saltstack(4)动态pillar


  • pillar和grains一样也是一个数据系统,但是应用场景不同。动态:更改配置文件不用刷新。
  • pillar是将信息动态的存放在master端,主要存放私密、敏感信息(如用 户名密码等),而且可以指定某一个minion才可以看到对应的信息。pillar更加适合在配置管理中运用
  • 官方文档:http://docs.saltstack.cn/topics/pillar/index.html

1.声明pillar

[root@server11 ~]# vim /etc/salt/master#查看pillar基础目录
#pillar_roots:
#  base:
#    - /srv/pillar
[root@server11 ~]# mkdir /srv/pillar
[root@server11 ~]# cd /srv/pillar

在这里插入图片描述在这里插入图片描述

2.自定义pillar项

[root@server11 ~]# cd /srv/pillar
[root@server11 pillar]# vim package.sls
[root@server11 pillar]# cat package.sls 
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
package: apache
{% endif %}
[root@server11 pillar]# vim top.sls
[root@server11 pillar]# cat top.sls #package要与pillar的定义package一致
base:
  '*':
    - package
[root@server11 pillar]# salt '*' saltutil.refresh_pillar#要刷新
[root@server11 pillar]# salt '*' pillar.items
[root@server11 pillar]# salt '*' pillar.item  package

在这里插入图片描述

3.定义变量,引用变量的方法

[root@server11 pillar]# cd /srv/salt/apache/
[root@server11 apache]# ls
files  init.sls
[root@server11 apache]# vim init.sls 

在这里插入图片描述

[root@server11 apache]# cd /srv/pillar/
[root@server11 pillar]# vim package.sls 
[root@server11 pillar]# cat package.sls 
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
port: 8080
bind: 192.168.100.242
{% endif %}
[root@server11 pillar]# salt server12 state.sls apache
#查看效果
[root@server12 ~]# netstat -antlp | grep 8080

在这里插入图片描述

[root@server11 pillar]# vim /srv/salt/apache/init.sls 
#改动:
      bind: {{ grains['ipv4'][-1] }}#直接引用grains变量

在这里插入图片描述

[root@server11 pillar]# vim /srv/salt/apache/files/httpd.conf 
#改动:
Listen {{ bind }}:{{ pillar['port'] }}
[root@server11 pillar]# vim package.sls
[root@server11 pillar]# cat package.sls 
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
port: 80#改成80
bind: 192.168.100.242
{% endif %}
[root@server1 apache]# salt server2 state.sls apache

#查看效果
[root@server12 ~]# netstat -antlp | grep httpd

在这里插入图片描述

jinjia模板使用方式
[root@server11 pillar]# vim /srv/salt/apache/lib.sls
[root@server11 pillar]# cat /srv/salt/apache/lib.sls 
{% set port = 8080 %}

httpd.conf文件里最上方直接引用,这个的优先级优于pillar的port

[root@server11 pillar]# vim /srv/salt/apache/files/httpd.conf 
最上方添加{% from 'apache/lib.sls' import port %}
改动Listen {{ bind }}:{{ port }}
#查看效果,lib.sls的变量优先
[root@server12 ~]# netstat -antlp | grep httpd

在这里插入图片描述

4.高可用.高级推keepalived

4.1安装
[root@server12 ~]# yum list keepalived
keepalived.x86_64                           1.3.5-6.el7  
#挂载镜像,先安装一下keepalived
[root@server11 ~]# cd /srv/salt/
[root@server11 salt]# mkdir keepalived
[root@server11 salt]# cd keepalived/
[root@server11 keepalived]# vim init.sls
[root@server11 keepalived]# cat init.sls 
kp-install:
  pkg.installed:
    - name: keepalived
 
[root@server11 keepalived]# salt server12 state.sls keepalived
配置文件
[root@server11 keepalived]# vim /srv/pillar/package.sls 
[root@server11 keepalived]# cat /srv/pillar/package.sls
{% if grains['fqdn'] == 'server13' %}
package: nginx
state: BACKUP
vrid: 51
pri: 50
{% elif grains['fqdn'] == 'server12' %}
port: 80
bind: 192.168.100.242
state: MASTER
vrid: 51
pri: 100
{% endif %}

在这里插入图片描述

[root@server11 keepalived]# mkdir files
[root@server11 keepalived]# cd files/
[root@server11 files]# pwd
/srv/salt/keepalived/files
[root@server11 files]# scp server12:/etc/keepalived/keepalived.conf .
root@server12's password: 
keepalived.conf   
[root@server11 keepalived]# vim keepalived.conf 
[root@server11 keepalived]# cat keepalived.conf

在这里插入图片描述

[root@server11 files]# cd ..
[root@server11 keepalived]# vim init.sls 
[root@server11 keepalived]# cat init.sls 
kp-install:
  pkg.installed:
    - name: keepalived
  file.managed:
    - name: /etc/keepalived/keepalived.conf
    - source: salt://keepalived/files/keepalived.conf 
    - template: jinja
    - context:
      STATE: {{ pillar['state'] }}
      VRID: {{ pillar['vrid'] }}
      PRI: {{ pillar['pri'] }}
  service.running:
    - name: keepalived
    - enable: true
    - reload: true
    - watch:
      - file: kp-install
[root@server11 keepalived]# vim /srv/salt/top.sls 
[root@server11 keepalived]# cat /srv/salt/top.sls
base:
  'roles:apache':
    - match: grain
    - apache
    - keepalived
  'roles:nginx':
    - match: grain
    - nginx
    - keepalived
[root@server11 keepalived]# vim /srv/salt/apache/files/httpd.conf
删除第一行{% from 'apache/lib.sls' import port %}
改动Listen {{ port }}
[root@server11 keepalived]# salt '*' state.highstate

#查看效果
[root@server12 ~]# ip addr show
inet 192.168.100.100/32 scope global eth0
[root@server11 keepalived]# curl 192.168.100.100
RedHat - server12
192.168.100.242
[root@server13 ~]# netstat -antlp|grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3185/nginx: master
[root@server12 ~]# systemctl stop keepalived.service 
[root@server13 ~]# cat /var/log/messages 
Entering MASTER STATE

在这里插入图片描述在这里插入图片描述在这里插入图片描述

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值