数据系统-Pillar
grains的特性–每次启动汇报、静态决定了它没有pillar灵活,要知道pillar是随时可变的,只要在master端修改了那一般都会立刻生效的。
如果你想定义的属性值是经常变化的,那请采用pillar,如果是很固定、不易变的那请用grains。
grain和pillar区别
1.grains存储的是静态、不常变化的内容,pillar则相反
2.grains是存储在minion本地,而pillar存储在master本地
3.minion有权限操作自己的grains值,如增加、删除,但minion只能查看自己的pillar,无权修改
[root@master pillar]# salt '*' pillar.items minion01: ---------- minion02: ---------- [root@master pillar]#
vim /etc/salt/master
第552行
# The pillar_opts option adds the master configuration file data to a dict in # the pillar called "master". This is used to set simple configurations in the # master config file that can then be used on minions. #pillar_opts: False
取消注释,把False改成True
# The pillar_opts option adds the master configuration file data to a dict in # the pillar called "master". This is used to set simple configurations in the # master config file that can then be used on minions. pillar_opts: True
重启master服务
[root@master pillar]# /etc/init.d/salt-master restart Stopping salt-master daemon: [ OK ] Starting salt-master daemon: [ OK ] [root@master pillar]#
查看默认的pillar信息
[root@master pillar]# salt 'minion01' pillar.items minion01: ---------- master: ---------- __role: master auth_mode: 1 auto_accept: False cache_sreqs: True cachedir: /var/cache/salt/master cli_summary: False client_acl: ---------- client_acl_blacklist: ---------- cluster_masters: cluster_mode: paranoid con_cache: False conf_file: /etc/salt/master config_dir: /etc/salt cython_enable: False daemon: True default_include: master.d/*.conf enable_gpu_grains: False enforce_mine_cache: False enumerate_proxy_minions: False environment: None event_return: event_return_blacklist: event_return_queue: 0 event_return_whitelist: ext_job_cache: ext_pillar: extension_modules: /var/cache/salt/extmods external_auth: ---------- failhard: False file_buffer_size: 1048576 file_client: local file_ignore_glob: None file_ignore_regex: None file_recv: False file_recv_max_size: 100 file_roots: ---------- base: - /srv/salt fileserver_backend: - roots fileserver_followsymlinks: True fileserver_ignoresymlinks: False fileserver_limit_traversal: False gather_job_timeout: 10 gitfs_base: master gitfs_env_blacklist: gitfs_env_whitelist: gitfs_insecure_auth: False gitfs_mountpoint: gitfs_passphrase: gitfs_password: gitfs_privkey: gitfs_pubkey: gitfs_remotes: gitfs_root: gitfs_user: hash_type: md5 hgfs_base: default hgfs_branch_method: branches hgfs_env_blacklist: hgfs_env_whitelist: hgfs_mountpoint: hgfs_remotes: hgfs_root: id: minion01 interface: 0.0.0.0 ioflo_console_logdir: ioflo_period: 0.01 ioflo_realtime: True ioflo_verbose: 0 ipv6: False jinja_lstrip_blocks: False jinja_trim_blocks: False job_cache: True keep_jobs: 24 key_logfile: /var/log/salt/key keysize: 2048 log_datefmt: %H:%M:%S log_datefmt_logfile: %Y-%m-%d %H:%M:%S log_file: /var/log/salt/master log_fmt_console: [%(levelname)-8s] %(message)s log_fmt_logfile: %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s][%(process)d] %(message)s log_granular_levels: ---------- log_level: debug loop_interval: 60 maintenance_floscript: /usr/lib/python2.6/site-packages/salt/daemons/flo/maint.flo master_floscript: /usr/lib/python2.6/site-packages/salt/daemons/flo/master.flo master_job_cache: local_cache master_pubkey_signature: master_pubkey_signature master_roots: ---------- base: - /srv/salt-master master_sign_key_name: master_sign master_sign_pubkey: False master_tops: ---------- master_use_pubkey_signature: False max_event_size: 1048576 max_minions: 0 max_open_files: 100000 minion_data_cache: True minionfs_blacklist: minionfs_env: base minionfs_mountpoint: minionfs_whitelist: nodegroups: ---------- lamp: L@minion01,minion02 lnmp: minion02 open_mode: False order_masters: False outputter_dirs: peer: ---------- permissive_pki_access: False pidfile: /var/run/salt-master.pid pillar_opts: True pillar_roots: ---------- base: - /srv/pillar pillar_safe_render_error: True pillar_source_merging_strategy: smart pillar_version: 2 pillarenv: None ping_on_rotate: False pki_dir: /etc/salt/pki/master preserve_minion_cache: False pub_hwm: 1000 publish_port: 4505 publish_session: 86400 queue_dirs: raet_alt_port: 4511 raet_clear_remotes: False raet_main: True raet_mutable: False raet_port: 4506 range_server: range:80 reactor: reactor_refresh_interval: 60 reactor_worker_hwm: 10000 reactor_worker_threads: 10 renderer: yaml_jinja ret_port: 4506 root_dir: / rotate_aes_key: True runner_dirs: saltversion: 2015.5.10 search: search_index_interval: 3600 serial: msgpack show_jid: False show_timeout: True sign_pub_messages: False sock_dir: /var/run/salt/master sqlite_queue_dir: /var/cache/salt/master/queues ssh_passwd: ssh_port: 22 ssh_scan_ports: 22 ssh_scan_timeout: 0.01 ssh_sudo: False ssh_timeout: 60 ssh_user: root state_aggregate: False state_auto_order: True state_events: False state_output: full state_top: salt://top.sls state_top_saltenv: None state_verbose: True sudo_acl: False svnfs_branches: branches svnfs_env_blacklist: svnfs_env_whitelist: svnfs_mountpoint: svnfs_remotes: svnfs_root: svnfs_tags: tags svnfs_trunk: trunk syndic_dir: /var/cache/salt/master/syndics syndic_event_forward_timeout: 0.5 syndic_jid_forward_cache_hwm: 100 syndic_master: syndic_max_event_process_time: 0.5 syndic_wait: 5 timeout: 5 token_dir: /var/cache/salt/master/tokens token_expire: 43200 transport: zeromq user: root verify_env: True win_gitrepos: - https://github.com/saltstack/salt-winrepo.git win_repo: /srv/salt/win/repo win_repo_mastercachefile: /srv/salt/win/repo/winrepo.p worker_floscript: /usr/lib/python2.6/site-packages/salt/daemons/flo/worker.flo worker_threads: 5 zmq_filtering: False [root@master pillar]#
用处不大,关闭即可
自定义pillar信息,pillar也有自己的file_root
vim /etc/salt/master
找到529行,取消这3行的注释
##### Pillar settings ##### ########################################## # Salt Pillars allow for the building of global data that can be made selectively # available to different minions based on minion grain filtering. The Salt # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. pillar_roots: base: - /srv/pillar
重启服务,创建目录
[root@master pillar]# vim /etc/salt/master [root@master pillar]# /etc/init.d/salt-master restart Stopping salt-master daemon: [ OK ] Starting salt-master daemon: [ OK ] [root@master pillar]# mkdir /srv/pillar -p [root@master pillar]#
pillar和grains的base目录是两回事不要弄混了,它们都有自己的base目录
自定义一些pillar信息
结合jinja语法和grains信息,jinja语法是一种语法格式,具体的可以查看jinja语法这篇笔记,难度不大,容易懂
操作如下,另外它也有自己的top.sls入口文件,在自己的base目录下
[root@master ~]# salt '*' pillar.items minion02: ---------- minion01: ---------- [root@master ~]# cd /srv/pillar/ [root@master pillar]# ls packages.sls top.sls [root@master pillar]# cat packages.sls {% if grains['os'] == 'CentOS' %} apache: httpd git: git {% elif grains['os'] == 'Debian' %} apache: apache2 git: git-core {% endif %} [root@master pillar]# cat top.sls base: minion02: - packages [root@master pillar]#
上面我们设置了,给centos系统设置pillar信息
让apache的显示httpd
git显示git
然后通过top.sls只给minion02执行这个pillar信息
[root@master pillar]# salt '*' pillar.items minion01: ---------- minion02: ---------- apache: httpd git: git [root@master pillar]#
修改下文件,这样下次管理很多minion的时候,安装包时,就可以根据不同系统执行不同的安装操作了
[root@master pillar]# cat packages.sls {% if grains['os'] == 'CentOS' %} apache: httpd {% elif grains['os'] == 'Debian' %} apache: apache2 {% endif %} [root@master pillar]# cat top.sls base: '*': - packages [root@master pillar]# salt '*' pillar.items minion02: ---------- apache: httpd minion01: ---------- apache: httpd [root@master pillar]#
还可以通过pillar信息,然后在命令行远程执行test.ping找出哪些机器是centos系统的
看到下面minion01是不是无响应,是因为pillar信息是在master上定义的,所以上面执行pillar.items能显示就是因为信息在master上,但是没有刷新到minion上呢
[root@master pillar]# salt -I 'apache:httpd' test.ping minion02: True minion01: Minion did not return. [No response] [root@master pillar]#
所以每次定义完pillar信息,需要先刷新到minion上,再执行命令
如下刷新方法
[root@master pillar]# salt '*' saltutil.refresh_pillar minion02: True minion01: True [root@master pillar]# salt -I 'apache:httpd' test.ping minion02: True minion01: True [root@master pillar]#