saltstack中grains和pillar的用法
SaltStack_Grains
Grains
1.什么是grains:(静态数据,minion启动时采集)
Grains
Static bits of information that a minioncollects about the system when the minion first starts.
The grains interface is made available toSalt modules and components so that the right salt minion commands areautomatically available on the right systems.
以上是官方的解释,大致意思是说grains是minion第一次启动的时候采集的静态数据,可以用在salt的模块和其他组件中。其实grains在每次的minion启动(重启)的时候都会采集,即向master汇报一次的
应用场景:
grains的特性–每次启动汇报、静态决定了它没有pillar灵活,要知道pillar是随时可变的,只要在master端修改了那一般都会立刻生效的。所以grains更适合做一些静态的属性值的采集,例如设备的角色(role),磁盘个数(disk_num)等诸如此类非常固定的属性。
那么我们就可以得到一个大致的判断,如果你想定义的属性值是经常变化的,那请采用pillar,如果是很固定、不易变的那请用grains
grain和pillar区别
- grains存储的是静态、不常变化的内容,pillar则相反
- grains是存储在minion本地,而pillar存储在master本地
- minion有权限操作自己的grains值,如增加、删除,但minion只能查看自己的pillar,无权修改
grains使用
grains的相关命令:
salt '*' grains.ls #列出grains的所有key
salt ‘*’ grains.items # 查看所有grains信息,查看所有item
salt '*' grains.item fqdn #查看单个item
grains的一些用法
[root@server1 salt]# salt server1 grains.item ipv4 ##查看server1的ipv4的信息
server1:
----------
ipv4:
- 127.0.0.1
- 172.25.1.1
[root@server1 salt]# salt server1 grains.item uuid ##查看server1的uuid
server1:
----------
uuid:
026611d5-381c-42ab-bb83-e307d4e89b1a
[root@server1 salt]# salt server1 grains.item os ##查看server1的os
server1:
----------
os:
RedHat
[root@server1 salt]# salt -G 'os:RedHat' test.ping ##对系统为RedHat的主机进行test.ping方法
server2:
True
server3:
True
server1:
True
[root@server1 ~]# salt -G 'host:server1' cmd.run hostname
#对host为server1的用户执行shell命令hostname
server1:
server1
(1)基于配置文件修改roles
[root@server2 pki]# vim /etc/salt/minion
120 grains:
121 roles:
122 apache
[root@server2 pki]# /etc/init.d/salt-minion restart #重启后minion会将grains同步到master
[root@server1 salt]# salt '*' grains.item roles
server2:
----------
roles:
apache
server3:
----------
roles:
server1:
----------
roles:
(2)基于自定义文件的grains
[root@server3 ~]# cd /etc/salt
[root@server3 salt]# vim grains
roles:
apache
[root@server1 ~]# salt server3 saltutil.sync_grains
#同步server3的grains,不需要重启server3中的salt
[root@server1 ~]# salt '*' grains.item roles
server1:
----------
roles:
server3:
----------
roles:
apache
server2:
----------
roles:
haproxy
pillar的使用
pillar方法
相当于grains的静态参数,pillar可以配置更灵活的参数,熟练的运用pillar可以十分强大的发挥saltatack的威力。pillar是动态参数
(1)开启pillar
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master
694 pillar_roots:
695 base:
696 - /srv/pillar
[root@server1 salt]# mkdir /srv/pillar
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
(2)创建推送脚本
[root@server1 ~]# cd /srv/pillar/
[root@server1 pillar]# mkdir web
[root@server1 pillar]# vim web/install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: haproxy
{% elif grains['fqdn'] == 'server3' %}
webserver: apache
{% elif grains['fqdn'] == 'server4' %}
webserver: nginx
{% endif %}
[root@server1 pillar]# vim top.sls #推送web.install的脚本
base:
'*':
- web.install
(3)刷新所有节点
[root@server1 web]# salt '*' saltutil.refresh_pillar
server3:
True
server2:
True
server1:
True
(4)获取pillar信息
[root@server1 ~]# salt '*' pillar.items
server4:
----------
webserver:
nginx
server3:
----------
webserver:
apache
server2:
----------
webserver:
haproxy
指定信息查询
[root@server1 web]# salt -I 'webserver:nginx' cmd.run hostname
server4:
server4
[root@server1 web]# salt -I 'webserver:httpd' cmd.run hostname
server3:
server3
[root@server1 web]# salt -I 'webserver:haproxy' cmd.run hostname
server2:
server2
查询对应网段中正常的主机
[root@server1 web]# salt -S 172.25.12.0/24 test.ping
server1:
True
server3:
True
server2:
True
jinja模块的使用
{% %}:定义
{{ }}:取值
脚本定义固定端口
[root@server1 httpd]# vim /srv/salt/httpd/install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: 172.25.12.3
port: 8080
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[root@server1 files]# vim /srv/salt/httpd/files/httpd.conf
137 Listen {{ bind }}:{{ port }} # (Listen 172.25.1.3:8080)
[root@server1 files]# salt server3 state.sls apache.install
测试
[root@server3 salt]# netstat -nutlp |grep 8080
tcp 0 0 :::8080 :::* LISTEN 2538/httpd
定义为动态信息
[root@server1 apache ]# vim lib.sls
{% set port = 80 %}
[root@server1 files]# vim /srv/salt/httpd/files/httpd.conf
1 {% from 'apache/lib.sls' import port with context %}
137 Listen {{ port }}
[root@server1 files]# salt server2 state.sls httpd.install
利用grains和prilla推送
grains
[root@server1 httpd]# vim /srv/salt/httpd/install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: {{ grains['ipv4'][-1] }}
port: 8080
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[root@server1 files]# vim /srv/salt/httpd/files/httpd.conf
137 Listen {{ bind }}:{{ port }}
[root@server1 files]# salt server3 state.sls apache.install
pillar方法进行推送
[root@server1 ~]# vim /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: haproxy
{% elif grains['fqdn'] == 'server3' %}
webserver: apache
bind: 172.25.1.3
port: 80
{% elif grains['fqdn'] == 'server4' %}
webserver: nginx
{% endif %}
[root@server1 ~]# cd /srv/salt/apache/file/
[root@server1 file]# vim httpd.conf
136 Listen {{ pillar['bind'] }}:{{ port }}
[root@server1 ~]# salt server3 state.sls apache.install
测试
[root@server3 conf]# netstat -nutlp |grep 8080
tcp 0 0 172.25.1.3:8080 0.0.0.0:* LISTEN 3237/httpd
[root@server3 conf]# vim httpd.conf
136 Listen 172.25.1.3:8080