cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.43.118  master.com
192.168.43.71   slave.com

yum -y install salt-master salt-minion 
chkconfig  salt-master on
chkconfig salt-minion  on
systemctl start salt-master.service

grep '^[a-Z]' /etc/salt/minion 
master: 192.168.43.118

systemctl start salt-minion  

cd /etc/salt/pki/minion/

[root@localhost minion]#ll
总用量 8
-r-------- 1 root root 1675 11月 14 20:40 minion.pem
-rw-r--r-- 1 root root  451 11月 14 20:40 minion.pub

[root@localhost minion]# cd /etc/salt/pki/master/
[root@localhost master]# ll
总用量 8
-r-------- 1 root root 1675 11月 14 20:32 master.pem
-rw-r--r-- 1 root root  451 11月 14 20:32 master.pub
drwxr-xr-x 2 root root    6 11月 14 20:32 minions
drwxr-xr-x 2 root root    6 11月 14 20:32 minions_autosign
drwxr-xr-x 2 root root    6 11月 14 20:32 minions_denied
drwxr-xr-x 2 root root   49 11月 14 20:40 minions_pre
drwxr-xr-x 2 root root    6 11月 14 20:32 minions_rejected


[root@localhost master]# tree
.
├── master.pem
├── master.pub
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
│?? ├── 192.168.43.118
│?? └── 192.168.43.71
└── minions_rejected

[root@localhost master]# salt-key 
Accepted Keys:
Denied Keys:
Unaccepted Keys:
192.168.43.118
192.168.43.71
Rejected Keys:

[root@localhost master]# salt-key -A 同意所有
[root@localhost master]# salt-key -a 192*  可选 *代表所有

-L 列表  
-D 删除所有
-d 删除选中的

[root@localhost master]# salt-key -a 192*
The following keys are going to be accepted:
Unaccepted Keys:
192.168.43.118
192.168.43.71
Proceed? [n/Y] Y  
Key for minion 192.168.43.118 accepted.
Key for minion 192.168.43.71 accepted.

[root@localhost master]# tree
.
├── master.pem
├── master.pub
├── minions
│?? ├── 192.168.43.118
│?? └── 192.168.43.71
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected

[root@localhost minions]# cat 192.168.43.118   公钥
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyk+GLHO1im00+OkGVVzN
LCa/kdZV9y5b4PjTyCspzwY978R+ItxR9mWW2jF8N0XAvfg73genqxbBOIoWoSoS
nBCv34dk8PUeI4FBlFCTzs7p0xuHQKESV1EDSXQBfcnS1vDQf3A3Ik9R+bw3aDGe
SeSOYQC+VTZr8kmTCC8vAJxK94F2xB3QPmY30efEdq/e2L2zufomOIPweEi5ll6r
9vfck9x3oBFBn6lQAbZUKFfsu6KyxW8fqIUICrv8NCqGD7vLKZchw2qh7YT01hxl
iMGhCkV0eV+1quAIb+EVsduW4hRQDFJCERPeQaoBN+AvFGIrBYQbXxsOPbPqtmDo
7QIDAQAB
-----END PUBLIC KEY-----

[root@localhost ~]# cd /etc/salt/pki/minion/
[root@localhost minion]# ll
总用量 12
-rw-r--r-- 1 root root  451 11月 14 20:47 minion_master.pub  master公钥
-r-------- 1 root root 1675 11月 14 20:40 minion.pem
-rw-r--r-- 1 root root  451 11月 14 20:40 minion.pub

[root@localhost ~]# salt '*' test.ping    test模块的ping方法
192.168.43.71:
    True
192.168.43.118:
    True


[root@localhost ~]# salt '*' cmd.run 'uptime'  cmd模块的run方法
192.168.43.71:
     20:52:54 up 29 min,  2 users,  load average: 0.01, 0.04, 0.09
192.168.43.118:
     20:52:54 up  1:31,  3 users,  load average: 0.00, 0.04, 0.10


[root@localhost ~]#grep -v '#' /etc/salt/master |grep -v '^$'
file_roots:   
  base:
    - /srv/salt    #配置存放路径

[root@localhost ~]# mkdir /srv/salt
[root@localhost ~]# systemctl restart salt-master

[root@localhost ~]# cd /srv/salt/  写一个安装http服务
[root@localhost salt]# vim apache.sls
apache-install:       标题
  pkg.installed:    2个空格  pkg模块的installed方法  
    - names:        4个\n    
      - httpd       6个\n 
      - httpd-devel  6个\n

apache-service:     标题
  service.running:   2个空格    service模块的runing方法
    - name: httpd   4个\n
    - enable: True  4个\n     
    - reload: True  4个\n 



拓展:vim
:set list 显示所有字符

[root@localhost salt]# salt '*' state.sls apache  state模块的sls方法 ,apache参数
[root@localhost salt]# salt '*' state.sls apache 
192.168.43.71:
----------
          ID: apache-install  标题
    Function: pkg.installed   某块的方法
        Name: httpd
      Result: True            返回的结果
     Comment: Package httpd is already installed.  安装的包是httpd
     Started: 21:26:20.274263
    Duration: 695.339 ms
     Changes:   
----------
          ID: apache-install
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: Package httpd-devel is already installed.
     Started: 21:26:20.969739
    Duration: 0.335 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is running
     Started: 21:26:20.970489
    Duration: 3101.22 ms
     Changes:   
              ----------
              httpd:
                  True

Summary
------------
Succeeded: 3 (changed=1) 
Failed:    0  #失败0个

高级状态:
top.sls 必须放在base环境下

[root@localhost salt]# vim top.sls
base:
  '192.168*':  *可以代表多有主机
    - apache         执行apache的状态 及上面的参数

[root@localhost salt]# salt '*' state.highstate


saltstack 数据系统:
grains:   信息收集和匹配minion
[root@localhost salt]# salt '*' grains.ls      把主机grains的所有key列出来:
192.168.43.71:
    - SSDs
    - biosreleasedate
    - biosversion
    - cpu_flags
    - cpu_model
    - cpuarch
    - domain
    - fqdn
    - fqdn_ip4
    - fqdn_ip6
    - gpus
    - host
    - hwaddr_interfaces
    - id
    - init
    - ip4_interfaces
    - ip6_interfaces
    - ip_interfaces
    - ipv4
    - ipv6
    - kernel
    - kernelrelease
    - locale_info
    - localhost
    - lsb_distrib_id
    - machine_id
    - manufacturer
    - master
    - mdadm
    - mem_total
    - nodename
    - num_cpus
    - num_gpus
    - os
    - os_family
    - osarch
    - oscodename
    - osfinger
    - osfullname
    - osmajorrelease
    - osrelease
    - osrelease_info
    - path
    - productname
    - ps
    - pythonexecutable
    - pythonpath
    - pythonversion
    - saltpath
    - saltversion
    - saltversioninfo
    - selinux
    - serialnumber
    - server_id
    - shell
    - systemd
    - virtual
    - zmqversion

[root@localhost salt]# salt '192.168.43.118' grains.items 把所有grains的内容显示出来
192.168.43.118:
    ----------
    SSDs:
    biosreleasedate:  base的时间
        05/19/2017
    biosversion:      base的版本
        6.00
    cpu_flags:        cpu的标志位
        - fpu
        - vme
        - de
        - pse
        - tsc
        - msr
        - pae
        - mce
        - cx8
        - apic
        - sep
        - mtrr
        - pge
        - mca
        - cmov
        - pat
        - pse36
        - clflush
        - mmx
        - fxsr
        - sse
        - sse2
        - ss
        - syscall
        - nx
        - pdpe1gb
        - rdtscp
        - lm
        - constant_tsc
        - arch_perfmon
        - nopl
        - xtopology
        - tsc_reliable
        - nonstop_tsc
        - eagerfpu
        - pni
        - pclmulqdq
        - ssse3
        - fma
        - cx16
        - pcid
        - sse4_1
        - sse4_2
        - x2apic
        - movbe
        - popcnt
        - tsc_deadline_timer
        - aes
        - xsave
        - avx
        - f16c
        - rdrand
        - hypervisor
        - lahf_lm
        - abm
        - fsgsbase
        - tsc_adjust
        - bmi1
        - avx2
        - smep
        - bmi2
        - invpcid
        - xsaveopt
        - arat
    cpu_model:        cpu的型号
        Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz
    cpuarch:          cpu的架构
        x86_64
    domain:           域名
    fqdn:             fqdn名
    fqdn_ip4:         fqdn名解析ip
    fqdn_ip6:
    gpus:
        |_
          ----------
          model:
              SVGA II Adapter
          vendor:
              unknown
    host:     主机名
    hwaddr_interfaces:   硬件信息
        ----------
        ens33:           网卡的mac地址
            00:0c:29:e3:a8:1c
        lo:
            00:00:00:00:00:00
    id:
        192.168.43.118
    init:
        systemd
    ip4_interfaces:
        ----------
        ens33:
            - 192.168.43.118
        lo:
            - 127.0.0.1
    ip6_interfaces:
        ----------
        ens33:
            - fe80::532f:a2de:497a:dc6d
        lo:
            - ::1
    ip_interfaces:
        ----------
        ens33:
            - 192.168.43.118
            - fe80::532f:a2de:497a:dc6d
        lo:
            - 127.0.0.1
            - ::1
    ipv4:
        - 127.0.0.1
        - 192.168.43.118
    ipv6:
        - ::1
        - fe80::532f:a2de:497a:dc6d
    kernel:
        Linux
    kernelrelease:
        3.10.0-862.14.4.el7.x86_64
    locale_info:
        ----------
        defaultencoding:
            UTF-8
        defaultlanguage:
            zh_CN
        detectedencoding:
            UTF-8
    localhost:
        localhost.localdomain
    lsb_distrib_id:
        CentOS Linux
    machine_id:
        0ed2bd568b0d42b9a188e4a84ee0d8db
    manufacturer:
        VMware, Inc.
    master:
        192.168.43.118
    mdadm:
    mem_total:
        974
    nodename:
        localhost.localdomain
    num_cpus:
        1
    num_gpus:
        1
    os:
        CentOS
    os_family:
        RedHat
    osarch:
        x86_64
    oscodename:
        Core
    osfinger:
        CentOS Linux-7
    osfullname:
        CentOS Linux
    osmajorrelease:
        7
    osrelease:
        7.5.1804
    osrelease_info:
        - 7
        - 5
        - 1804
    path:
        /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
    productname:
        VMware Virtual Platform
    ps:
        ps -efH
    pythonexecutable:
        /usr/bin/python
    pythonpath:
        - /usr/bin
        - /usr/lib64/python27.zip
        - /usr/lib64/python2.7
        - /usr/lib64/python2.7/plat-linux2
        - /usr/lib64/python2.7/lib-tk
        - /usr/lib64/python2.7/lib-old
        - /usr/lib64/python2.7/lib-dynload
        - /usr/lib64/python2.7/site-packages
        - /usr/lib/python2.7/site-packages
    pythonversion:
        - 2
        - 7
        - 5
        - final
        - 0
    saltpath:
        /usr/lib/python2.7/site-packages/salt
    saltversion:
        2015.5.10
    saltversioninfo:
        - 2015
        - 5
        - 10
        - 0
    selinux:
        ----------
        enabled:
            False
        enforced:
            Disabled
    serialnumber:
        VMware-56 4d 47 9d ed 95 83 61-2a 82 46 ce de e3 a8 1c
    server_id: 
        633234648
    shell:
        /bin/sh
    systemd:
        ----------
        features:
            +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
        version:
            219
    virtual:
        VMware
    zmqversion:
        3.2.5

[root@localhost salt]# salt '192.168.43.118' grains.item fqdn  显示单个grais的key或者使用get
192.168.43.118:
    ----------
    fqdn:

[root@localhost salt]# salt '192.168.43.118' grains.get  selinux  
192.168.43.118:
    ----------
    enabled:
        False
    enforced:
        Disabled
[root@localhost salt]# salt '192.168.43.118' grains.get  os

[root@localhost salt]# salt -G os:CentOS cmd.run 'w'  -G是使用grains

手动编写grains信息:
[root@localhost minion]# grep -v '#' /etc/salt/minion |grep -v '^$'
master: 192.168.43.118
grains:
  roles:
    - webserver
    - memcache

[root@localhost minion]# systemctl restart salt-minion

[root@localhost salt]# salt -G 'roles:memcache' cmd.run 'echo oo'
192.168.43.71:
    oo

默认grains文件路径/etc/salt/
[root@localhost minion]# vim /etc/salt/grains
[root@localhost minion]# cat /etc/salt/grains
web: nginx

[root@localhost minion]# systemctl restart salt-minion
[root@localhost salt]# salt -G 'web:nginx' cmd.run 'echo oo'
192.168.43.71:
    oo

top里面匹配grains:
base:
  'web:nginx':       匹配grains的web等于nginx
    - match: grain   指定grains匹配
    - apache         执行apache状态

[root@localhost salt]# salt '*' state.highstate



 

pillar: 

[root@localhost salt]#grep '^[a-Z]' /etc/salt/master
file_roots:
pillar_opts: True  设置为Ture

[root@localhost salt]# systemctl restart salt-master

[root@localhost salt]# salt '*' pillar.items

[root@localhost salt]# grep -v '#' /etc/salt/master |grep -v '^$'
file_roots:
  base:
    - /srv/salt  设置配置路径
pillar_roots:
  base:
    - /srv/pillar  设置pillar路径
pillar_opts: True   

[root@localhost salt]# mkdir /srv/pillar
把pillar_opts: False  设置为False

[root@localhost salt]# systemctl restart salt-master
[root@localhost salt]# vim /srv/pillar/apache.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
{% elif grains['os'] == 'Dehiah' %}
apache: apache2
{% endif %}

[root@localhost salt]# vim /srv/pillar/top.sls
base:
  '*':
    - apache


[root@localhost pillar]# salt '*' pillar.items
192.168.43.71:
    ----------
    apache:
        httpd
192.168.43.118:
    ----------
    apache:
        httpd

[root@localhost pillar]# salt '*' saltutil.refresh_pillar   刷新pillar
192.168.43.71:
    True
192.168.43.118:
    True

[root@localhost pillar]# salt -I 'apache:httpd' test.ping   测试
192.168.43.118:
    True
192.168.43.71:
    True


区别: 
grains 存贮minion  静态数据类型  
pillar 存储master  动态数据类型


-S ip
-I
-C  子网段
and or  not