SaltStack Cheat Sheet

http://www.xenuser.org/saltstack-cheat-sheet/
https://github.com/saltstack/salt/wiki/Cheat-Sheet
.

Documentation on the system

salt '*' sys.doc # output sys.doc (= all documentation)

salt '*' sys.doc pkg # only sys.doc for pkg module
salt '*' sys.doc network # only sys.doc for network module
salt '*' sys.doc system # only sys.doc for system module
salt '*' sys.doc status # only sys.doc for status module

Documentation on the web

SaltStack documentation: http://docs.saltstack.com/en/latest/

Salt-Cloud: http://docs.saltstack.com/en/latest/topics/cloud/
Jobs: http://docs.saltstack.com/en/latest/topics/jobs/

Minions

Minion status

You can also use several commands to check if minions are alive and kicking but I
prefer manage.status/up/down.

salt-run manage.status #
What is the status of all my minions? (both up and down)
salt-run manage.up #
Any minions that are up?
salt-run manage.down #
Any minions that are down?
salt-run manage.alived #
Show all alive minions
salt '*' test.version #
Display salt version
salt '*' test.ping #
Use test module to check if minion is up and responding.
#
(Not an ICMP ping!)
Target minion with state files

Apply a specific state file to a (group of..) minion(s). Do not use the .sls
extension. (just like in the state files!)

salt '*' state.sls mystatefile # mystatefile.sls will be applied to *

salt 'minion1' state.sls prod.somefile # prod/somefile.sls will be applied to
minion1
Grains

List all grains on all minions

salt '*' grains.ls

Look at a single grains item to list the values.

salt '*' grains.item os # Show the value of the OS grain for every minion
salt '*' grains.item roles # Show the value of the roles grain for every minion
Manipulate grains.

salt 'minion1' grains.setval mygrain True # Set mygrain to True (create if it

doesn't exist yet)
salt 'minion1' grains.delval mygrain # Delete the value of the grain
Jobs in Salt
Some jobs operations that are often used.
(http://docs.saltstack.com/en/latest/topics/jobs/)

salt-run jobs.active # get list of active jobs

salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
Sysadmin specific

Some stuff that is specifically of interest for sysadmins.

System and status

salt 'minion-x-*' system.reboot # Let's reboot all the minions that match minion-
x-*
salt '*' status.uptime # Get the uptime of all our minions
Packages

salt '*' pkg.list_upgrades # get a list of packages that need to be

upgrade
salt '*' pkg.upgrade # Upgrades all packages via apt-get dist-
upgrade (or similar)

salt '*' pkg.version bash # get current version of the bash package
salt '*' pkg.install bash # install or upgrade bash package
salt '*' pkg.install bash refresh=True # install or upgrade bash package but
# refresh the package database before
installing.
Check status of a service and manipulate services

salt '*' service.status <service name>

salt '*' service.available <service name>
salt '*' service.start <service name>
salt '*' service.restart <service name>
salt '*' service.stop <service name>
Network

Do some network stuff on your minions.

salt 'minion1' network.ip_addrs # Get IP of your minion

salt 'minion1' network.ping <hostname> # Ping a host from your minion
salt 'minion1' network.traceroute <hostname> # Traceroute a host from your minion
salt 'minion1' network.get_hostname # Get hostname
salt 'minion1' network.mod_hostname # Modify hostname
Salt Cloud

Salt Cloud is used to provision virtual machines in the cloud. (surprise!)

(http://docs.saltstack.com/en/latest/topics/cloud/)

salt-cloud -p profile_do my-vm-name -l debug # Provision using profile_do as

profile
# and my-vm-name as the virtual
machine name while
# using the debug option.
salt-cloud -d my-vm-name # destroy the my-vm-name virtual
machine.
salt-cloud -u # Update salt-bootstrap to
Installing SaltStack - Ubuntu 14.*

wget -O - https://repo.saltstack.com/apt/ubuntu/ubuntu14/latest/SALTSTACK-GPG-
KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/apt/ubuntu/ubuntu14/latest trusty main' | sudo
tee -a /etc/apt/sources.list
sudo apt-get update

# Master installation
apt-get install salt-master

# Minion installation
apt-get install salt-minion

# Salt ssh installation

apt-get install salt-ssh

# Salt syndic installation

apt-get install salt-syndic

# Salt API installation

apt-get install salt-api
Bootstrapping Salt Minion

curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh

install_salt.sh
Salt Key Management

# Listing Salt requests

salt-key -L

# Accepting all requests

salt-key -A

# Accepting a single request (from myNode)

salt-key -a myNode

# Removing the key of a Salt 'myNode' Minion

salt-key -d minion_id
Debugging

# Debugging the master

salt-master -l debug

# Debugging the minion

salt-minion -l debug

# Restarting the minion without cache

stop master/minion
rm -rf /var/cache/salt
start master/minion
SaltStack Documentation

# Viewing all the documentation

salt '*' sys.doc

# Viewing a module documentation

salt '*' sys.doc module_name

#Examples:
salt '*' sys.doc status
salt '*' sys.doc pkg
salt '*' sys.doc network
salt '*' sys.doc system
salt '*' sys.doc cloud

# Viewing a function documentation

salt '*' sys.doc module_name function_name

# Examples:
salt '*' sys.doc auth django
salt '*' sys.doc sdb sqlite3
SaltStack Modules And Functions

salt '*' sys.list_modules

salt '*' sys.list_functions
Compound Matchers

Letter Match Type Example Alt Delimiter?]

G Grains glob G@os:Ubuntu Yes
E PCRE Minion ID E@web\d+.(dev|qa|prod).loc No
P Grains PCRE P@os:(RedHat|Fedora|CentOS) Yes
L List of minions [email protected],minion3.domain.com or bl*.domain.com
No
I Pillar glob I@pdata:foobar Yes
J Pillar PCRE J@pdata:^(foo|bar)$ Yes
S Subnet/IP address [email protected]/24 or [email protected] No
R Range cluster R@%foo.bar No
Other examples:

# Examples taken from:

https://docs.saltstack.com/en/latest/topics/targeting/compound.html

# Joining
salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping

# Excluding
salt -C 'not web-dc1-srv' test.ping
Upgrades & Versions

#
# Listing upgrades
salt '*' pkg.list_upgrades

# Upgrading
salt '*' pkg.upgrade

# List the packages currently installed as a dict

salt '*' pkg.list_pkgs versions_as_list=True

# Refresh the pkgutil repo database

salt '*' pkgutil.refresh_db

# Check the version of a package

salt '*' pkgutil.version mongodb
Packages Manipulation

# Installation
salt '*' pkg.install apache2

# Latest version installation

salt '*' pkgutil.latest_version mysql-common

# Removing package(s)
salt '*' pkg.remove vim

# Purging package(s)
salt '*' pkg.purge apache2 mysql-server

Reboot & Uptime

# Reboot
salt '*' system.reboot

#Uptime
salt '*' status.uptime
Using Grains

# Syncing grains
salt '*' saltutil.sync_grains

# Available grains can be listed by using the �grains.ls� module:

salt '*' grains.ls

# Grains data can be listed by using the �grains.items� module:

salt '*' grains.items

# Grains have values that could be called via �grains.get <grain_name>� (path is
the name of a grain)
salt '*' grains.get path
Syncing Data

# Syncing grains
salt '*' saltutil.sync_grains

# Syncing everything from grains to modules, outputters, renderers, returners,

states and utils.
salt '*' saltutil.sync_all
Running System Commands

salt "*" cmd.run "ls -lrth /data"

salt "*" cmd.run "df -kh /data"
salt "*" cmd.run "du -sh /data"
Working With Services

# Apache example

# Checking if service is available

salt '*' service.available apache2

# Manipulating Apache2 service

salt '*' service.status apache2
salt '*' service.start apache2
salt '*' service.restart apache2
salt '*' service.stop apache2
Network Management

# Get IP of your minion

salt '*' network.ip_addrs

# Ping a host from your minion

salt '*' network.ping localhost

# Traceroute a host from your minion

salt '*' network.traceroute localhost

# Get hostname
salt '*' network.get_hostname

# Modify hostname to 'myNode'

salt '*' network.mod_hostname myNode

# Information on all of the running TCP connections

salt '*' network.active_tcp

# Return the arp table from the minion

salt '*' network.arp

# Test connectivity
salt '*' network.connect google-public-dns-a.google.com port=53 proto=udp timeout=3

# Get default route

salt '*' network.default_route

# Execute dig
salt '*' network.dig eon01.com

# Get the MAC addres of eth0 interface

salt '*' network.hw_addr eth0

# Get the inet addres of eth1 interface

salt '*' network.interface eth1

# Get the IP addres of tun interface

salt '*' network.interface_ip tun
Working With HTTP Requests

# Get the html source code of a page

salt-run http.query http://eon01.com text=true

# Get the header of a page

salt-run http.query http://eon01.com headers=true

# Get the response code from a web server

salt-run http.query http://eon01.com status=true

# Sending a post request

salt '*' http.query http://domain.com/ method=POST params='key1=val1&key2=val2'

#
Job Management
# List active jobs
salt-run jobs.active

# List all jobs with the id and other information

salt-run jobs.list_jobs

# List multiple information about the job with the id:20151101225221651308 like the
result output
salt-run jobs.lookup_jid 20151101225221651308

# Kill the job with the id:20151101225221651308

salt 'server' saltutil.kill_job 20151101225221651308
Scheduling Feature

# Schedule a job called "scheduled_job"

salt '*' schedule.add scheduled_job function='cmd.run' job_args="['']" seconds=10

# Enable the job

salt '*' schedule.enable_job scheduled_job

# Disable the job

salt '*' schedule.disable_job scheduled_job
Working With SLS

salt '*' state.show_sls

Testing States

salt '*' state.highstate test=True

salt '*' state.sls test=True
salt '*' state.single test=True
Load testing

# Starting 20 minions
wget https://raw.githubusercontent.com/saltstack/salt/develop/tests/minionswarm.py;
python minionswarm.py -m 20 --master salt-master;
State Declaration Structure

# Source: https://docs.saltstack.com/en/latest/ref/states/highstate.html#state-
declaration

# Standard declaration
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>

# Inline function and names

<ID Declaration>:
<State Module>.<Function>:
- <Function Arg>
- <Function Arg>
- <Function Arg>
 - <Names>:
- <name>
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>

# Multiple states for single id

<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:

Initial Configuration

In /etc/salt/master delete all the entries, in the beginning you only need the
following:

interface: 0.0.0.0
max_open_files: 100000
file_roots:
base:
- /salt/states/base
Minion configuration /etc/salt/minion, the bare minimum:

master: master_ip
#id:
Minions

Minion status

You can also use several commands to check if minions are alive and kicking but I
prefer manage.status/up/down.

salt-run manage.status #
What is the status of all my minions? (both up and down)
salt-run manage.up #
Any minions that are up?
salt-run manage.down #
Any minions that are down?
salt '*' test.ping #
Use test module to check if minion is up and responding.
#
(Not an ICMP ping!)
Target minion with state files

Apply a specific state file to a (group of..) minion(s). Do not use the .sls
extension. (just like in the state files!)

salt '*' state.sls mystatefile # mystatefile.sls will be applied to *

salt 'minion1' state.sls prod.somefile # prod/somefile.sls will be applied to
minion1
Grouping minions by id in /etc/salt/master

nodegroups:
deb: 'debian8, ubuntu1404'
 rpm: 'centos7, centos6'

salt -N deb state.sls vim

Grains

List all grains on all minions

salt '*' grains.ls

Look at a single grains item to list the values.

salt '*' grains.item os # Show the value of the OS grain for every minion
salt '*' grains.item roles # Show the value of the roles grain for every minion
Manipulate grains.

salt 'minion1' grains.setval mygrain True # Set mygrain to True (create if it

doesn't exist yet)
salt 'minion1' grains.delval mygrain # Delete the value of the grain
Jobs in Salt

Some jobs operations that are often used.

(http://docs.saltstack.com/en/latest/topics/jobs/)

salt-run jobs.active # get list of active jobs

salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
Sysadmin specific

Some stuff that is specifically of interest for sysadmins.

System and status

salt 'minion-x-*' system.reboot # Let's reboot all the minions that match minion-
x-*
salt '*' status.uptime # Get the uptime of all our minions
Packages

salt '*' pkg.list_upgrades # get a list of packages that need to be

upgrade
salt '*' pkg.upgrade # Upgrades all packages via apt-get dist-
upgrade (or similar)

salt '*' pkg.version bash # get current version of the bash package
salt '*' pkg.install bash # install or upgrade bash package
salt '*' pkg.install bash refresh=True # install or upgrade bash package but
# refresh the package database before
installing.
Check status of a service and manipulate services

salt '*' service.status <service name>

salt '*' service.available <service name>
salt '*' service.start <service name>
salt '*' service.restart <service name>
salt '*' service.stop <service name>
- <Requisite Reference>
<State Module>:
- <Function>
- <Function Arg>
- <Names>:
- <name>
 - <name>
- <Requisite Declaration>:
- <Requisite Reference>

Minion Overview

salt-run manage.up # Shows what Minions are up

salt-run manage.down # Shows what Minions are down or not
connected
salt-run manage.status # Shows both online and offline
Minions
salt '*'' test.ping # Pings all minions

Targetting Minions

salt '*' some_module # target all Salt Minions

salt 'web*' some_module # Target Minion(s) based on their
Minion ID
salt -G 'oscodename:wheezy' some_module # Target Minions based on their grains

Job Management

salt-run jobs.list_jobs # Lists ALL Jobs

salt-call saltutil.running # Lists running jobs
salt-call saltutil.kill_job <job id number> # Kills a specific running job
salt-run jobs.active # get list of active jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job

States

salt-run state.highstate # runs all states targetted for a

minion, on a minion
salt 'ns*' state.highstate # runs all states targetted for a
minion, from master
salt 'web*' state.sls settings.nginx # runs settings/nginx/init.sls on web*

Grains

salt '*' grains.ls # List all grains on all minions

salt '*' grains.item os # Show the value of the OS grain for
every minion
salt '*' grains.item roles # Show the value of the roles grain
for every minion
salt 'minion1' grains.setval mygrain True # Set mygrain to True (create if it
doesn't exist yet)
salt 'minion1' grains.delval mygrain # Delete the value of the grain

Documentation on the system

salt '*' sys.doc # output sys.doc (= all documentation)

salt '*' sys.doc pkg # only sys.doc for pkg module
salt '*' sys.doc network # only sys.doc for network module
salt '*' sys.doc system # only sys.doc for system module
salt '*' sys.doc status # only sys.doc for status module