linux:salt-stack:useful_commands
Table of Contents
Useful SALT commands (cheatsheet) and recipes
Documentation | |
---|---|
Name: | Useful SALT commands (cheatsheet) and recipes |
Description: | Cheatsheet of SALT commands and quick recipes |
Modification date : | 15/10/2018 |
Owner: | warlock86@gmail.com |
Notify changes to: | backops |
Tags: |
Cheatsheet
Minion information
List Running minions
salt-run manage.up
List minion grains
salt '<HOSTNAME>' grains.ls
Ping minion
salt '<HOSTNAME>' test.ping
Working with minions (Modules)
SALT.MODULES.CMDMOD (remote execution)
Run OS commands on minion
salt '*' cmd.run "<COMMAND>"
Double quotes must be used to run “complex” commands:
salt '*' cmd.run "ip ad"
Like running remote commands with ssh
SALT.MODULES.PKG (software management)
List installed packages
No wildcard/regexp available, sorry:
salt '*' pkg.list_pkgs
Install packages
salt '*' pkg.install 'PKGNAME'
Search package
No functcion available, use cmd.run
instead:
salt '*' cmd.run 'yum search PKGNAME'
Uninstall/Remove packages
salt '*' pkg.remove 'PKGNAME'
SALT.MODULES.FILE (File management)
Copy files
salt '*' file.copy /path/to/origin.file /path/to/destination.file
SALT.MODULES.USERADD (Adding users module)
SALT.MODULES.DISK (block device management)
SALT.MODULES.SYSTEMD (systemd/systemctl management)
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.systemd.html
Systemd is managed through the META-MODULE service
.
Restart a service
if you want that salt restart the service (dont' make me talk about systemd ), use force_reload
salt '*' service.force_reload SERVICENAME
States
More info in its own page.
States location
/srv/salt/base
Apply TOP state
salt '<HOSTNAME>' state.apply
Apply named state
salt '<HOSTNAME>' state.apply <STATE_NAME>
Working with keys
Accept all keys
salt-key -A
List keys (any state)
salt-key
Drop key
salt-key -d testmongui.ciberterminal.net
Recipes
Install CylancePROTECT in CentOS6/7 or Ubuntu 14.04/16.04
Example for installing CylancePROTECT in all Crypta-INTG servers.
Please, take note that the targeting is only based on the hostname.
If you need to do a more accurate targeting take a look at this.
From SALT Master run:
CENTOS:
sudo salt -E '(?i)accli*' file.makedirs /opt/cylance/ sudo salt -E '(?i)accli*' cp.get_file salt://cylance/config_defaults.txt /opt/cylance/config_defaults.txt sudo salt -E '(?i)accli*' cp.get_file salt://cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm /opt/cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm template=jinja sudo salt -E '(?i)accli*' cmd.run "yum -y install /opt/cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm" template=jinja
UBUNTU:
sudo salt -E '(?i)avclp-gray*' file.makedirs /opt/cylance/ sudo salt -E '(?i)avclp-gray*' cp.get_file salt://cylance/config_defaults.txt /opt/cylance/config_defaults.txt sudo salt -E '(?i)avclp*' cp.get_file "salt://cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" "/opt/cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" template=jinja #The followinf line is optional, only if Cylance instalation fails at module insert sudo salt -E '(?i)avclp*' cmd.run "sudo apt-get update -y && sudo apt-get -y install libxml2-utils make gcc linux-headers-generic" sudo salt -E '(?i)avclp*' cmd.run "dpkg -i /opt/cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" template=jinja
linux/salt-stack/useful_commands.txt · Last modified: 2022/02/11 11:36 by 127.0.0.1