User Tools

Site Tools


salt-stack:useful_commands

Useful SALT commands (cheatsheet) and recipes

Documentation
Name: Useful SALT commands (cheatsheet) and recipes
Description: Cheatsheet of SALT commands and quick recipes
Modification date :15/10/2018
Owner:warlock86@gmail.com
Notify changes to: backops
Tags:

Cheatsheet

Minion information

List Running minions

salt-run manage.up

List minion grains

salt '<HOSTNAME>' grains.ls

Ping minion

salt '<HOSTNAME>' test.ping

Working with minions (Modules)

SALT.MODULES.CMDMOD (remote execution)

Run OS commands on minion

salt '*' cmd.run "<COMMAND>"

Double quotes must be used to run “complex” commands:

salt '*' cmd.run "ip ad"

Like running remote commands with ssh

SALT.MODULES.PKG (software management)

List installed packages

No wildcard/regexp available, sorry:

salt '*' pkg.list_pkgs

Install packages

salt '*' pkg.install 'PKGNAME'

Search package

No functcion available, use cmd.run instead:

salt '*'  cmd.run 'yum search PKGNAME'

Uninstall/Remove packages

salt '*' pkg.remove 'PKGNAME'

SALT.MODULES.FILE (File management)

Copy files

salt '*' file.copy /path/to/origin.file /path/to/destination.file

SALT.MODULES.USERADD (Adding users module)

SALT.MODULES.DISK (block device management)

SALT.MODULES.SYSTEMD (systemd/systemctl management)

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.systemd.html
Systemd is managed through the META-MODULE service.

Restart a service

if you want that salt restart the service (dont' make me talk about systemd :-(), use force_reload

salt '*' service.force_reload SERVICENAME

States

More info in its own page.

States location

/srv/salt/base

Apply TOP state

salt '<HOSTNAME>' state.apply

Apply named state

salt '<HOSTNAME>' state.apply <STATE_NAME>

Working with keys

Accept all keys

salt-key -A

List keys (any state)

salt-key

Drop key

salt-key -d testmongui.ciberterminal.net

Recipes

Install CylancePROTECT in CentOS6/7 or Ubuntu 14.04/16.04

Example for installing CylancePROTECT in all Crypta-INTG servers.

Please, take note that the targeting is only based on the hostname.
If you need to do a more accurate targeting take a look at this.

From SALT Master run:
CENTOS:

sudo salt -E '(?i)accli*' file.makedirs /opt/cylance/
sudo salt -E '(?i)accli*' cp.get_file salt://cylance/config_defaults.txt /opt/cylance/config_defaults.txt
sudo salt -E '(?i)accli*' cp.get_file salt://cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm /opt/cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm template=jinja
sudo salt -E '(?i)accli*' cmd.run "yum -y install /opt/cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm" template=jinja

UBUNTU:

sudo salt -E '(?i)avclp-gray*' file.makedirs /opt/cylance/
sudo salt -E '(?i)avclp-gray*' cp.get_file salt://cylance/config_defaults.txt /opt/cylance/config_defaults.txt
sudo salt -E '(?i)avclp*' cp.get_file "salt://cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" "/opt/cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" template=jinja
 
#The followinf line is optional, only if Cylance instalation fails at module insert
sudo salt -E '(?i)avclp*' cmd.run "sudo apt-get update -y && sudo apt-get -y install libxml2-utils make gcc linux-headers-generic"
 
sudo salt -E '(?i)avclp*' cmd.run "dpkg -i /opt/cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" template=jinja
salt-stack/useful_commands.txt · Last modified: 2019/07/18 09:19 (external edit)