SaltStack之数据系统
- SaltStack数据系统
- SaltStack数据系统组件
2.1 SaltStack组件之Grains
2.2 SaltStack组件之Pillar
2.3 Grains与Pillar的区别 - SaltStack数据系统
SaltStack有两大数据系统,分别是:
Grains
Pillar
2. SaltStack数据系统组件
2.1 SaltStack组件之Grains
Grains是SaltStack的一个组件,其存放着minion启动时收集到的信息。
Grains是SaltStack组件中非常重要的组件之一,因为我们在做配置部署的过程中会经常使用它,Grains是SaltStack记录minion的一些静态信息的组件。可简单理解为Grains记录着每台minion的一些常用属性,比如CPU、内存、磁盘、网络信息等。我们可以通过grains.items查看某台minion的所有Grains信息。
Grains的功能:
收集资产信息
Grains应用场景:
信息查询
在命令行下进行目标匹配
在top file中进行目标匹配
在模板中进行目标匹配
模板中进行目标匹配请看:https://docs.saltstack.com/en/latest/topics/pillar/
信息查询实例:
//列出所有grains的key和value
[root@master ~]# salt ‘192.168.69.202’ grains.items
192.168.69.202:
----------
SSDs:
biosreleasedate: //bios的时间
09/30/2014
biosversion: //bios的版本
6.00
cpu_flags: //cpu相关的属性
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- pni
- pclmulqdq
- ssse3
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- fsgsbase
- tsc_adjust
- smep
- dtherm
- ida
- arat
- pln
- pts
cpu_model: //cpu的具体型号
Intel® Xeon® CPU E5-2630 v2 @ 2.60GHz
cpuarch: //cpu架构
x86_64
disks:
- sda
- sr0
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
- 223.5.5.5
- 223.6.6.6
ip6_nameservers:
nameservers:
- 223.5.5.5
- 223.6.6.6
options:
search:
sortlist:
domain:
fqdn:
minion
fqdn_ip4: //ip地址
- 192.168.69.202
fqdn_ip6:
- fe80::6860:c429:1c06:1639
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
groupname:
root
host: //主机名
minion
hwaddr_interfaces:
----------
ens32:
00:0c:29:d8:05:54
lo:
00:00:00:00:00:00
id: //minion的ID
192.168.69.202
init:
systemd
ip4_gw:
192.168.69.1
ip4_interfaces:
----------
ens32:
- 192.168.69.202
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens32:
- fe80::6860:c429:1c06:1639
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens32:
- 192.168.69.202
- fe80::6860:c429:1c06:1639
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.69.202
ipv6:
- ::1
- fe80::6860:c429:1c06:1639
kernel:
Linux
kernelrelease:
3.10.0-693.el7.x86_64
kernelversion:
#1 SMP Tue Aug 22 21:09:27 UTC 2017
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
localhost:
minion
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
59745bbcb85b42a1a8441ffed7b54cba
manufacturer:
VMware, Inc.
master:
192.168.69.201
mdadm:
mem_total:
1823
nodename:
localhost.localdomain
num_cpus:
8
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.4.1708
osrelease_info:
- 7
- 4
- 1708
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
9407
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2018.3.3
saltversioninfo:
- 2018
- 3
- 3
- 0
selinux:
----------
enabled:
True
enforced:
Permissive
serialnumber:
VMware-56 4d b9 cc 33 9d ad d5-08 1d 49 ac bd d8 05 54
server_id:
1679846262
shell:
/bin/sh
swap_total:
2047
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
564db9cc-339d-add5-081d-49acbdd80554
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
//只查询所有的grains的key
[root@master ~]# salt ‘192.168.69.202’ grains.ls
192.168.69.202:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
//查询某个key的值,比如想获取ip地址
[root@master ~]# salt ‘*’ grains.get fqdn_ip4
192.168.69.201:
- 127.0.0.1
192.168.69.202:
- 192.168.69.202
[root@master ~]# salt ‘’ grains.get ip4_interfaces
192.168.69.201:
----------
ens32:
- 192.168.69.201
lo:
- 127.0.0.1
192.168.69.202:
----------
ens32:
- 192.168.69.202
lo:
- 127.0.0.1
[root@master ~]# salt '’ grains.get ip4_interfaces:ens32
192.168.69.201:
- 192.168.69.201
192.168.69.202:
- 192.168.69.202
目标匹配实例:
用Grains来匹配minion:
//在所有centos系统中执行命令
[root@master ~]# salt -G ‘os:CentOS’ cmd.run ‘uptime’
192.168.69.202:
16:16:42 up 2 days, 7:27, 1 user, load average: 0.00, 0.01, 0.05
192.168.69.201:
16:16:42 up 1 day, 2:17, 1 user, load average: 0.00, 0.03, 0.05
在top file里面使用Grains:
[root@master ~]# vim /srv/salt/base/top.sls
base:
‘os:CentOS’:
- match: grain
- web.apache.apache
自定义Grains的两种方法:
minion配置文件,在配置文件中搜索grains
在/etc/salt下生成一个grains文件,在此文件中定义(推荐方式)
[root@master ~]# vim /etc/salt/grains
test-grains: linux-node1
[root@master ~]# systemctl restart salt-minion
[root@master ~]# salt ‘*’ grains.get test-grains
192.168.69.201:
linux-node1
192.168.69.202:
不重启的情况下自定义Grains:
[root@master ~]# vim /etc/salt/grains
test-grains: linux-node1
wangqing: runtime
[root@master ~]# salt ‘’ saltutil.sync_grains
192.168.69.202:
192.168.69.201:
[root@master ~]# salt '’ grains.get wangqing
192.168.69.201:
runtime
192.168.69.202:
2.2 SaltStack组件之Pillar
Pillar也是SaltStack组件中非常重要的组件之一,是数据管理中心,经常配置states在大规模的配置管理工作中使用它。Pillar在SaltStack中主要的作用就是存储和定义配置管理中需要的一些数据,比如软件版本号、用户名密码等信息,它的定义存储格式与Grains类似,都是YAML格式。
在Master配置文件中有一段Pillar settings选项专门定义Pillar相关的一些参数:
#pillar_roots:
base:
- /srv/pillar
默认Base环境下Pillar的工作目录在/srv/pillar目录下。若你想定义多个环境不同的Pillar工作目录,只需要修改此处配置文件即可。
Pillar的特点:
可以给指定的minion定义它需要的数据
只有指定的人才能看到定义的数据
在master配置文件里设置
//查看pillar的信息
[root@master ~]# salt ‘*’ pillar.items
192.168.69.202:
----------
192.168.69.201:
----------
默认pillar是没有任何信息的,如果想查看信息,需要在 master 配置文件上把 pillar_opts的注释取消,并将其值设为 True。
[root@master ~]# vim /etc/salt/master
master config file that can then be used on minions.
pillar_opts: True
The pillar_safe_render_error option prevents the master from passing pillar
//重启master并查看pillar的信息
[root@master ~]# systemctl restart salt-master
[root@master ~]# salt '’ pillar.items
…此处省略N行
winrepo_passphrase:
winrepo_password:
winrepo_privkey:
winrepo_pubkey:
winrepo_refspecs:
- +refs/heads/:refs/remotes/origin/*
- +refs/tags/:refs/tags/
winrepo_remotes:
- https://github.com/saltstack/salt-winrepo.git
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
winrepo_ssl_verify:
True
winrepo_user:
worker_floscript:
/usr/lib/python2.7/site-packages/salt/daemons/flo/worker.flo
worker_threads:
5
zmq_backlog:
1000
zmq_filtering:
False
zmq_monitor:
False
pillar自定义数据:
在master的配置文件里找pillar_roots可以看到其存放pillar的位置
[root@master ~]# vim /etc/salt/master
…省略N行
Pillar settings
##########################################
Salt Pillars allow for the building of global data that can be made selectively
available to different minions based on minion grain filtering. The Salt
Pillar is laid out in the same fashion as the file server, with environments,
a top file and sls files. However, pillar data does not need to be in the
highstate format, and is generally just key/value pairs.
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
#ext_pillar:
- hiera: /etc/hiera.yaml
- cmd_yaml: cat /etc/salt/yaml
[root@master ~]# mkdir -p /srv/pillar/{base,prod}
[root@master ~]# tree /srv/pillar/
/srv/pillar/
├── base
└── prod
2 directories, 0 files
[root@master ~]# systemctl restart salt-master
[root@master ~]# vim /srv/pillar/base/apache.sls
{% if grains[‘os’] == ‘CentOS’ %}
apache: httpd
{% elif grains[‘os’] == ‘Debian’ %}
apache: apache2
{% endif %}
//定义top file入口文件
[root@master ~]# vim /srv/pillar/base/top.sls
base: //指定环境
‘192.168.69.202’: //指定目标
- apache //引用apache.sls或apache/init.sls
//这个top.sls文件的意思表示的是192.168.69.202这台主机的base环境能够访问到apache这个pillar
[root@master ~]# salt ‘*’ pillar.items
192.168.69.202:
----------
apache:
httpd
192.168.69.201:
----------
//在salt下修改apache的状态文件,引用pillar的数据
[root@master ~]# vim /srv/salt/base/web/apache/apache.sls
apache-install:
pkg.installed:
- name: {{ pillar[‘apache’] }}
apache-service:
service.running:
- name: {{ pillar[‘apache’] }}
- enable: True
//执行高级状态文件
[root@master ~]# salt ‘192.168.69.202’ state.highstate
192.168.69.202:
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 19:04:03.507998
Duration: 1437.852 ms
Changes:
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 19:04:04.949120
Duration: 88.905 ms
Changes:
Summary for 192.168.69.202
Succeeded: 2
Failed: 0
Total states run: 2
Total run time: 1.527 s
2.3 Grains与Pillar的区别
存储位置 类型 采集方式 应用场景
Grains minion 静态 minion启动时采集
可通过刷新避免重启minion服务 1.信息查询
2.在命令行下进行目标匹配
3.在top file中进行目标匹配
4.在模板中进行目标匹配
Pillar master 动态 指定,实时生效 1.目标匹配
2.敏感数据配置