grains
作为运维的小白,一些专业名词在使用不对地方,请见谅希望提出宝贵意见
GRAINS 组件是saltstack中非常重要的一个组件,其主要用于记录Minion的一些静态信息,如比:CPU、内存、磁盘、网络等。grains信息是每次客户端启动后自动上报给master的,一旦这些静态信息发生改变需要重启minion 或者 重新同步下 grains。除此之外我们还可以自定义Grains的一些信息。自定义的方法有三种:1、通过Minion配置文件定义;2、通过Grains相关模块定义;3、通过python脚本定义。
[root@server1 salt]# salt server2 grains.items
###查看server2的grains详细信息###
基本操作
###查看server2的os操作系统###
[root@server1 salt]# salt server2 grains.item os
server2:
----------
os:
RedHat
[root@server1 salt]# salt server2 grains.item fqdn
server2:
----------
fqdn:
server2
###通过系统定义的grains对服务器进行操作###
[root@server1 salt]# salt -G 'os:RedHat' test.ping
server2:
True
server3:
True
server1:
True
[root@server1 salt]# salt -G 'fqdn:server1' test.ping
server1:
True
server2的grains重新命令:
###通过配置文件对grains重新命名###
[root@server2 minion]# cd /etc/salt/
[root@server2 salt]# vi minion
120 grains:
121 roles:
122 - apache
[root@server2 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server2 daemon: OK
Starting salt-minion:root:server2 daemon: OK
查看:
[root@server1 salt]# salt server2 grains.item roles
server2:
----------
roles:
- apache
[root@server2 salt]# pwd
/etc/salt
[root@server2 salt]# vim grains
[root@server2 salt]# cat grains
hello: inihao
[root@server2 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server2 daemon: OK
Starting salt-minion:root:server2 daemon: OK
server1查看:
[root@server1 salt]# salt server2 grains.item hello
server2:
----------
hello:
inihao
[root@server2 salt]# vim grains
[root@server2 salt]# cat grains
hello: inihao
salt: stack
[root@server2 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server2 daemon: OK
Starting salt-minion:root:server2 daemon: OK
server1查看:
[root@server1 salt]# salt server2 saltutil.sync_grains
server2:
[root@server1 salt]# salt server2 grains.item salt
server2:
----------
salt:
stack
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# vim top.sls
base:
'server1':
- haproxy.install
'roles:apache':
- match: grain
- httpd.service
'server3':
- nginx.service
[root@server1 salt]# salt '*' state.highstate
自定义grains模块
[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# vim my_grains.py
#!/usr/bin/env python
def my_grains():
grains = {};
grains['name'] = 'redhat'
return grains
[root@server1 _grains]# salt server2 saltutil.sync_grains
server2:
- grains.my_grains
[root@server1 _grains]# salt server2 grains.item name
server2:
----------
name:
redhat
定义pillar
• Pillar也是saltstack最重要的组件之一
• 作用是定义与被控主机相关的任何数据,定义好的数据可以被其他组件使用
• 存储在master端,存放需要提供给minion的信息
• 常用于敏感信息,每个minion只能访问master分配给自己的pillar信息
• 用于经常动态变化的信息
[root@server1 salt]# vim master
694 pillar_roots:
695 base:
696 - /srv/pillar
[root@server1 salt]# mkdir /srv/pillar
[root@server1 salt]# cd /srv/pillar
[root@server1 pillar]# /etc/init.d/salt-master restart
[root@server1 pillar]# mkdir wed
[root@server1 pillar]# cd wed/
[root@server1 wed]# pwd
/srv/pillar/wed
[root@server1 wed]# vim install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% endif %}
[root@server1 pillar]# vim top.sls
base:
'*':
- web.install
[root@server1 pillar]# salt '*' saltutil.refresh_pillar
server2:
True
server3:
True
server1:
True
[root@server1 pillar]# salt '*' pillar.items
server1:
----------
server2:
----------
webserver:
httpd
server3:
----------
webserver:
nginx
###再将server1添加prillar###
[root@server1 pillar]# vim web/install.sls
内容:
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}
###查看自定义prillar###
[root@server1 pillar]# salt '*' pillar.items
server3:
----------
webserver:
nginx
server2:
----------
webserver:
httpd
server1:
----------
webserver:
haproxy
###利用自定义的prillas进行相关操作###
[root@server1 pillar]# salt -I 'webserver:nginx' cmd.run hostname
server3:
server3
17.[root@server1 pillar]# salt -S 172.25.14.0/24 test.ping
server3:
True
server2:
True
server1:
True
jinja模块使用
在jinja模块里面{% %}含义为定义变量,而{ { } } 含义为取值
Jinja是基于Python的模板引擎
在saltstack中我们使用yaml_jinja渲染器来根据模板生产对应的配置文件
对于不同的操作系统或者不同的情况,通过jinja可以让配置文件或者操作形成一种模板的编写方式
[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# vim service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja ####定义jinja模块
- context: ###定义port端口为8080
port: 8080
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 files]# pwd
/srv/salt/httpd/files
[root@server1 files]# vim httpd.conf
Listen { { port } } ###定义http服务端口为jinja模块的定义的8080端口
[root@server1 files]# salt server2 state.sls httpd.service
对于http服务重新推送再次查看端口号
在jiaja模块定义监听服务器和端口
[root@server1 salt]# cd /srv/pillar/web/
[root@server1 web]# vim install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
port: 80
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}
2.[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# vim service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- context:(上下文) ###定义端口为prillas的key值(port)
port: {{ pillar['port'] }}
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
###利用jiaja1模块定义监听的服务器###
[root@server1 httpd]# cd /srv/salt/
[root@server1 salt]# vim lib.sls
{% set bind = '172.25.14.2' %}
[root@server1 files]# pwd
/srv/salt/httpd/files
[root@server1 files]# vim httpd.conf
1 {% from 'lib.sls' import bind with context %}
138 Listen {{ bind }}:{{ port }}
[root@server1 files]# vim /srv/salt/httpd/service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- context:
port: {{ pillar['port'] }}
apache-service:
service.running:
- name: httpd
- enable: True
- watch:
- file: /etc/httpd/conf/httpd.conf
###重新推送http服务,测试查看定义监听服务器和端口是否改变###
[root@server1 files]# salt server2 state.sls httpd.service
server2:查看
[root@server2 salt]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.25.14.2:80 0.0.0.0:* LISTEN 3491/httpd
在jinja模块利用prills和grains索引定义监听服务器和端口
[root@server1 files]# vim /srv/salt/httpd/service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- context:
port: {{ pillar['port'] }}
bind: {{ grains['ipv4'][1] }} ###利用grains的索引方法定义bind
apache-service:
service.running:
- name: httpd
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 files]# salt server2 state.sls httpd.service
sever2的grains的索引测试:
[root@server1 files]# salt server2 grains.item fqdn_ip4
server2:
----------
fqdn_ip4:
- 172.25.14.2
利用jiaja模块直接在配置文件直接定义监听服务器和端口
[root@server1 files]# vim /srv/salt/httpd/service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
# - context:
# port: {{ pillar['port'] }}
# bind: {{ grains['ipv4'][-1] }}
apache-service:
service.running:
- name: httpd
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 files]# vim /srv/salt/httpd/files/httpd.conf
Listen {{ grains['fqdn_ip4'][0] }}:{{ pillar['port'] }}
[root@server1 files]# salt server2 state.sls httpd.service
jinja模块定义监听服务器和端口利用prills索引
[root@server1 srv]# vim /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
port: 80
bind: 172.25.14.2
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}
[root@server1 srv]# vim /srv/salt/httpd/service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- context:
port: {{ pillar['port'] }}
bind: {{ pillar['bind'] }}
apache-service:
service.running:
- name: httpd
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 srv]# salt server2 state.sls httpd.service
一键部署实现apache服务的负载均衡高可用
saltstack实现负载均衡
自动化运维saltstack部署keepalive的源码编译安装
server1:
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# mkdir keepalived
[root@server1 salt]# cd keepalived/
[root@server1 keepalive]# mkdir files
[root@server1 keepalive]# vim /srv/salt/keepalive/install.sls
include:
- pkgs.make
kp-install:
file.managed:
- name: /mnt/keepalived-1.4.3.tar.gz
- source: salt://keepalived/files/keepalived-1.4.3.tar.gz
cmd.run:
- name: cd /mnt/ && tar zxf keepalived-1.4.3.tar.gz && cd keepalived-1.4.3 && ./configure --prefix=/usr/local/keepalived/ --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived/
###推送服务实现keepalive源码编译安装###
[root@server1 salt]# salt server4 state.sls keepalived.install
###将keepalive的启动脚本和配置文件发送给server1###
server4:
[root@server4 init.d]# pwd
/usr/local/keepalived/etc/rc.d/init.d
[root@server4 init.d]# scp keepalived server1:/srv/salt/keepalived/files
[root@server4 keepalived]# pwd
/usr/local/keepalived/etc/keepalived
[root@server4 keepalived]# scp keepalived.conf server1:/srv/salt/keepalived/files
server1:
[root@server1 salt]# vim /srv/salt/keepalived/install.sls
include:
- pkgs.make
kp-install:
file.managed:
- name: /mnt/keepalived-1.4.3.tar.gz
- source: salt://keepalived/files/keepalived-1.4.3.tar.gz
cmd.run:
- name: cd /mnt/ && tar zxf keepalived-1.4.3.tar.gz && cd keepalived-1.4.3 && ./configure --prefix=/usr/local/keepalived/ --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived/
###创建软连接###
/etc/sysconfig/keepalived:
file.symlink:
- target: /usr/local/keepalived/etc/sysconfig/keepalived
/sbin/keepalived:
file.symlink:
- target: /usr/local/keepalived/sbin/keepalived
/etc/keepalived:
file.directory:
- mode: 755
[root@server1 salt]# salt server4 state.sls keepalived.install
[root@server1 keepalived]# pwd
/srv/salt/keepalived
[root@server1 keepalived]# vim service.sls
include:
- keepalived.install
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
- STATE: {{ pillar['state'] }}
- vrid: {{ pillar['vrid'] }}
- priority: {{ pillar['priority'] }}
kp-service:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived
- mode: 755
service.running:
- name: keepalived
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf
[root@server1 files]# vim /srv/salt/keepalived/files/keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 root@localhost
6 }
7 notification_email_from keepalived@localhost
8 smtp_server 127.0.0.1
9 smtp_connect_timeout 30
10 router_id LVS_DEVEL
11 vrrp_skip_check_adv_addr
12 #vrrp_strict
13 vrrp_garp_interval 0
14 vrrp_gna_interval 0
15 }
16
17 vrrp_instance VI_1 {
18 state {{ STATE }}
19 interface eth0
20 virtual_router_id {{ vrid }}
21 priority {{ priority }}
22 advert_int 1
23 authentication {
24 auth_type PASS
25 auth_pass 1111
26 }
27 virtual_ipaddress {
28 172.25.14.100
29 }
30 }
[root@server1 keepalived]# cd /srv/pillar/
[root@server1 pillar]# ls
top.sls web
[root@server1 pillar]# mkdir keepalived
[root@server1 pillar]# cd keepalived/
[root@server1 keepalived]# vim install.sls
{% if grains['fqdn'] == 'server1' %}
state: MASTER
vrid: 14
priority: 100
{% elif grains['fqdn'] == 'server4' %}
state: BACKUP
vrid: 14
priority: 50
{% endif %}
[root@server1 pillar]# vim /srv/pillar/top.sls
base:
'server2':
- web.install
'server3':
- web.install
'server1':
- keepalived.install
'server4':
- keepalived.install
[root@server1 web]# vim /srv/salt/top.sls
base:
'server1':
- haproxy.install
- keepalived.service
'server4':
- haproxy.install
- keepalived.service
'roles:apache':
- match: grain
- httpd.service
'server3':
- nginx.service
[root@server1 salt]# vim /srv/salt/pkgs/make.sls
make:
- pcre-devel
- openssl-devel
- mailx
[root@server1 salt]# salt '*' state.highstate