saltstack pillar
piller组件定义与客户端相关的任何数据(定义在master端),定义好的数据可以被其他组件调用(如state,api)
说通俗了,一句话,就是ansible vars里定义的变量,可以在整个playbook中引用,只不过pillar中只有指定的minion自己能看到自己的数据。
启用piller功能并查看
[root@k8s_master ~]# cat /etc/salt/master |grep -v '^#\|^$' cachedir: /var/cache/salt/master auto_accept: True file_recv: True file_roots: base: - /root
pillar_opts: True #开启pillar功能 pillar_roots: base: - /srv/pillar nodegroups: master1: 'L@k8s_master' agents: 'L@k8s_node1,k8s_node2' [root@k8s_master ~]# systemctl restart salt-master
效果如下
[root@k8s_master ~]# salt 'k8s_master' pillar.data k8s_master: ---------- master: ---------- __role: master auth_mode: 1 auto_accept: True cache_sreqs: True cachedir: /var/cache/salt/master cli_summary: False client_acl: ---------- client_acl_blacklist: ---------- cluster_masters: cluster_mode: paranoid con_cache: False conf_file: /etc/salt/master config_dir: /etc/salt cython_enable: False daemon: False default_include: master.d/*.conf enable_gpu_grains: False enforce_mine_cache: False enumerate_proxy_minions: False environment: None event_return: event_return_blacklist: event_return_queue: 0 event_return_whitelist: ext_job_cache: ext_pillar: extension_modules: /var/cache/salt/extmods external_auth: ---------- failhard: False file_buffer_size: 1048576 file_client: local file_ignore_glob: None file_ignore_regex: None file_recv: True file_recv_max_size: 100 file_roots: ---------- base: - /root fileserver_backend: - roots fileserver_followsymlinks: True fileserver_ignoresymlinks: False fileserver_limit_traversal: False gather_job_timeout: 10 gitfs_base: master gitfs_env_blacklist: gitfs_env_whitelist: gitfs_insecure_auth: False gitfs_mountpoint: gitfs_passphrase: gitfs_password: gitfs_privkey: gitfs_pubkey: gitfs_remotes: gitfs_root: gitfs_user: hash_type: md5 hgfs_base: default hgfs_branch_method: branches hgfs_env_blacklist: hgfs_env_whitelist: hgfs_mountpoint: hgfs_remotes: hgfs_root: id: k8s_master interface: 0.0.0.0 ioflo_console_logdir: ioflo_period: 0.01 ioflo_realtime: True ioflo_verbose: 0 ipv6: False jinja_lstrip_blocks: False jinja_trim_blocks: False job_cache: True keep_jobs: 24 key_logfile: /var/log/salt/key keysize: 2048 log_datefmt: %H:%M:%S log_datefmt_logfile: %Y-%m-%d %H:%M:%S log_file: /var/log/salt/master log_fmt_console: [%(levelname)-8s] %(message)s log_fmt_logfile: %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s][%(process)d] %(message)s log_granular_levels: ---------- log_level: warning loop_interval: 60 maintenance_floscript: /usr/lib/python2.7/site-packages/salt/daemons/flo/maint.flo master_floscript: /usr/lib/python2.7/site-packages/salt/daemons/flo/master.flo master_job_cache: local_cache master_pubkey_signature: master_pubkey_signature master_roots: ---------- base: - /srv/salt-master master_sign_key_name: master_sign master_sign_pubkey: False master_tops: ---------- master_use_pubkey_signature: False max_event_size: 1048576 max_minions: 0 max_open_files: 100000 minion_data_cache: True minionfs_blacklist: minionfs_env: base minionfs_mountpoint: minionfs_whitelist: nodegroups: ---------- agents: L@k8s_node1,k8s_node2 master1: L@k8s_master open_mode: False order_masters: False outputter_dirs: peer: ---------- permissive_pki_access: False pidfile: /var/run/salt-master.pid pillar_opts: True pillar_roots: ---------- base: - /srv/pillar pillar_safe_render_error: True pillar_source_merging_strategy: smart pillar_version: 2 pillarenv: None ping_on_rotate: False pki_dir: /etc/salt/pki/master preserve_minion_cache: False pub_hwm: 1000 publish_port: 4505 publish_session: 86400 queue_dirs: raet_alt_port: 4511 raet_clear_remotes: False raet_main: True raet_mutable: False raet_port: 4506 range_server: range:80 reactor: reactor_refresh_interval: 60 reactor_worker_hwm: 10000 reactor_worker_threads: 10 renderer: yaml_jinja ret_port: 4506 root_dir: / rotate_aes_key: True runner_dirs: saltversion: 2015.5.10 search: search_index_interval: 3600 serial: msgpack show_jid: False show_timeout: True sign_pub_messages: False sock_dir: /var/run/salt/master sqlite_queue_dir: /var/cache/salt/master/queues ssh_passwd: ssh_port: 22 ssh_scan_ports: 22 ssh_scan_timeout: 0.01 ssh_sudo: False ssh_timeout: 60 ssh_user: root state_aggregate: False state_auto_order: True state_events: False state_output: full state_top: salt://top.sls state_top_saltenv: None state_verbose: True sudo_acl: False svnfs_branches: branches svnfs_env_blacklist: svnfs_env_whitelist: svnfs_mountpoint: svnfs_remotes: svnfs_root: svnfs_tags: tags svnfs_trunk: trunk syndic_dir: /var/cache/salt/master/syndics syndic_event_forward_timeout: 0.5 syndic_jid_forward_cache_hwm: 100 syndic_master: syndic_max_event_process_time: 0.5 syndic_wait: 5 timeout: 5 token_dir: /var/cache/salt/master/tokens token_expire: 43200 transport: zeromq user: root verify_env: True win_gitrepos: - https://github.com/saltstack/salt-winrepo.git win_repo: /srv/salt/win/repo win_repo_mastercachefile: /srv/salt/win/repo/winrepo.p worker_floscript: /usr/lib/python2.7/site-packages/salt/daemons/flo/worker.flo worker_threads: 5 zmq_filtering: False
pillar 在sls中的使用
(1)定义pillar的主目录
[root@k8s_master ~]# cat /etc/salt/master |grep -v '^#\|^$' file_roots: base: - /rootpillar_opts: True #开启pillar功能 pillar_roots: #主目录 base: - /srv/pillar [root@k8s_master ~]# systemctl restart salt-master
#创建pillar目录
[root@k8s_master ~]# install -d /srv/pillar
其他参数
(1)pillar 源,salt支持引入pillar外部资源,例如从数据库导入pillar值,默认是关闭的 ext_pillar_first: False
(2)开启pillar gitgs ssl验证
pillar_gitfs_ssl_verify: True
(3)开启pillar render 错误信息
pillar_safe_render_error: True
(4)设置pillar配置合并策略
pillar_source_merging_strategy: smart
(2)定义入口文件top.sls及要引用的变量文件
即定义pillar的数据覆盖被控主机的范围(要执行的主机),'*'代表所有主机,及储存变量的文件(data.sls)
示例及测试:
[root@k8s_master pillar]# pwd /srv/pillar
[root@k8s_master pillar]# ls
data.sls top.sls
[root@k8s_master pillar]# cat top.sls base: '*': - data [root@k8s_master pillar]# cat data.sls appname: master1 flow: maxconn: 30000 maxmem: 1G
#测试
[root@k8s_master pillar]# salt 'k8s_master' pillar.data appname flow k8s_master: ---------- appname: master1 flow: ---------- maxconn: 30000 maxmem: 1G
如果显示不出结果,可用salt 'k8s_master' saltutil.refresh_pillar(saltutil.sync_all) 刷新pillar数据
[root@k8s_master pillar]# salt -I 'appname:master1' test.ping
k8s_master:
True
测试得出的结果可在state/模板等文件引用,引用方式如下:
格式:
{{ pillar变量 }}
#获取appname的值
{{ pillar['appname'] }} (一级字典)
#获取maxconn的值 {{ pillar['flow']['maxconn'] }} (二级字典) {{ salt['pillar.get']('flow:maxconn',{})}}(二级字典)
pillar与jinja和grains的使用示例
[root@k8s_master pillar]# tree
.
├── data.sls
├── package.sls
├── top.sls
└── users
└── init.sls
1 directory, 4 files
[root@k8s_master pillar]# cat users/init.sls
hdfs:
namenode: 192.168.122.201
stadbynode: 192.168.122.202
hbase:
master: 192.168.122.201
[root@k8s_master pillar]# cat top.sls base: '*': - data - package
- test.test ##此处表示根目录下test目录下的test.sls文件(即,/srv/pillar/test/test.sls)【详细见saltstack sls随笔】
- users #此处表示users目录,top.sls会知己恩引用users 目录下的 init.sls(所有)文件 【详细见saltstack sls随笔】
[root@k8s_master pillar]# cat data.sls appname: master1 flow: maxconn: 30000 maxmem: 1G [root@k8s_master pillar]# cat package.sls pkgs: # 模块名称 {% if grains['os'] == 'CentOS' %} # 使用jinja模板,通过grains筛选主机 apache: httpd # 安装包名称 git: git {% elif grains['os'] == 'SUSE' %} apache: apache2 git: git-core {% endif %}
查看结果:
[root@k8s_master pillar]# salt 'k8s_master' saltutil.refresh_pillar #刷新 k8s_master: True [root@k8s_master pillar]# salt 'k8s_master' pillar.items #获取数据 k8s_master: ---------- appname: #data.sls信息 master1 flow: ---------- maxconn: 30000 maxmem: 1G
hbase: ##users目录信息
----------
master:
192.168.122.201
hdfs:
----------
namenode:
192.168.122.201
stadbynode:
192.168.122.202
master: ---------- __role: master auth_mode: ....... pkgs: #package.sls信息 ---------- apache: httpd git: git
#以上蓝色字体为自定义的的pillar数据(变量),黑色字体为自带的pillar数据
Api调用方式
pillar['flow']['maxconn'] pillar.get('flow:appname',{})
