文章目录
grains
grains简介
Grains是SaltStack的一个组件,存放在SaltStack的minion端。
当salt-minion启动时会把收集到的数据静态存放在Grains当中,只有当minion重启时才会进行数据的更新。
由于grains是静态数据,因此不推荐经常去修改它。
应用场景:
信息查询,可用作CMDB。
在target中使用,匹配minion。
在state系统中使用,配置管理模块
使用grains
查询minion端的IP、FQDN
[root@server1 salt]# salt server3 grains.item fqdn
server3:
----------
fqdn:
server3
[root@server1 salt]# salt server3 grains.item ipv4
server3:
----------
ipv4:
- 127.0.0.1
- 172.25.254.103
自定义grains
自定义grains有三种方法
- 1 修改/etc/salt/minion
129 grains:
130 roles:
131 - apache
必须重启生效
[root@server1 salt]# salt server2 grains.item roles
server2:
----------
roles:
- apache
- 2 在/etc/salt/grains中定义
[root@server3 ~]# vim /etc/salt/grains
[root@server3 ~]# cat /etc/salt/grains
roles: nginx
[root@server1 salt]# salt server3 saltutil.sync_grains
server3:
[root@server1 salt]# salt server3 grains.item roles
server3:
----------
roles:
nginx
- 3 编写grains模块
在salt-master端创建_grains目录:
新建my_grain.py
def my_grain():
grains = {}
grains['hello'] = 'hahaha'
return grains
salt server3 saltutil.sync_grains 同步模块
[root@server1 salt]# salt '*' saltutil.sync_grains
server3:
- grains.my_grain
server2:
- grains.my_grain
[root@server1 salt]# salt '*' grains.item hello
server2:
----------
hello:
hahaha
server3:
----------
hello:
hahaha
grains匹配
- 在target中匹配minion:
[root@server1 salt]# salt -G roles:apache cmd.run "systemctl status httpd"
server2:
* httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-08-27 17:43:42 CST; 3h 43min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 14495 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
|-14495 /usr/sbin/httpd -DFOREGROUND
|-14497 /usr/sbin/httpd -DFOREGROUND
|-14498 /usr/sbin/httpd -DFOREGROUND
|-14501 /usr/sbin/httpd -DFOREGROUND
|-14502 /usr/sbin/httpd -DFOREGROUND
`-14503 /usr/sbin/httpd -DFOREGROUND
Aug 27 17:43:42 server2 systemd[1]: Starting The Apache HTTP Server...
Aug 27 17:43:42 server2 httpd[14495]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.254.102. Set the 'ServerName' directive globally to suppress this message
Aug 27 17:43:42 server2 systemd[1]: Started The Apache HTTP Server.
- 在top文件中匹配:
/srv/salt/top.sls
base:
'roles:apache':
- match: grain
- httpd.service
'roles:nginx':
- match: grain
- nginx.service
pillar
pillar简介
- pillar和grains一样也是一个数据系统,但是应用场景不同。
- pillar是将信息动态的存放在master端,主要存放私密、敏感信息(如用户名密码等),而且可以指定某一个minion才可以看到对应的信息。
- pillar更加适合在配置管理中运用。
声明pillar
- 定义pillar基础目录
837 pillar_roots:
838 base:
839 - /srv/pillar
[root@server1 srv]# mkdir pillar
[root@server1 srv]# ls
pillar salt
自定义pillar项
[root@server1 pillar]# tree
.
├── top.sls
└── web
└── init.sls
[root@server1 pillar]# cat top.sls
base:
'*':
- web
[root@server1 pillar]# cat web/init.sls
{% if grains['fqdn'] == 'server3' %}
package: nginx
{% elif grains['fqdn'] == 'server2' %}
package: httpd
{% endif %}
- 查询
salt ‘*’ saltutil.refresh_pillar
[root@server1 pillar]# salt '*' saltutil.refresh_pillar
server3:
True
server2:
True
[root@server1 pillar]# salt '*' pillar.item package
server3:
----------
package:
nginx
server2:
----------
package:
httpd
- 匹配pillar项
命令行中匹配:
[root@server1 srv]# salt -I 'package:nginx' cmd.run "hostname"
server3:
server3
state系统中使用:
apache-deploy:
pkg.installed:
- pkgs:
- {{ pillar['package']}}
- php
- php-mysql
file.managed:
- source: salt://httpd/files/httpd.conf
- name: /etc/httpd/conf/httpd.conf
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-deploy
jinja模板
-
Jinja是一种基于python的模板引擎,在SLS文件里可以直接使用jinja模板来做一些操作。
-
通过jinja模板可以为不同服务器定义各自的变量。
-
两种分隔符: {% … %} 和 {{ … }},前者用于执行诸如 for 循环 或赋值的语句,后者把表达式的结果打印到模板上。
Jinja模板使用方式
/mnt/testfile:
file.append:
{% if grains['fqdn'] == 'server2' %}
- text: server2
{% elif grains['fqdn'] == 'server3' %}
- text: server3
{% endif %}
[root@server1 salt]# salt '*' state.sls test
server2:
----------
ID: /mnt/testfile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 09:43:12.537932
Duration: 60.559 ms
Changes:
----------
diff:
---
+++
@@ -0,0 +1 @@
+server2
Summary for server2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 60.559 ms
server3:
----------
ID: /mnt/testfile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 09:43:12.276150
Duration: 55.225 ms
Changes:
----------
diff:
---
+++
@@ -0,0 +1 @@
+server3
Summary for server3
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 55.225 ms
Jinja在普通文件的使用
39 # prevent Apache from glomming onto all bound IP addresses.
40 #
41 #Listen 12.34.56.78:80
42 Listen {{ port }}
43
9 file.managed:
10 - source: salt://httpd/files/httpd.conf
11 - name: /etc/httpd/conf/httpd.conf
12 - template: jinja
13 - context:
14 port: 8080
使用pillar和grains
/srv/salt/httpd/service.sls
file.managed:
- source: salt://httpd/files/httpd.conf
- name: /etc/httpd/conf/httpd.conf
- template: jinja
- context:
port: {{ pillar['port'] }}
bind: {{ grains['ipv4'][-1] }}
/srv/pillar/web/init.sls
{% if grains['fqdn'] == 'server3' %}
package: nginx
{% elif grains['fqdn'] == 'server2' %}
package: httpd
port: 8000
{% endif %}
导入变量
/srv/salt/lib.sls
{% set port=8080 %}
可以得到一个结论:
优先级 导入模板最高
部署keepalived
需要修改的文件
[root@server1 srv]# cat salt/keepalived/init.sls
keepalived-deploy:
pkg.installed:
- name: keepalived
file.managed:
- source: salt://keepalived/files/keepalived.conf
- name: /etc/keepalived/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state']}}
VRI: {{ pillar['vri']}}
PRI: {{ pillar['pri']}}
VIP: {{ pillar['vip']}}
service.running:
- name: keepalived
- enable: True
- reload: True
- watch:
- file: keepalived-deploy
[root@server1 srv]# cat salt/keepalived/files/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRI }}
priority {{ PRI }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
{{ VIP }}
}
}
[root@server1 srv]# cat pillar/kpa/init.sls
{% if grains['fqdn'] == 'server2' %}
state: MASTER
pri: 100
{% elif grains['fqdn'] == 'server3'%}
state: BACKUP
pri: 50
{% endif %}
vri: 50
vip: 172.25.254.250
[root@server1 srv]# cat pillar/top.sls
base:
'*':
- kpa