SaltStack基础 - 05grains与pillar
一、概述
| 数据系统 | 类型 | 数据采集方式 | 应用场景 | 定义位置 |
|---|---|---|---|---|
| Grains | 静态 | minion启动时收集 | 数据查询、目标选择、配置管理 | minion |
| Pillar | 动态 | master自定义 | 敏感数据、目标选择、配置管理 | master |
二、grains
salt的grains主要是存储静态的数据,主要是minion端的一些数据,比如hostname、内存大小、IP、CPU等一些数据,主要是存储在minion端的。
minion在启动时会读取grains数据,如果有新的grains数据需要重启minion服务,或者在master端使用salt的命令进行刷新。
[root@cl-server ~]# salt cl-node01 sys.doc grains
2.1 查看minion端所有的grains项
[root@cl-server salt]# salt cl-node01 grains.ls
cl-node01:
- SSDs
- auto
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- cwd
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- fqdns
- gid
- gpus
- groupname
- hello
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- node01
- node02
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- salt
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
2.2 查看grains信息
### 查看所有的grains信息
[root@cl-server salt]# salt cl-node01 grains.items
[root@cl-server salt]# salt cl-node01 grains.item nodename
cl-node01:
----------
nodename:
cl-node01
[root@cl-server salt]# salt cl-node01 grains.item ip4_interfaces:ens33
cl-node01:
----------
ip4_interfaces:ens33:
- 192.168.234.11
[root@cl-server ~]# salt 'cl-node03' grains.item gpus
cl-node03:
----------
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
vmware
[root@cl-server ~]# salt 'cl-node03' grains.item gpus:vendor
cl-node03:
----------
gpus:vendor:
vmware
### grains.item 与 grains.get
[root@cl-server salt]# salt cl-node01 grains.item cpu_model
cl-node01:
----------
cpu_model:
Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
[root@cl-server salt]# salt cl-node01 grains.get cpu_model
cl-node01:
Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
2.3 使用grains配置项
[root@cl-server test]# cat test_grains.conf.j2
server {
server_name {{ grains['fqdn'] }};
server_address {{ grains['fqdn_ip4'] }};
server_address2 {{ grains['ip4_interfaces']['ens33'][0] }}:8080;
}
[root@cl-server test]# cat copy_file_jinja2.sls
copy_file_jinja2:
file.managed:
- name: /tmp/test_grains.conf
- source: salt://test/test_grains.conf.j2
- user: root
- group: root
- mode: 644
- template: jinja
- backup: minion
[root@cl-server test]# salt cl-node01 state.sls test/copy_file_jinja2
[root@cl-node01 tmp]# cat test_grains.conf
server {
server_name cl-node01;
server_address [u'192.168.234.11'];
server_address2 192.168.234.11:8080;
}
2.4 自定义grains
在salt主目录下,新建_grains文件夹
### 1. 使用python脚本
[root@cl-server _grains]# cat test.py
#!/usr/bin/env python
def my_grains():
grains = {}
grains['hello'] = 'world'
grains['salt'] = 'stack'
return grains
[root@cl-server _grains]# salt cl-node01 saltutil.sync_grains
cl-node01:
- grains.test
[root@cl-server _grains]# cat node02.py
#!/usr/bin/env python
def my_grains():
grains = {}
grains['node02'] = 'node02'
grains['auto'] = 'autodas'
return grains
[root@cl-server _grains]# salt cl-node02 saltutil.sync_grains
cl-node02:
- grains.node02
- grains.test
[root@cl-server _grains]# salt '*' grains.item auto
cl-node02:
----------
auto:
autodas
cl-node01:
----------
auto:
cl-node03:
----------
auto:
### 2. 使用grains模块
[root@cl-server ~]# salt 'cl-node02' grains.setval host_type slave02 cl-node02: ---------- host_type: slave02 [root@cl-server ~]# salt 'cl-node02' grains.item host_type cl-node02: ---------- host_type: slave02 [root@cl-server ~]# salt 'cl-node02' grains.delval host_type cl-node02: None [root@cl-server ~]# salt 'cl-node02' grains.setval list_work "['master','data','cordinate']" ### 3. 将数据添加到minion端的/etc/salt/grains中 [root@cl-node02 salt]# cat /etc/salt/grains host_type: null list_work: - master - data - cordinate 在minion端手动修改/etc/salt/grains,添加项目后,在master端进行刷新 salt '*' saltutil.sync_grains grains优先级:/etc/salt/minion.d/grains.conf (或/etc/salt/minion) > /etc/salt/grains配置中的优先级。
三、pillar组件
Pillar是在salt 0.9.8版本后才添加的功能组件。
它跟grains的结构一样,也是一个字典格式,数据通过key/value的格式进行存储。
在Salt的设计中,Pillar使用独立的加密session,所以Pillar可以用来传递敏感的数据,例如ssh-key,加密证书。
3.1 开启pillar配置
[root@cl-server salt]# vi /etc/salt/master
# Salt Pillars allow for the building of global data that can be made selectively
# available to different minions based on minion grain filtering. The Salt
# Pillar is laid out in the same fashion as the file server, with environments,
# a top file and sls files. However, pillar data does not need to be in the
# highstate format, and is generally just key/value pairs.
#pillar_roots:
# base:
# - /srv/pillar
#
#ext_pillar:
# - hiera: /etc/hiera.yaml
# - cmd_yaml: cat /etc/salt/yaml
pillar_roots:
base:
- /application/salt/pillar
# The pillar_opts option adds the master configuration file data to a dict in
# the pillar called "master". This is used to set simple configurations in the
# master config file that can then be used on minions.
#pillar_opts: False
pillar_opts: True
3.2 配置pillar
### 在pillar的主目录下 创建top.sls
[root@cl-server pillar]# tree
.
├── top.sls
└── web
└── install.sls
[root@cl-server pillar]# cat top.sls
base:
'*':
- web.install
### 创建添加pillar的sls脚本
[root@cl-server web]# cat install.sls
{% if grains['fqdn'] == 'cl-node01' %}
webserver: httpd
{% elif grains['fqdn'] == 'cl-node02' %}
webserver: nginx
{% endif %}
### 推送执行,更新pillar
[root@cl-server pillar]# salt '*' saltutil.refresh_pillar
[root@cl-server pillar]# salt '*' pillar.item webserver
cl-node02:
----------
webserver:
nginx
cl-node03:
----------
webserver:
cl-node01:
----------
webserver:
httpd
3.3 pillar 主机标签
[root@cl-server pillar]# tree
.
├── lvsserver.sls
├── top.sls
└── web
└── install.sls
[root@cl-server pillar]# cat lvsserver.sls
lvsserver: lvsserver
[root@cl-server pillar]# cat top.sls
base:
'*':
- web.install
'cl-node01':
- lvsserver
[root@cl-server pillar]# salt '*' saltutil.refresh_pillar
[root@cl-server pillar]# salt -I lvsserver:lvsserver cmd.run 'hostname'
cl-node01:
cl-node01
3.4 在sls文件中使用pillar
### 使用pillar在不同的服务器,使用不同的命令创建指定用户
[root@cl-server pillar]# cat useradd_pillar.sls
useradd:
{% if grains['fqdn'] == 'cl-node01' %}
name: useradd user-pillar
{% elif grains['fqdn'] == 'cl-node02' %}
name: useradd user-other
{% endif %}
[root@cl-server pillar]# cat top.sls
base:
'*':
- web.install
- useradd_pillar
'cl-node01':
- lvsserver
[root@cl-server pillar]# salt '*' saltutil.refresh_pillar
### 查看定义的pillar
[root@cl-server pillar]# salt cl-node01 pillar.item useradd
cl-node01:
----------
useradd:
----------
name:
useradd user-pillar
[root@cl-server pillar]# salt cl-node02 pillar.item useradd
cl-node02:
----------
useradd:
----------
name:
useradd user-other
### 在stats文件中使用自定义pillar
[root@cl-server salt]# cat useradd.sls
useradd:
cmd.run:
- name: {{ pillar['useradd']['name'] }}
- unless: id admin
[root@cl-server salt]# salt '*' state.sls useradd
cl-node02:
----------
ID: useradd
Function: cmd.run
Name: useradd user-other
Result: True
Comment: Command "useradd user-other" run
Started: 12:00:48.777641
Duration: 40.444 ms
Changes:
----------
pid:
1852
retcode:
0
stderr:
stdout:
Summary for cl-node02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 40.444 ms
cl-node01:
----------
ID: useradd
Function: cmd.run
Name: useradd user-pillar
Result: True
Comment: Command "useradd user-pillar" run
Started: 12:00:48.936319
Duration: 43.32 ms
Changes:
----------
pid:
14110
retcode:
0
stderr:
stdout:
Summary for cl-node01
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 43.320 ms
### 使用索引调用: pillar['pkgs']['apache']
### 使用get方法调用: pillar.get('users', {})
syslog:
pkg.installed:
- name: {{ pillar['pkgs']['apache'] }}
apache:
pkg.installed:
- name: {{ salt['pillar.get']('pkgs:apache', 'httpd') }}
