1. 简介
- pillar和grains一样时一个数据系统,但是应用场景不同
- grains在存放在minion端,pillar放在master端,自动生效,主要存放敏感私密信息(如密码)等,指定的minion端才能看到对应信息
- 所以更适合在配置管理中使用
2. 声明pillar
pillar官方文档:link
1.定义pillar基础目录
配置目录:/etc/salt/master
新建声明文件夹
mkdir /srv/pillar
2.若更改默认路径,需重启salt-master服务:
# /etc/init.d/salt-master restart
3.自定义pillar项(变量引入方法)
3.1 通过sls程序
cat top.sls package.sls
base:
'*':
- package
{% if grains['fqdn'] == 'server3' %}
package: nginx
{% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 172.25.0.2
{% endif %}
salt '*' pillar.items
刷新pillar:salt '*' saltutil.refresh_pillar
vim /srv/salt/apache/files/httpd.conf
Listen {{ bind }}:{{ port }}
vim /srv/salt/apache/init.sls
apache:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- source: salt://apache/files/httpd.conf
- name: /etc/httpd/conf/httpd.conf
- template: jinja
- context:
port: {{ pillar['port'] }}
bind: {{ grains['ipv4'][-1] }} name: httpd
- enable: true
- watch:
- file: apache
#/etc/httpd/conf/httpd.conf:
# file.managed:
# - source: salt://apache/files/httpd.conf
3.2 通过外部文件导入参数
注:自定义文件和pillar的优先级以最后写入先后为准
4.keepalived
1.在server2上装keepalived
2.在/srv/salt/keeplived/files
下拷贝server2上的配置文件:
scp server2:/etc/keepalived/keepalived.conf .
编辑配置文件:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRI }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.0.100
}
}
编辑主推文件:
vim keepalived/init.sls
kp-install:
pkg.installed:
- name: keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid'] }}
PRI: {{ pillar['pri'] }}
service.running:
- name: keepalived
- enable: true
- reload: true
- watch:
- file: kp-install
cat top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- nginx
- keepalived
salt '*' state.highstate