One place for hosting & domains

      SaltStack

      Use and Modify Official SaltStack Formulas


      Updated by Linode Contributed by Linode

      Salt State Files

      The SaltStack Platform is made up of two primary components: A remote execution engine which handles bi-directional communication for any node within your infrastructure (master and minions), and a configuration management system which maintains all infrastructure nodes in a defined state. Salt’s configuration management system is known as the Salt State system. A Salt state is declared within a Salt State file (SLS) using YAML syntax and represents the information Salt needs to configure minions. A Salt Formula is a collection of related SLS files that will achieve a common configuration.

      SaltStack’s GitHub page contains Salt formulas for commonly needed configurations, like creating and managing SSL/TLS certificates, installing and configuring the Apache HTTP Server, installing and configuring a WordPress site and many other useful formulas. You can easily add any of these pre-written formulas to your own Salt state tree using GitHub.

      This guide will use GitHub to fork and modify SaltStack’s timezone formula and then use the formula on a Salt master to configure the time zone on two minions.

      Before You Begin

      1. If you are new to SaltStack, read A Beginner’s Guide to Salt to familiarize yourself with basic Salt concepts.

      2. Download Git on your local computer by following our How to Install Git on Linux, Mac or Windows guide.

      3. Familiarize yourself with Git using our Getting Started with Git guide.

      4. Make sure you have configured git on your local computer.

      5. Use the Getting Started with Salt – Basic Installation and Setup guide to set up a Salt Master and two Salt minions: one running Ubuntu 18.04 and the second running CentOS 7.

      6. Complete the sections of our Securing Your Server to create a standard user account, harden SSH access and remove unnecessary network services.

      Note

      The steps in this guide require root privileges. Be sure to run the steps below with the sudo prefix. For more information on privileges, see our Users and Groups guide.

      Overview of the SaltStack Time Zone Formula

      In this section, we will take a closer look at SaltStack’s timezone-formula, which can be used to configure a minion’s time zone. A high-level overview of all the formula’s state files and Jinja templates will be provided. Salt best practices recommends that formulas should separate the data that a state needs from the state itself to increase the flexibility and reusability of state files. We will observe how this is achieved in the time zone formula.

      1. In your browser, navigate to the timezone-formula on SaltStack’s GitHub page. The README file is displayed and contains basic information about the formula. It notes the following details:

        • The purpose of the formula: to configure the time zone.
        • The available states: timezone
        • The provided default values: timezone: 'Europe/Berlin' utc: True

        The repository’s FORMULA file includes additional details, including the supported OS families (Debian, RedHat, SUSE, Arch, FreeBSD), a summary, description and release number.

      2. Viewing the timezone-formula, click on the timezone directory to view its contents. You should see the following files:

        View the time zone formula files

      3. Take a look at the contents of the init.sls file that defines the timezone state:

        timezone/init.sls
         1
         2
         3
         4
         5
         6
         7
         8
         9
        10
        11
        12
        13
        14
        15
        16
        17
        18
        19
        20
        21
        22
        23
        
        # This state configures the timezone.
        
        {%- set timezone = salt['pillar.get']('timezone:name', 'Europe/Berlin') %}
        {%- set utc = salt['pillar.get']('timezone:utc', True) %}
        {% from "timezone/map.jinja" import confmap with context %}
        
        timezone_setting:
          timezone.system:
            - name: {{ timezone }}
            - utc: {{ utc }}
        
        timezone_packages:
          pkg.installed:
            - name: {{ confmap.pkgname }}
        
        timezone_symlink:
          file.symlink:
            - name: {{ confmap.path_localtime }}
            - target: {{ confmap.path_zoneinfo }}{{ timezone }}
            - force: true
            - require:
              - pkg: {{ confmap.pkgname }}
            

        Salt will interpret the name of this file as timezone, since any init.sls file in a subdirectory is referred to by the path of the directory.

        This state file contains three state declarations, timezone_setting, timezone_packages and timezone_symlink. Below is a description of the configuration each declaration will accomplish on a Salt minion.

        • timezone.system: This state uses Salt’s timezone state module to manage the timezone for the minion. The values for name and utc are derived from the corresponding Salt master’s Pillar file. This is accomplished in the two variable assignment at the top of the file: {%- set timezone = salt['pillar.get']('timezone:name', 'Europe/Berlin') %} and {%- set utc = salt['pillar.get']('timezone:utc', True) %}.

        • timezone_packages: This state ensures that the package needed to configure time zones is installed on the minion. This value is derived from the confmap variable that is imported from the map.jinja file. The import is declared at the top of the file with the {% from "timezone/map.jinja" import confmap with context %} import statement. Later in this section, you will inspect the map.jinja file.

        • timezone_symlink: This state creates a symbolic link from the path defined in name to the location defined in target. This state will only execute if the timezone_packages state is executed successfully. This requirement is denoted by the require statement.

      4. Next, inspect the map.jinja file:

        timezone/map.jinja
         1
         2
         3
         4
         5
         6
         7
         8
         9
        10
        11
        12
        13
        14
        15
        16
        
        {% import_yaml "timezone/defaults.yaml" as defaults %}
        {% import_yaml "timezone/osfamilymap.yaml" as osfamilymap %}
        
        {% set osfam = salt['grains.filter_by'](
                                                osfamilymap,
                                                grain='os_family'
                                                ) or {} %}
        
        {% do salt['defaults.merge'](defaults, osfam) %}
        
        {%- set confmap = salt['pillar.get'](
                                        'timezone:lookup',
                                        default=defaults,
                                        merge=True,
                                        ) %}
              

        The map.jinja file allows the formula to abstract static defaults into a dictionary that contains platform specific data. The two main dictionaries are defined in the repository’s timezone/defaults.yaml and timezone/osfamilymap.yaml files. The defaults.yml file serves as a base dictionary containing values shared by all OSes, while the osfamilymap.yml file stores any values that are different from the base values. Any file throughout the formula could make use of these dictionary values by importing the map.jinja file. In addition, any dictionary values can be overridden in a Pillar file. Overidding dictionary values will be discussed in the Modify Your SaltStack Formula section.

      5. Open the timezone/defaults.yaml file and the timezone/osfamilymap,yaml file to view the data stored in those files:

        timezone/defaults.yaml
        1
        2
        3
        4
        
            path_localtime: /etc/localtime
            path_zoneinfo: /usr/share/zoneinfo/
            pkgname: tzdata
              
        timezone/osfamilymap.yaml
        1
        2
        3
        4
        5
        6
        7
        
            Suse:
              pkgname: timezone
            FreeBSD:
              pkgname: zoneinfo
            Gentoo:
              pkgname: sys-libs/timezone-data
              

        The values defined in these YAML files are used in the init.sls file.

      6. Open the pillar.example file to review its contents:

        pillar.example
        1
        2
        3
        4
        
          timezone:
            name: 'Europe/Berlin'
            utc: True
              

        This file provides an example for you to use when creating your own Pillar file on the Salt master. The init.sls file uses the values for name and utc in its timezone_setting state declaration. The value for name will set the time zone for your minion. The boolean value for utc determines whether or not to set the minion’s hardware clock to UTC.

        Refer to tz database time zones to view a list of all available time zones. Since Pillar files contain sensitive data, you should not version control this file. In the Create the Pillar section, you will create a Pillar file directly on your Salt master.

        Now that you understand the structure of the SaltStack time zone formula, in the next section you will fork the formula’s repository on GitHub and clone the forked formula to your local computer.

      Fork and Clone the SaltStack TimeZone Formula

      In this section you will fork the timezone-formula from the official SaltStack GitHub page to your GitHub account and clone it to a local repository.

      1. In your browser, navigate to the timezone-formula on SaltStack’s GitHub page. If you have not yet logged into your GitHub account, click on the Sign in link at the top of the page and log in.

      2. Fork the timezone-formula from the SaltStack formula’s GitHub page:

        Fork SaltStack timezone formula

        Once the formula has been forked, you will be redirected to your GitHub account’s own fork of the timezone formula.

      3. Viewing your fork of the timezone formula, click on the Clone or download button and copy the URL:

        Fork SaltStack timezone formula

      4. On your local computer, clone the timezone formula:

        git clone https://github.com/my-github/timezone-formula.git
        
      5. Move into the timezone-formula directory:

        cd timezone-formula
        
      6. Display the contents of the timezone-formula directory:

        ls
        

        You should see the following output:

          
              FORMULA        README.rst     pillar.example timezone
              
        
      7. When you clone a repository, Git will automatically set the origin remote to the location of the forked repository. Verify the configured remotes for your timezone-formula repository:

        git remote -v
        

        Your output should be similar to what is displayed below, however, it will point to your own fork of the timezone-formula repository:

          
          origin	https://github.com/my-github/timezone-formula.git (fetch)
          origin	https://github.com/my-github/timezone-formula.git (push)
              
        

        You can add the official SaltStack timezone formula as the upstream remote, so you can easily pull any changes made to the formula by the repository’s maintainers or contribute back to the project. This step is not required.

        git remote add upstream https://github.com/saltstack-formulas/timezone-formula
        

        You now have a local copy of your forked timezone-formula. In the next section, you will modify the formula to update the init.sls file.

      Modify Your SaltStack Formula

      In this section, you will modify the time zone formula to improve how the formula follows Salt best practices related to lookup dictionaries. You can similarly modify any SaltStack formula for your infrastructure’s specific requirements, if needed.

      As discussed in the Overview of the SaltStack Time Zone Formula section, the timezone/defaults.yaml file and the timezone/osfamily.map file provide dictionaries of values that are used by the init.sls state. These YAML file dictionary values can be overridden in a Pillar file that also stores any sensitive data needed by the init.sls state.

      When structuring Pillar data, Salt’s official documentation states that it is a best practice to make formulas expect all formula-related parameters to be placed under a second-level lookup key. Currently, the init.sls file’s timezone and utc variables expect the Pillar data to be structured differently. You will update these two variable statements to expect a second-level lookup key.

      1. Create a new branch in your local repository to begin modifying the timezone-formula:

        git checkout -b update-variable-statements
        
      2. Open the init.sls file in a text editor and modify its timezone and utc variable statements to match the example file:

        timezone/init.sls
         1
         2
         3
         4
         5
         6
         7
         8
         9
        10
        11
        12
        13
        14
        15
        16
        17
        18
        19
        20
        21
        22
        23
        
        # This state configures the timezone.
        
        {%- set timezone = salt['pillar.get']('timezone:lookup:name', 'Europe/Berlin') %}
        {%- set utc = salt['pillar.get']('timezone:lookup:utc', True) %}
        {% from "timezone/map.jinja" import confmap with context %}
        
        timezone_setting:
          timezone.system:
            - name: {{ timezone }}
            - utc: {{ utc }}
        
        timezone_packages:
          pkg.installed:
            - name: {{ confmap.pkgname }}
        
        timezone_symlink:
          file.symlink:
            - name: {{ confmap.path_localtime }}
            - target: {{ confmap.path_zoneinfo }}{{ timezone }}
            - force: true
            - require:
              - pkg: {{ confmap.pkgname }}
              

        The init.sls file now expects a second-level lookup key when retrieving the specified Pillar values. Following this convention will make it easier to override dictionary values in your Pillar file. You will create a Pillar file in the Installing a Salt Formula section of this guide.

      3. Use Git to view which files have been changed before staging them:

        git status
        

        Your output should resemble the following:

          
        On branch update-variable-statements
        Changes not staged for commit:
          &nbsp&nbsp(use "git add &ltfile&gt..." to update what will be committed)
          &nbsp&nbsp(use "git checkout -- &ltfile&gt..." to discard changes in working directory)
        
          &nbsp&nbspmodified:   timezone/init.sls
        
        no changes added to commit (use "git add" and/or "git commit -a")
            
        
      4. Stage and commit the changes you made to the init.sls file.

        git add -A
        git commit -m 'My commit message'
        
      5. Push your changes to your fork:

        git push origin update-variable-statements
        
      6. Navigate to your timezone formula’s remote GitHub repository and create a pull request against your fork’s master branch.

        Submit a pull request

        Make sure you select your own fork of the time zone formula as the base fork, otherwise you will submit a pull request against the official SaltStack timezone formula’s repository, which is not the intended behavior for this example.

        Create a pull request

        If you are satisfied with the changes in the pull request, merge the pull request into your master branch.

        Merge a pull request

      In the next section, you will add your forked timezone-formula to your Salt master, create a Pillar file for the timezone-formula and apply the changes to your minions.

      Install a Salt Formula

      There are two ways to use a Salt Formula: you can add the formula as a GitFS Remote, which will allow you to directly serve the files hosted on your GitHub account, or you can add the formula directly to the Salt master using Git’s clone mechanism. This section will cover both ways to use Salt formulas.

      Manually Add a Salt Formula to your Master

      1. Navigate to your fork of the timezone-formula, click on the Clone or download button and copy the repository’s URL to your clipboard.

      2. SSH into your Salt master. Replace the username with your limited user account and replace 198.51.100.0 with your Linode’s IP address:

        ssh [email protected]
        
      3. Create a formulas directory and go to the new directory:

        mkdir -p /srv/formulas
        cd /srv/formulas
        
      4. If your Salt master does not already have Git installed, install Git using your system’s package manager:

        Ubuntu/Debian

        apt-get update
        apt-get install git
        

        Centos

        yum update
        yum install git
        
      5. Clone the repository into the /srv/formulas directory. Make sure you replace git-username with your own username:

        git clone https://github.com/git-username/timezone-formula.git
        

      Add a Salt Formula as a GitFS Remote

      GitFs allows Salt to serve files directly from remote git repositories. This is a convenient way to use Salt formulas with the added flexibility and power that remote version control systems provide, like collaboration and easy rollback to previous versions of your formulas.

      1. On the Salt master, install the Python interface to Git:

        sudo apt-get install python-git
        
      2. Edit the Salt master configuration file to use GitFs as a fileserver backend. Make sure the lines listed below are uncommented in your master configuration file:

        /etc/salt/master
        1
        2
        3
        
        fileserver_backend:
          - gitfs
          - roots

        When using multiple backends, you should list all backends in the order you want them to be searched. roots is the fileserver backend used to serve files from any of the master’s directories listed in the file_roots configuration.

      3. In the same Salt master configuration file, add the location of your timezone formula’s GitHub repository. Ensure you have uncommented gitfs_remote:

        /etc/salt/master
        1
        2
        
        gitfs_remotes:
          - https://github.com/git-username/timezone-formula.git
      4. Uncomment the gitfs_provider declaration and set its value to gitpython:

        /etc/salt/master
        1
        
        gitfs_provider: gitpython
      5. Restart the Salt master to apply the new configurations:

        sudo systemctl restart salt-master
        

      Add a Salt Formula to the Top File

      To include your timezone formula in your Salt state tree, you must add it to your top file.

      1. Create the /srv/salt directory if it does not already exist:

        mkdir /srv/salt
        
      2. Add the timezone state declared in the timezone-formula to your top file:

        /srv/salt/top.sls
        1
        2
        3
        4
        
        base:
          '*':
            - timezone
            

        The example Top file declares one environment, the base environment that targets all minions and applies the timezone state to them. This top file could easily contain several states that already exist in your state tree, like an apache state, a wordpress state, etc., and several environments that target different minions. Any Salt formula can be easily dropped-in to the top file and will be applied to the targeted minions the next time you run a highstate.

      Create the Pillar

      1. Create a directory to store your formula’s Pillar file:

        mkdir -p /srv/pillar
        
      2. Create a Pillar file to store the data that will be used by your timezone formula:

        /srv/pillar/timezone.sls
        1
        2
        3
        4
        5
        6
        7
        8
        9
        
        timezone:
          lookup:
            {%- if grains['os_family'] == 'Debian' %}
            name: America/New_York
            {%- else %}
            name: 'Europe/Berlin'
            {%- endif %}
            utc: True
            

        The timezone.sls Pillar file was created from the pillar.example file provided in the SaltStack timezone formula. The example was modified to add Jinja control statements that will assign a different timezone on any minion that is a Debian family OS. You can replace any of the timezone name values to your preferred timezone or add additional Jinja logic, if necessary. For an introduction to Jinja, read the Introduction to Jinja Templates for Salt.

        You can also override any of the dictionary values defined in the timezone/defaults.yaml or timezone/osfamilymap.yaml in the Pillar file using Salt’s lookup dictionary convention. For example, if you wanted to override the pkgname value defined in timezone/defaults.yaml your Pillar file might look like the following example:

        /srv/pillar/timezone.sls
         1
         2
         3
         4
         5
         6
         7
         8
         9
        10
        
        timezone:
          lookup:
            {%- if grains['os_family'] == 'Debian' %}
            name: America/New_York
            {%- else %}
            name: 'Europe/Berlin'
            {%- endif %}
            utc: True
            pkgname: timezone
            
      3. If you cloned the timezone-formula to your master instead of adding the formula as a GitFS remote, add the timezone-formula’s directory to the Salt master’s file_roots configuration:

        /etc/salt/master
        1
        2
        3
        4
        5
        
        file_roots:
          base:
            - /srv/salt/
            - /srv/formulas/timezone-formula
            
      4. Add the Pillar to the Pillar’s top file:

        /srv/pillar/top.sls
        1
        2
        3
        4
        
        base:
          '*':
            - timezone
            
      5. Configure the location of the Pillar file:

        /etc/salt/master
        1
        2
        3
        4
        
        pillar_roots:
          base:
            - /srv/pillar
            
      6. Restart the Salt master for the new configurations to take effect on the Salt master:

        sudo systemctl restart salt-master
        
      7. Run a highstate to your minion to apply the state defined in the timezone formula:

        sudo salt '*' state.apply
        

      Next Steps

      To learn how to create your own Salt formulas and how to organize your formula’s states in a logical and modular way, read our Automate Static Site Deployments with Salt, Git, and Webhooks guide.

      More Information

      You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

      Find answers, ask questions, and help others.

      This guide is published under a CC BY-ND 4.0 license.



      Source link

      SaltStack Command Line Reference


      Updated by Linode Contributed by Andy Stevens

      Use promo code DOCS10 for $10 credit on a new account.

      SaltStack is a powerful configuration management tool. The following is a quick-reference guide for Salt’s command line interface (CLI).

      salt

      Used to issue commands to minions in parallel. salt allows you to both control and query minions.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt --version
      -h, --helpDisplay Salt commands and help text.salt -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt -c /home/salt/conf test.ping
      -s, --staticOnly return data after all minions have returned.salt --static
      --asyncInstead of waiting for a job on a minion or minions, print the job ID and the job completion.salt '*' pkg.install apache2 --async
      --subsetExecute commands on a random subset of minions.salt '*' telegram.post_message message="Hello random 3!" --subset 3
      -v, --verbosePrint extra data, such as the job ID.salt 'minion1' user.add steve --verbose
      --hide-timeoutOnly print minions that can be reached.salt '*' test.ping --hide-timeout
      -b, --batch-sizeExecute on a batch or percentage of minions.salt '*' test.ping --batch-size 25%
      -a, --authUse an external authentication medium. You will be prompted for credentials. Options are auto, keystone, ldap, and pam. Can be used with -T.salt -a pam '*' status.meminfo
      -T, --make-tokenUsed with -a. Creates an authentication token in the active user’s home directory that has a default 12 hour expiration time. Token expiration time is set in the Salt master config file.salt -T -a pam '*' status.cpuinfo
      --returnUsed to select an alternative returner. Options are carbon, cassandra, couchbase, couchdb, elasticsearch, etcd, hipchat, local, local_cache, memcache, mongo, mysql, odbc, postgres, redis, sentry, slack, sms, smtp, sqlite3, syslog, and xmpp.salt '*' status.all_status --return mongo
      -d, --doc, --documentationReturn all available documentation for a module function, or all functions if one is not provided.salt 'minion3' service.available -d
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt 'minion2' state.apply -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt '*' test.ping --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt '*' test.ping --log-level all
      -E, --pcreTarget expression will be interpreted as a Perl Compatible Regular Expression (PCRE) rather than a shell glob.salt -E 'minion[0-9]' service.reload apache2
      -L, --listTarget expression will be interpreted as a comma-delimited list.salt -L 'minion1,minion2' service.show sshd
      -G, --grainTarget expression in the form of a glob expression matches a Salt grain. <grain value>:<glob expression>.salt -G 'os:Ubuntu' service.available mysql
      --grain-pcreTarget expression in the form of a Perl Compatible Regular Expression matches values returned by Salt grains on the minion.<grain value>:<regular expression>salt --grain-pcre 'os:Arch' service.restart apache2
      -I, --pillarUse pillar values instead of shell globs to identify targets.salt -I 'role:production' test.echo 'playback'
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml. Note: when using --out json you will probably want to also use --static.salt '*' test.version --out json --static

      salt-call

      Runs module functions on a minion instead of the master. It is used to run a standalone minion.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-call --version
      -h, --helpDisplay Salt commands and help text.salt-call -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-call -c /home/salt/conf test.ping
      -g, --grainsGet the information generated by the Salt grains.salt-call --grains
      -m, --module-dirsSelect an additional modules directory. You can provide this option multiple times for multiple directories.salt-call -m /home/salt/modules1 -m /home/salt/modules2
      -d, --doc, --documentationReturn all available documentation for module function, or all functions if one is not provided.salt-call system.get_system_time -d
      --masterChoose which master to use. The minion must be authenticated with the master. If the master is omitted, the first master in the minion config will be used.salt-call --master master1
      --returnUsed to select an alternative returner. Options are carbon, cassandra, couchbase, couchdb, elasticsearch, etcd, hipchat, local, local_cache, memcache, mongo, mysql, odbc, postgres, redis, sentry, slack, sms, smtp, sqlite3, syslog, and xmpp.salt-call --return mongo status.all_status
      --localRun Salt as if there was no master running.salt-call --local system.get_system_time
      --file-rootSet a directory as the base file directory.salt-call --file-root /home/salt
      --pillar-rootSet a directory as the base pillar directory.salt-call --file-root /home/salt/pillar
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-call -l all test.exception 'oh no!'
      --log-fileChange log file path. Defaults to /var/log/salt/minion.salt-call --logfile /home/salt/log/minion test.exception 'oh no!'
      --log-file-levelChange logfile log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-call --log-file-level all test.exception 'oh no!'
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml.salt-call test.version --out json

      salt-cloud

      Used to provision virtual machines on public clouds with Salt.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-cloud --version
      -h, --helpDisplay Salt commands and help text.salt-cloud -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-cloud -c /home/salt/conf
      -a, --actionPerform a cloud provider specific action. Requires an instance.salt-cloud -a reboot testlinode
      -f, --functionPerform a cloud provider specific function that does not apply to an instance. Requires a provider.salt-cloud -f clone my-linode-config linode_id=1234567 datacenter_id=2 plan_id=5
      -p, --profileChoose a profile from which to build cloud VMs.salt-cloud -p linode-1024 mynewlinode
      -m, --mapChoose a map file from which to create your VMs. If a VM exists it will be skipped.salt-cloud -m /path/to/map
      -H, --hardUsed when creating VMs with a map file. If set, will destroy all VMs not listed in the map file.salt-cloud -m /path/to/map -H
      -d, --destroyDestroy the named VMs. Can be used with -m to provide a map of VMs to destroy.salt-cloud -m /path/to/map -d
      -P, --parallelBuild VMs in parallel.salt-cloud -P -p linode-profile newlinode1 newlinode2
      -u, --update-boostrapUpdate salt-bootstrap.salt-cloud -u
      -y, --assume-yesAnswer yes to all questions.salt-cloud -y -d linode1 linode2
      -k, -keep-tmpDo not remove /tmp files.salt-cloud -k -m /path/to/map
      --show-deploy-argsInclude deployment arguments in the return data.salt-cloud --show-deploy-args -m /path/to/map
      --script-argsArguments to be passed to the bootstrap script when deploying.salt-cloud -m /path/to/map --script-args '-h'
      -Q, --queryQuery nodes running on configured cloud providers.salt-cloud -Q
      -F, --full-queryQuery VMs and print all available information. Can be used with -m to provide a map.salt-cloud -F
      -S, --select-queryQuery VMs and print selected information. Can be used with -m to provide a map.salt-cloud -S
      --list-providersDisplay a list of configured providers.salt-cloud --list-providers
      --list-profilesDisplay a list of configured profiles. Supply a cloud provider, such as linode, or pass all to view all configured profiles.salt-cloud --list-profiles linode
      --list-locationsDisplay a list of available locations. Supply a cloud provider, such as linode, or pass all to view all location for configured profiles.salt-cloud --list-locations linode
      --list-imagesDisplay a list of available images. Supply a cloud provider, such as linode, or pass all to view all images for configured profiles.salt-cloud --list-images linode
      --list-sizesDisplay a list of available sizes. Supply a cloud provider, such as linode, or pass all to view all sizes for configured profiles.salt-cloud --list-sizes linode
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml.salt-call test.version --out json

      salt-cp

      Used to copy files from the master to all Salt minions that match a specific target expression.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-cp --version
      -h, --helpDisplay Salt commands and help text.salt-cp -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-cp '*' -c /home/salt/conf /file/to/copy /destination
      -t, --timeoutThe amount of seconds to wait for replies from minions. The default is 5 seconds.salt-cp '*' -t 25 /file/to/copy /destination
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-cp '*' -l all /file/to/copy /destination
      --log-fileChange log file path. Defaults to /var/log/salt/master.salt-cp '*' --logfile /home/salt/log/minion /file/to/copy /destination
      --log-file-levelChange logfile log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-cp '*' --log-file-level all /file/to/copy /destination
      -E, --pcreTarget expression will be interpreted as a Perl Compatible Regular Expression (PCRE) rather than a shell glob.salt-cp -E 'minion[0-9]' /file/to/copy /destination
      -L, --listTarget expression will be interpreted as a comma-delimited list.salt -L 'minion1,minion2' /file/to/copy /destination
      -G, --grainTarget expression matches a Salt grain. <grain value>:<glob expression>.salt -G 'os:Ubuntu' /file/to/copy /destination
      --grain-pcreTarget expression in the form of a Perl Compatible Regular Expression matches values returned by Salt grains on the minion.<grain value>:<regular expression>salt-cp --grain-pcre 'os:Arch' /file/to/copy /destination
      -C, --chunkedUse chunked mode to copy files. Supports large files, recursive directories copying and compression.salt-cp -C /some/large/file /destination
      -n, --no-compressionDisable gzip in chunked mode.salt-cp -C -n /some/large/file /destination

      salt-key

      Used to manage the Salt server public keys.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-key --version
      -h, --helpDisplay Salt commands and help text.salt-key -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-key -c /home/salt/conf
      -u, --userSupply a user to run salt-key.salt-key --user steven
      -q, --quietSuppress outputsalt-key -q
      -y, --yesAnswer yes to all questions. Default is False.salt-key -y True
      --rotate-aes-keySetting to False prevents the key session from being refreshed when keys are deleted or rejected. Default is True.salt-key --rotate-aes-key False
      --log-fileChange log file path. Defaults to /var/log/salt/minion.salt-key --logfile /home/salt/log/minion -D
      --log-file-levelChange logfile log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-key --log-file-level all --accept '*'
      -l, --listList public keys. pre, un, and unaccepted will list unaccepted/unsigned keys. acc or accepted will list accepted/signed keys. rej or rejected will list rejected keys. all will list all keys.salt-key -l all
      -a, --acceptAccept a public key. Globs are supported.salt-key --accept 'minion*'
      -A, --accept-allAccept all pending keys.salt-key -A
      -r, --rejectReject a specific key. Globs are supported.salt-key -r 'minion*'
      -R, --reject-allReject all pending keys.salt-key -R
      --include-allInclude non-pending keys when accepting and rejecting.salt-key -r 'minion*' --include-all
      -p, --printPrint a public key.salt-key --print 'minion1'
      -d, --deleteDelete a public key. Globs are supported.salt-key -d 'minion*'
      -D, --delete-allDelete all public keys.salt-key --delete-all -y
      -f, --fingerPrint a key’s fingerprint.salt-key --finger 'minion1'
      -F, --finger-allPrint all keys’ fingerprints.salt-key --F
      --gen-keysSet a name to generate a key-pair.salt-key --gen-keys newminion
      --gen-keys-dirChoose where to save newly generated key-pairs. Only works with --gen-keys.salt-key --gen-keys newminion --gen-keys-dir /home/salt/keypairs
      --keysizeSet the keysize for a generated key. Must be a value of 2048 or higher. Only works with --gen-keys.salt-key --gen-keys newminion --keysize 4096
      --gen-signatureCreate a signature for the master’s public key named master_pubkey_signature. This requires a new-signing-keypair which can be created with the --auto-create option.salt-key --gen-signature --auto-create
      --privThe private-key file with which to create a signature.salt-key --priv key.pem
      --signature-pathThe file path for the new signature.salt-key --gen-signature --auto-create --signature-path /path/to/signature
      --pubThe public-key file with which to create a signature.salt-key --gen-signature key.pub
      --auto-createAuto-create a signing key-pair.salt-key --gen-signature --auto-create

      salt-master

      A daemon used to control Salt minions.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-master --version
      -h, --helpDisplay Salt commands and help text.salt-master -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-master -c /home/salt/conf
      -u, --userSupply a user to run salt-master.salt-master --user steven
      -d, --daemonRun salt-master as daemon.salt-master -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-master.pidsalt-master --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-master -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt-master --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-master --log-level all

      salt-minion

      A daemon that is controlled by a Salt master.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-minion --version
      -h, --helpDisplay Salt commands and help text.salt-minion -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-minion -c /home/salt/conf
      -u, --userSupply a user to run salt-minion.salt-minion --user steven
      -d, --daemonRun salt-minion as daemon.salt-minion -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-minion.pidsalt-minion --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-master -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/minionsalt-minion --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-minion --log-level all

      salt-run

      Runs a Salt runner on a Salt master.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-run --version
      -h, --helpDisplay Salt commands and help text.salt-run -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-run -c /home/salt/conf foo.bar
      -t, --timeoutThe amount of seconds to wait for replies from minions. The default is 5 seconds.salt-run -t 25 foo.bar
      -d, --doc, --documentationReturn all available documentation for a module or runner.salt-run foo.bar -d
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-run -l info foo.bar
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt-minion --log-file /home/salt/log foo.bar
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-minion --log-level all foo.bar

      salt-ssh

      Use SSH transport to execute salt routines.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-ssh --version
      -h, --helpDisplay Salt commands and help text.salt-ssh -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-ssh '*' -c /home/salt/conf test.ping
      -r, --raw, --raw-shellRun a raw shell command.salt-ssh '*' -r echo 'test'
      --rosterChoose which roster system to use. The default is the flat file roster.salt-ssh '192.168.0.0/16' --roster scan pkg.install apache2
      --roster-fileChange the roster file directory. The default is the same directory as the master config file.salt-ssh 'minion1' --roster-file /path/to/roster test.ping
      --refresh, --refresh-cacheUse to force refresh the target’s data in the master side cache before the auto refresh timeframe has been reached.salt-ssh 'minion1' --refresh-cache status.diskstats
      --max-procsThe number of minions to communicate with concurrently. In general, more connections mean faster communication. Default is 25.salt-ssh '*' --max-procs 50 test.ping
      -v, --verboseDisplay job ID.salt-ssh '*' -v test.ping
      -s, --staticReturn minion data as a grouping.salt-ssh '*' -s status.meminfo
      -w, --wipeRemove Salt files when the job is done.salt-ssh '*' -w state.apply
      -W. --rand-thin-dirDeploys to a random temp directory and cleans the directory when done.salt-ssh '*' -W state.apply
      --python2-binFile path to a python2 binary which has Salt installed.salt-ssh '*' --python2-bin /file/to/bin test.ping
      --python3-binFile path to a python3 binary which has Salt installed.salt-ssh '*' --python3-bin /file/to/bin test.ping
      --jidSupply a job ID instead of generating one.salt-ssh '*' -v --jid 00000000000000000000 test.ping
      --privSupply which SSH private key to use for authentication.salt-ssh '*' --priv /path/to/privkey status.netstats
      -i, --ignore-host-keysDisable StrictHostKeyChecking, which suppresses asking for connection approval.salt-ssh '*' -i pkg.install mysql-client
      --no-host-keysIgnores SSH host keys. Useful if an error persists with --ignore-host-keys.salt-ssh '*' -i --no-host-keys pkg.install cowsay
      --userSupply the user to authenticate with.salt-ssh '*' --user steven -r cowsay 'hello!'
      --passwdSupply the password to authenticate with.salt-ssh 'minion2' --passwd p455w0rd system.reboot
      --askpassRequest a password prompt.salt-ssh 'minion1' --askpass sys.doc
      --key-deployDeploy the authorized SSH key to all minions.salt-ssh '*' --key-deploy --passwd test.ping
      --sudoRun command with elevated privileges.salt-ssh '*' -r --sudo somecommand
      --scan-portsA comma-separated list of ports to scan in the scan roster.salt-ssh '192.168.0.0/16' --roster scan --scan-ports 22,23 test.ping
      --scan-timeoutTimeout for scan roster.salt-ssh '192.168.0.0/16' --roster scan --scan-timeout 100 test.ping
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-ssh -l info test.ping
      --log-fileChange the log file path. Defaults to /var/log/salt/sshsalt-ssh --log-file /home/salt/log test.ping
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-ssh --log-level all test.ping
      -E, --pcreTarget expression will be interpreted as a Perl Compatible Regular Expression (PCRE) rather than a shell glob.salt-ssh -E 'minion[0-9]' service.reload apache2
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml.salt-ssh '*' test.version --out json

      salt-syndic

      A minion set up on a master that allows for passing commands in from a higher master.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-syndic --version
      -h, --helpDisplay Salt commands and help text.salt-syndic -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-syndic -c /home/salt/conf
      -u, --userSupply a user to run salt-syndic.salt-syndic --user steven
      -d, --daemonRun salt-syndic as daemon.salt-syndic -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-syndic.pidsalt-syndic --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-syndic -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt-syndic --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-syndic --log-level all

      spm

      Salt Package Manager

      OptionDescriptionExample
      -y, --yesAnswer yes to all questions.spm remove -y apache
      -f, --forceForce spm to perform an action it would normally refuse to perform.
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.spm -l info install apache
      --log-fileChange the log file path. Defaults to /var/log/salt/spmspm --log-file /home/salt/log install mysql
      --log-file-levelChange the logging level of the log file. Same options as --log-levelspm --log-level all remove nginx
      CommandDescriptionExample
      update_repoUpdate locally configured repository metadata.spm update_repo
      installInstall a package by name from a configured SPM repository.spm install nginx
      removeRemove a package.spm remove apache
      infoGet an installed package’s information.spm info mysql
      filesList an installed package’s files.spm files mongodb
      localPerform a command on a local package, not a package in a repository or an installed package. Does not work with remove.spm local install /path/to/package
      buildBuild a package.spm build /path/to/package
      create_repoScan a directory for a valid SPM package and build an SPM-METADATA file in that directory.spm create_rep /path/to/package

      salt-api

      Used to start the Salt API

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-api --version
      -h, --helpDisplay Salt commands and help text.salt-api -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-api -c /home/salt/conf
      -u, --userSupply a user to run salt-api.salt-api --user steven
      -d, --daemonRun salt-api as daemon.salt-api -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-api.pidsalt-api --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-api -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/apisalt-api --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-api --log-level all

      More Information

      You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

      Join our Community

      Find answers, ask questions, and help others.

      This guide is published under a CC BY-ND 4.0 license.



      Source link

      SaltStack Command Line Reference


      Updated by Linode Contributed by Andy Stevens

      Use promo code DOCS10 for $10 credit on a new account.

      SaltStack is a powerful configuration management tool. The following is a quick-reference guide for Salt’s command line interface (CLI).

      salt

      Used to issue commands to minions in parallel. salt allows you to both control and query minions.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt --version
      -h, --helpDisplay Salt commands and help text.salt -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt -c /home/salt/conf test.ping
      -s, --staticOnly return data after all minions have returned.salt --static
      --asyncInstead of waiting for a job on a minion or minions, print the job ID and the job completion.salt '*' pkg.install apache2 --async
      --subsetExecute commands on a random subset of minions.salt '*' telegram.post_message message="Hello random 3!" --subset 3
      -v, --verbosePrint extra data, such as the job ID.salt 'minion1' user.add steve --verbose
      --hide-timeoutOnly print minions that can be reached.salt '*' test.ping --hide-timeout
      -b, --batch-sizeExecute on a batch or percentage of minions.salt '*' test.ping --batch-size 25%
      -a, --authUse an external authentication medium. You will be prompted for credentials. Options are auto, keystone, ldap, and pam. Can be used with -T.salt -a pam '*' status.meminfo
      -T, --make-tokenUsed with -a. Creates an authentication token in the active user’s home directory that has a default 12 hour expiration time. Token expiration time is set in the Salt master config file.salt -T -a pam '*' status.cpuinfo
      --returnUsed to select an alternative returner. Options are carbon, cassandra, couchbase, couchdb, elasticsearch, etcd, hipchat, local, local_cache, memcache, mongo, mysql, odbc, postgres, redis, sentry, slack, sms, smtp, sqlite3, syslog, and xmpp.salt '*' status.all_status --return mongo
      -d, --doc, --documentationReturn all available documentation for a module function, or all functions if one is not provided.salt 'minion3' service.available -d
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt 'minion2' state.apply -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt '*' test.ping --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt '*' test.ping --log-level all
      -E, --pcreTarget expression will be interpreted as a Perl Compatible Regular Expression (PCRE) rather than a shell glob.salt -E 'minion[0-9]' service.reload apache2
      -L, --listTarget expression will be interpreted as a comma-delimited list.salt -L 'minion1,minion2' service.show sshd
      -G, --grainTarget expression in the form of a glob expression matches a Salt grain. <grain value>:<glob expression>.salt -G 'os:Ubuntu' service.available mysql
      --grain-pcreTarget expression in the form of a Perl Compatible Regular Expression matches values returned by Salt grains on the minion.<grain value>:<regular expression>salt --grain-pcre 'os:Arch' service.restart apache2
      -I, --pillarUse pillar values instead of shell globs to identify targets.salt -I 'role:production' test.echo 'playback'
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml. Note: when using --out json you will probably want to also use --static.salt '*' test.version --out json --static

      salt-call

      Runs module functions on a minion instead of the master. It is used to run a standalone minion.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-call --version
      -h, --helpDisplay Salt commands and help text.salt-call -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-call -c /home/salt/conf test.ping
      -g, --grainsGet the information generated by the Salt grains.salt-call --grains
      -m, --module-dirsSelect an additional modules directory. You can provide this option multiple times for multiple directories.salt-call -m /home/salt/modules1 -m /home/salt/modules2
      -d, --doc, --documentationReturn all available documentation for module function, or all functions if one is not provided.salt-call system.get_system_time -d
      --masterChoose which master to use. The minion must be authenticated with the master. If the master is omitted, the first master in the minion config will be used.salt-call --master master1
      --returnUsed to select an alternative returner. Options are carbon, cassandra, couchbase, couchdb, elasticsearch, etcd, hipchat, local, local_cache, memcache, mongo, mysql, odbc, postgres, redis, sentry, slack, sms, smtp, sqlite3, syslog, and xmpp.salt-call --return mongo status.all_status
      --localRun Salt as if there was no master running.salt-call --local system.get_system_time
      --file-rootSet a directory as the base file directory.salt-call --file-root /home/salt
      --pillar-rootSet a directory as the base pillar directory.salt-call --file-root /home/salt/pillar
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-call -l all test.exception 'oh no!'
      --log-fileChange log file path. Defaults to /var/log/salt/minion.salt-call --logfile /home/salt/log/minion test.exception 'oh no!'
      --log-file-levelChange logfile log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-call --log-file-level all test.exception 'oh no!'
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml.salt-call test.version --out json

      salt-cloud

      Used to provision virtual machines on public clouds with Salt.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-cloud --version
      -h, --helpDisplay Salt commands and help text.salt-cloud -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-cloud -c /home/salt/conf
      -a, --actionPerform a cloud provider specific action. Requires an instance.salt-cloud -a reboot testlinode
      -f, --functionPerform a cloud provider specific function that does not apply to an instance. Requires a provider.salt-cloud -f clone my-linode-config linode_id=1234567 datacenter_id=2 plan_id=5
      -p, --profileChoose a profile from which to build cloud VMs.salt-cloud -p linode-1024 mynewlinode
      -m, --mapChoose a map file from which to create your VMs. If a VM exists it will be skipped.salt-cloud -m /path/to/map
      -H, --hardUsed when creating VMs with a map file. If set, will destroy all VMs not listed in the map file.salt-cloud -m /path/to/map -H
      -d, --destroyDestroy the named VMs. Can be used with -m to provide a map of VMs to destroy.salt-cloud -m /path/to/map -d
      -P, --parallelBuild VMs in parallel.salt-cloud -P -p linode-profile newlinode1 newlinode2
      -u, --update-boostrapUpdate salt-bootstrap.salt-cloud -u
      -y, --assume-yesAnswer yes to all questions.salt-cloud -y -d linode1 linode2
      -k, -keep-tmpDo not remove /tmp files.salt-cloud -k -m /path/to/map
      --show-deploy-argsInclude deployment arguments in the return data.salt-cloud --show-deploy-args -m /path/to/map
      --script-argsArguments to be passed to the bootstrap script when deploying.salt-cloud -m /path/to/map --script-args '-h'
      -Q, --queryQuery nodes running on configured cloud providers.salt-cloud -Q
      -F, --full-queryQuery VMs and print all available information. Can be used with -m to provide a map.salt-cloud -F
      -S, --select-queryQuery VMs and print selected information. Can be used with -m to provide a map.salt-cloud -S
      --list-providersDisplay a list of configured providers.salt-cloud --list-providers
      --list-profilesDisplay a list of configured profiles. Supply a cloud provider, such as linode, or pass all to view all configured profiles.salt-cloud --list-profiles linode
      --list-locationsDisplay a list of available locations. Supply a cloud provider, such as linode, or pass all to view all location for configured profiles.salt-cloud --list-locations linode
      --list-imagesDisplay a list of available images. Supply a cloud provider, such as linode, or pass all to view all images for configured profiles.salt-cloud --list-images linode
      --list-sizesDisplay a list of available sizes. Supply a cloud provider, such as linode, or pass all to view all sizes for configured profiles.salt-cloud --list-sizes linode
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml.salt-call test.version --out json

      salt-cp

      Used to copy files from the master to all Salt minions that match a specific target expression.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-cp --version
      -h, --helpDisplay Salt commands and help text.salt-cp -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-cp '*' -c /home/salt/conf /file/to/copy /destination
      -t, --timeoutThe amount of seconds to wait for replies from minions. The default is 5 seconds.salt-cp '*' -t 25 /file/to/copy /destination
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-cp '*' -l all /file/to/copy /destination
      --log-fileChange log file path. Defaults to /var/log/salt/master.salt-cp '*' --logfile /home/salt/log/minion /file/to/copy /destination
      --log-file-levelChange logfile log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-cp '*' --log-file-level all /file/to/copy /destination
      -E, --pcreTarget expression will be interpreted as a Perl Compatible Regular Expression (PCRE) rather than a shell glob.salt-cp -E 'minion[0-9]' /file/to/copy /destination
      -L, --listTarget expression will be interpreted as a comma-delimited list.salt -L 'minion1,minion2' /file/to/copy /destination
      -G, --grainTarget expression matches a Salt grain. <grain value>:<glob expression>.salt -G 'os:Ubuntu' /file/to/copy /destination
      --grain-pcreTarget expression in the form of a Perl Compatible Regular Expression matches values returned by Salt grains on the minion.<grain value>:<regular expression>salt-cp --grain-pcre 'os:Arch' /file/to/copy /destination
      -C, --chunkedUse chunked mode to copy files. Supports large files, recursive directories copying and compression.salt-cp -C /some/large/file /destination
      -n, --no-compressionDisable gzip in chunked mode.salt-cp -C -n /some/large/file /destination

      salt-key

      Used to manage the Salt server public keys.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-key --version
      -h, --helpDisplay Salt commands and help text.salt-key -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-key -c /home/salt/conf
      -u, --userSupply a user to run salt-key.salt-key --user steven
      -q, --quietSuppress outputsalt-key -q
      -y, --yesAnswer yes to all questions. Default is False.salt-key -y True
      --rotate-aes-keySetting to False prevents the key session from being refreshed when keys are deleted or rejected. Default is True.salt-key --rotate-aes-key False
      --log-fileChange log file path. Defaults to /var/log/salt/minion.salt-key --logfile /home/salt/log/minion -D
      --log-file-levelChange logfile log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-key --log-file-level all --accept '*'
      -l, --listList public keys. pre, un, and unaccepted will list unaccepted/unsigned keys. acc or accepted will list accepted/signed keys. rej or rejected will list rejected keys. all will list all keys.salt-key -l all
      -a, --acceptAccept a public key. Globs are supported.salt-key --accept 'minion*'
      -A, --accept-allAccept all pending keys.salt-key -A
      -r, --rejectReject a specific key. Globs are supported.salt-key -r 'minion*'
      -R, --reject-allReject all pending keys.salt-key -R
      --include-allInclude non-pending keys when accepting and rejecting.salt-key -r 'minion*' --include-all
      -p, --printPrint a public key.salt-key --print 'minion1'
      -d, --deleteDelete a public key. Globs are supported.salt-key -d 'minion*'
      -D, --delete-allDelete all public keys.salt-key --delete-all -y
      -f, --fingerPrint a key’s fingerprint.salt-key --finger 'minion1'
      -F, --finger-allPrint all keys’ fingerprints.salt-key --F
      --gen-keysSet a name to generate a key-pair.salt-key --gen-keys newminion
      --gen-keys-dirChoose where to save newly generated key-pairs. Only works with --gen-keys.salt-key --gen-keys newminion --gen-keys-dir /home/salt/keypairs
      --keysizeSet the keysize for a generated key. Must be a value of 2048 or higher. Only works with --gen-keys.salt-key --gen-keys newminion --keysize 4096
      --gen-signatureCreate a signature for the master’s public key named master_pubkey_signature. This requires a new-signing-keypair which can be created with the --auto-create option.salt-key --gen-signature --auto-create
      --privThe private-key file with which to create a signature.salt-key --priv key.pem
      --signature-pathThe file path for the new signature.salt-key --gen-signature --auto-create --signature-path /path/to/signature
      --pubThe public-key file with which to create a signature.salt-key --gen-signature key.pub
      --auto-createAuto-create a signing key-pair.salt-key --gen-signature --auto-create

      salt-master

      A daemon used to control Salt minions.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-master --version
      -h, --helpDisplay Salt commands and help text.salt-master -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-master -c /home/salt/conf
      -u, --userSupply a user to run salt-master.salt-master --user steven
      -d, --daemonRun salt-master as daemon.salt-master -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-master.pidsalt-master --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-master -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt-master --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-master --log-level all

      salt-minion

      A daemon that is controlled by a Salt master.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-minion --version
      -h, --helpDisplay Salt commands and help text.salt-minion -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-minion -c /home/salt/conf
      -u, --userSupply a user to run salt-minion.salt-minion --user steven
      -d, --daemonRun salt-minion as daemon.salt-minion -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-minion.pidsalt-minion --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-master -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/minionsalt-minion --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-minion --log-level all

      salt-run

      Runs a Salt runner on a Salt master.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-run --version
      -h, --helpDisplay Salt commands and help text.salt-run -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-run -c /home/salt/conf foo.bar
      -t, --timeoutThe amount of seconds to wait for replies from minions. The default is 5 seconds.salt-run -t 25 foo.bar
      -d, --doc, --documentationReturn all available documentation for a module or runner.salt-run foo.bar -d
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-run -l info foo.bar
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt-minion --log-file /home/salt/log foo.bar
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-minion --log-level all foo.bar

      salt-ssh

      Use SSH transport to execute salt routines.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-ssh --version
      -h, --helpDisplay Salt commands and help text.salt-ssh -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-ssh '*' -c /home/salt/conf test.ping
      -r, --raw, --raw-shellRun a raw shell command.salt-ssh '*' -r echo 'test'
      --rosterChoose which roster system to use. The default is the flat file roster.salt-ssh '192.168.0.0/16' --roster scan pkg.install apache2
      --roster-fileChange the roster file directory. The default is the same directory as the master config file.salt-ssh 'minion1' --roster-file /path/to/roster test.ping
      --refresh, --refresh-cacheUse to force refresh the target’s data in the master side cache before the auto refresh timeframe has been reached.salt-ssh 'minion1' --refresh-cache status.diskstats
      --max-procsThe number of minions to communicate with concurrently. In general, more connections mean faster communication. Default is 25.salt-ssh '*' --max-procs 50 test.ping
      -v, --verboseDisplay job ID.salt-ssh '*' -v test.ping
      -s, --staticReturn minion data as a grouping.salt-ssh '*' -s status.meminfo
      -w, --wipeRemove Salt files when the job is done.salt-ssh '*' -w state.apply
      -W. --rand-thin-dirDeploys to a random temp directory and cleans the directory when done.salt-ssh '*' -W state.apply
      --python2-binFile path to a python2 binary which has Salt installed.salt-ssh '*' --python2-bin /file/to/bin test.ping
      --python3-binFile path to a python3 binary which has Salt installed.salt-ssh '*' --python3-bin /file/to/bin test.ping
      --jidSupply a job ID instead of generating one.salt-ssh '*' -v --jid 00000000000000000000 test.ping
      --privSupply which SSH private key to use for authentication.salt-ssh '*' --priv /path/to/privkey status.netstats
      -i, --ignore-host-keysDisable StrictHostKeyChecking, which suppresses asking for connection approval.salt-ssh '*' -i pkg.install mysql-client
      --no-host-keysIgnores SSH host keys. Useful if an error persists with --ignore-host-keys.salt-ssh '*' -i --no-host-keys pkg.install cowsay
      --userSupply the user to authenticate with.salt-ssh '*' --user steven -r cowsay 'hello!'
      --passwdSupply the password to authenticate with.salt-ssh 'minion2' --passwd p455w0rd system.reboot
      --askpassRequest a password prompt.salt-ssh 'minion1' --askpass sys.doc
      --key-deployDeploy the authorized SSH key to all minions.salt-ssh '*' --key-deploy --passwd test.ping
      --sudoRun command with elevated privileges.salt-ssh '*' -r --sudo somecommand
      --scan-portsA comma-separated list of ports to scan in the scan roster.salt-ssh '192.168.0.0/16' --roster scan --scan-ports 22,23 test.ping
      --scan-timeoutTimeout for scan roster.salt-ssh '192.168.0.0/16' --roster scan --scan-timeout 100 test.ping
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-ssh -l info test.ping
      --log-fileChange the log file path. Defaults to /var/log/salt/sshsalt-ssh --log-file /home/salt/log test.ping
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-ssh --log-level all test.ping
      -E, --pcreTarget expression will be interpreted as a Perl Compatible Regular Expression (PCRE) rather than a shell glob.salt-ssh -E 'minion[0-9]' service.reload apache2
      --outChoose an alternative outputter to display returned data. Available outputters are: grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml.salt-ssh '*' test.version --out json

      salt-syndic

      A minion set up on a master that allows for passing commands in from a higher master.

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-syndic --version
      -h, --helpDisplay Salt commands and help text.salt-syndic -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-syndic -c /home/salt/conf
      -u, --userSupply a user to run salt-syndic.salt-syndic --user steven
      -d, --daemonRun salt-syndic as daemon.salt-syndic -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-syndic.pidsalt-syndic --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-syndic -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/mastersalt-syndic --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-syndic --log-level all

      spm

      Salt Package Manager

      OptionDescriptionExample
      -y, --yesAnswer yes to all questions.spm remove -y apache
      -f, --forceForce spm to perform an action it would normally refuse to perform.
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.spm -l info install apache
      --log-fileChange the log file path. Defaults to /var/log/salt/spmspm --log-file /home/salt/log install mysql
      --log-file-levelChange the logging level of the log file. Same options as --log-levelspm --log-level all remove nginx
      CommandDescriptionExample
      update_repoUpdate locally configured repository metadata.spm update_repo
      installInstall a package by name from a configured SPM repository.spm install nginx
      removeRemove a package.spm remove apache
      infoGet an installed package’s information.spm info mysql
      filesList an installed package’s files.spm files mongodb
      localPerform a command on a local package, not a package in a repository or an installed package. Does not work with remove.spm local install /path/to/package
      buildBuild a package.spm build /path/to/package
      create_repoScan a directory for a valid SPM package and build an SPM-METADATA file in that directory.spm create_rep /path/to/package

      salt-api

      Used to start the Salt API

      OptionDescriptionExample
      --versionGet the current version of Salt.salt-api --version
      -h, --helpDisplay Salt commands and help text.salt-api -h
      -c, --config-dirChange the Salt configuration directory. The default is /etc/salt.salt-api -c /home/salt/conf
      -u, --userSupply a user to run salt-api.salt-api --user steven
      -d, --daemonRun salt-api as daemon.salt-api -d
      --pid-fileSpecify the file path of the pidfile. Default is /var/run/salt-api.pidsalt-api --pid-file /path/to/new/pid
      -l, --log-levelChange console log level. Defaults to warning. Available options are all, garbage, trace, debug, info, warning, error, and quiet.salt-api -l info
      --log-fileChange the log file path. Defaults to /var/log/salt/apisalt-api --log-file /home/salt/log
      --log-file-levelChange the logging level of the log file. Same options as --log-levelsalt-api --log-level all

      More Information

      You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

      Join our Community

      Find answers, ask questions, and help others.

      This guide is published under a CC BY-ND 4.0 license.



      Source link