Table of Contents
Useful SALT commands (cheatsheet) and recipes
Documentation | |
---|---|
Name: | Useful SALT commands (cheatsheet) and recipes |
Description: | Cheatsheet of SALT commands and quick recipes |
Modification date : | 15/10/2018 |
Owner: | warlock86@gmail.com |
Notify changes to: | backops |
Tags: |
Cheatsheet
Minion information
List Running minions
salt-run manage.up
List minion grains
salt '<HOSTNAME>' grains.ls
Ping minion
salt '<HOSTNAME>' test.ping
Working with minions (Modules)
SALT.MODULES.CMDMOD (remote execution)
Run OS commands on minion
salt '*' cmd.run "<COMMAND>"
Double quotes must be used to run “complex” commands:
salt '*' cmd.run "ip ad"
Like running remote commands with ssh
SALT.MODULES.PKG (software management)
List installed packages
No wildcard/regexp available, sorry:
salt '*' pkg.list_pkgs
Install packages
salt '*' pkg.install 'PKGNAME'
Search package
No functcion available, use cmd.run
instead:
salt '*' cmd.run 'yum search PKGNAME'
Uninstall/Remove packages
salt '*' pkg.remove 'PKGNAME'
SALT.MODULES.FILE (File management)
Copy files
salt '*' file.copy /path/to/origin.file /path/to/destination.file
SALT.MODULES.USERADD (Adding users module)
SALT.MODULES.DISK (block device management)
SALT.MODULES.SYSTEMD (systemd/systemctl management)
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.systemd.html
Systemd is managed through the META-MODULE service
.
Restart a service
if you want that salt restart the service (dont' make me talk about systemd ), use forcereload
<code bash>
salt '*' service.force_reload SERVICENAME
</code>
===== States =====
More info in its own page.
==== States location ====
<code>
/srv/salt/base
</code>
==== Apply TOP state ====
<code bash>
salt '<HOSTNAME>' state.apply
</code>
==== Apply named state ====
<code bash>
salt '<HOSTNAME>' state.apply <STATE_NAME>
</code>
===== Working with keys =====
==== Accept all keys ====
<code bash>
salt-key -A
</code>
==== List keys (any state) ====
<code bash>
salt-key
</code>
==== Drop key ====
<code bash>
salt-key -d testmongui.ciberterminal.net
</code>
====== Recipes ======
===== Install CylancePROTECT in CentOS6/7 or Ubuntu 14.04/16.04 =====
Example for installing CylancePROTECT in all Crypta-INTG servers.
Please, take note that the targeting is only based on the hostname.
If you need to do a more accurate targeting take a look at this.
From SALT Master run:
CENTOS:
<code bash>
sudo salt -E '(?i)accli' file.makedirs /opt/cylance/
sudo salt -E '(?i)accli' cp.getfile salt:cylance/configdefaults.txt /opt/cylance/configdefaults.txt
sudo salt -E '(?i)accli' cp.get_file salt:cylance/CylancePROTECT.elgrains.osmajorrelease.rpm /opt/cylance/CylancePROTECT.elgrains.osmajorrelease.rpm template=jinja
sudo salt -E '(?i)accli*' cmd.run “yum -y install /opt/cylance/CylancePROTECT.elgrains.osmajorrelease.rpm” template=jinja
</code>
UBUNTU:
<code bash>
sudo salt -E '(?i)avclp-gray' file.makedirs /opt/cylance/
sudo salt -E '(?i)avclp-gray' cp.getfile salt:cylance/configdefaults.txt /opt/cylance/configdefaults.txt
sudo salt -E '(?i)avclp*' cp.getfile “salt:cylance/cylance-protect. regex_replace('\.','') .x8664.deb” “/opt/cylance/cylance-protect. regex_replace('\.','') .x8664.deb” template=jinja
#The followinf line is optional, only if Cylance instalation fails at module insert
sudo salt -E '(?i)avclp*' cmd.run “sudo apt-get update -y && sudo apt-get -y install libxml2-utils make gcc linux-headers-generic”
sudo salt -E '(?i)avclp*' cmd.run “dpkg -i /opt/cylance/cylance-protect. regex_replace('\.','') .x86_64.deb” template=jinja
</code>