pillar
pillar和grains一样也是一个数据系统,但是应用场景不同。
pillar是将信息动态的存放在master端,主要存放私密、敏感信息(如用户名密码等),而且可以指定某一个minion才可以看到对应的信息。
pillar更加适合在配置管理中运用。
实验前查看是否建立连接:
salt '*' test.ping
lsof -i :4505
mkdir /srv/pillar
vim top.sls
base:
'*':
- package
vim package.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
package: mairadb
{% endif %}
salt '*' pillar.items
salt '*' saltutil.refresh_pillar
salt '*' pillar.items package
salt -I package:httpd test.ping
vim /srv/pillar/package.sls
{% if grains['fqdn'] == 'server3' %}
package: nginx
{% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 192.168.3.202
{% endif %}
vim /srv/salt/apache/init.sls
apache:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- source: salt://apache/files/httpd.conf
- name: /etc/httpd/conf/httpd.conf
- template: jinja
- context:
port: {{ pillar['port'] }}
bind: {{ grains['ipv4'][-1] }}
service.running:
- name: httpd
- enable: true
- watch:
- file: apache
改变httpd端口
vim /srv/salt/apache/lib.sls
{% set port = 8080 %}
vim /srv/salt/apache/files/httpd.conf
{% from 'apache/lib.sls' import port %}
Listen {{ bind }}:{{ port }}
测试:
salt server2 state.sls apache
keepalived
添加虚拟ip
cd /srv/salt/
mkdir keepalived
cd keepalived
vim init.sls
kp-install:
pkg.installed:
- name: keepalived
安装:
salt server2 state.sls. keepalived
vim /srv/pillar/package.sls
{% if grains['fqdn'] == 'server3' %}
package: nginx
state: BACKUP
vrid: 51
pri: 50
{% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 192.168.3.202
state: MASTER
vrid: 51
pri: 100
{% endif %}
mkdir /srv/salt/keepalived/files
cd /srv/salt/keepalived/files
scp server2:/etc/keepalived/keepalived.conf .
vim keepalived.conf .
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRI }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.100
}
}
vim /srv/salt/top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- nginx
- keepalived
测试:
salt '*' state.highstate
访问此ip
把之前改的httpd端口恢复为80
vim /srv/salt/apache/files/httpd.conf
删除之前在第一行所添加的内容
Listen {{ port }}
vim /srv/salt/apache/init.sls
/var/www/html/index.html:
file.managed:
- source: salt://apache/files/index.html
- template: jinja
- context:
NAME: {{ grains['ipv4'][-1] }}
[root@server1 apache]# salt '*' state.highstate
[root@server1 apache]# curl 192.168.3.202
[root@server1 apache]# salt server2 grains.item ipv4