本文介绍如何使用SaltStack的grains和pillar功能实现动态参数配置,包括不同主机参数设定、模板导入格式、grains及pillar取值等高级用法。
一、grians
[root@server1 salt]# salt server1 grains.items ##查看server1的所有信息
server1:
----------
SSDs:
biosreleasedate:
01/01/2011
biosversion:
0.5.1
cpu_flags:
- fpu
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- syscall
- nx
- rdtscp
- lm
- constant_tsc
- up
- rep_good
- unfair_spinlock
- pni
- pclmulqdq
- ssse3
- cx16
- sse4_1
- sse4_2
- x2apic
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- hypervisor
- lahf_lm
- xsaveopt
cpu_model:
Intel Xeon E312xx (Sandy Bridge)
cpuarch:
x86_64
disks:
- ram0
- ram1
- ram2
- ram3
- ram4
- ram5
- ram6
- ram7
- ram8
- ram9
- ram10
- ram11
- ram12
- ram13
- ram14
- ram15
- loop0
- loop1
- loop2
- loop3
- loop4
- loop5
- loop6
- loop7
- vda
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
ip6_nameservers:
nameservers:
options:
search:
sortlist:
domain:
fqdn:
server1
fqdn_ip4:
- 172.25.12.1
fqdn_ip6:
gid:
0
gpus:
|_
----------
model:
Device 0100
vendor:
unknown
groupname:
root
host:
server1
hwaddr_interfaces:
----------
eth0:
52:54:00:4d:bb:a2
lo:
00:00:00:00:00:00
id:
server1
init:
upstart
ip4_interfaces:
----------
eth0:
- 172.25.12.1
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
- fe80::5054:ff:fe4d:bba2
lo:
- ::1
ip_interfaces:
----------
eth0:
- 172.25.12.1
- fe80::5054:ff:fe4d:bba2
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 172.25.12.1
ipv6:
- ::1
- fe80::5054:ff:fe4d:bba2
kernel:
Linux
kernelrelease:
2.6.32-431.el6.x86_64
locale_info:
----------
defaultencoding:
UTF8
defaultlanguage:
en_US
detectedencoding:
UTF8
localhost:
server1
manufacturer:
Red Hat
master:
172.25.12.1
mdadm:
mem_total:
996
name:
wuyanzu
nodename:
server1
num_cpus:
1
num_gpus:
1
os:
RedHat
os_family:
RedHat
osarch:
x86_64
oscodename:
Santiago
osfinger:
Red Hat Enterprise Linux Server-6
osfullname:
Red Hat Enterprise Linux Server
osmajorrelease:
6
osrelease:
6.5
osrelease_info:
- 6
- 5
path:
/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
pid:
2296
productname:
KVM
ps:
ps -efH
pythonexecutable:
/usr/bin/python2.6
pythonpath:
- /usr/bin
- /usr/lib64/python26.zip
- /usr/lib64/python2.6
- /usr/lib64/python2.6/plat-linux2
- /usr/lib64/python2.6/lib-tk
- /usr/lib64/python2.6/lib-old
- /usr/lib64/python2.6/lib-dynload
- /usr/lib64/python2.6/site-packages
- /usr/lib64/python2.6/site-packages/gtk-2.0
- /usr/lib/python2.6/site-packages
pythonversion:
- 2
- 6
- 6
- final
- 0
saltpath:
/usr/lib/python2.6/site-packages/salt
saltversion:
2016.11.3
saltversioninfo:
- 2016
- 11
- 3
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
server_id:
1398511437
shell:
/bin/sh
uid:
0
username:
root
uuid:
026611d5-381c-42ab-bb83-e307d4e89b1a
virtual:
kvm
zmqversion:
4.0.5
[root@server1 salt]# salt server1 grains.item ipv4 ##查看server1的ipv4的信息
server1:
----------
ipv4:
- 127.0.0.1
- 172.25.12.1
[root@server1 salt]# salt server1 grains.item uuid ##查看server1的uuid
server1:
----------
uuid:
026611d5-381c-42ab-bb83-e307d4e89b1a
[root@server1 salt]# salt server1 grains.item os ##查看server的os
server1:
----------
os:
RedHat
[root@server1 salt]# salt -G 'os:RedHat' test.ping ##对系统为RedHat的主机进行test.ping方法
server2:
True
server3:
True
server1:
True
[root@server1 salt]# salt -G 'os:RedHat' cmd.run hostname ##运行hostname命令
server2:
server2
server3:
server3
server1:
server1
方法1:修改minion的状态信息,来查看
[root@server2 pki]# vim /etc/salt/minion
120 grains:
121 roles:
122 - apache
[root@server2 pki]# /etc/init.d/salt-minion restart
[root@server3 salt]# vim /etc/salt/minion
120 grains:
121 roles:
122 - nginx
[root@server3 salt]# /etc/init.d/salt-minion restart
效果:
[root@server1 salt]# salt -G 'roles:apache' cmd.run hostname
server2:
server2
[root@server1 salt]# salt -G 'roles:nginx' cmd.run hostname
server3:
server3
[root@server1 salt]# salt server2 grains.item roles
server2:
----------
roles:
- apache
[root@server1 salt]# salt server3 grains.item roles
server3:
----------
roles:
- nginx
方法2、新建grains文件,来存储grains信息
[root@server2 ~]# vim /etc/salt/grains
[root@server2 ~]# cat /etc/salt/grains
hello: world
[root@server2 ~]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server2 daemon: OK
Starting salt-minion:root:server2 daemon: OK
测试:
[root@server1 salt]# salt server2 grains.item hello
server2:
----------
hello:
world
方法3:
[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# vim my_grains.py
#!/usr/bin/env python
def my_grains():
grains = {};
grains['Age'] = '20'
return grains
[root@server1 _grains]# salt server2 saltutil.sync_grains
server2:
- grains.my_grains
[root@server1 _grains]# salt server2 grains.item Age
server2:
----------
Age:
20
对于master来说,也可以按照grains信息来一键推送
[root@server1 salt]# vim top.sls
base:
'server1':
- haproxy.install
'roles:nginx':
- match: grain
- nginx.service
'roles:apache':
- match: grain
- apache.web
[root@server1 salt]# salt '*' state.highstate
二、pillar方法
相当于grains的静态参数,pillar可以配置更灵活的参数,熟练的运用pillar可以十分强大的发挥saltatack的威力。pillar是动态参数
须定义minion里的key值(注意次数没有-)
1、修改配置文件,开启pillar方法
[root@server1 _grains]# cd /etc/salt/
[root@server1 salt]# vim master
694 pillar_roots:
695 base:
696 - /srv/pillar
[root@server1 salt]# mkdir /srv/pillar
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
2、建立base目录
[root@server1 srv]# mkdir pillar
[root@server1 srv]# cd pillar/
[root@server1 pillar]# mkdir web
[root@server1 pillar]# vim web/install.sls
[root@server1 pillar]# cat web/install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}
[root@server1 pillar]# vim top.sls
[root@server1 pillar]# cat top.sls
base:
'*':
- web.install
3、刷新pillar
[root@server1 pillar]# salt '*' saltutil.refresh_pillar
server3:
True
server2:
True
server1:
True
4、获取pillar信息
[root@server1 pillar]# salt '*' pillar.items
server1:
----------
webserver:
haproxy
server3:
----------
webserver:
nginx
server2:
----------
webserver:
httpd
5、指定信息查询
[root@server1 pillar]# salt -I 'webserver:haproxy' cmd.run hostname
server1:
server1
[root@server1 pillar]# salt -I 'webserver:nginx' cmd.run hostname
server3:
server3
[root@server1 pillar]# salt -I 'webserver:httpd' cmd.run hostname
server2:
server2
6、查询同一vlan的活跃主机
[root@server1 pillar]# salt -S 172.25.12.0/24 test.ping
server1:
True
server3:
True
server2:
True
三、不同主机设定不同的参数(jinja模块)
- {% %}:定义
- {{ }}:取值
1、配置httpd的服务端口
- 脚本定义固定端口
[root@server1 pillar]# cd ..
[root@server1 srv]# cd salt/httpd/
[root@server1 httpd]# vim service.sls
[root@server1 httpd]# cat service.sls
include:
- httpd.install
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
port: 8080
apache-service:
service.running:
- name: httpd
- reload: True
- watch:
- file: apache-config
- 配置文件port设为变量
[root@server1 httpd]# vim files/httpd.conf
135 #Listen 12.34.56.78:80
136 Listen {{ port }}
推送查看:
[root@server1 httpd]# salt server2 state.sls httpd.service
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:04:11.531527
Duration: 395.164 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:04:11.929437
Duration: 61.426 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 17:04:12.032464
Duration: 87.835 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 544.425 ms
server2查看
[root@server2 ~]# netstat -antlp | grep 80
tcp 0 0 :::8080 :::* LISTEN 974/httpd
2、定义为动态信息(无需刷新)
[root@server1 httpd]# vim /srv/pillar/web/install.sls
[root@server1 httpd]# cat /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
port: 80
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}
[root@server1 httpd]# vim service.sls
[root@server1 httpd]# cat service.sls
include:
- httpd.install
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- contest:
port: {{ pillar['port'] }}
apache-service:
service.running:
- name: httpd
- reload: True
- watch:
- file: apache-config
推送测试:
[root@server1 httpd]# salt server2 state.sls httpd.service
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:08:32.788966
Duration: 371.234 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:08:33.162797
Duration: 63.748 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 8080
+Listen 80
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 17:08:33.260734
Duration: 77.664 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 512.646 ms
server2查看端口
[root@server2 ~]# netstat -antlp | grep 80
tcp 0 0 :::80 :::* LISTEN 974/httpd
3、模板导入的格式
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# vim lib.sls
[root@server1 salt]# cat lib.sls
{% set bind = '172.25.12.2' %}
[root@server1 salt]# vim httpd/files/httpd.conf
1 {% from 'lib.sls' import bind with context %}
136 #Listen 12.34.56.78:80
137 Listen {{ bind }}:{{ port }}
推送测试:
[root@server1 salt]# salt server2 state.sls httpd.service
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:12:30.555270
Duration: 365.879 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:12:30.923424
Duration: 131.249 ms
Changes:
----------
diff:
---
+++
@@ -1,4 +1,4 @@
-#
+
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 172.25.12.2:80
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 17:12:31.087807
Duration: 76.606 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 573.734 ms
- 改变监听端口,需要重启,(修改脚本,reload->restart)
[root@server2 ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.12.2 for ServerName
[ OK ]
[root@server2 ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.25.12.2:80 0.0.0.0:* LISTEN 2728/httpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 887/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 963/master
tcp 0 0 172.25.12.2:46877 172.25.12.1:4505 ESTABLISHED 2363/python2.6
tcp 0 0 172.25.12.2:22 172.25.12.250:59688 ESTABLISHED 1465/sshd
tcp 0 0 :::22 :::* LISTEN 887/sshd
tcp 0 0 ::1:25 :::* LISTEN 963/master
4、grains方法
[root@server1 salt]# vim httpd/files/httpd.conf
1 #{% from 'lib.sls' import bind with context %}
136 #Listen 12.34.56.78:80
137 Listen {{ bind }}:{{ port }}
[root@server1 salt]# vim httpd/service.sls
- template: jinja
- contest:
port: {{ pillar['port'] }}
bind: {{ grains['ipv4'][-1] }}
[root@server1 salt]# salt server2 state.sls httpd.service
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:19:36.918866
Duration: 366.016 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:19:37.287297
Duration: 114.814 ms
Changes:
----------
diff:
---
+++
@@ -1,4 +1,4 @@
-
+#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 17:19:37.436373
Duration: 75.015 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 555.845 ms
5、pillar,grains取值
[root@server1 salt]# vim httpd/service.sls
# - contest:
# port: {{ pillar['port'] }}
# bind: {{ grains['ipv4'][-1] }}
[root@server1 salt]# vim /srv/pillar/web/install.sls
port: 80
[root@server1 salt]# vim httpd/files/httpd.conf
136 #Listen 12.34.56.78:80
137 Listen {{ grains['fqdn_ip4'][0] }}:{{ pillar['port'] }}
[root@server1 salt]# salt server2 state.sls httpd.service
#Listen 12.34.56.78:80
-Listen 172.25.12.2:8080
+Listen 172.25.12.2:80
6、pillar方法
[root@server1 salt]# cat httpd/service.sls
include:
- httpd.install
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- contest:
port: {{ pillar['port'] }}
bind: {{ pillar['bind'] }}
apache-service:
service.running:
- name: httpd
- reload: True
- watch:
- file: apache-config
[root@server1 salt]# vim /srv/pillar/web/install.sls
[root@server1 salt]# cat /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
port: 80
bind: 172.25.12.2
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}
推送测试:
[root@server1 salt]# salt server2 state.sls httpd.service
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:28:16.869665
Duration: 364.822 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 17:28:17.236811
Duration: 88.049 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 17:28:17.325684
Duration: 33.363 ms
Changes:
Summary for server2
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 486.234 ms
[root@server1 salt]#
扫一扫
161
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
