====== Useful SALT commands (cheatsheet) and recipes ======
^ Documentation ^|
^Name:| Useful SALT commands (cheatsheet) and recipes |
^Description:| Cheatsheet of SALT commands and quick recipes |
^Modification date :|15/10/2018|
^Owner:|warlock86@gmail.com|
^Notify changes to:| backops |
^Tags:| |
====== Cheatsheet ======
===== Minion information =====
==== List Running minions ====
salt-run manage.up
==== List minion grains ====
salt '' grains.ls
==== Ping minion ====
salt '' test.ping
===== Working with minions (Modules) =====
==== SALT.MODULES.CMDMOD (remote execution) ====
=== Run OS commands on minion ===
salt '*' cmd.run ""
Double quotes must be used to run "complex" commands:
salt '*' cmd.run "ip ad"
Like running remote commands with ''ssh''
==== SALT.MODULES.PKG (software management) ====
[[https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pkg.html]]
=== List installed packages ===
No wildcard/regexp available, sorry:
salt '*' pkg.list_pkgs
=== Install packages ===
salt '*' pkg.install 'PKGNAME'
=== Search package ===
No functcion available, use ''cmd.run'' instead:
salt '*' cmd.run 'yum search PKGNAME'
=== Uninstall/Remove packages ===
salt '*' pkg.remove 'PKGNAME'
==== SALT.MODULES.FILE (File management) ====
[[https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html]]
=== Copy files ===
salt '*' file.copy /path/to/origin.file /path/to/destination.file
==== SALT.MODULES.USERADD (Adding users module) ====
[[https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.useradd.html]]
==== SALT.MODULES.DISK (block device management) ====
[[https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.disk.html]]
==== SALT.MODULES.SYSTEMD (systemd/systemctl management) ====
[[https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.systemd.html]]\\
Systemd is managed through the **META-MODULE** ''service''.
=== Restart a service ===
if you want that salt restart the service (dont' make me talk about systemd :-(), use ''force_reload''
salt '*' service.force_reload SERVICENAME
===== States =====
More info in its [[https://dokuwiki.ciberterminal.net/doku.php?id=salt-stack:salt_states|own page]].
==== States location ====
/srv/salt/base
==== Apply TOP state ====
salt '' state.apply
==== Apply named state ====
salt '' state.apply
===== Working with keys =====
==== Accept all keys ====
salt-key -A
==== List keys (any state) ====
salt-key
==== Drop key ====
salt-key -d testmongui.ciberterminal.net
====== Recipes ======
===== Install CylancePROTECT in CentOS6/7 or Ubuntu 14.04/16.04 =====
Example for installing CylancePROTECT in all Crypta-INTG servers.
Please, take note that the targeting is only based on the hostname. \\
If you need to do a more accurate targeting take a look at [[linux:salt-stack:running_commands|this]].
From SALT Master run:\\
CENTOS:
sudo salt -E '(?i)accli*' file.makedirs /opt/cylance/
sudo salt -E '(?i)accli*' cp.get_file salt://cylance/config_defaults.txt /opt/cylance/config_defaults.txt
sudo salt -E '(?i)accli*' cp.get_file salt://cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm /opt/cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm template=jinja
sudo salt -E '(?i)accli*' cmd.run "yum -y install /opt/cylance/CylancePROTECT.el{{grains.osmajorrelease}}.rpm" template=jinja
UBUNTU:
sudo salt -E '(?i)avclp-gray*' file.makedirs /opt/cylance/
sudo salt -E '(?i)avclp-gray*' cp.get_file salt://cylance/config_defaults.txt /opt/cylance/config_defaults.txt
sudo salt -E '(?i)avclp*' cp.get_file "salt://cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" "/opt/cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" template=jinja
#The followinf line is optional, only if Cylance instalation fails at module insert
sudo salt -E '(?i)avclp*' cmd.run "sudo apt-get update -y && sudo apt-get -y install libxml2-utils make gcc linux-headers-generic"
sudo salt -E '(?i)avclp*' cmd.run "dpkg -i /opt/cylance/cylance-protect.{{grains.osrelease | regex_replace('\.','') }}.x86_64.deb" template=jinja