目录
1 SaltStack数据系统之间的区别
| 名称 | 存储位置 | 数据类型 | 数据采集更新方式 | 应用 |
|---|---|---|---|---|
| Grains | Minion端 | 静态数据 | Minion启动时收集,也可以使用saltutil_sync_grains进行刷新。 | 存储Minion基本数据。比如用于匹配Minion,资深数据可以用来做资产管理等。 |
| Pillar | Master端 | 动态数据 | 在Master端定义,指定给对应的Minion。可以使用saltutil_refresh_pillar刷新 | 存储Master指定的数据,只有指定的Minion可以看到。用于敏感数据保存。 |
2 环境准备
| 主机名 | IP地址 | 备注 |
|---|---|---|
| linux-node1.example.com | 10.0.0.77/16 | Master&Minion |
| linux-node2.example.com | 10.0.0.88/16 | Minion |
/etc/hosts文件解析
# 两个节点都做解析
cat >>/etc/hosts<<EOF
10.0.0.77 linux-node1.example.com linux-node1
10.0.0.88 linux-node2.example.com linux-node2
EOF操作的时候一定要注意空格的数量,格式正确
3 Grains测试
查看minion全部静态变量
[root@linux-node1 salt]# salt 'linux-node1*' grains.items
linux-node1.example.com:
----------
SSDs:
biosreleasedate:
05/19/2017
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- up
- arch_perfmon
- xtopology
- tsc_reliable
- nonstop_tsc
- unfair_spinlock
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- arat
- xsaveopt
- fsgsbase
- bmi1
- avx2
- smep
- bmi2
- invpcid
- rdseed
- adx
cpu_model:
Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz
cpuarch:
x86_64
domain:
example.com
fqdn:
linux-node1.example.com
fqdn_ip4:
- 10.0.0.77
fqdn_ip6:
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
host:
linux-node1
hwaddr_interfaces:
----------
eth0:
00:0c:29:af:bb:6d
eth1:
00:0c:29:af:bb:77
lo:
00:00:00:00:00:00
id:
linux-node1.example.com
init:
upstart
ip4_interfaces:
----------
eth0:
- 10.0.0.77
eth1:
- 172.16.1.77
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
- fe80::20c:29ff:feaf:bb6d
eth1:
- fe80::20c:29ff:feaf:bb77
lo:
- ::1
ip_interfaces:
----------
eth0:
- 10.0.0.77
- fe80::20c:29ff:feaf:bb6d
eth1:
- 172.16.1.77
- fe80::20c:29ff:feaf:bb77
lo:
- 127.0.0.1
- ::1
ipv4:
- 10.0.0.77
- 127.0.0.1
- 172.16.1.77
ipv6:
- ::1
- fe80::20c:29ff:feaf:bb6d
- fe80::20c:29ff:feaf:bb77
kernel:
Linux
kernelrelease:
2.6.32-696.el6.x86_64
locale_info:
----------
defaultencoding:
UTF8
defaultlanguage:
en_US
detectedencoding:
UTF-8
localhost:
linux-node1.example.com
lsb_distrib_codename:
Final
lsb_distrib_id:
CentOS
lsb_distrib_release:
6.9
machine_id:
d6c61262b2c5d7669cd188a60000000a
manufacturer:
VMware, Inc.
master:
10.0.0.77
mdadm:
mem_total:
474
nodename:
linux-node1.example.com
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
Final
osfinger:
CentOS-6
osfullname:
CentOS
osmajorrelease:
6
osrelease:
6.9
osrelease_info:
- 6
- 9
path:
/sbin:/usr/sbin:/bin:/usr/bin
productname:
VMware Virtual Platform
ps:
ps -efH
pythonexecutable:
/usr/bin/python2.6
pythonpath:
- /usr/bin
- /usr/lib64/python26.zip
- /usr/lib64/python2.6
- /usr/lib64/python2.6/plat-linux2
- /usr/lib64/python2.6/lib-tk
- /usr/lib64/python2.6/lib-old
- /usr/lib64/python2.6/lib-dynload
- /usr/lib64/python2.6/site-packages
- /usr/lib64/python2.6/site-packages/gtk-2.0
- /usr/lib/python2.6/site-packages
- /usr/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg-info
pythonversion:
- 2
- 6
- 6
- final
- 0
saltpath:
/usr/lib/python2.6/site-packages/salt
saltversion:
2015.5.10
saltversioninfo:
- 2015
- 5
- 10
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d 70 17 b9 dc 1e ce-8e c3 df f2 5f af bb 6d
server_id:
1981947194
shell:
/bin/bash
virtual:
VMware
zmqversion:
3.2.5显示grains全部变量名称
[root@linux-node1 ~]# salt 'linux-node1*' grains.ls
linux-node1.example.com:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gpus
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- lsb_distrib_release
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- roles
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- virtual
- web
- zmqversion3.1 Grains之-G参数使用
单个显示grains信息
[root@linux-node1 salt]# salt 'linux-node1*' grains.item fqdn_ip4
linux-node1.example.com:
----------
fqdn_ip4:
- 10.0.0.77
[root@linux-node1 salt]# salt 'linux-node1*' grains.item fqdn
linux-node1.example.com:
----------
fqdn:
linux-node1.example.com
# 或者是grains.get来获取单个信息(和grains.item显示效果不同)
[root@linux-node1 salt]# salt 'linux-node1*' grains.get fqdn
linux-node1.example.com:
linux-node1.example.com
[root@linux-node1 salt]# salt 'linux-node1*' grains.get fqdn_ip4
linux-node1.example.com:
- 10.0.0.77
[root@linux-node1 salt]# salt '*' grains.get fqdn_ip4
linux-node1.example.com:
- 10.0.0.77
linux-node2.example.com:
- 10.0.0.88获取os信息
[root@linux-node1 salt]# salt '*' grains.get os
linux-node1.example.com:
CentOS
linux-node2.example.com:
CentOS
# -G指定Grains匹配如果os为Centos的执行w命令
[root@linux-node1 salt]# salt -G os:Centos cmd.run 'w'
linux-node1.example.com:
09:52:06 up 1 day, 2:50, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - 19May18 9:09m 0.04s 0.04s -bash
root pts/1 10.0.0.1 09:32 0.00s 0.38s 0.34s /usr/bin/python
linux-node2.example.com:
09:52:06 up 1 day, 50 min, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 10.0.0.1 09:32 17:45 0.02s 0.02s -bash
# 这样在实际环境中可以实现不同的服务器执行不同的命令3.2 自定义grains
在/etc/salt/minion文件中搜索grains,并把以下注释给去掉
[root@linux-node1 ~]# vim /etc/salt/minion
grains:
roles:
- webserver
- memcache
# 重启minion(或者刷新grains)
[root@linux-node1 ~]# /etc/init.d/salt-minion restart
salt '*' saltutil_sync_grains
# 测试(由于前边我开了node1的两个角色,故只有node1被匹配)
[root@linux-node1 salt]# salt -G 'roles:memcache' cmd.run "echo This is a test."
linux-node1.example.com:
This is a test.3.3 基于文件的grains
注意空格,”:”冒号 后边有一空格,且自定义的角色不能和配置文件默认的角色名冲突,如配置文件中有roles角色名,这里就不能再定义roles角色名
# 这里创建的必须是grains文件
[root@linux-node1 ~]# vim /etc/salt/grains
web: nginx
# 重启minion
[root@linux-node1 ~]# /etc/init.d/salt-minion restart
# 测试
[root@linux-node1 ~]# salt '*' grains.item web
linux-node2.example.com:
----------
web:
linux-node1.example.com:
----------
web:
nginx
[root@linux-node1 ~]# salt '*' grains.item roles
linux-node2.example.com:
----------
roles:
linux-node1.example.com:
----------
roles:
- webserver
- memcache
[root@linux-node1 ~]# salt -G 'web:nginx' cmd.run "echo TEST."
linux-node1.example.com:
TEST.3.4 top文件中匹配grains角色
[root@linux-node1 ~]# cat /srv/salt/top.sls
base:
'web:nginx':
- match: grain
- apache
[root@linux-node1 ~]# salt '*' state.highstate
# 最会有一个报错,正常,因为在top文件中没有匹配到node2
4 Pillar测试
取消master的pillar配置文件注释并修改其为True
[root@linux-node1 ~]# vim /etc/salt/master
pillar_opts: True重启master
[root@linux-node1 ~]# /etc/init.d/salt-master restart由于输出信息过长这里就不再列出来,其输出信息符合key-value特征,即python字典,可用python开发
[root@linux-node1 ~]# salt '*' pillar.items修改配置文件,搜索pillar_roots取消注释,且pliiar_opts修改为False
[root@linux-node1 ~]# vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar
pillar_opts: False创建pillar目录
[root@linux-node1 ~]# mkdir /srv/pillar/ -p重启master
[root@linux-node1 ~]# /etc/init.d/salt-master restart写jinjia模版apache.sls
[root@linux-node1 ~]# cat /srv/pillar/apache.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
{% elif grains['os'] == 'Debian' %}
apache: apache2
{% endif %}写pillar的top.sls
[root@linux-node1 ~]# cat /srv/pillar/top.sls
base:
'*':
- apache测试
[root@linux-node1 ~]# salt '*' pillar.items
linux-node2.example.com:
----------
apache:
httpd
linux-node1.example.com:
----------
apache:
httpd刷新pillar后再测试
[root@linux-node1 ~]# salt '*' saltutil.refresh_pillar
linux-node2.example.com:
True
linux-node1.example.com:
True
[root@linux-node1 ~]# salt -I 'apache:httpd' test.ping
linux-node2.example.com:
True
linux-node1.example.com:
True