SaltStack数据系统
SaltStack数据系统
SaltStack有两大数据系统,分别是:
- Grains
- Pillar
SaltStack组件之Grains
Grains是SaltStack的一个组件,其存放着minion启动时收集到的信息。
Grains是SaltStack组件中非常重要的组件之一,因为我们在做配置部署的过程中会经常使用它,Grains是SaltStack记录minion的一些静态信息的组件。可简单理解为Grains记录着每台minion的一些常用属性,比如CPU、内存、磁盘、网络信息等。我们可以通过grains.items查看某台minion的所有Grains信息。
Grains的功能:
- 收集资产信息
Grains应用场景:
- 信息查询
- 在命令行下进行目标匹配
- 在top file中进行目标匹配
- 在模板中进行目标匹配
信息查询
[root@server1 ~]# salt 'node1' grains.items
node1:
----------
biosreleasedate: //bios的时间
07/22/2020
biosversion: //bios的版本
6.00
cpu_flags: //cpu相关的属性
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- rep_good
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- cpuid
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- invpcid_single
- ssbd
- ibrs
- ibpb
- stibp
- ibrs_enhanced
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- erms
- invpcid
- avx512f
- avx512dq
- rdseed
- adx
- smap
- avx512ifma
- clflushopt
- clwb
- avx512cd
- sha_ni
- avx512bw
- avx512vl
- xsaveopt
- xsavec
- xgetbv1
- xsaves
- arat
- avx512vbmi
- umip
- pku
- ospke
- avx512_vbmi2
- gfni
- vaes
- vpclmulqdq
- avx512_vnni
- avx512_bitalg
- avx512_vpopcntdq
- rdpid
- movdiri
- movdir64b
- md_clear
- flush_l1d
- arch_capabilities
cpu_model:
11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz
cpuarch:
x86_64
cwd:
/
disks:
- sr0
dns:
----------
domain:
ip4_nameservers:
- 114.114.114.114
ip6_nameservers:
nameservers:
- 114.114.114.114
options:
search:
sortlist:
domain:
efi:
False
efi-secure-boot:
False
fqdn:
node1
fqdn_ip4:
- 192.168.244.135
fqdn_ip6:
- fe80::22a0:ac79:2d1a:18b7
fqdns:
- node1
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
vmware
groupname:
root
host:
node1
hwaddr_interfaces:
----------
ens160:
00:0c:29:36:3e:51
lo:
00:00:00:00:00:00
id:
node1
init:
systemd
ip4_gw:
192.168.244.2
ip4_interfaces:
----------
ens160:
- 192.168.244.135
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens160:
- fe80::22a0:ac79:2d1a:18b7
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens160:
- 192.168.244.135
- fe80::22a0:ac79:2d1a:18b7
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.244.135
ipv6:
- ::1
- fe80::22a0:ac79:2d1a:18b7
kernel:
Linux
kernelparams:
|_
- BOOT_IMAGE
- (hd0,msdos1)/vmlinuz-4.18.0-193.el8.x86_64
|_
- root
- /dev/mapper/rhel-root
|_
- ro
- None
|_
- crashkernel
- auto
|_
- resume
- /dev/mapper/rhel-swap
|_
- rd.lvm.lv
- rhel/root
|_
- rd.lvm.lv
- rhel/swap
|_
- rhgb
- None
|_
- quiet
- None
kernelrelease:
4.18.0-193.el8.x86_64
kernelversion:
#1 SMP Fri Mar 27 14:35:58 UTC 2020
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
timezone:
CST
localhost:
node1
lsb_distrib_codename:
Red Hat Enterprise Linux 8.2 (Ootpa)
lsb_distrib_id:
Red Hat Enterprise Linux
lsb_distrib_release:
8.2
lvm:
----------
rhel:
- home
- root
- swap
machine_id:
c79e2798e118482c81cd18a8552b825c
manufacturer:
VMware, Inc.
master:
192.168.244.131
mdadm:
mem_total:
1800
nodename:
node1
num_cpus:
2
num_gpus:
1
os:
RedHat
os_family:
RedHat
osarch:
x86_64
oscodename:
Ootpa
osfinger:
Red Hat Enterprise Linux-8
osfullname:
Red Hat Enterprise Linux
osmajorrelease:
8
osrelease:
8.2
osrelease_info:
- 8
- 2
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
1568
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python3.6
pythonpath:
- /usr/bin
- /usr/lib64/python36.zip
- /usr/lib64/python3.6
- /usr/lib64/python3.6/lib-dynload
- /usr/lib64/python3.6/site-packages
- /usr/lib/python3.6/site-packages
pythonversion:
- 3
- 6
- 8
- final
- 0
saltpath:
/usr/lib/python3.6/site-packages/salt
saltversion:
3004
saltversioninfo:
- 3004
selinux:
----------
enabled:
True
enforced:
Enforcing
serialnumber:
VMware-56 4d 36 48 63 d4 91 d7-a6 f1 c2 aa 2e 36 3e 51
server_id:
1797241226
shell:
/bin/sh
ssds:
- nvme0n1
swap_total:
2091
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy
version:
239
systempath:
- /usr/local/sbin
- /usr/local/bin
- /usr/sbin
- /usr/bin
transactional:
False
uid:
0
username:
root
uuid:
48364d56-d463-d791-a6f1-c2aa2e363e51
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.3.4
查询某个key值,获取IP
[root@server1 ~]# salt '*' grains.get fqdn_ip4
node2:
- 192.168.244.137
node3:
- 192.168.244.138
node1:
- 192.168.244.135
server1:
- 192.168.244.131
[root@server1 ~]# salt '*' grains.get ip4_interfaces
node3:
----------
ens160:
- 192.168.244.138
lo:
- 127.0.0.1
node2:
----------
ens160:
- 192.168.244.137
lo:
- 127.0.0.1
node1:
----------
ens160:
- 192.168.244.135
lo:
- 127.0.0.1
server1:
----------
ens160:
- 192.168.244.131
lo:
- 127.0.0.1
[root@server1 ~]# salt '*' grains.get ip4_interfaces:ens160
server1:
- 192.168.244.131
node3:
- 192.168.244.138
node2:
- 192.168.244.137
node1:
- 192.168.244.135
目标匹配实例:
用Grains
来匹配minion
:
[root@server1 ~]# salt -G 'os:RedHat' cmd.run 'uptime'
node3:
18:43:03 up 9 min, 2 users, load average: 0.01, 0.07, 0.07
server1:
18:43:03 up 9 min, 2 users, load average: 0.04, 0.19, 0.16
node2:
18:43:03 up 9 min, 2 users, load average: 0.03, 0.15, 0.13
node1:
18:43:03 up 9 min, 2 users, load average: 0.12, 0.22, 0.16
自定义Grains的两种方法:
- minion配置文件,在配置文件中搜索grains
- 在/etc/salt下生成一个grains文件,在此文件中定义(推荐方式)
[root@server1 ~]# cat /etc/salt/grains
test-grains: linux-node1
[root@server1 ~]# salt '*' grains.get test-grains
server1:
linux-node1
node1:
node3:
node2:
不重启的情况下自定义Grains
:
[root@server1 ~]# cat /etc/salt/grains
test-grains: linux-node1
wy: YYDS!!
[root@server1 ~]# salt '*' saltutil.sync_grains
node1:
node3:
node2:
server1:
[root@server1 ~]# salt '*' grains.get wy
node2:
node1:
node3:
server1:
YYDS!!
SaltStack组件之Pillar
Pillar也是SaltStack组件中非常重要的组件之一,是数据管理中心,经常配置states在大规模的配置管理工作中使用它。Pillar在SaltStack中主要的作用就是存储和定义配置管理中需要的一些数据,比如软件版本号、用户名密码等信息,它的定义存储格式与Grains类似,都是YAML格式。
在Master配置文件中有一段Pillar settings选项专门定义Pillar相关的一些参数:
#pillar_roots:
# base:
# - /srv/pillar
创建目录
[root@server1 ~]# mkdir /srv/pillar
[root@server1 ~]# systemctl restart salt-minion
默认Base环境下Pillar的工作目录在/srv/pillar目录下。若你想定义多个环境不同的Pillar工作目录,只需要修改此处配置文件即可。
Pillar的特点:
- 可以给指定的minion定义它需要的数据
- 只有指定的人才能看到定义的数据
- 在master配置文件里设置
[root@server1 ~]# salt '*' pillar.items
node1:
----------
server1:
----------
node3:
----------
node2:
----------
默认pillar
是没有任何信息的,如果想查看信息,需要在 master 配置文件上把 pillar_opts
的注释取消,并将其值设为 True。
# master config file that can then be used on minions.
pillar_opts: true
[root@server1 ~]# systemctl restart salt-master
[root@server1 ~]# salt '*' pillar.items
server1:
----------
master:
----------
__cli:
salt-master
__role:
master
allow_minion_key_revoke:
True
archive_jobs:
False
auth_events:
........
pillar自定义数据:
在master的配置文件里找pillar_roots可以看到其存放pillar的位置
[root@server1 ~]# vim /etc/salt/master
#pillar_roots:
# base:
# - /srv/pillar
#
#ext_pillar:
# - hiera: /etc/hiera.yaml
# - cmd_yaml: cat /etc/salt/yaml
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
[root@server1 ~]# mkdir -p /srv/pillar/{base,prod}
[root@server1 ~]# tree /srv/pillar/
/srv/pillar/
|-- base
`-- prod
2 directories, 0 files
[root@server1 ~]# cat /srv/pillar/base/apache.sls
{% if grains['os'] == 'RedHat' %}
apache: httpd
{% elif grains['os'] == 'Debian' %}
apache: apache2
{% endif %}
//定义top file入口文件
[root@server1 ~]# cat /srv/pillar/base/top.sls
base:
'node1':
- apache
[root@server1 ~]# salt 'node1' pillar.items
node1:
----------
apache:
httpd
master:
----------
__cli:
salt-master
__role:
//在salt下修改apache的状态文件,引用pillar的数据
[root@server1 ~]# cat /srv/salt/base/web/apache/apache.sls
apache-install:
pkg.installed:
- name: {{ pillar['apache'] }}
apache-service:
service.running:
- name: {{ pillar['apache'] }}
- enable: True
//执行高级状态文件
[root@server1 ~]# salt 'node1' state.highstatenode1:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 19:07:45.668778
Duration: 636.19 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 19:07:46.317796
Duration: 75.799 ms
Changes:
Summary for node1
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 711.989 ms
Grains与Pillar的区别
存储位置 | 类型 | 采集方式 | 应用场景 | |
---|---|---|---|---|
Grains | minion | 静态 | minion启动时采集 可通过刷新避免重启minion服务 | 1.信息查询 2.在命令行下进行目标匹配 3.在top file中进行目标匹配 4.在模板中进行目标匹配 |
Pillar | master | 动态 | 指定,实时生效 | 1.目标匹配 2.敏感数据配置 |