Mini Shell
"""
General management functions for salt, tools like seeing what hosts are up
and what hosts are down
"""
import logging
import operator
import os
import re
import subprocess
import tempfile
import time
import urllib.request
import uuid
import salt.client
import salt.client.ssh
import salt.key
import salt.utils.compat
import salt.utils.files
import salt.utils.minions
import salt.utils.path
import salt.utils.versions
import salt.version
import salt.wheel
from salt.exceptions import SaltClientError, SaltSystemExit
FINGERPRINT_REGEX = re.compile(r"^([a-f0-9]{2}:){15}([a-f0-9]{2})$")
log = logging.getLogger(__name__)
def _ping(tgt, tgt_type, timeout, gather_job_timeout):
with salt.client.get_local_client(__opts__["conf_file"]) as client:
pub_data = client.run_job(
tgt, "test.ping", (), tgt_type, "", timeout, "", listen=True
)
if not pub_data:
return pub_data
log.debug(
"manage runner will ping the following minion(s): %s",
", ".join(sorted(pub_data["minions"])),
)
returned = set()
for fn_ret in client.get_cli_event_returns(
pub_data["jid"],
pub_data["minions"],
client._get_timeout(timeout),
tgt,
tgt_type,
gather_job_timeout=gather_job_timeout,
):
if fn_ret:
for mid, _ in fn_ret.items():
log.debug("minion '%s' returned from ping", mid)
returned.add(mid)
not_returned = sorted(set(pub_data["minions"]) - returned)
returned = sorted(returned)
return returned, not_returned
def status(
output=True, tgt="*", tgt_type="glob", timeout=None, gather_job_timeout=None
):
"""
.. versionchanged:: 2017.7.0
The ``expr_form`` argument has been renamed to ``tgt_type``, earlier
releases must use ``expr_form``.
Print the status of all known salt minions
CLI Example:
.. code-block:: bash
salt-run manage.status
salt-run manage.status tgt="webservers" tgt_type="nodegroup"
salt-run manage.status timeout=5 gather_job_timeout=10
"""
ret = {}
if not timeout:
timeout = __opts__["timeout"]
if not gather_job_timeout:
gather_job_timeout = __opts__["gather_job_timeout"]
res = _ping(tgt, tgt_type, timeout, gather_job_timeout)
ret["up"], ret["down"] = ([], []) if not res else res
return ret
def key_regen():
"""
This routine is used to regenerate all keys in an environment. This is
invasive! ALL KEYS IN THE SALT ENVIRONMENT WILL BE REGENERATED!!
The key_regen routine sends a command out to minions to revoke the master
key and remove all minion keys, it then removes all keys from the master
and prompts the user to restart the master. The minions will all reconnect
and keys will be placed in pending.
After the master is restarted and minion keys are in the pending directory
execute a salt-key -A command to accept the regenerated minion keys.
The master *must* be restarted within 60 seconds of running this command or
the minions will think there is something wrong with the keys and abort.
Only Execute this runner after upgrading minions and master to 0.15.1 or
higher!
CLI Example:
.. code-block:: bash
salt-run manage.key_regen
"""
client = salt.client.get_local_client(__opts__["conf_file"])
try:
client.cmd("*", "saltutil.regen_keys")
except SaltClientError as client_error:
print(client_error)
return False
for root, _, files in salt.utils.path.os_walk(__opts__["pki_dir"]):
for fn_ in files:
path = os.path.join(root, fn_)
try:
os.remove(path)
except OSError:
pass
msg = (
"The minion and master keys have been deleted. Restart the Salt\n"
"Master within the next 60 seconds!!!\n\n"
"Wait for the minions to reconnect. Once the minions reconnect\n"
"the new keys will appear in pending and will need to be re-\n"
"accepted by running:\n"
" salt-key -A\n\n"
"Be advised that minions not currently connected to the master\n"
"will not be able to reconnect and may require manual\n"
"regeneration via a local call to\n"
" salt-call saltutil.regen_keys"
)
return msg
def down(
removekeys=False, tgt="*", tgt_type="glob", timeout=None, gather_job_timeout=None
):
"""
.. versionchanged:: 2017.7.0
The ``expr_form`` argument has been renamed to ``tgt_type``, earlier
releases must use ``expr_form``.
Print a list of all the down or unresponsive salt minions
Optionally remove keys of down minions
CLI Example:
.. code-block:: bash
salt-run manage.down
salt-run manage.down removekeys=True
salt-run manage.down tgt="webservers" tgt_type="nodegroup"
"""
ret = status(
output=False,
tgt=tgt,
tgt_type=tgt_type,
timeout=timeout,
gather_job_timeout=gather_job_timeout,
).get("down", [])
for minion in ret:
if removekeys:
wheel = salt.wheel.Wheel(__opts__)
wheel.call_func("key.delete", match=minion)
return ret
def up(
tgt="*", tgt_type="glob", timeout=None, gather_job_timeout=None
): # pylint: disable=C0103
"""
.. versionchanged:: 2017.7.0
The ``expr_form`` argument has been renamed to ``tgt_type``, earlier
releases must use ``expr_form``.
Print a list of all of the minions that are up
CLI Example:
.. code-block:: bash
salt-run manage.up
salt-run manage.up tgt="webservers" tgt_type="nodegroup"
salt-run manage.up timeout=5 gather_job_timeout=10
"""
ret = status(
output=False,
tgt=tgt,
tgt_type=tgt_type,
timeout=timeout,
gather_job_timeout=gather_job_timeout,
).get("up", [])
return ret
def list_state(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are up according to Salt's presence
detection (no commands will be sent to minions)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.list_state
"""
# Always return 'present' for 0MQ for now
# TODO: implement other states support for 0MQ
ckminions = salt.utils.minions.CkMinions(__opts__)
minions = ckminions.connected_ids(show_ip=show_ip, subset=subset)
connected = dict(minions) if show_ip else sorted(minions)
return connected
def list_not_state(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are NOT up according to Salt's presence
detection (no commands will be sent to minions)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.list_not_state
"""
connected = list_state(subset=None, show_ip=show_ip)
with salt.key.get_key(__opts__) as key:
keys = key.list_keys()
not_connected = []
for minion in keys[key.ACC]:
if minion not in connected and (subset is None or minion in subset):
not_connected.append(minion)
return not_connected
def present(subset=None, show_ip=False):
"""
.. versionchanged:: 2019.2.0
Print a list of all minions that are up according to Salt's presence
detection (no commands will be sent to minions)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.present
"""
return list_state(subset=subset, show_ip=show_ip)
def not_present(subset=None, show_ip=False):
"""
.. versionadded:: 2015.5.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are NOT up according to Salt's presence
detection (no commands will be sent)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.not_present
"""
return list_not_state(subset=subset, show_ip=show_ip)
def joined(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are up according to Salt's presence
detection (no commands will be sent to minions)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.joined
"""
return list_state(subset=subset, show_ip=show_ip)
def not_joined(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are NOT up according to Salt's presence
detection (no commands will be sent)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.not_joined
"""
return list_not_state(subset=subset, show_ip=show_ip)
def allowed(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are up according to Salt's presence
detection (no commands will be sent to minions)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.allowed
"""
return list_state(subset=subset, show_ip=show_ip)
def not_allowed(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are NOT up according to Salt's presence
detection (no commands will be sent)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.not_allowed
"""
return list_not_state(subset=subset, show_ip=show_ip)
def alived(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are up according to Salt's presence
detection (no commands will be sent to minions)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.alived
"""
return list_state(subset=subset, show_ip=show_ip)
def not_alived(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are NOT up according to Salt's presence
detection (no commands will be sent)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.not_alived
"""
return list_not_state(subset=subset, show_ip=show_ip)
def reaped(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are up according to Salt's presence
detection (no commands will be sent to minions)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.reaped
"""
return list_state(subset=subset, show_ip=show_ip)
def not_reaped(subset=None, show_ip=False):
"""
.. versionadded:: 2015.8.0
.. versionchanged:: 2019.2.0
Print a list of all minions that are NOT up according to Salt's presence
detection (no commands will be sent)
subset : None
Pass in a list of minion ids.
show_ip : False
Also show the IP address each minion is connecting from.
CLI Example:
.. code-block:: bash
salt-run manage.not_reaped
"""
return list_not_state(subset=subset, show_ip=show_ip)
def safe_accept(target, tgt_type="glob"):
"""
.. versionchanged:: 2017.7.0
The ``expr_form`` argument has been renamed to ``tgt_type``, earlier
releases must use ``expr_form``.
Accept a minion's public key after checking the fingerprint over salt-ssh
CLI Example:
.. code-block:: bash
salt-run manage.safe_accept my_minion
salt-run manage.safe_accept minion1,minion2 tgt_type=list
"""
ssh_client = salt.client.ssh.client.SSHClient()
ret = ssh_client.cmd(target, "key.finger", tgt_type=tgt_type)
failures = {}
for minion, finger in ret.items():
if not FINGERPRINT_REGEX.match(finger):
failures[minion] = finger
else:
with salt.key.Key(__opts__) as salt_key:
fingerprints = salt_key.finger(minion)
accepted = fingerprints.get("minions", {})
pending = fingerprints.get("minions_pre", {})
if minion in accepted:
del ret[minion]
continue
elif minion not in pending:
failures[minion] = f"Minion key {minion} not found by salt-key"
elif pending[minion] != finger:
failures[minion] = (
"Minion key {} does not match the key in salt-key: {}".format(
finger, pending[minion]
)
)
else:
subprocess.call(["salt-key", "-qya", minion])
if minion in failures:
del ret[minion]
if failures:
print("safe_accept failed on the following minions:")
for minion, message in failures.items():
print(minion)
print("-" * len(minion))
print(message)
print("")
__jid_event__.fire_event({"message": f"Accepted {len(ret):d} keys"}, "progress")
return ret, failures
def versions():
"""
Check the version of active minions
CLI Example:
.. code-block:: bash
salt-run manage.versions
"""
ret = {}
client = salt.client.get_local_client(__opts__["conf_file"])
try:
minions = client.cmd(
"*", "test.version", full_return=True, timeout=__opts__["timeout"]
)
except SaltClientError as client_error:
print(client_error)
return ret
labels = {
-2: "Minion offline",
-1: "Minion requires update",
0: "Up to date",
1: "Minion newer than master",
2: "Master",
}
version_status = {}
master_version = salt.version.__saltstack_version__
for minion in minions:
if not minions[minion] or minions[minion]["retcode"]:
minion_version = False
ver_diff = -2
else:
minion_version = salt.version.SaltStackVersion.parse(minions[minion]["ret"])
ver_diff = salt.utils.compat.cmp(minion_version, master_version)
if ver_diff not in version_status:
version_status[ver_diff] = {}
if minion_version:
version_status[ver_diff][minion] = minion_version.string
else:
version_status[ver_diff][minion] = minion_version
# Add version of Master to output
version_status[2] = master_version.string
for key in version_status:
if key == 2:
ret[labels[key]] = version_status[2]
else:
for minion in sorted(version_status[key]):
ret.setdefault(labels[key], {})[minion] = version_status[key][minion]
return ret
def bootstrap(
version="develop",
script="https://bootstrap.saltproject.io",
hosts="",
script_args="",
roster="flat",
ssh_user=None,
ssh_password=None,
ssh_priv_key=None,
tmp_dir="/tmp/.bootstrap",
http_backend="tornado",
):
"""
Bootstrap minions with salt-bootstrap
version : develop
Git tag of version to install
script : https://bootstrap.saltproject.io/
URL containing the script to execute
hosts
Comma-separated hosts [example: hosts='host1.local,host2.local']. These
hosts need to exist in the specified roster.
script_args
Any additional arguments that you want to pass to the script.
.. versionadded:: 2016.11.0
roster : flat
The roster to use for Salt SSH. More information about roster files can
be found in :ref:`Salt's Roster Documentation <ssh-roster>`.
A full list of roster types, see the :ref:`builtin roster modules <all-salt.roster>`
documentation.
.. versionadded:: 2016.11.0
ssh_user
If ``user`` isn't found in the ``roster``, a default SSH user can be set here.
Keep in mind that ``ssh_user`` will not override the roster ``user`` value if
it is already defined.
.. versionadded:: 2016.11.0
ssh_password
If ``passwd`` isn't found in the ``roster``, a default SSH password can be set
here. Keep in mind that ``ssh_password`` will not override the roster ``passwd``
value if it is already defined.
.. versionadded:: 2016.11.0
ssh_privkey
If ``priv`` isn't found in the ``roster``, a default SSH private key can be set
here. Keep in mind that ``ssh_password`` will not override the roster ``passwd``
value if it is already defined.
.. versionadded:: 2016.11.0
tmp_dir : /tmp/.bootstrap
The temporary directory to download the bootstrap script in. This
directory will have ``-<uuid4>`` appended to it. For example:
``/tmp/.bootstrap-a19a728e-d40a-4801-aba9-d00655c143a7/``
.. versionadded:: 2016.11.0
http_backend : tornado
The backend library to use to download the script. If you need to use
a ``file:///`` URL, then you should set this to ``urllib2``.
.. versionadded:: 2016.11.0
CLI Example:
.. code-block:: bash
salt-run manage.bootstrap hosts='host1,host2'
salt-run manage.bootstrap hosts='host1,host2' version='v3004.2'
salt-run manage.bootstrap hosts='host1,host2' version='v3004.2' script='https://bootstrap.saltproject.io/develop'
"""
client_opts = __opts__.copy()
if roster is not None:
client_opts["roster"] = roster
if ssh_user is not None:
client_opts["ssh_user"] = ssh_user
if ssh_password is not None:
client_opts["ssh_passwd"] = ssh_password
if ssh_priv_key is not None:
client_opts["ssh_priv"] = ssh_priv_key
for host in hosts.split(","):
client_opts["tgt"] = host
client_opts["selected_target_option"] = "glob"
tmp_dir = "{}-{}/".format(tmp_dir.rstrip("/"), uuid.uuid4())
deploy_command = os.path.join(tmp_dir, "deploy.sh")
try:
client_opts["argv"] = ["file.makedirs", tmp_dir, "mode=0700"]
salt.client.ssh.SSH(client_opts).run()
client_opts["argv"] = [
"http.query",
script,
f"backend={http_backend}",
f"text_out={deploy_command}",
]
salt.client.ssh.SSH(client_opts).run()
client_opts["argv"] = [
"cmd.run",
" ".join(["sh", deploy_command, script_args]),
"python_shell=False",
]
salt.client.ssh.SSH(client_opts).run()
client_opts["argv"] = ["file.remove", tmp_dir]
salt.client.ssh.SSH(client_opts).run()
except SaltSystemExit as exc:
log.error(str(exc))
def bootstrap_psexec(
hosts="",
master=None,
version=None,
arch="win32",
installer_url=None,
username=None,
password=None,
):
"""
Bootstrap Windows minions via PsExec.
hosts
Comma separated list of hosts to deploy the Windows Salt minion.
master
Address of the Salt master passed as an argument to the installer.
version
Point release of installer to download. Defaults to the most recent.
arch
Architecture of installer to download. Defaults to win32.
installer_url
URL of minion installer executable. Defaults to the latest version from
https://repo.saltproject.io/windows/
username
Optional user name for login on remote computer.
password
Password for optional username. If omitted, PsExec will prompt for one
to be entered for each host.
CLI Example:
.. code-block:: bash
salt-run manage.bootstrap_psexec hosts='host1,host2'
salt-run manage.bootstrap_psexec hosts='host1,host2' version='0.17' username='DOMAIN\\Administrator'
salt-run manage.bootstrap_psexec hosts='host1,host2' installer_url='http://exampledomain/salt-installer.exe'
"""
if not installer_url:
base_url = "https://repo.saltproject.io/windows/"
source = urllib.request.urlopen(base_url).read()
salty_rx = re.compile(
'>(Salt-Minion-(.+?)-(.+)-Setup.exe)</a></td><td align="right">(.*?)\\s*<'
)
source_list = sorted(
(
[path, ver, plat, time.strptime(date, "%d-%b-%Y %H:%M")]
for path, ver, plat, date in salty_rx.findall(source)
),
key=operator.itemgetter(3),
reverse=True,
)
if version:
source_list = [s for s in source_list if s[1] == version]
if arch:
source_list = [s for s in source_list if s[2] == arch]
if not source_list:
return -1
version = source_list[0][1]
arch = source_list[0][2]
installer_url = base_url + source_list[0][0]
# It's no secret that Windows is notoriously command-line hostile.
# Win 7 and newer can use PowerShell out of the box, but to reach
# all those XP and 2K3 machines we must suppress our gag-reflex
# and use VB!
# The following script was borrowed from an informative article about
# downloading exploit payloads for malware. Nope, no irony here.
# http://www.greyhathacker.net/?p=500
vb_script = """strFileURL = "{0}"
strHDLocation = "{1}"
Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()
If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1
objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0
objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if
Set objXMLHTTP = Nothing
Set objShell = CreateObject("WScript.Shell")
objShell.Exec("{1}{2}")"""
vb_saltexec = "saltinstall.exe"
vb_saltexec_args = " /S /minion-name=%COMPUTERNAME%"
if master:
vb_saltexec_args += f" /master={master}"
# One further thing we need to do; the Windows Salt minion is pretty
# self-contained, except for the Microsoft Visual C++ 2008 runtime.
# It's tiny, so the bootstrap will attempt a silent install.
vb_vcrunexec = "vcredist.exe"
if arch == "AMD64":
vb_vcrun = vb_script.format(
"http://download.microsoft.com/download/d/2/4/d242c3fb-da5a-4542-ad66-f9661d0a8d19/vcredist_x64.exe",
vb_vcrunexec,
" /q",
)
else:
vb_vcrun = vb_script.format(
"http://download.microsoft.com/download/d/d/9/dd9a82d0-52ef-40db-8dab-795376989c03/vcredist_x86.exe",
vb_vcrunexec,
" /q",
)
vb_salt = vb_script.format(installer_url, vb_saltexec, vb_saltexec_args)
# PsExec doesn't like extra long arguments; save the instructions as a batch
# file so we can fire it over for execution.
# First off, change to the local temp directory, stop salt-minion (if
# running), and remove the master's public key.
# This is to accommodate for reinstalling Salt over an old or broken build,
# e.g. if the master address is changed, the salt-minion process will fail
# to authenticate and quit; which means infinite restarts under Windows.
batch = (
"cd /d %TEMP%\nnet stop salt-minion\ndel"
" c:\\salt\\conf\\pki\\minion\\minion_master.pub\n"
)
# Speaking of command-line hostile, cscript only supports reading a script
# from a file. Glue it together line by line.
for x, y in ((vb_vcrunexec, vb_vcrun), (vb_saltexec, vb_salt)):
vb_lines = y.split("\n")
batch += (
"\ndel "
+ x
+ "\n@echo "
+ vb_lines[0]
+ " >"
+ x
+ ".vbs\n@echo "
+ (" >>" + x + ".vbs\n@echo ").join(vb_lines[1:])
+ " >>"
+ x
+ ".vbs\ncscript.exe /NoLogo "
+ x
+ ".vbs"
)
batch_path = tempfile.mkstemp(suffix=".bat")[1]
with salt.utils.files.fopen(batch_path, "wb") as batch_file:
batch_file.write(batch)
for host in hosts.split(","):
argv = ["psexec", "\\\\" + host]
if username:
argv += ["-u", username]
if password:
argv += ["-p", password]
argv += ["-h", "-c", batch_path]
subprocess.call(argv)
Zerion Mini Shell 1.0