127.0.0.1:4506'} >>>
或者minion的配置信息
[root@mcw01 ~]# python3 Python 3.6.8 (default, Nov 14 2023, 16:29:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import salt.client >>> minion_opts=salt.config.minion_config('/etc/salt/minion') >>> dir(minion_opts) ['__class__', '__contains__', '__delattr__', '__delitem__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__getitem__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__iter__', '__le__', '__len__', '__lt__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setitem__', '__sizeof__', '__str__', '__subclasshook__', 'clear', 'copy', 'fromkeys', 'get', 'items', 'keys', 'pop', 'popitem', 'setdefault', 'update', 'values'] >>> >>> type(minion_opts) <class 'dict'> >>> minion_opts.keys() dict_keys(['interface', 'master', 'master_type', 'master_uri_format', 'source_interface_name', 'source_address', 'source_ret_port', 'source_publish_port', 'master_port', 'master_finger', 'master_shuffle', 'master_alive_interval', 'master_failback', 'master_failback_interval', 'verify_master_pubkey_sign', 'sign_pub_messages', 'always_verify_signature', 'master_sign_key_name', 'syndic_finger', 'user', 'root_dir', 'pki_dir', 'id', 'id_function', 'cachedir', 'append_minionid_config_dirs', 'cache_jobs', 'grains_blacklist', 'grains_cache', 'grains_cache_expiration', 'grains_deep_merge', 'conf_file', 'sock_dir', 'sock_pool_size', 'backup_mode', 'renderer', 'renderer_whitelist', 'renderer_blacklist', 'random_startup_delay', 'failhard', 'autoload_dynamic_modules', 'saltenv', 'lock_saltenv', 'pillarenv', 'pillarenv_from_saltenv', 'pillar_opts', 'pillar_source_merging_strategy', 'pillar_merge_lists', 'pillar_includes_override_sls', 'pillar_cache', 'pillar_cache_ttl', 'pillar_cache_backend', 'gpg_cache', 'gpg_cache_ttl', 'gpg_cache_backend', 'extension_modules', 'state_top', 'state_top_saltenv', 'startup_states', 'sls_list', 'start_event_grains', 'top_file', 'thoriumenv', 'thorium_top', 'thorium_interval', 'thorium_roots', 'file_client', 'local', 'use_master_when_local', 'file_roots', 'top_file_merging_strategy', 'env_order', 'default_top', 'fileserver_limit_traversal', 'file_recv', 'file_recv_max_size', 'file_ignore_regex', 'file_ignore_glob', 'fileserver_backend', 'fileserver_followsymlinks', 'fileserver_ignoresymlinks', 'pillar_roots', 'on_demand_ext_pillar', 'decrypt_pillar', 'decrypt_pillar_delimiter', 'decrypt_pillar_default', 'decrypt_pillar_renderers', 'roots_update_interval', 'azurefs_update_interval', 'gitfs_update_interval', 'git_pillar_update_interval', 'hgfs_update_interval', 'minionfs_update_interval', 's3fs_update_interval', 'svnfs_update_interval', 'git_pillar_base', 'git_pillar_branch', 'git_pillar_env', 'git_pillar_fallback', 'git_pillar_root', 'git_pillar_ssl_verify', 'git_pillar_global_lock', 'git_pillar_user', 'git_pillar_password', 'git_pillar_insecure_auth', 'git_pillar_privkey', 'git_pillar_pubkey', 'git_pillar_passphrase', 'git_pillar_refspecs', 'git_pillar_includes', 'gitfs_remotes', 'gitfs_mountpoint', 'gitfs_root', 'gitfs_base', 'gitfs_fallback', 'gitfs_user', 'gitfs_password', 'gitfs_insecure_auth', 'gitfs_privkey', 'gitfs_pubkey', 'gitfs_passphrase', 'gitfs_saltenv_whitelist', 'gitfs_saltenv_blacklist', 'gitfs_global_lock', 'gitfs_ssl_verify', 'gitfs_saltenv', 'gitfs_ref_types', 'gitfs_refspecs', 'gitfs_disable_saltenv_mapping', 'unique_jid', 'hash_type', 'optimization_order', 'disable_modules', 'disable_returners', 'whitelist_modules', 'module_dirs', 'returner_dirs', 'grains_dirs', 'states_dirs', 'render_dirs', 'outputter_dirs', 'utils_dirs', 'publisher_acl', 'publisher_acl_blacklist', 'providers', 'clean_dynamic_modules', 'open_mode', 'auto_accept', 'autosign_timeout', 'multiprocessing', 'process_count_max', 'mine_enabled', 'mine_return_job', 'mine_interval', 'ipc_mode', 'ipc_write_buffer', 'ipv6', 'file_buffer_size', 'tcp_pub_port', 'tcp_pull_port', 'tcp_authentication_retries', 'tcp_reconnect_backoff', 'log_file', 'log_level', 'log_level_logfile', 'log_datefmt', 'log_datefmt_logfile', 'log_fmt_console', 'log_fmt_logfile', 'log_fmt_jid', 'log_granular_levels', 'log_rotate_max_bytes', 'log_rotate_backup_count', 'max_event_size', 'enable_legacy_startup_events', 'test', 'ext_job_cache', 'cython_enable', 'enable_fqdns_grains', 'enable_gpu_grains', 'enable_zip_modules', 'state_verbose', 'state_output', 'state_output_diff', 'state_output_profile', 'state_auto_order', 'state_events', 'state_aggregate', 'snapper_states', 'snapper_states_config', 'acceptance_wait_time', 'acceptance_wait_time_max', 'rejected_retry', 'loop_interval', 'verify_env', 'grains', 'permissive_pki_access', 'default_include', 'update_url', 'update_restart_services', 'retry_dns', 'retry_dns_count', 'resolve_dns_fallback', 'recon_max', 'recon_default', 'recon_randomize', 'return_retry_timer', 'return_retry_timer_max', 'return_retry_tries', 'random_reauth_delay', 'winrepo_source_dir', 'winrepo_dir', 'winrepo_dir_ng', 'winrepo_cachefile', 'winrepo_cache_expire_max', 'winrepo_cache_expire_min', 'winrepo_remotes', 'winrepo_remotes_ng', 'winrepo_branch', 'winrepo_fallback', 'winrepo_ssl_verify', 'winrepo_user', 'winrepo_password', 'winrepo_insecure_auth', 'winrepo_privkey', 'winrepo_pubkey', 'winrepo_passphrase', 'winrepo_refspecs', 'pidfile', 'range_server', 'reactor_refresh_interval', 'reactor_worker_threads', 'reactor_worker_hwm', 'engines', 'tcp_keepalive', 'tcp_keepalive_idle', 'tcp_keepalive_cnt', 'tcp_keepalive_intvl', 'modules_max_memory', 'grains_refresh_every', 'minion_id_caching', 'minion_id_lowercase', 'minion_id_remove_domain', 'keysize', 'transport', 'auth_timeout', 'auth_tries', 'master_tries', 'master_tops_first', 'auth_safemode', 'random_master', 'cluster_mode', 'restart_on_error', 'ping_interval', 'username', 'password', 'zmq_filtering', 'zmq_monitor', 'cache_sreqs', 'cmd_safe', 'sudo_user', 'http_connect_timeout', 'http_request_timeout', 'http_max_body', 'event_match_type', 'minion_restart_command', 'pub_ret', 'proxy_host', 'proxy_username', 'proxy_password', 'proxy_port', 'minion_jid_queue_hwm', 'ssl', 'multifunc_ordered', 'beacons_before_connect', 'scheduler_before_connect', 'cache', 'salt_cp_chunk_size', 'extmod_whitelist', 'extmod_blacklist', 'minion_sign_messages', 'discovery', 'schedule', 'ssh_merge_pillar', 'disabled_requisites', 'reactor_niceness', 'fips_mode', '__role', '__cli', 'beacons']) >>> >>> print(minion_opts['user']) root >>> print(minion_opts['interface']) 0.0.0.0 >>> print(minion_opts['master']) ['10.0.0.11'] >>>
python api的其它模块
1、LocalClient
>>> import salt.client >>> local=salt.client.LocalClient() >>> local.cmd('*','cmd.run',['hostname']) {'mcw01': 'mcw01', 'mcw03': 'mcw03', 'mcw02': 'mcw02', 'mcw04': 'mcw04'} >>>
支持一次执行多个模块。没有参数的,写个空列表
>>> local.cmd('mcw03',['test.ping','cmd.run','test.echo'],[[],['hostname'],['machangwei']]) {'mcw03': {'test.ping': True, 'cmd.run': 'mcw03', 'test.echo': 'machangwei'}} >>>
==》异步执行
>>> import salt.client >>> local=salt.client.LocalClient() >>> >>> local.cmd_async('*','test.sleep',[30]) '20240127075219835882' >>>
==》批量执行
>>> import salt.client >>> local=salt.client.LocalClient() >>> returns=local.cmd_batch('*','state.highstate',bat='10%') >>> for ret in returns: ... print(ret) ... {'mcw03': {'pkg_|-pkg-init_|-gcc_|-installed': {'name': 'gcc', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 0, 'start_time': '15:58:27.724974', 'duration': 841.383, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-gcc-c++_|-installed': {'name': 'gcc-c++', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 1, 'start_time': '15:58:28.566603', 'duration': 17.593, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-glibc_|-installed': {'name': 'glibc', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 2, 'start_time': '15:58:28.584326', 'duration': 16.184, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-make_|-installed': {'name': 'make', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 3, 'start_time': '15:58:28.600626', 'duration': 16.191, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-autoconf_|-installed': {'name': 'autoconf', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 4, 'start_time': '15:58:28.616949', 'duration': 24.624, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-openssl_|-installed': {'name': 'openssl', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 5, 'start_time': '15:58:28.641768', 'duration': 20.258, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-openssl-devel_|-installed': {'name': 'openssl-devel', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 6, 'start_time': '15:58:28.662184', 'duration': 18.041, '__id__': 'pkg-init'}, 'file_|-haproxy-install_|-/usr/local/src/haproxy-1.5.19.tar.gz_|-managed': {'changes': {}, 'comment': 'File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state', 'name': '/usr/local/src/haproxy-1.5.19.tar.gz', 'result': True, '__sls__': 'haproxy.install', '__run_num__': 7, 'start_time': '15:58:28.682118', 'duration': 20.305, '__id__': 'haproxy-install'}, 'cmd_|-haproxy-install_|-cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy_|-run': {'result': True, 'name': 'cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'haproxy.install', '__run_num__': 8, 'start_time': '15:58:28.703541', 'duration': 396.225, '__id__': 'haproxy-install'}, 'file_|-/etc/init.d/haproxy_|-/etc/init.d/haproxy_|-managed': {'changes': {}, 'comment': 'File /etc/init.d/haproxy is in the correct state', 'name': '/etc/init.d/haproxy', 'result': True, '__sls__': 'haproxy.install', '__run_num__': 9, 'start_time': '15:58:29.100144', 'duration': 8.864, '__id__': '/etc/init.d/haproxy'}, 'sysctl_|-net.ipv4.ip_nonlocal_bind_|-net.ipv4.ip_nonlocal_bind_|-present': {'name': 'net.ipv4.ip_nonlocal_bind', 'result': True, 'changes': {}, 'comment': 'Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set', '__sls__': 'haproxy.install', '__run_num__': 10, 'start_time': '15:58:29.109154', 'duration': 8.07, '__id__': 'net.ipv4.ip_nonlocal_bind'}, 'file_|-haproxy-config-dir_|-/etc/haproxy_|-directory': {'name': '/etc/haproxy', 'changes': {}, 'result': True, 'comment': 'The directory /etc/haproxy is in the correct state', '__sls__': 'haproxy.install', '__run_num__': 11, 'start_time': '15:58:29.117415', 'duration': 1.395, '__id__': 'haproxy-config-dir'}, 'cmd_|-haproxy-init_|-chkconfig --add haproxy_|-run': {'result': True, 'name': 'chkconfig --add haproxy', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'haproxy.install', '__run_num__': 12, 'start_time': '15:58:29.119162', 'duration': 11.559, '__id__': 'haproxy-init'}, 'file_|-haproxy_|-/usr/sbin/haproxy_|-managed': {'changes': {}, 'comment': 'File /usr/sbin/haproxy is in the correct state', 'name': '/usr/sbin/haproxy', 'result': True, '__sls__': 'cluster.haproxy-outside', '__run_num__': 13, 'start_time': '15:58:29.131044', 'duration': 16.615, '__id__': 'haproxy'}, 'file_|-haproxy-service_|-/etc/haproxy/haproxy.cfg_|-managed': {'changes': {}, 'comment': 'File /etc/haproxy/haproxy.cfg is in the correct state', 'name': '/etc/haproxy/haproxy.cfg', 'result': True, '__sls__': 'cluster.haproxy-outside', '__run_num__': 14, 'start_time': '15:58:29.147806', 'duration': 83.787, '__id__': 'haproxy-service'}, 'service_|-haproxy-service_|-haproxy_|-running': {'name': 'haproxy', 'changes': {}, 'result': True, 'comment': 'The service haproxy is already running', '__sls__': 'cluster.haproxy-outside', '__run_num__': 15, 'start_time': '15:58:29.232297', 'duration': 15.391, '__id__': 'haproxy-service'}, 'file_|-keepalived-install_|-/usr/local/src/keepalived-1.2.17.tar.gz_|-managed': {'changes': {}, 'comment': 'File /usr/local/src/keepalived-1.2.17.tar.gz is in the correct state', 'name': '/usr/local/src/keepalived-1.2.17.tar.gz', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 16, 'start_time': '15:58:29.247870', 'duration': 154.7, '__id__': 'keepalived-install'}, 'cmd_|-keepalived-install_|-cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install_|-run': {'result': True, 'name': 'cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'keepalived.install', '__run_num__': 17, 'start_time': '15:58:29.403010', 'duration': 11.247, '__id__': 'keepalived-install'}, 'file_|-/etc/sysconfig/keepalived_|-/etc/sysconfig/keepalived_|-managed': {'changes': {}, 'comment': 'File /etc/sysconfig/keepalived is in the correct state', 'name': '/etc/sysconfig/keepalived', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 18, 'start_time': '15:58:29.414475', 'duration': 10.089, '__id__': '/etc/sysconfig/keepalived'}, 'file_|-/etc/init.d/keepalived_|-/etc/init.d/keepalived_|-managed': {'changes': {}, 'comment': 'File /etc/init.d/keepalived is in the correct state', 'name': '/etc/init.d/keepalived', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 19, 'start_time': '15:58:29.424698', 'duration': 23.094, '__id__': '/etc/init.d/keepalived'}, 'file_|-xiaoma_|-/usr/local/keepalived/sbin/_|-directory': {'name': '/usr/local/keepalived/sbin/', 'changes': {}, 'result': True, 'comment': 'The directory /usr/local/keepalived/sbin is in the correct state', '__sls__': 'keepalived.install', '__run_num__': 20, 'start_time': '15:58:29.447976', 'duration': 1.113, '__id__': 'xiaoma'}, 'file_|-/usr/local/keepalived/sbin/keepalived_|-/usr/local/keepalived/sbin/keepalived_|-managed': {'changes': {}, 'comment': 'File /usr/local/keepalived/sbin/keepalived is in the correct state', 'name': '/usr/local/keepalived/sbin/keepalived', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 21, 'start_time': '15:58:29.449181', 'duration': 10.979, '__id__': '/usr/local/keepalived/sbin/keepalived'}, 'cmd_|-keepalived-init_|-chkconfig --add keepalived_|-run': {'result': True, 'name': 'chkconfig --add keepalived', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'keepalived.install', '__run_num__': 22, 'start_time': '15:58:29.460813', 'duration': 12.972, '__id__': 'keepalived-init'}, 'file_|-/etc/keepalived_|-/etc/keepalived_|-directory': {'name': '/etc/keepalived', 'changes': {}, 'result': True, 'comment': 'The directory /etc/keepalived is in the correct state', '__sls__': 'keepalived.install', '__run_num__': 23, 'start_time': '15:58:29.474007', 'duration': 1.498, '__id__': '/etc/keepalived'}, 'file_|-keepalived-server_|-/etc/keepalived/keepalived.conf_|-managed': {'changes': {}, 'comment': 'File /etc/keepalived/keepalived.conf is in the correct state', 'name': '/etc/keepalived/keepalived.conf', 'result': True, '__sls__': 'cluster.haproxy-outside-keepalived', '__run_num__': 24, 'start_time': '15:58:29.475626', 'duration': 11.162, '__id__': 'keepalived-server'}, 'service_|-keepalived-server_|-keepalived_|-running': {'name': 'keepalived', 'changes': {}, 'result': True, 'comment': 'The service keepalived is already running', '__sls__': 'cluster.haproxy-outside-keepalived', '__run_num__': 25, 'start_time': '15:58:29.487214', 'duration': 13.212, '__id__': 'keepalived-server'}, 'retcode': 0}} {'mcw02': {'no_|-states_|-states_|-None': {'result': False, 'comment': 'No Top file or master_tops data matches found. Please see master log for details.', 'name': 'No States', 'changes': {}, '__run_num__': 0}, 'retcode': 2}} {'mcw01': {'pkg_|-pkg-init_|-gcc_|-installed': {'name': 'gcc', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 0, 'start_time': '15:58:36.366094', 'duration': 4993.571, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-gcc-c++_|-installed': {'name': 'gcc-c++', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 1, 'start_time': '15:58:41.359878', 'duration': 17.8, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-glibc_|-installed': {'name': 'glibc', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 2, 'start_time': '15:58:41.377812', 'duration': 16.326, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-make_|-installed': {'name': 'make', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 3, 'start_time': '15:58:41.394249', 'duration': 18.175, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-autoconf_|-installed': {'name': 'autoconf', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 4, 'start_time': '15:58:41.412547', 'duration': 17.6, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-openssl_|-installed': {'name': 'openssl', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 5, 'start_time': '15:58:41.430283', 'duration': 18.768, '__id__': 'pkg-init'}, 'pkg_|-pkg-init_|-openssl-devel_|-installed': {'name': 'openssl-devel', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'pkg.pkg-init', '__run_num__': 6, 'start_time': '15:58:41.449192', 'duration': 18.149, '__id__': 'pkg-init'}, 'file_|-haproxy-install_|-/usr/local/src/haproxy-1.5.19.tar.gz_|-managed': {'changes': {}, 'comment': 'File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state', 'name': '/usr/local/src/haproxy-1.5.19.tar.gz', 'result': True, '__sls__': 'haproxy.install', '__run_num__': 7, 'start_time': '15:58:41.484149', 'duration': 107.869, '__id__': 'haproxy-install'}, 'cmd_|-haproxy-install_|-cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy_|-run': {'result': True, 'name': 'cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'haproxy.install', '__run_num__': 8, 'start_time': '15:58:41.593702', 'duration': 647.081, '__id__': 'haproxy-install'}, 'file_|-/etc/init.d/haproxy_|-/etc/init.d/haproxy_|-managed': {'changes': {}, 'comment': 'File /etc/init.d/haproxy is in the correct state', 'name': '/etc/init.d/haproxy', 'result': True, '__sls__': 'haproxy.install', '__run_num__': 9, 'start_time': '15:58:42.241102', 'duration': 13.378, '__id__': '/etc/init.d/haproxy'}, 'sysctl_|-net.ipv4.ip_nonlocal_bind_|-net.ipv4.ip_nonlocal_bind_|-present': {'name': 'net.ipv4.ip_nonlocal_bind', 'result': True, 'changes': {}, 'comment': 'Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set', '__sls__': 'haproxy.install', '__run_num__': 10, 'start_time': '15:58:42.254647', 'duration': 22.134, '__id__': 'net.ipv4.ip_nonlocal_bind'}, 'file_|-haproxy-config-dir_|-/etc/haproxy_|-directory': {'name': '/etc/haproxy', 'changes': {}, 'result': True, 'comment': 'The directory /etc/haproxy is in the correct state', '__sls__': 'haproxy.install', '__run_num__': 11, 'start_time': '15:58:42.277144', 'duration': 2.16, '__id__': 'haproxy-config-dir'}, 'cmd_|-haproxy-init_|-chkconfig --add haproxy_|-run': {'result': True, 'name': 'chkconfig --add haproxy', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'haproxy.install', '__run_num__': 12, 'start_time': '15:58:42.279790', 'duration': 47.565, '__id__': 'haproxy-init'}, 'file_|-haproxy_|-/usr/sbin/haproxy_|-managed': {'changes': {}, 'comment': 'File /usr/sbin/haproxy is in the correct state', 'name': '/usr/sbin/haproxy', 'result': True, '__sls__': 'cluster.haproxy-outside', '__run_num__': 13, 'start_time': '15:58:42.327623', 'duration': 77.964, '__id__': 'haproxy'}, 'file_|-haproxy-service_|-/etc/haproxy/haproxy.cfg_|-managed': {'changes': {}, 'comment': 'File /etc/haproxy/haproxy.cfg is in the correct state', 'name': '/etc/haproxy/haproxy.cfg', 'result': True, '__sls__': 'cluster.haproxy-outside', '__run_num__': 14, 'start_time': '15:58:42.405756', 'duration': 26.32, '__id__': 'haproxy-service'}, 'service_|-haproxy-service_|-haproxy_|-running': {'name': 'haproxy', 'changes': {}, 'result': True, 'comment': 'The service haproxy is already running', '__sls__': 'cluster.haproxy-outside', '__run_num__': 15, 'start_time': '15:58:42.432775', 'duration': 63.086, '__id__': 'haproxy-service'}, 'file_|-keepalived-install_|-/usr/local/src/keepalived-1.2.17.tar.gz_|-managed': {'changes': {}, 'comment': 'File /usr/local/src/keepalived-1.2.17.tar.gz is in the correct state', 'name': '/usr/local/src/keepalived-1.2.17.tar.gz', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 16, 'start_time': '15:58:42.496054', 'duration': 36.791, '__id__': 'keepalived-install'}, 'cmd_|-keepalived-install_|-cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install_|-run': {'result': True, 'name': 'cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'keepalived.install', '__run_num__': 17, 'start_time': '15:58:42.533378', 'duration': 12.648, '__id__': 'keepalived-install'}, 'file_|-/etc/sysconfig/keepalived_|-/etc/sysconfig/keepalived_|-managed': {'changes': {}, 'comment': 'File /etc/sysconfig/keepalived is in the correct state', 'name': '/etc/sysconfig/keepalived', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 18, 'start_time': '15:58:42.546344', 'duration': 18.967, '__id__': '/etc/sysconfig/keepalived'}, 'file_|-/etc/init.d/keepalived_|-/etc/init.d/keepalived_|-managed': {'changes': {}, 'comment': 'File /etc/init.d/keepalived is in the correct state', 'name': '/etc/init.d/keepalived', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 19, 'start_time': '15:58:42.565465', 'duration': 7.714, '__id__': '/etc/init.d/keepalived'}, 'file_|-xiaoma_|-/usr/local/keepalived/sbin/_|-directory': {'name': '/usr/local/keepalived/sbin/', 'changes': {}, 'result': True, 'comment': 'The directory /usr/local/keepalived/sbin is in the correct state', '__sls__': 'keepalived.install', '__run_num__': 20, 'start_time': '15:58:42.573297', 'duration': 1.14, '__id__': 'xiaoma'}, 'file_|-/usr/local/keepalived/sbin/keepalived_|-/usr/local/keepalived/sbin/keepalived_|-managed': {'changes': {}, 'comment': 'File /usr/local/keepalived/sbin/keepalived is in the correct state', 'name': '/usr/local/keepalived/sbin/keepalived', 'result': True, '__sls__': 'keepalived.install', '__run_num__': 21, 'start_time': '15:58:42.574534', 'duration': 18.528, '__id__': '/usr/local/keepalived/sbin/keepalived'}, 'cmd_|-keepalived-init_|-chkconfig --add keepalived_|-run': {'result': True, 'name': 'chkconfig --add keepalived', 'changes': {}, 'comment': 'unless condition is true', 'skip_watch': True, '__sls__': 'keepalived.install', '__run_num__': 22, 'start_time': '15:58:42.593731', 'duration': 13.178, '__id__': 'keepalived-init'}, 'file_|-/etc/keepalived_|-/etc/keepalived_|-directory': {'name': '/etc/keepalived', 'changes': {}, 'result': True, 'comment': 'The directory /etc/keepalived is in the correct state', '__sls__': 'keepalived.install', '__run_num__': 23, 'start_time': '15:58:42.607105', 'duration': 1.726, '__id__': '/etc/keepalived'}, 'file_|-keepalived-server_|-/etc/keepalived/keepalived.conf_|-managed': {'changes': {}, 'comment': 'File /etc/keepalived/keepalived.conf is in the correct state', 'name': '/etc/keepalived/keepalived.conf', 'result': True, '__sls__': 'cluster.haproxy-outside-keepalived', '__run_num__': 24, 'start_time': '15:58:42.608962', 'duration': 9.11, '__id__': 'keepalived-server'}, 'service_|-keepalived-server_|-keepalived_|-running': {'name': 'keepalived', 'changes': {}, 'result': True, 'comment': 'The service keepalived is already running', '__sls__': 'cluster.haproxy-outside-keepalived', '__run_num__': 25, 'start_time': '15:58:42.618523', 'duration': 19.089, '__id__': 'keepalived-server'}, 'retcode': 0}} {'mcw04': {'no_|-states_|-states_|-None': {'result': False, 'comment': 'No Top file or master_tops data matches found. Please see master log for details.', 'name': 'No States', 'changes': {}, '__run_num__': 0}, 'retcode': 2}} >>>
==》逐个返回结果
>>> import salt.client >>> local=salt.client.LocalClient() >>> ret=local.cmd_iter('*','test.ping') >>> for i in ret: ... print(i) ... {'mcw01': {'ret': True, 'retcode': 0, 'jid': '20240127080133628154'}} {'mcw03': {'ret': True, 'retcode': 0, 'jid': '20240127080133628154'}} {'mcw04': {'ret': True, 'retcode': 0, 'jid': '20240127080133628154'}} {'mcw02': {'ret': True, 'retcode': 0, 'jid': '20240127080133628154'}} >>>
==》逐次返回结果,如果没有结果继续等待
>>> import salt.client >>> local=salt.client.LocalClient() >>> ret=local.cmd_iter_no_block('*','test.ping') >>> for i in ret: ... print(i) ... None {'mcw04': {'ret': True, 'retcode': 0, 'jid': '20240127080509099693'}} {'mcw01': {'ret': True, 'retcode': 0, 'jid': '20240127080509099693'}} {'mcw03': {'ret': True, 'retcode': 0, 'jid': '20240127080509099693'}} {'mcw02': {'ret': True, 'retcode': 0, 'jid': '20240127080509099693'}} >>>
==》随机执行
>>> import salt.client >>> local=salt.client.LocalClient() >>> local.cmd_subset('*','test.ping',sub=1,progress=True) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.6/site-packages/salt/client/__init__.py", line 557, in cmd_subset **kwargs File "/usr/lib/python3.6/site-packages/salt/client/__init__.py", line 782, in cmd ret[mid] = data if full_return else data.get("ret", {}) AttributeError: 'int' object has no attribute 'get' >>>
==》执行命令
>>> import salt.client >>> local=salt.client.LocalClient() >>> local.run_job('mcw03','test.ping',[300]) {'jid': '20240127082323390382', 'minions': ['mcw03']} >>>
2、salt caller
客户端执行命令salt-call
[root@mcw02 ~]# python3 Python 3.6.8 (default, Nov 14 2023, 16:29:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import salt.client >>> caller=salt.client.Caller() >>> caller.cmd('test.ping') True >>> caller.function('test.ping') True >>> exit() [root@mcw02 ~]# salt-call test.ping local: True [root@mcw02 ~]#
3、RunnerClient
salt-run的作用,报错了,回头再看
[root@mcw01 ~]# python3 Python 3.6.8 (default, Nov 14 2023, 16:29:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import salt.config >>> opts=salt.config.master_config('/etc/salt/master') >>> runner=salt.runner.RunnerClient(opts) Traceback (most recent call last): File "<stdin>", line 1, in <module> AttributeError: module 'salt' has no attribute 'runner' >>> runner.cmd('jobs.list_jobs',[]) Traceback (most recent call last): File "<stdin>", line 1, in <module> NameError: name 'runner' is not defined >>>
4、wheelclient
一样,有问题,以后再看看
[root@mcw01 ~]# python3 Python 3.6.8 (default, Nov 14 2023, 16:29:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import salt.config >>> opts=salt.config.master_config('/etc/salt/master') >>> wheel=salt.wheel.Wheel(opts) Traceback (most recent call last): File "<stdin>", line 1, in <module> AttributeError: module 'salt' has no attribute 'wheel' >>> wheel.call_func('key.list_all') Traceback (most recent call last): File "<stdin>", line 1, in <module> NameError: name 'wheel' is not defined >>>
通过restful api调用
1、restful api配置环境部署
1、部署salt-api服务
部署到master上
[root@mcw01 ~]# yum install gcc make python-devel libffi-devel -y
salt master minion没有启动时报错
[root@mcw01 ~]# salt-call tls.create_self_signed_cert [ERROR ] No master could be reached or all masters denied the minion's connection attempt. Attempt to authenticate with the salt master failed with timeout error [root@mcw01 ~]#
缺少一个安装包报错
[root@mcw01 ~]# salt-call tls.create_self_signed_cert 'tls' __virtual__ returned False: PyOpenSSL version 0.10 or later must be installed before this module can be used. [root@mcw01 ~]#
安装需要的包,报错缺少某个模块
[root@mcw01 ~]# pip3 install pyOpenSSL WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. Collecting pyOpenSSL Using cached https://files.pythonhosted.org/packages/f0/e2/f8b4f1c67933a4907e52228241f4bd52169f3196b70af04403b29c63238a/pyOpenSSL-23.2.0-py3-none-any.whl Collecting cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0 (from pyOpenSSL) Using cached https://files.pythonhosted.org/packages/f7/80/04cc7637238b78f8e7354900817135c5a23cf66dfb3f3a216c6d630d6833/cryptography-40.0.2.tar.gz Complete output from command python setup.py egg_info: =============================DEBUG ASSISTANCE========================== If you are seeing an error here please try the following to successfully install cryptography: Upgrade to the latest pip and try again. This will fix errors for most users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip =============================DEBUG ASSISTANCE========================== Traceback (most recent call last): File "<string>", line 1, in <module> File "/tmp/pip-build-ol5hiy7_/cryptography/setup.py", line 18, in <module> from setuptools_rust import RustExtension ModuleNotFoundError: No module named 'setuptools_rust' ---------------------------------------- Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-ol5hiy7_/cryptography/ [root@mcw01 ~]#
安装缺少的包
[root@mcw01 ~]# pip3 install setuptools-rust WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. Collecting setuptools-rust Downloading https://files.pythonhosted.org/packages/66/ca/66bdf8f326977098eff28c314c8f825bc28d6986944c590e40ad0f74c5f0/setuptools_rust-1.1.2-py3-none-any.whl Collecting setuptools>=46.1 (from setuptools-rust) Cache entry deserialization failed, entry ignored Downloading https://files.pythonhosted.org/packages/b0/3a/88b210db68e56854d0bcf4b38e165e03be377e13907746f825790f3df5bf/setuptools-59.6.0-py3-none-any.whl (952kB) 100% |████████████████████████████████| 962kB 1.3MB/s Collecting semantic-version<3,>=2.8.2 (from setuptools-rust) Downloading https://files.pythonhosted.org/packages/6a/23/8146aad7d88f4fcb3a6218f41a60f6c2d4e3a72de72da1825dc7c8f7877c/semantic_version-2.10.0-py2.py3-none-any.whl Requirement already satisfied: typing-extensions>=3.7.4.3 in /usr/local/lib/python3.6/site-packages (from setuptools-rust) Installing collected packages: setuptools, semantic-version, setuptools-rust Successfully installed semantic-version-2.10.0 setuptools-59.6.0 setuptools-rust-1.1.2 [root@mcw01 ~]
报错需要更高的rust版本
[root@mcw01 ~]# pip3 install pyOpenSSL WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. Collecting pyOpenSSL Using cached https://files.pythonhosted.org/packages/f0/e2/f8b4f1c67933a4907e52228241f4bd52169f3196b70af04403b29c63238a/pyOpenSSL-23.2.0-py3-none-any.whl Collecting cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0 (from pyOpenSSL) Using cached https://files.pythonhosted.org/packages/f7/80/04cc7637238b78f8e7354900817135c5a23cf66dfb3f3a216c6d630d6833/cryptography-40.0.2.tar.gz Collecting cffi>=1.12 (from cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0->pyOpenSSL) Cache entry deserialization failed, entry ignored Downloading https://files.pythonhosted.org/packages/3a/12/d6066828014b9ccb2bbb8e1d9dc28872d20669b65aeb4a86806a0757813f/cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (402kB) 100% |████████████████████████████████| 409kB 1.6MB/s Collecting pycparser (from cffi>=1.12->cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0->pyOpenSSL) Downloading https://files.pythonhosted.org/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl (118kB) 100% |████████████████████████████████| 122kB 3.2MB/s Installing collected packages: pycparser, cffi, cryptography, pyOpenSSL /usr/local/lib/python3.6/site-packages/setuptools/command/install.py:37: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools. ....../ copying src/cryptography/hazmat/bindings/_rust/pkcs7.pyi -> build/lib.linux-x86_64-3.6/cryptography/hazmat/bindings/_rust copying src/cryptography/hazmat/bindings/_rust/x509.pyi -> build/lib.linux-x86_64-3.6/cryptography/hazmat/bindings/_rust creating build/lib.linux-x86_64-3.6/cryptography/hazmat/bindings/_rust/openssl copying src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi -> build/lib.linux-x86_64-3.6/cryptography/hazmat/bindings/_rust/openssl copying src/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi -> build/lib.linux-x86_64-3.6/cryptography/hazmat/bindings/_rust/openssl running build_ext running build_rust =============================DEBUG ASSISTANCE============================= If you are seeing a compilation error please try the following steps to successfully install cryptography: 1) Upgrade to the latest pip and try again. This will fix errors for most users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip 2) Read https://cryptography.io/en/latest/installation/ for specific instructions for your platform. 3) Check our frequently asked questions for more information: https://cryptography.io/en/latest/faq/ 4) Ensure you have a recent Rust toolchain installed: https://cryptography.io/en/latest/installation/#rust Python: 3.6.8 platform: Linux-3.10.0-693.el7.x86_64-x86_64-with-centos-7.4.1708-Core pip: 9.0.3 setuptools: 59.6.0 setuptools_rust: 1.1.2 rustc: n/a =============================DEBUG ASSISTANCE============================= error: can't find Rust compiler If you are using an outdated pip version, it is possible a prebuilt wheel is available for this package but pip is not able to install from it. Installing from the wheel would avoid the need for a Rust compiler. To update pip, run: pip install --upgrade pip and then retry package installation. If you did intend to build this package from source, try installing a Rust compiler from your system package manager and ensure it is on the PATH during installation. Alternatively, rustup (available at https://rustup.rs) is the recommended way to download and update the Rust compiler toolchain. This package requires Rust >=1.48.0. ---------------------------------------- Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-aq0e4b0m/cryptography/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-544fypgg-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-aq0e4b0m/cryptography/ [root@mcw01 ~]#
更新pip
[root@mcw01 ~]# pip3 install --upgrade pip WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. Cache entry deserialization failed, entry ignored Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) 100% |████████████████████████████████| 1.7MB 842kB/s Installing collected packages: pip Successfully installed pip-21.3.1 You are using pip version 21.3.1, however version 23.3.2 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [root@mcw01 ~]#
然后pip安装成功
[root@mcw01 ~]# pip3 install pyOpenSSL WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip. Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue. To avoid this problem you can invoke Python with '-m pip' instead of running pip directly. Collecting pyOpenSSL Using cached pyOpenSSL-23.2.0-py3-none-any.whl (59 kB) Collecting cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0 Downloading cryptography-40.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.7 MB) |████████████████████████████████| 3.7 MB 1.2 MB/s Requirement already satisfied: cffi>=1.12 in /usr/local/lib64/python3.6/site-packages (from cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0->pyOpenSSL) (1.15.1) Requirement already satisfied: pycparser in /usr/local/lib/python3.6/site-packages (from cffi>=1.12->cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0->pyOpenSSL) (2.21) Installing collected packages: cryptography, pyOpenSSL Successfully installed cryptography-40.0.2 pyOpenSSL-23.2.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv [root@mcw01 ~]#
生成证书:
[root@mcw01 ~]# salt-call tls.create_self_signed_cert /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.bindings.openssl.binding import Binding local: Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt." [root@mcw01 ~]#
安装软件
[root@mcw01 ~]# yum install -y salt-api Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Package salt-api-3004.2-1.el7.noarch already installed and latest version Nothing to do [root@mcw01 ~]#
2、配置用户以及权限
[root@mcw01 ~]# ls /etc/salt/master.d/ [root@mcw01 ~]# vim /etc/salt/master.d/eauth.conf [root@mcw01 ~]# cat /etc/salt/master.d/eauth.conf external_auth: pam: saltapi: - . - '@wheel' - '@runner' [root@mcw01 ~]# useradd -M -s /sbin/nologin saltapi [root@mcw01 ~]# echo "spassword"|passwd saltapi --stdin Changing password for user saltapi. passwd: all authentication tokens updated successfully. [root@mcw01 ~]#
3、配置salt-api服务
记得重启salt-master服务
[root@mcw01 ~]# ls /etc/salt/master.d/ eauth.conf [root@mcw01 ~]# vim /etc/salt/master.d/api.conf [root@mcw01 ~]# cat /etc/salt/master.d/api.conf rest_cherrypy: port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key [root@mcw01 ~]#
4、启动服务
[root@mcw01 ~]# systemctl status salt-api ● salt-api.service - The Salt API Loaded: loaded (/usr/lib/systemd/system/salt-api.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:salt-api(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltproject.io/en/latest/contents.html [root@mcw01 ~]# systemctl start salt-api [root@mcw01 ~]# systemctl status salt-api ● salt-api.service - The Salt API Loaded: loaded (/usr/lib/systemd/system/salt-api.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2024-01-28 13:54:43 CST; 3s ago Docs: man:salt-api(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltproject.io/en/latest/contents.html Main PID: 7049 (salt-api) CGroup: /system.slice/salt-api.service ├─7049 /usr/bin/python3 /usr/bin/salt-api └─7056 /usr/bin/python3 /usr/bin/salt-api Jan 28 13:54:43 mcw01 systemd[1]: Starting The Salt API... Jan 28 13:54:43 mcw01 systemd[1]: Started The Salt API. Jan 28 13:54:44 mcw01 salt-api[7049]: [WARNING ] /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer suppor... Python 3.6. Jan 28 13:54:44 mcw01 salt-api[7049]: from cryptography.hazmat.bindings.openssl.binding import Binding Hint: Some lines were ellipsized, use -l to show in full. [root@mcw01 ~]#
5、测试
curl -X POST \
-k https://10.0.0.11:8000/login \
-d username='saltapi' \
-d password='spassword' \
-d eauth='pam' | python3 -mjson.tool
[root@mcw01 ~]# curl -X POST \ > -k https://10.0.0.11:8000/login \ > -d username='saltapi' \ > -d password='spassword1' \ > -d eauth='pam' | python3 -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 806 100 760 100 46 5567 336 --:--:-- --:--:-- --:--:-- 5588 Expecting value: line 1 column 1 (char 0) [root@mcw01 ~]#
测试报错
2024-01-28 14:04:13,883 [salt.auth :306 ][WARNING ][2936] The eauth system "pam" is not enabled 2024-01-28 14:04:13,884 [salt.auth :307 ][WARNING ][2936] Authentication failure of type "eauth" occurred. 2024-01-28 14:04:13,884 [salt.master :2142][WARNING ][2936] Authentication failure of type "eauth" occurred.
查看sshd是开启了的
[root@mcw01 ~]# grep UsePAM /etc/ssh/sshd_config # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several UsePAM yes [root@mcw01 ~]#
这是因为上面添加了master配置,没有重启服务,重启之后,就可以用了
[root@mcw01 ~]# systemctl restart salt-master
[root@mcw01 ~]#
可以了,符合预期.。认证登录获取token
[root@mcw01 ~]# curl -X POST -k https://10.0.0.11:8000/login -d username='saltapi' -d password='spassword' -d eauth='pam' | python3 -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 243 100 198 100 45 1707 388 --:--:-- --:--:-- --:--:-- 1721 { "return": [ { "token": "e8229d0bd8858d5f000aede279d4881968054bf5", "expire": 1706466070.8909082, "start": 1706422870.8909078, "user": "saltapi", "eauth": "pam", "perms": [ ".", "@wheel", "@runner" ] } ] } [root@mcw01 ~]#
使用上面token的访问一些信息:
[root@mcw01 ~]# [root@mcw01 ~]# curl -k https://10.0.0.11:8000/minions -H "Accept: application/x-yaml" -H "X-Auth-Token:e8229d0bd8858d5f000aede279d4881968054bf5" return: - mcw01: biosreleasedate: 11/12/2020 biosversion: '6.00' cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - mmx - fxsr - sse - sse2 - ss - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - rep_good - nopl - xtopology - tsc_reliable - nonstop_tsc - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - erms - invpcid - avx512f - avx512dq - rdseed - adx - smap - avx512ifma - clflushopt - clwb - avx512cd - sha_ni - avx512bw - avx512vl - xsaveopt - xsavec - xgetbv1 - arat - avx512vbmi - avx512_vpopcntdq cpu_model: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz cpuarch: x86_64 cwd: / disk_big: '21.5' disk_num: '5' disks: - sda - sr0 dns: domain: '' ip4_nameservers: - 223.5.5.5 ip6_nameservers: [] nameservers: - 223.5.5.5 options: [] search: [] sortlist: [] domain: '' efi: false efi-secure-boot: false fqdn: mcw01 fqdn_ip4: - 10.0.0.11 fqdn_ip6: - fe80::9335:fbc:5cf6:ad83 fqdns: - vm1.cluster.com gid: 0 gpus: - model: SVGA II Adapter vendor: vmware groupname: root host: mcw01 hwaddr_interfaces: ens33: 00:0c:29:0b:af:8b ens34: 00:0c:29:0b:af:95 lo: 00:00:00:00:00:00 id: mcw01 init: systemd ip4_gw: 10.0.0.254 ip4_interfaces: ens33: - 10.0.0.11 ens34: [] lo: - 127.0.0.1 ip6_gw: false ip6_interfaces: ens33: - fe80::9335:fbc:5cf6:ad83 ens34: [] lo: - ::1 ip_gw: true ip_interfaces: ens33: - 10.0.0.11 - fe80::9335:fbc:5cf6:ad83 ens34: [] lo: - 127.0.0.1 - ::1 ipv4: - 10.0.0.11 - 127.0.0.1 ipv6: - ::1 - fe80::9335:fbc:5cf6:ad83 kernel: Linux kernelparams: - - BOOT_IMAGE - /vmlinuz-3.10.0-693.el7.x86_64 - - root - /dev/mapper/centos-root - - ro - null - - crashkernel - auto - - rd.lvm.lv - centos/root - - rd.lvm.lv - centos/swap - - rhgb - null - - quiet - null - - LANG - en_US.UTF-8 kernelrelease: 3.10.0-693.el7.x86_64 kernelversion: '#1 SMP Tue Aug 22 21:09:27 UTC 2017' locale_info: defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 timezone: unknown localhost: mcw01 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux lvm: centos: - root - swap machine_id: bb1b2376b74646258ef7222ab51c5112 manufacturer: VMware, Inc. master: 10.0.0.11 mdadm: [] mem_total: 2831 myclass: - 1 - 2 mygongzuo: null myhobby: - lanqiu - zuqiu - yumaoqiu myname: mcw nodename: mcw01 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.4.1708 osrelease_info: - 7 - 4 - 1708 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 2817 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python3 pythonpath: - /usr/bin - /usr/lib64/python36.zip - /usr/lib64/python3.6 - /usr/lib64/python3.6/lib-dynload - /usr/local/lib/python3.6/site-packages - /usr/lib64/python3.6/site-packages - /usr/lib/python3.6/site-packages pythonversion: - 3 - 6 - 8 - final - 0 roles: - webserver - memcache saltpath: /usr/lib/python3.6/site-packages/salt saltversion: '3004.2' saltversioninfo: - 3004 - 2 selinux: enabled: false enforced: Disabled serialnumber: VMware-56 4d e1 31 df d3 45 ba-1f 3c f8 40 26 0b af 8b server_id: 821607250 shell: /bin/sh ssds: [] swap_total: 3 systemd: features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: '219' systempath: - /usr/local/sbin - /usr/local/bin - /usr/sbin - /usr/bin transactional: false uid: 0 username: root uuid: 31e14d56-d3df-ba45-1f3c-f840260baf8b virtual: VMware zfs_feature_flags: false zfs_support: false zmqversion: 4.1.4 mcw02: biosreleasedate: 11/12/2020 biosversion: '6.00' cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - mmx - fxsr - sse - sse2 - ss - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - rep_good - nopl - xtopology - tsc_reliable - nonstop_tsc - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - erms - invpcid - avx512f - avx512dq - rdseed - adx - smap - avx512ifma - clflushopt - clwb - avx512cd - sha_ni - avx512bw - avx512vl - xsaveopt - xsavec - xgetbv1 - arat - avx512vbmi - avx512_vpopcntdq cpu_model: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz cpuarch: x86_64 cwd: / disks: - sda - sr0 dns: domain: '' ip4_nameservers: - 223.5.5.5 ip6_nameservers: [] nameservers: - 223.5.5.5 options: [] search: [] sortlist: [] domain: '' efi: false efi-secure-boot: false fqdn: mcw02 fqdn_ip4: - 10.0.0.12 fqdn_ip6: - fe80::9335:fbc:5cf6:ad83 - fe80::495b:ff7:d185:f95d - fe80::f32c:166d:40de:8f2e fqdns: - mcw02 gid: 0 gpus: - model: SVGA II Adapter vendor: vmware groupname: root host: mcw02 hwaddr_interfaces: ens33: 00:0c:29:af:9b:98 ens34: 00:0c:29:af:9b:a2 lo: 00:00:00:00:00:00 id: mcw02 init: systemd ip4_gw: 10.0.0.254 ip4_interfaces: ens33: - 10.0.0.12 - 10.0.0.99 ens34: [] lo: - 127.0.0.1 ip6_gw: false ip6_interfaces: ens33: - fe80::f32c:166d:40de:8f2e - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 ens34: [] lo: - ::1 ip_gw: true ip_interfaces: ens33: - 10.0.0.12 - 10.0.0.99 - fe80::f32c:166d:40de:8f2e - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 ens34: [] lo: - 127.0.0.1 - ::1 ipv4: - 10.0.0.12 - 10.0.0.99 - 127.0.0.1 ipv6: - ::1 - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 - fe80::f32c:166d:40de:8f2e kernel: Linux kernelparams: - - BOOT_IMAGE - /vmlinuz-3.10.0-693.el7.x86_64 - - root - /dev/mapper/centos-root - - ro - null - - crashkernel - auto - - rd.lvm.lv - centos/root - - rd.lvm.lv - centos/swap - - rhgb - null - - quiet - null - - LANG - en_US.UTF-8 kernelrelease: 3.10.0-693.el7.x86_64 kernelversion: '#1 SMP Tue Aug 22 21:09:27 UTC 2017' locale_info: defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 timezone: unknown localhost: mcw02 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux lvm: centos: - root - swap machine_id: bb1b2376b74646258ef7222ab51c5112 manufacturer: VMware, Inc. master: 10.0.0.11 mdadm: [] mem_total: 3774 myname: mcw nodename: mcw02 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.4.1708 osrelease_info: - 7 - 4 - 1708 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 1912 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python3 pythonpath: - /usr/bin - /usr/lib64/python36.zip - /usr/lib64/python3.6 - /usr/lib64/python3.6/lib-dynload - /usr/lib64/python3.6/site-packages - /usr/lib/python3.6/site-packages pythonversion: - 3 - 6 - 8 - final - 0 saltpath: /usr/lib/python3.6/site-packages/salt saltversion: '3004.2' saltversioninfo: - 3004 - 2 selinux: enabled: false enforced: Disabled serialnumber: VMware-56 4d 2d d8 bf c5 a5 54-d3 13 90 55 ee af 9b 98 server_id: 1918965342 shell: /bin/sh ssds: [] swap_total: 3 systemd: features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: '219' systempath: - /usr/local/sbin - /usr/local/bin - /usr/sbin - /usr/bin transactional: false uid: 0 username: root uuid: d82d4d56-c5bf-54a5-d313-9055eeaf9b98 virtual: VMware zfs_feature_flags: false zfs_support: false zmqversion: 4.1.4 mcw03: biosreleasedate: 11/12/2020 biosversion: '6.00' cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - mmx - fxsr - sse - sse2 - ss - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - rep_good - nopl - xtopology - tsc_reliable - nonstop_tsc - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - erms - invpcid - avx512f - avx512dq - rdseed - adx - smap - avx512ifma - clflushopt - clwb - avx512cd - sha_ni - avx512bw - avx512vl - xsaveopt - xsavec - xgetbv1 - arat - avx512vbmi - avx512_vpopcntdq cpu_model: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz cpuarch: x86_64 cwd: / disk_big: '21.5' disk_num: '5' disks: - sda - sr0 dns: domain: '' ip4_nameservers: - 223.5.5.5 ip6_nameservers: [] nameservers: - 223.5.5.5 options: [] search: [] sortlist: [] domain: '' efi: false efi-secure-boot: false fqdn: mcw03 fqdn_ip4: - 10.0.0.13 fqdn_ip6: - fe80::9335:fbc:5cf6:ad83 - fe80::495b:ff7:d185:f95d - fe80::f32c:166d:40de:8f2e fqdns: - mcw03 gid: 0 gpus: - model: SVGA II Adapter vendor: vmware groupname: root host: mcw03 hwaddr_interfaces: ens33: 00:0c:29:ae:54:49 ens34: 00:0c:29:ae:54:53 lo: 00:00:00:00:00:00 id: mcw03 init: systemd ip4_gw: 10.0.0.254 ip4_interfaces: ens33: - 10.0.0.13 ens34: [] lo: - 127.0.0.1 ip6_gw: false ip6_interfaces: ens33: - fe80::f32c:166d:40de:8f2e - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 ens34: [] lo: - ::1 ip_gw: true ip_interfaces: ens33: - 10.0.0.13 - fe80::f32c:166d:40de:8f2e - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 ens34: [] lo: - 127.0.0.1 - ::1 ipv4: - 10.0.0.13 - 127.0.0.1 ipv6: - ::1 - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 - fe80::f32c:166d:40de:8f2e kernel: Linux kernelparams: - - BOOT_IMAGE - /vmlinuz-3.10.0-693.el7.x86_64 - - root - /dev/mapper/centos-root - - ro - null - - crashkernel - auto - - rd.lvm.lv - centos/root - - rd.lvm.lv - centos/swap - - rhgb - null - - quiet - null - - LANG - en_US.UTF-8 kernelrelease: 3.10.0-693.el7.x86_64 kernelversion: '#1 SMP Tue Aug 22 21:09:27 UTC 2017' locale_info: defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 timezone: unknown localhost: mcw03 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux lvm: centos: - root - swap machine_id: bb1b2376b74646258ef7222ab51c5112 manufacturer: VMware, Inc. master: 10.0.0.11 mdadm: [] mem_total: 2467 nodename: mcw03 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.4.1708 osrelease_info: - 7 - 4 - 1708 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 2437 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python3 pythonpath: - /usr/bin - /usr/lib64/python36.zip - /usr/lib64/python3.6 - /usr/lib64/python3.6/lib-dynload - /usr/lib64/python3.6/site-packages - /usr/lib/python3.6/site-packages pythonversion: - 3 - 6 - 8 - final - 0 saltpath: /usr/lib/python3.6/site-packages/salt saltversion: '3004.2' saltversioninfo: - 3004 - 2 selinux: enabled: false enforced: Disabled serialnumber: VMware-56 4d 32 c0 fc c4 56 c4-cc dc 1d c7 5b ae 54 49 server_id: 322909251 shell: /bin/sh ssds: [] swap_total: 3 systemd: features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: '219' systempath: - /usr/local/sbin - /usr/local/bin - /usr/sbin - /usr/bin transactional: false uid: 0 username: root uuid: c0324d56-c4fc-c456-ccdc-1dc75bae5449 virtual: VMware zfs_feature_flags: false zfs_support: false zmqversion: 4.1.4 mcw04: biosreleasedate: 11/12/2020 biosversion: '6.00' cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - mmx - fxsr - sse - sse2 - ss - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - rep_good - nopl - xtopology - tsc_reliable - nonstop_tsc - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - erms - invpcid - avx512f - avx512dq - rdseed - adx - smap - avx512ifma - clflushopt - clwb - avx512cd - sha_ni - avx512bw - avx512vl - xsaveopt - xsavec - xgetbv1 - arat - avx512vbmi - avx512_vpopcntdq cpu_model: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz cpuarch: x86_64 cwd: / disks: - sda - sr0 dns: domain: '' ip4_nameservers: - 223.5.5.5 ip6_nameservers: [] nameservers: - 223.5.5.5 options: [] search: [] sortlist: [] domain: '' efi: false efi-secure-boot: false fqdn: mcw04 fqdn_ip4: - 192.168.80.4 - 10.0.0.14 - 172.168.4.4 fqdn_ip6: - fe80::c40e:7276:fe3:2c85 - fe80::9335:fbc:5cf6:ad83 - fe80::495b:ff7:d185:f95d - fe80::3727:c947:9372:e96a fqdns: - mcw04 - vm4.cluster.com gid: 0 gpus: - model: SVGA II Adapter vendor: vmware groupname: root host: mcw04 hwaddr_interfaces: ens33: 00:0c:29:73:fb:5c ens34: 00:0c:29:73:fb:66 ens37: 00:0c:29:73:fb:70 ens38: 00:0c:29:73:fb:7a lo: 00:00:00:00:00:00 id: mcw04 init: systemd ip4_gw: 10.0.0.254 ip4_interfaces: ens33: - 10.0.0.14 ens34: [] ens37: - 192.168.80.4 ens38: - 172.168.4.4 lo: - 127.0.0.1 ip6_gw: false ip6_interfaces: ens33: - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 ens34: [] ens37: - fe80::c40e:7276:fe3:2c85 ens38: - fe80::3727:c947:9372:e96a lo: - ::1 ip_gw: true ip_interfaces: ens33: - 10.0.0.14 - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 ens34: [] ens37: - 192.168.80.4 - fe80::c40e:7276:fe3:2c85 ens38: - 172.168.4.4 - fe80::3727:c947:9372:e96a lo: - 127.0.0.1 - ::1 ipv4: - 10.0.0.14 - 127.0.0.1 - 172.168.4.4 - 192.168.80.4 ipv6: - ::1 - fe80::3727:c947:9372:e96a - fe80::495b:ff7:d185:f95d - fe80::9335:fbc:5cf6:ad83 - fe80::c40e:7276:fe3:2c85 kernel: Linux kernelparams: - - BOOT_IMAGE - /vmlinuz-3.10.0-693.el7.x86_64 - - root - /dev/mapper/centos-root - - ro - null - - crashkernel - auto - - rd.lvm.lv - centos/root - - rd.lvm.lv - centos/swap - - rhgb - null - - quiet - null - - LANG - en_US.UTF-8 kernelrelease: 3.10.0-693.el7.x86_64 kernelversion: '#1 SMP Tue Aug 22 21:09:27 UTC 2017' locale_info: defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 timezone: unknown localhost: mcw04 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux lvm: centos: - root - swap machine_id: bb1b2376b74646258ef7222ab51c5112 manufacturer: VMware, Inc. master: 10.0.0.11 mdadm: [] mem_total: 1494 myname: xiaoma nodename: mcw04 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.4.1708 osrelease_info: - 7 - 4 - 1708 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 2449 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python3 pythonpath: - /usr/bin - /usr/lib64/python36.zip - /usr/lib64/python3.6 - /usr/lib64/python3.6/lib-dynload - /usr/lib64/python3.6/site-packages - /usr/lib/python3.6/site-packages pythonversion: - 3 - 6 - 8 - final - 0 saltpath: /usr/lib/python3.6/site-packages/salt saltversion: '3004.2' saltversioninfo: - 3004 - 2 selinux: enabled: false enforced: Disabled serialnumber: VMware-56 4d 01 4e 4d 8e 1f ea-ce a5 26 41 f6 73 fb 5c server_id: 270933825 shell: /bin/sh ssds: [] swap_total: 3 systemd: features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: '219' systempath: - /usr/local/sbin - /usr/local/bin - /usr/sbin - /usr/bin transactional: false uid: 0 username: root uuid: 4e014d56-8e4d-ea1f-cea5-2641f673fb5c virtual: VMware zfs_feature_flags: false zfs_support: false zmqversion: 4.1.4 [root@mcw01 ~]#
注意:开启pam之后,salt终端命令执行也是需要验证的 -a pam
[root@mcw01 ~]# salt mcw01 grians.items /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.bindings.openssl.binding import Binding ^C Exiting gracefully on Ctrl-c This job's jid is: 20240128170702571596 The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command: salt-run jobs.lookup_jid 20240128170702571596 Exception ignored in: <generator object _read at 0x7ff16acdceb8> Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/salt/transport/ipc.py", line 702, in _read TypeError: catching classes that do not inherit from BaseException is not allowed [root@mcw01 ~]# salt mcw01 grians.items /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.bindings.openssl.binding import Binding mcw01: 'grians.items' is not available. ERROR: Minions returned with non-zero exit code [root@mcw01 ~]#
[root@mcw01 ~]# salt mcw01 test.ping -a pam /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.bindings.openssl.binding import Binding username: saltapi password: mcw01: True [root@mcw01 ~]#
通过restful api实现日常操作
1、运行远程模块
curl -k https://10.0.0.11:8000/ \ -H "Accept: application/json" \ -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" \ -d client='local' \ -d tgt='*' \ -d fun='test.ping' \ | python3 -mjson.tool
[root@mcw01 ~]# curl -k https://10.0.0.11:8000/ \ > -H "Accept: application/json" \ > -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" \ > -d client='local' \ > -d tgt='*' \ > -d fun='test.ping' \ > | python3 -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 106 100 74 100 32 142 61 --:--:-- --:--:-- --:--:-- 142 { "return": [ { "mcw03": true, "mcw04": true, "mcw01": true, "mcw02": true } ] } [root@mcw01 ~]#
2、查询指定job
获取任务列表
curl -k https://10.0.0.11:8000/jobs/ \ -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" |python3 -mjson.tool
[root@mcw01 ~]# curl -k https://10.0.0.11:8000/jobs/ \ > -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" |python3 -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 9643 100 9643 0 0 5995 0 0:00:01 0:00:01 --:--:-- 5993 { "return": [ { "20240127075826131706": { "Function": "test.ping", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 07:58:26.131706" }, "20240128063318617808": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 06:33:18.617808" }, "20240127075835038619": { "Function": "saltutil.find_job", "Arguments": [ "20240127075829928919" ], "Target": [ "mcw01" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 07:58:35.038619" }, "20240127082056024450": { "Function": "sys.list_functions", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:20:56.024450" }, "20240127070307842804": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 07:03:07.842804" }, "20240127082403361817": { "Function": "sys.list_functions", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:24:03.361817" }, "20240128045429189111": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 04:54:29.189111" }, "20240127071959433353": { "Function": [ "test.ping", "cmd.run", "test.echo" ], "Arguments": [ [], [ "hostname" ], [ "machangwei" ] ], "Target": "mcw03", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 07:19:59.433353" }, "20240127160307795911": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 16:03:07.795911" }, "20240128020307799740": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 02:03:07.799740" }, "20240127200307806732": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 20:03:07.806732" }, "20240127120307791869": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 12:03:07.791869" }, "20240127081810993562": { "Function": "test.ping", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:18:10.993562" }, "20240127100307804024": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 10:03:07.804024" }, "20240127210307809306": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 21:03:07.809306" }, "20240127081606346048": { "Function": "sys.list_functions", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:16:06.346048" }, "20240128010307785898": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 01:03:07.785898" }, "20240127220307790451": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 22:03:07.790451" }, "20240127082421101267": { "Function": "sys.list_functions", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:24:21.101267" }, "20240127082410322681": { "Function": "test.ping", "Arguments": [], "Target": [ "mcw03" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 08:24:10.322681" }, "20240127180307804263": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 18:03:07.804263" }, "20240127170307797449": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 17:03:07.797449" }, "20240127130307799599": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 13:03:07.799599" }, "20240127082404935480": { "Function": "test.ping", "Arguments": [], "Target": [ "mcw01" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 08:24:04.935480" }, "20240127071640052870": { "Function": "cmd.run", "Arguments": [ "hostname" ], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 07:16:40.052870" }, "20240127075219835882": { "Function": "test.sleep", "Arguments": [ 30 ], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 07:52:19.835882" }, "20240127075826360301": { "Function": "state.highstate", "Arguments": [], "Target": [ "mcw03" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 07:58:26.360301" }, "20240127075829624890": { "Function": "state.highstate", "Arguments": [], "Target": [ "mcw02" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 07:58:29.624890" }, "20240127075829928919": { "Function": "state.highstate", "Arguments": [], "Target": [ "mcw01" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 07:58:29.928919" }, "20240127075842761243": { "Function": "state.highstate", "Arguments": [], "Target": [ "mcw04" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 07:58:42.761243" }, "20240127080133628154": { "Function": "test.ping", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:01:33.628154" }, "20240127080307783624": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:03:07.783624" }, "20240127080509099693": { "Function": "test.ping", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:05:09.099693" }, "20240127080633331114": { "Function": "sys.list_functions", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:06:33.331114" }, "20240127080636496089": { "Function": "test.ping", "Arguments": [], "Target": [ "mcw04" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 08:06:36.496089" }, "20240127110307799102": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 11:03:07.799102" }, "20240127081607948343": { "Function": "test.ping", "Arguments": [], "Target": [ "mcw04" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 08:16:07.948343" }, "20240127082057633331": { "Function": "test.ping", "Arguments": [], "Target": [ "mcw03" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 08:20:57.633331" }, "20240127082323390382": { "Function": "test.ping", "Arguments": [ 300 ], "Target": "mcw03", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:23:23.390382" }, "20240127082405980551": { "Function": "sys.list_functions", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:24:05.980551" }, "20240127082407552195": { "Function": "test.ping", "Arguments": [], "Target": [ "mcw03" ], "Target-type": "list", "User": "root", "StartTime": "2024, Jan 27 08:24:07.552195" }, "20240127082408772412": { "Function": "sys.list_functions", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:24:08.772412" }, "20240127085355911574": { "Function": "test.ping", "Arguments": [], "Target": "mcw02", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 08:53:55.911574" }, "20240127090307801858": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 09:03:07.801858" }, "20240127140307797333": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 14:03:07.797333" }, "20240127150307810959": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 15:03:07.810959" }, "20240127190307813466": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 19:03:07.813466" }, "20240127230307802376": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 27 23:03:07.802376" }, "20240128000307787845": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 00:03:07.787845" }, "20240128045549966242": { "Function": "test.ping", "Arguments": [], "Target": "mcw03", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 04:55:49.966242" }, "20240128053311904295": { "Function": "test.ping", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 05:33:11.904295" }, "20240128053318629698": { "Function": "mine.update", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 05:33:18.629698" }, "20240128054532451937": { "Function": "tls.create_self_signed_cert", "Arguments": [], "Target": "mcw01", "Target-type": "glob", "User": "root", "StartTime": "2024, Jan 28 05:45:32.451937" }, "20240128062532496807": { "Function": "grains.items", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "saltapi", "StartTime": "2024, Jan 28 06:25:32.496807" }, "20240128064745829110": { "Function": "test.ping", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "saltapi", "StartTime": "2024, Jan 28 06:47:45.829110" } } ] } [root@mcw01 ~]#
获取jid后,即可获取该任务的详细情况
就把jid拼到路径后面
curl -k https://10.0.0.11:8000/jobs/20240128064745829110 \ -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" |python3 -mjson.tool
[root@mcw01 ~]# curl -k https://10.0.0.11:8000/jobs/20240128064745829110 \ > -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" |python3 -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 554 100 554 0 0 411 0 0:00:01 0:00:01 --:--:-- 411 { "info": [ { "jid": "20240128064745829110", "Function": "test.ping", "Arguments": [], "Target": "*", "Target-type": "glob", "User": "saltapi", "Minions": [ "mcw01", "mcw02", "mcw03", "mcw04" ], "StartTime": "2024, Jan 28 06:47:45.829110", "Result": { "mcw03": { "return": true, "retcode": 0, "success": true }, "mcw04": { "return": true, "retcode": 0, "success": true }, "mcw01": { "return": true, "retcode": 0, "success": true }, "mcw02": { "return": true, "retcode": 0, "success": true } } } ], "return": [ { "mcw03": true, "mcw04": true, "mcw01": true, "mcw02": true } ] } [root@mcw01 ~]#
3、运行runner
curl -k https://10.0.0.11:8000/ \ -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" \ -d client="runner" \ -d fun="manage.status" |python3 -mjson.tool
[root@mcw01 ~]# curl -k https://10.0.0.11:8000/ \ > -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" \ > -d client="runner" \ > -d fun="manage.status" |python3 -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 101 100 70 100 31 62 27 0:00:01 0:00:01 --:--:-- 62 { "return": [ { "up": [ "mcw01", "mcw02", "mcw03", "mcw04" ], "down": [] } ] } [root@mcw01 ~]#
4、运行cmd.run
[root@mcw01 ~]# curl -skS https://10.0.0.11:8080/run \ > -H 'Accept: application/x-yaml' \ > -H "X-Auth-Token: e8229d0bd8858d5f000aede279d4881968054bf5" \ > -H 'Content-type: application/json' \ > curl: (7) Failed connect to 10.0.0.11:8080; Connection refused [root@mcw01 ~]# [root@mcw01 ~]# [root@mcw01 ~]# curl -skS https://10.0.0.11:8000/run \ > -H 'Accept: application/x-yaml' \ > -H 'Content-type: application/json' \ > -d '[{ > "client": "local", > "tgt": "*", > "fun": "cmd.run", > "kwarg": { > "cmd": "hostname" > }, > "username": "saltapi", > "password": "spassword", > "eauth": "pam" > }]' return: - mcw01: mcw01 mcw02: mcw02 mcw03: mcw03 mcw04: mcw04 [root@mcw01 ~]#
认证用的自动,这里是不行的,这里是pam认证
[root@mcw01 ~]# curl -skS https://10.0.0.11:8000/run \ > -H 'Accept: application/x-yaml' \ > -H 'Content-type: application/json' \ > -d '[{ > "client": "local", > "tgt": "*", > "fun": "cmd.run", > "kwarg": { > "cmd": "hostname" > }, > "username": "saltapi", > "password": "spassword", > "eauth": "auto" > }]' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> <title>401 Unauthorized</title> <style type="text/css"> #powered_by { margin-top: 20px; border-top: 2px solid black; font-style: italic; } #traceback { color: red; } </style> </head> <body> <h2>401 Unauthorized</h2> <p>No permission -- see authorization schemes</p> <pre id="traceback"></pre> <div id="powered_by"> <span> Powered by <a href="http://www.cherrypy.org">CherryPy 5.6.0</a> </span> </div> </body> </html> [root@mcw01 ~]#
5、删除minion的认证
curl --request POST \ --url https://192.168.56.11:8080/ \ --header 'Content-Type: application/json' \ --header 'X-Auth-Token: fce2eb30115b01856ae2bad4a5e6ed53b7121283' \ --header 'content-type: application/x-www-form-urlencoded' \ --data client=wheel \ --data fun=key.delete \ --data match=172.20.211.11
6、测试服务器网络
curl --request POST \
--url https://salt.master.com/ \
--header 'Accept: application/x-yaml' \
--header 'X-Auth-Token: cf400ad507d07397d07910e8b154c5f3a7a3d4fd' \
--header 'content-type: application/json' \
--data '{
"tgt": "172.20.221.76",
"client": "local",
"tgt_type": "list",
"fun": "network.ping",
"arg":"www.baidu.com"
}'
7、使用python调用salt-api接口范例
#!/usr/bin/env python #-*- coding:utf-8 -*- import json import requests class SaltClient(object): def __init__(self, **login_info): self.login_url = login_info.get("login_url") self.api_url = login_info.get("api_url") self.username = login_info.get("username") self.password = login_info.get("password") def get_token(self): validate_data = { "username": self.username , "password": self.password, "eauth": 'pam' } headers = { 'Accept': 'application/json', 'Content-Type': 'application/json; charset=UTF-8', 'User-Agent': 'py-saltclient' } try: resp = requests.post(self.login_url, json=validate_data, headers=headers, verify=False) if resp.status_code == 200: resp_body = json.loads(resp.content) data = { 'start_time': resp_body['return'][0]['start'], 'expire_time': resp_body['return'][0]['expire'], 'token': resp_body['return'][0]['token'] } return data except Exception as e: print e def exec_command(self, data, token): headers = { 'Accept': 'application/json', 'Content-Type': 'application/json; charset=UTF-8', 'X-Auth-Token': token } try: resp = requests.post(self.api_url, json=data, headers=headers, verify=False) return resp.content except Exception as e: return "not ok" if __name__ == '__main__': login_info = { "login_url":"https://<master_IP>/login", "api_url":"https://<master_IP>/", "username":"salt-api", "password":"salt-api" } client = SaltClient(**login_info) token = client.get_token().get("token") target = "192.168.1.12" func_ps = 'monitor_srv.ls' para_ps = {"path":"/abc/extra_conf"} cmd = { "client": "local", "tgt": target, "fun": func_ps, 'kwarg': para_ps } res = client.exec_command(data=cmd, token=token) res = json.loads(res) returns = res['return']
8、执行状态
[root@mcw01 ~]# salt 'mcw03' state.sls init/env_init -a pam /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.bindings.openssl.binding import Binding username: saltapi password: mcw03: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf is in the correct state Started: 01:21:48.006617 Duration: 27.91 ms Changes: ---------- ID: /etc/profile Function: file.append Result: True Comment: File /etc/profile is in correct state Started: 01:21:48.034680 Duration: 5.346 ms Changes: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: File /etc/bashrc is in correct state Started: 01:21:48.040134 Duration: 3.198 ms Changes: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set Started: 01:21:48.046190 Duration: 17.294 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Sysctl value fs.file-max = 2000000 is already set Started: 01:21:48.063889 Duration: 8.324 ms Changes: ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_forward = 1 is already set Started: 01:21:48.072530 Duration: 6.47 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Sysctl value vm.swappiness = 0 is already set Started: 01:21:48.079250 Duration: 4.978 ms Changes: ---------- ID: yum_repo_release Function: pkg.installed Result: True Comment: unless condition is true Started: 01:21:49.165032 Duration: 1197.786 ms Changes: Summary for mcw03 ------------ Succeeded: 8 Failed: 0 ------------ Total states run: 8 Total run time: 1.271 s [root@mcw01 ~]#
第一次执行报错,缺少参数
[root@mcw01 ~]# curl -skS https://10.0.0.11:8000/run \ > -H 'Accept: application/x-yaml' \ > -H 'Content-type: application/json' \ > -d '[{ > "client": "local", > "tgt": "*", > "fun": "state.sls", > "kwarg": { > "cmd": "init/env_init" > }, > "username": "saltapi", > "password": "spassword", > "eauth": "pam" > }]' return: - mcw01: "Passed invalid arguments to state.sls: sls() missing 1 required positional argument: 'mods'\n\n Execute the states in one or more SLS files\n\n test\n \ Run states in test-only (dry-run) mode\n\n pillar\n Custom Pillar values, passed as a dictionary of key-value pairs\n\n .. code-block:: bash\n\n \ salt '*' state.sls stuff pillar='{\"foo\": \"bar\"}'\n\n .. note::\n Values passed this way will override existing Pillar values set via\n ``pillar_roots`` or an external Pillar source. Pillar values that\n are not included in the kwarg will not be overwritten.\n\n .. versionchanged:: 2016.3.0\n GPG-encrypted CLI Pillar data is now supported via the GPG\n renderer. See :ref:`here <encrypted-cli-pillar-data>` for details.\n\n pillar_enc\n Specify which renderer to use to decrypt encrypted data located within\n the ``pillar`` value. Currently, only ``gpg`` is supported.\n\n .. versionadded:: 2016.3.0\n\n exclude\n Exclude specific states from execution. Accepts a list of sls names, a\n comma-separated string of sls names, or a list of dictionaries\n containing ``sls`` or ``id`` keys. Glob-patterns may be used to match\n multiple states.\n\n \ .. code-block:: bash\n\n salt '*' state.sls foo,bar,baz exclude=bar,baz\n \ salt '*' state.sls foo,bar,baz exclude=ba*\n salt '*' state.sls foo,bar,baz exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n\n \ queue : False\n Instead of failing immediately when another state run is in progress,\n queue the new state run to begin running once the other has finished.\n\n This option starts a new thread for each queued state run, so use this\n option sparingly.\n\n concurrent : False\n Execute state runs concurrently instead of serially\n\n .. warning::\n\n This flag is potentially dangerous. It is designed for use when\n multiple state runs can safely be run at the same time. Do *not*\n use this flag for performance optimization.\n\n saltenv\n Specify a salt fileserver environment to be used when applying states\n\n .. versionchanged:: 0.17.0\n \ Argument name changed from ``env`` to ``saltenv``.\n\n .. versionchanged:: 2014.7.0\n If no saltenv is specified, the minion config will be checked for an\n ``environment`` parameter and if found, it will be used. If none is\n found, ``base`` will be used. In prior releases, the minion config\n was not checked and ``base`` would always be assumed when the\n saltenv was not explicitly set.\n\n pillarenv\n Specify a Pillar environment to be used when applying states. This\n can also be set in the minion config file using the\n :conf_minion:`pillarenv` option. When neither the\n :conf_minion:`pillarenv` minion config option nor this CLI argument is\n used, all Pillar environments will be merged together.\n\n \ localconfig\n Optionally, instead of using the minion config, load minion opts from\n the file specified by this argument, and then merge them with the\n options from the minion config. This functionality allows for specific\n states to be run with their own custom minion configuration, including\n different pillars, file_roots, etc.\n\n mock\n The mock option allows for the state run to execute without actually\n calling any states. This then returns a mocked return which will show\n the requisite ordering as well as fully validate the state run.\n\n .. versionadded:: 2015.8.4\n\n sync_mods\n If specified, the desired custom module types will be synced prior to\n running the SLS files:\n\n .. code-block:: bash\n\n salt '*' state.sls stuff sync_mods=states,modules\n salt '*' state.sls stuff sync_mods=all\n\n .. versionadded:: 2017.7.8,2018.3.3,2019.2.0\n\n \ CLI Example:\n\n .. code-block:: bash\n\n # Run the states configured in salt://example.sls (or salt://example/init.sls)\n salt '*' state.apply example\n\n # Run the states configured in salt://core.sls (or salt://core/init.sls)\n \ # and salt://edit/vim.sls (or salt://edit/vim/init.sls)\n salt '*' state.sls core,edit.vim\n\n # Run the states configured in a more deeply nested directory such as salt://my/nested/state.sls (or salt://my/nested/state/init.sls)\n \ salt '*' state.sls my.nested.state\n\n salt '*' state.sls core exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n salt '*' state.sls myslsfile pillar=\"{foo: 'Foo!', bar: 'Bar!'}\"\n " mcw02: "Passed invalid arguments to state.sls: sls() missing 1 required positional argument: 'mods'\n\n Execute the states in one or more SLS files\n\n test\n \ Run states in test-only (dry-run) mode\n\n pillar\n Custom Pillar values, passed as a dictionary of key-value pairs\n\n .. code-block:: bash\n\n \ salt '*' state.sls stuff pillar='{\"foo\": \"bar\"}'\n\n .. note::\n Values passed this way will override existing Pillar values set via\n ``pillar_roots`` or an external Pillar source. Pillar values that\n are not included in the kwarg will not be overwritten.\n\n .. versionchanged:: 2016.3.0\n GPG-encrypted CLI Pillar data is now supported via the GPG\n renderer. See :ref:`here <encrypted-cli-pillar-data>` for details.\n\n pillar_enc\n Specify which renderer to use to decrypt encrypted data located within\n the ``pillar`` value. Currently, only ``gpg`` is supported.\n\n .. versionadded:: 2016.3.0\n\n exclude\n Exclude specific states from execution. Accepts a list of sls names, a\n comma-separated string of sls names, or a list of dictionaries\n containing ``sls`` or ``id`` keys. Glob-patterns may be used to match\n multiple states.\n\n \ .. code-block:: bash\n\n salt '*' state.sls foo,bar,baz exclude=bar,baz\n \ salt '*' state.sls foo,bar,baz exclude=ba*\n salt '*' state.sls foo,bar,baz exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n\n \ queue : False\n Instead of failing immediately when another state run is in progress,\n queue the new state run to begin running once the other has finished.\n\n This option starts a new thread for each queued state run, so use this\n option sparingly.\n\n concurrent : False\n Execute state runs concurrently instead of serially\n\n .. warning::\n\n This flag is potentially dangerous. It is designed for use when\n multiple state runs can safely be run at the same time. Do *not*\n use this flag for performance optimization.\n\n saltenv\n Specify a salt fileserver environment to be used when applying states\n\n .. versionchanged:: 0.17.0\n \ Argument name changed from ``env`` to ``saltenv``.\n\n .. versionchanged:: 2014.7.0\n If no saltenv is specified, the minion config will be checked for an\n ``environment`` parameter and if found, it will be used. If none is\n found, ``base`` will be used. In prior releases, the minion config\n was not checked and ``base`` would always be assumed when the\n saltenv was not explicitly set.\n\n pillarenv\n Specify a Pillar environment to be used when applying states. This\n can also be set in the minion config file using the\n :conf_minion:`pillarenv` option. When neither the\n :conf_minion:`pillarenv` minion config option nor this CLI argument is\n used, all Pillar environments will be merged together.\n\n \ localconfig\n Optionally, instead of using the minion config, load minion opts from\n the file specified by this argument, and then merge them with the\n options from the minion config. This functionality allows for specific\n states to be run with their own custom minion configuration, including\n different pillars, file_roots, etc.\n\n mock\n The mock option allows for the state run to execute without actually\n calling any states. This then returns a mocked return which will show\n the requisite ordering as well as fully validate the state run.\n\n .. versionadded:: 2015.8.4\n\n sync_mods\n If specified, the desired custom module types will be synced prior to\n running the SLS files:\n\n .. code-block:: bash\n\n salt '*' state.sls stuff sync_mods=states,modules\n salt '*' state.sls stuff sync_mods=all\n\n .. versionadded:: 2017.7.8,2018.3.3,2019.2.0\n\n \ CLI Example:\n\n .. code-block:: bash\n\n # Run the states configured in salt://example.sls (or salt://example/init.sls)\n salt '*' state.apply example\n\n # Run the states configured in salt://core.sls (or salt://core/init.sls)\n \ # and salt://edit/vim.sls (or salt://edit/vim/init.sls)\n salt '*' state.sls core,edit.vim\n\n # Run the states configured in a more deeply nested directory such as salt://my/nested/state.sls (or salt://my/nested/state/init.sls)\n \ salt '*' state.sls my.nested.state\n\n salt '*' state.sls core exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n salt '*' state.sls myslsfile pillar=\"{foo: 'Foo!', bar: 'Bar!'}\"\n " mcw03: "Passed invalid arguments to state.sls: sls() missing 1 required positional argument: 'mods'\n\n Execute the states in one or more SLS files\n\n test\n \ Run states in test-only (dry-run) mode\n\n pillar\n Custom Pillar values, passed as a dictionary of key-value pairs\n\n .. code-block:: bash\n\n \ salt '*' state.sls stuff pillar='{\"foo\": \"bar\"}'\n\n .. note::\n Values passed this way will override existing Pillar values set via\n ``pillar_roots`` or an external Pillar source. Pillar values that\n are not included in the kwarg will not be overwritten.\n\n .. versionchanged:: 2016.3.0\n GPG-encrypted CLI Pillar data is now supported via the GPG\n renderer. See :ref:`here <encrypted-cli-pillar-data>` for details.\n\n pillar_enc\n Specify which renderer to use to decrypt encrypted data located within\n the ``pillar`` value. Currently, only ``gpg`` is supported.\n\n .. versionadded:: 2016.3.0\n\n exclude\n Exclude specific states from execution. Accepts a list of sls names, a\n comma-separated string of sls names, or a list of dictionaries\n containing ``sls`` or ``id`` keys. Glob-patterns may be used to match\n multiple states.\n\n \ .. code-block:: bash\n\n salt '*' state.sls foo,bar,baz exclude=bar,baz\n \ salt '*' state.sls foo,bar,baz exclude=ba*\n salt '*' state.sls foo,bar,baz exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n\n \ queue : False\n Instead of failing immediately when another state run is in progress,\n queue the new state run to begin running once the other has finished.\n\n This option starts a new thread for each queued state run, so use this\n option sparingly.\n\n concurrent : False\n Execute state runs concurrently instead of serially\n\n .. warning::\n\n This flag is potentially dangerous. It is designed for use when\n multiple state runs can safely be run at the same time. Do *not*\n use this flag for performance optimization.\n\n saltenv\n Specify a salt fileserver environment to be used when applying states\n\n .. versionchanged:: 0.17.0\n \ Argument name changed from ``env`` to ``saltenv``.\n\n .. versionchanged:: 2014.7.0\n If no saltenv is specified, the minion config will be checked for an\n ``environment`` parameter and if found, it will be used. If none is\n found, ``base`` will be used. In prior releases, the minion config\n was not checked and ``base`` would always be assumed when the\n saltenv was not explicitly set.\n\n pillarenv\n Specify a Pillar environment to be used when applying states. This\n can also be set in the minion config file using the\n :conf_minion:`pillarenv` option. When neither the\n :conf_minion:`pillarenv` minion config option nor this CLI argument is\n used, all Pillar environments will be merged together.\n\n \ localconfig\n Optionally, instead of using the minion config, load minion opts from\n the file specified by this argument, and then merge them with the\n options from the minion config. This functionality allows for specific\n states to be run with their own custom minion configuration, including\n different pillars, file_roots, etc.\n\n mock\n The mock option allows for the state run to execute without actually\n calling any states. This then returns a mocked return which will show\n the requisite ordering as well as fully validate the state run.\n\n .. versionadded:: 2015.8.4\n\n sync_mods\n If specified, the desired custom module types will be synced prior to\n running the SLS files:\n\n .. code-block:: bash\n\n salt '*' state.sls stuff sync_mods=states,modules\n salt '*' state.sls stuff sync_mods=all\n\n .. versionadded:: 2017.7.8,2018.3.3,2019.2.0\n\n \ CLI Example:\n\n .. code-block:: bash\n\n # Run the states configured in salt://example.sls (or salt://example/init.sls)\n salt '*' state.apply example\n\n # Run the states configured in salt://core.sls (or salt://core/init.sls)\n \ # and salt://edit/vim.sls (or salt://edit/vim/init.sls)\n salt '*' state.sls core,edit.vim\n\n # Run the states configured in a more deeply nested directory such as salt://my/nested/state.sls (or salt://my/nested/state/init.sls)\n \ salt '*' state.sls my.nested.state\n\n salt '*' state.sls core exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n salt '*' state.sls myslsfile pillar=\"{foo: 'Foo!', bar: 'Bar!'}\"\n " mcw04: "Passed invalid arguments to state.sls: sls() missing 1 required positional argument: 'mods'\n\n Execute the states in one or more SLS files\n\n test\n \ Run states in test-only (dry-run) mode\n\n pillar\n Custom Pillar values, passed as a dictionary of key-value pairs\n\n .. code-block:: bash\n\n \ salt '*' state.sls stuff pillar='{\"foo\": \"bar\"}'\n\n .. note::\n Values passed this way will override existing Pillar values set via\n ``pillar_roots`` or an external Pillar source. Pillar values that\n are not included in the kwarg will not be overwritten.\n\n .. versionchanged:: 2016.3.0\n GPG-encrypted CLI Pillar data is now supported via the GPG\n renderer. See :ref:`here <encrypted-cli-pillar-data>` for details.\n\n pillar_enc\n Specify which renderer to use to decrypt encrypted data located within\n the ``pillar`` value. Currently, only ``gpg`` is supported.\n\n .. versionadded:: 2016.3.0\n\n exclude\n Exclude specific states from execution. Accepts a list of sls names, a\n comma-separated string of sls names, or a list of dictionaries\n containing ``sls`` or ``id`` keys. Glob-patterns may be used to match\n multiple states.\n\n \ .. code-block:: bash\n\n salt '*' state.sls foo,bar,baz exclude=bar,baz\n \ salt '*' state.sls foo,bar,baz exclude=ba*\n salt '*' state.sls foo,bar,baz exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n\n \ queue : False\n Instead of failing immediately when another state run is in progress,\n queue the new state run to begin running once the other has finished.\n\n This option starts a new thread for each queued state run, so use this\n option sparingly.\n\n concurrent : False\n Execute state runs concurrently instead of serially\n\n .. warning::\n\n This flag is potentially dangerous. It is designed for use when\n multiple state runs can safely be run at the same time. Do *not*\n use this flag for performance optimization.\n\n saltenv\n Specify a salt fileserver environment to be used when applying states\n\n .. versionchanged:: 0.17.0\n \ Argument name changed from ``env`` to ``saltenv``.\n\n .. versionchanged:: 2014.7.0\n If no saltenv is specified, the minion config will be checked for an\n ``environment`` parameter and if found, it will be used. If none is\n found, ``base`` will be used. In prior releases, the minion config\n was not checked and ``base`` would always be assumed when the\n saltenv was not explicitly set.\n\n pillarenv\n Specify a Pillar environment to be used when applying states. This\n can also be set in the minion config file using the\n :conf_minion:`pillarenv` option. When neither the\n :conf_minion:`pillarenv` minion config option nor this CLI argument is\n used, all Pillar environments will be merged together.\n\n \ localconfig\n Optionally, instead of using the minion config, load minion opts from\n the file specified by this argument, and then merge them with the\n options from the minion config. This functionality allows for specific\n states to be run with their own custom minion configuration, including\n different pillars, file_roots, etc.\n\n mock\n The mock option allows for the state run to execute without actually\n calling any states. This then returns a mocked return which will show\n the requisite ordering as well as fully validate the state run.\n\n .. versionadded:: 2015.8.4\n\n sync_mods\n If specified, the desired custom module types will be synced prior to\n running the SLS files:\n\n .. code-block:: bash\n\n salt '*' state.sls stuff sync_mods=states,modules\n salt '*' state.sls stuff sync_mods=all\n\n .. versionadded:: 2017.7.8,2018.3.3,2019.2.0\n\n \ CLI Example:\n\n .. code-block:: bash\n\n # Run the states configured in salt://example.sls (or salt://example/init.sls)\n salt '*' state.apply example\n\n # Run the states configured in salt://core.sls (or salt://core/init.sls)\n \ # and salt://edit/vim.sls (or salt://edit/vim/init.sls)\n salt '*' state.sls core,edit.vim\n\n # Run the states configured in a more deeply nested directory such as salt://my/nested/state.sls (or salt://my/nested/state/init.sls)\n \ salt '*' state.sls my.nested.state\n\n salt '*' state.sls core exclude=\"[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]\"\n salt '*' state.sls myslsfile pillar=\"{foo: 'Foo!', bar: 'Bar!'}\"\n " [root@mcw01 ~]#
我们可以看到,参数不是cmd了,而是mods了
[root@mcw01 ~]# curl -skS https://10.0.0.11:8000/run \ > -H 'Accept: application/x-yaml' \ > -H 'Content-type: application/json' \ > -d '[{ > "client": "local", > "tgt": "*", > "fun": "state.sls", > "kwarg": { > "mods": "init/env_init" > }, > "username": "saltapi", > "password": "spassword", > "eauth": "pam" > }]' return: - mcw01: file_|-/etc/bashrc_|-/etc/bashrc_|-append: __id__: /etc/bashrc __run_num__: 2 __sls__: init.audit changes: {} comment: File /etc/bashrc is in correct state duration: 18.459 name: /etc/bashrc result: true start_time: '01:24:41.036176' file_|-/etc/profile_|-/etc/profile_|-append: __id__: /etc/profile __run_num__: 1 __sls__: init.history changes: {} comment: File /etc/profile is in correct state duration: 5.075 name: /etc/profile result: true start_time: '01:24:41.030947' file_|-/etc/resolv.conf_|-/etc/resolv.conf_|-managed: __id__: /etc/resolv.conf __run_num__: 0 __sls__: init.dns changes: diff: "--- \n+++ \n@@ -1,2 +1,3 @@\n # Generated by NetworkManager\n+#salt tongbu by mcw\n nameserver 223.5.5.5\n" comment: File /etc/resolv.conf updated duration: 92.985 name: /etc/resolv.conf result: true start_time: '01:24:40.937741' pkg_|-yum_repo_release_|-yum_repo_release_|-installed: __id__: yum_repo_release __run_num__: 7 __sls__: init.epel changes: {} comment: unless condition is true duration: 9228.526 name: yum_repo_release result: true skip_watch: true start_time: '01:24:44.434505' sysctl_|-fs.file-max_|-fs.file-max_|-present: __id__: fs.file-max __run_num__: 4 __sls__: init.sysctl changes: {} comment: Sysctl value fs.file-max = 2000000 is already set duration: 9.449 name: fs.file-max result: true start_time: '01:24:41.305480' sysctl_|-net.ipv4.ip_forward_|-net.ipv4.ip_forward_|-present: __id__: net.ipv4.ip_forward __run_num__: 5 __sls__: init.sysctl changes: {} comment: Sysctl value net.ipv4.ip_forward = 1 is already set duration: 9.754 name: net.ipv4.ip_forward result: true start_time: '01:24:41.315128' sysctl_|-net.ipv4.ip_local_port_range_|-net.ipv4.ip_local_port_range_|-present: __id__: net.ipv4.ip_local_port_range __run_num__: 3 __sls__: init.sysctl changes: net.ipv4.ip_local_port_range: 10000 65000 comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 duration: 196.662 name: net.ipv4.ip_local_port_range result: true start_time: '01:24:41.108380' sysctl_|-vm.swappiness_|-vm.swappiness_|-present: __id__: vm.swappiness __run_num__: 6 __sls__: init.sysctl changes: {} comment: Sysctl value vm.swappiness = 0 is already set duration: 18.666 name: vm.swappiness result: true start_time: '01:24:41.325427' mcw02: file_|-/etc/bashrc_|-/etc/bashrc_|-append: __id__: /etc/bashrc __run_num__: 2 __sls__: init.audit changes: {} comment: File /etc/bashrc is in correct state duration: 35.064 name: /etc/bashrc result: true start_time: '01:24:41.658401' file_|-/etc/profile_|-/etc/profile_|-append: __id__: /etc/profile __run_num__: 1 __sls__: init.history changes: {} comment: File /etc/profile is in correct state duration: 157.482 name: /etc/profile result: true start_time: '01:24:41.500582' file_|-/etc/resolv.conf_|-/etc/resolv.conf_|-managed: __id__: /etc/resolv.conf __run_num__: 0 __sls__: init.dns changes: diff: "--- \n+++ \n@@ -1,2 +1,3 @@\n # Generated by NetworkManager\n+#salt tongbu by mcw\n nameserver 223.5.5.5\n" comment: File /etc/resolv.conf updated duration: 418.966 name: /etc/resolv.conf result: true start_time: '01:24:41.081322' pkg_|-yum_repo_release_|-yum_repo_release_|-installed: __id__: yum_repo_release __run_num__: 7 __sls__: init.epel changes: {} comment: unless condition is true duration: 5181.687 name: yum_repo_release result: true skip_watch: true start_time: '01:24:55.649797' sysctl_|-fs.file-max_|-fs.file-max_|-present: __id__: fs.file-max __run_num__: 4 __sls__: init.sysctl changes: {} comment: Sysctl value fs.file-max = 2000000 is already set duration: 10.838 name: fs.file-max result: true start_time: '01:24:41.945649' sysctl_|-net.ipv4.ip_forward_|-net.ipv4.ip_forward_|-present: __id__: net.ipv4.ip_forward __run_num__: 5 __sls__: init.sysctl changes: {} comment: Sysctl value net.ipv4.ip_forward = 1 is already set duration: 7.36 name: net.ipv4.ip_forward result: true start_time: '01:24:41.956788' sysctl_|-net.ipv4.ip_local_port_range_|-net.ipv4.ip_local_port_range_|-present: __id__: net.ipv4.ip_local_port_range __run_num__: 3 __sls__: init.sysctl changes: net.ipv4.ip_local_port_range: 10000 65000 comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 duration: 38.655 name: net.ipv4.ip_local_port_range result: true start_time: '01:24:41.906755' sysctl_|-vm.swappiness_|-vm.swappiness_|-present: __id__: vm.swappiness __run_num__: 6 __sls__: init.sysctl changes: {} comment: Sysctl value vm.swappiness = 0 is already set duration: 10.376 name: vm.swappiness result: true start_time: '01:24:41.964466' mcw03: file_|-/etc/bashrc_|-/etc/bashrc_|-append: __id__: /etc/bashrc __run_num__: 2 __sls__: init.audit changes: {} comment: File /etc/bashrc is in correct state duration: 3.719 name: /etc/bashrc result: true start_time: '01:24:40.853787' file_|-/etc/profile_|-/etc/profile_|-append: __id__: /etc/profile __run_num__: 1 __sls__: init.history changes: {} comment: File /etc/profile is in correct state duration: 7.164 name: /etc/profile result: true start_time: '01:24:40.846394' file_|-/etc/resolv.conf_|-/etc/resolv.conf_|-managed: __id__: /etc/resolv.conf __run_num__: 0 __sls__: init.dns changes: {} comment: File /etc/resolv.conf is in the correct state duration: 43.344 name: /etc/resolv.conf result: true start_time: '01:24:40.802792' pkg_|-yum_repo_release_|-yum_repo_release_|-installed: __id__: yum_repo_release __run_num__: 7 __sls__: init.epel changes: {} comment: unless condition is true duration: 1440.326 name: yum_repo_release result: true skip_watch: true start_time: '01:24:42.125352' sysctl_|-fs.file-max_|-fs.file-max_|-present: __id__: fs.file-max __run_num__: 4 __sls__: init.sysctl changes: {} comment: Sysctl value fs.file-max = 2000000 is already set duration: 7.261 name: fs.file-max result: true start_time: '01:24:40.871892' sysctl_|-net.ipv4.ip_forward_|-net.ipv4.ip_forward_|-present: __id__: net.ipv4.ip_forward __run_num__: 5 __sls__: init.sysctl changes: {} comment: Sysctl value net.ipv4.ip_forward = 1 is already set duration: 4.673 name: net.ipv4.ip_forward result: true start_time: '01:24:40.879392' sysctl_|-net.ipv4.ip_local_port_range_|-net.ipv4.ip_local_port_range_|-present: __id__: net.ipv4.ip_local_port_range __run_num__: 3 __sls__: init.sysctl changes: {} comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set duration: 11.342 name: net.ipv4.ip_local_port_range result: true start_time: '01:24:40.860246' sysctl_|-vm.swappiness_|-vm.swappiness_|-present: __id__: vm.swappiness __run_num__: 6 __sls__: init.sysctl changes: {} comment: Sysctl value vm.swappiness = 0 is already set duration: 3.819 name: vm.swappiness result: true start_time: '01:24:40.884237' mcw04: file_|-/etc/bashrc_|-/etc/bashrc_|-append: __id__: /etc/bashrc __run_num__: 2 __sls__: init.audit changes: {} comment: File /etc/bashrc is in correct state duration: 8.52 name: /etc/bashrc result: true start_time: '01:24:42.151831' file_|-/etc/profile_|-/etc/profile_|-append: __id__: /etc/profile __run_num__: 1 __sls__: init.history changes: {} comment: File /etc/profile is in correct state duration: 14.143 name: /etc/profile result: true start_time: '01:24:42.137404' file_|-/etc/resolv.conf_|-/etc/resolv.conf_|-managed: __id__: /etc/resolv.conf __run_num__: 0 __sls__: init.dns changes: diff: "--- \n+++ \n@@ -1,2 +1,3 @@\n # Generated by NetworkManager\n+#salt tongbu by mcw\n nameserver 223.5.5.5\n" comment: File /etc/resolv.conf updated duration: 513.946 name: /etc/resolv.conf result: true start_time: '01:24:41.623254' pkg_|-yum_repo_release_|-yum_repo_release_|-installed: __id__: yum_repo_release __run_num__: 7 __sls__: init.epel changes: {} comment: unless condition is true duration: 8657.083 name: yum_repo_release result: true skip_watch: true start_time: '01:24:56.958955' sysctl_|-fs.file-max_|-fs.file-max_|-present: __id__: fs.file-max __run_num__: 4 __sls__: init.sysctl changes: {} comment: Sysctl value fs.file-max = 2000000 is already set duration: 9.626 name: fs.file-max result: true start_time: '01:24:42.720360' sysctl_|-net.ipv4.ip_forward_|-net.ipv4.ip_forward_|-present: __id__: net.ipv4.ip_forward __run_num__: 5 __sls__: init.sysctl changes: {} comment: Sysctl value net.ipv4.ip_forward = 1 is already set duration: 24.805 name: net.ipv4.ip_forward result: true start_time: '01:24:42.730235' sysctl_|-net.ipv4.ip_local_port_range_|-net.ipv4.ip_local_port_range_|-present: __id__: net.ipv4.ip_local_port_range __run_num__: 3 __sls__: init.sysctl changes: net.ipv4.ip_local_port_range: 10000 65000 comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 duration: 398.747 name: net.ipv4.ip_local_port_range result: true start_time: '01:24:42.321170' sysctl_|-vm.swappiness_|-vm.swappiness_|-present: __id__: vm.swappiness __run_num__: 6 __sls__: init.sysctl changes: {} comment: Sysctl value vm.swappiness = 0 is already set duration: 5.4 name: vm.swappiness result: true start_time: '01:24:42.755275' [root@mcw01 ~]#
salt-run的生产配置
# cat /etc/salt/master.d/api.conf external_auth: pam: salt: - .* rest_cherrypy: # can be any port port: 8000 host: "10.x.x.46" ssl_crt: /etc/pki/tls/certs/api.crt # no need to specify ssl_key if cert and key # are in one single file ssl_key: /etc/pki/tls/certs/api.key debug: False disable_ssl: False # cat /etc/salt/master.d/apus.conf keep_jobs: 12 #
9、grains信息查询
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏
· Manus爆火,是硬核还是营销?