Table of Cotnent
SALT master
Get Infos about minions
| Comands | Description |
|---|---|
salt-run manage.up | list all minions which are up |
salt-run manage.down | list all minions which are down |
salt-run manage.up tgt="roles:postgres" tgt_type="grain" | list all minions with role postgress set as grain and ar up |
salt-run manage.up show_ip=true | show the ip they are connecting from |
salt-run manage.present | list all up minions according to last known state (not asking them = faster but not reliable) |
salt-run manage.not_present | list all up minions according to last known state (not asking them = faster but not reliable) |
salt '[minion]' grains.items | list all grains of that [minion] |
salt '[minion]' grains.item [grain] | return values/lists/Arrays for [grain] |
salt '[minion]' pillar.items | list all pillar data of that [minion] |
salt '[minion]' pillar.item [pillar] | return values/lists/Arrays for [pillar] |
Apply states
| Comands | Description |
|---|---|
salt '[minion]' state.apply | apply current configuration |
salt '[minion]' state.apply test=true | dryrun to see what whould change |
salt -G 'os:Arch' state.apply | apply config on all Arch machines -G (grain) 'key:value' |
... --state-output=full | default; output multiple lines per state |
... --state-output=terse | output one line per state |
... --state-output=mixed | output one line per state unless failed, then use full |
... --state-output=changes | output multiple lines per state unless successful |
... --state-verbose=false | omit successful states completely |
Get infos about jobs
| Comands | Description |
|---|---|
salt-run jobs.list_jobs | search for specitic job (=] jid) |
salt-run jobs.lookup_jid [jid] | get report of [jid] |
Force data refresh
| Comands | Description |
|---|---|
salt '[minion]' saltutil.refresh_pillar | refresh pillar data |
salt '[minion]' saltutil.refresh_grains | refresh grains |
salt-run fileserver.update | refresh states fileserver |
salt-run git_pillar.update | git pull on pillar git repos |
Upgrade packages on minions
| Comands | Description |
|---|---|
salt -G 'virtual:LXC' -b 1 pkg.upgrade refresh=true | upgrade all LXD/LXC with batch size 1 |
salt -G 'virtual:kvm' -b 1 pkg.upgrade refresh=true | same for virtual machines |
Salt Key management
| Comands | Description |
|---|---|
salt-key -L | list all keys |
salt-key -a [minion] | accept key of minion if key is in unaccepted state (minions_pre) |
salt-key -y -a [minion] | same but with auto answering confirm question with y |
salt-key -A | accept all unaccepted keys |
salt-key -d [minion] | deletes all key matching [minion]. Accepted, denied and not yet accepted |
/etc/salt/pki/master | path containing keys |
salt-key --gen-keys=[minion] | generate a key file pair named minion |
Salt minion
Get Infos about minions
| Comands | Description |
|---|---|
salt-call grains.items | list all grains |
salt-call grains.item [grain] | return values/lists/Arrays for [grain] |
salt-call pillar.items | list all pillar data |
salt-call pillar.item [pillar] | return values/lists/Arrays for [pillar] |
misc
| Comands | Description |
|---|---|
openssl passwd -6 | generate a password hash for distribution |
read -s smbpw; printf '%s' "$smbpw" | iconv -t utf16le | openssl md4 | generate a password hash for samba (pdbedit) |
pdbedit -L -w | print current samba users and their hashes, better not use md4 but the current default printed here |
salt $minion saltutil.clear_cache; salt $minion cmd.run "salt-call service.restart salt-minion" bg=true; sleep 15; salt $minion test.ping; salt $minion state.apply | usefull in case salt minions got a broken cache |