saltstack(4)动态pillar

---

• pillar和grains一样也是一个数据系统，但是应用场景不同。动态：更改配置文件不用刷新。
• pillar是将信息动态的存放在master端，主要存放私密、敏感信息（如用 户名密码等），而且可以指定某一个minion才可以看到对应的信息。pillar更加适合在配置管理中运用
• 官方文档：http://docs.saltstack.cn/topics/pillar/index.html

1.声明pillar

[root@server11 ~]# vim /etc/salt/master#查看pillar基础目录
#pillar_roots:
#  base:
#    - /srv/pillar
[root@server11 ~]# mkdir /srv/pillar
[root@server11 ~]# cd /srv/pillar

2.自定义pillar项

[root@server11 ~]# cd /srv/pillar
[root@server11 pillar]# vim package.sls
[root@server11 pillar]# cat package.sls 
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
package: apache
{% endif %}
[root@server11 pillar]# vim top.sls
[root@server11 pillar]# cat top.sls #package要与pillar的定义package一致
base:
  '*':
    - package
[root@server11 pillar]# salt '*' saltutil.refresh_pillar#要刷新
[root@server11 pillar]# salt '*' pillar.items
[root@server11 pillar]# salt '*' pillar.item  package

3.定义变量，引用变量的方法

[root@server11 pillar]# cd /srv/salt/apache/
[root@server11 apache]# ls
files  init.sls
[root@server11 apache]# vim init.sls 

[root@server11 apache]# cd /srv/pillar/
[root@server11 pillar]# vim package.sls 
[root@server11 pillar]# cat package.sls 
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
port: 8080
bind: 192.168.100.242
{% endif %}
[root@server11 pillar]# salt server12 state.sls apache
#查看效果
[root@server12 ~]# netstat -antlp | grep 8080

[root@server11 pillar]# vim /srv/salt/apache/init.sls 
#改动：
      bind: {
   
   { grains['ipv4'][-1] }}#直接引用grains变量

[root@server11 pillar]# vim /srv/salt/apache/files/httpd.conf 
#改动：
Listen {
   
   { bind }}:{
   
   { pillar['port'] }}
[root@server11 pillar]# vim package.sls
[root@server11 pillar]# cat package.sls 
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
port: 80#改成80
bind: 192.168.100.242
{% endif %}
[root@server1 apache]# salt server2 state.sls apache

#查看效果
[root@server12 ~]# netstat -antlp | grep httpd

%jinjia模板使用方式
[root@server11 pillar]# vim /srv/salt/apache/lib.sls
[root@server11 pillar]# cat /srv/salt/apache/lib.sls 
{% set port = 8080 %}

#httpd.conf文件里最上方直接引用，这个的优先级优于pillar的port
[root@server11 pillar]# vim /srv/salt/apache/files/httpd.conf 
添加{% from 'apache/lib.sls' import port %}
改动Listen {
   
   { bind }}:{
   
   { port }}
#查看效果,lib.sls的变量优先
[root@server12 ~]# netstat -antlp | grep httpd

4.高可用.高级推keepalived

安装

[root@server12 ~]# yum list keepalived
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Available Packages
keepalived.x86_64                           1.3.5-6.el7  
#挂载镜像，先安装一下keepalived
[root@server11 ~]# cd /srv/salt/
[root@server11 salt]# mkdir keepalived
[root@server11 salt]# cd keepalived/
[root@server11 keepalived]# vim init.sls
[root@server11 keepalived]# cat init.sls 
kp-install:
  pkg.installed:
    - name: keepalived
 
[root@server11 keepalived]# salt server12 state.sls keepalived

配置文件

[root@server11 keepalived]# vim /srv/pillar/package.sls 
[root@server11 keepalived]# cat /srv/pillar/package.sls
{% if grains['fqdn'] == 'server13' %}
package: nginx
state: BACKUP
vrid: 51
pri: 50
{% elif grains['fqdn'] == 'server12' %}
port: 80
bind: 192.168.100.242
state: MASTER
vrid: 51
pri: 100
{% endif %}

[root@server11 keepalived]# mkdir files
[root@server11 keepalived]# cd files/
[root@server11 files]# pwd
/srv/salt/keepalived/files
[root@server11 files]# scp server12:/etc/keepalived/keepalived.conf .
root@server12's password: 
keepalived.conf   
[root@server11 keepalived]# vim keepalived.conf 
[root@server11 keepalived]# cat keepalived.conf

[root@server11 files]# cd ..
[root@server11 keepalived]# vim init.sls 
[root@server11 keepalived]# cat init.sls 
kp-install:
  pkg.installed:
    - name: keepalived
  file.managed:
    - name: /etc/keepalived/keepalived.conf
    - source: salt://keepalived/files/keepalived.conf 
    - template: jinja
    - context:
      STATE: {
   
   { pillar['state'] }}
      VRID: {
   
   { pillar['vrid'] }}
      PRI: {
   
   { pillar['pri'] }}
  service.running:
    - name: keepalived
    - enable: true
    - reload: true
    - watch:
      - file: kp-install
[root@server11 keepalived]# vim /srv/salt/top.sls 
[root@server11 keepalived]# cat /srv/salt/top.sls
base:
  'roles:apache':
    - match: grain
    - apache
    - keepalived
  'roles:nginx':
    - match: grain
    - nginx
    - keepalived
[root@server11 keepalived]# vim /srv/salt/apache/files/httpd.conf
删除第一行{% from 'apache/lib.sls' import port %}
改动Listen {
   
   { port }}
[root@server11 keepalived]# salt '*' state.highstate

#查看效果
[root@server12 ~]# ip addr show
inet 192.168.100.100/32 scope global eth0
[root@server11 keepalived]# curl 192.168.100.100
RedHat - server12
192.168.100.242
[root@server13 ~]# netstat -antlp|grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3185/nginx: master
[root@server12 ~]# systemctl stop keepalived.service 
[root@server13 ~]# cat /var/log/messages 
Entering MASTER STATE