SaltStack之数据系统（Saltstack）

SaltStack之数据系统（Saltstack）

SaltStack之数据系统

文章目录

​​SaltStack之数据系统​​

​​1. SaltStack数据系统​​​​2. SaltStack数据系统组件​​

​​2.1 SaltStack组件之Grains​​​​2.2 SaltStack组件之Pillar​​​​2.3 Grains与Pillar的区别​​

1. SaltStack数据系统

SaltStack有两大数据系统，分别是：

GrainsPillar

2. SaltStack数据系统组件

2.1 SaltStack组件之Grains

Grains是SaltStack的一个组件，其存放着minion启动时收集到的信息。

Grains是SaltStack组件中非常重要的组件之一，因为我们在做配置部署的过程中会经常使用它，Grains是SaltStack记录minion的一些静态信息的组件。可简单理解为Grains记录着每台minion的一些常用属性，比如CPU、内存、磁盘、网络信息等。我们可以通过grains.items查看某台minion的所有Grains信息。

Grains的功能:

收集资产信息

Grains应用场景：

信息查询在命令行下进行目标匹配在top file中进行目标匹配在模板中进行目标匹配

模板中进行目标匹配请看：~]# salt '192.168.69.202' grains.items192.168.69.202: ---------- SSDs: biosreleasedate: //bios的时间 09/30/2014 biosversion: //bios的版本 6.00 cpu_flags: //cpu相关的属性 - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - dts - mmx - fxsr - sse - sse2 - ss - syscall - nx - rdtscp - lm - constant_tsc - arch_perfmon - pebs - bts - nopl - xtopology - tsc_reliable - nonstop_tsc - aperfmperf - pni - pclmulqdq - ssse3 - cx16 - pcid - sse4_1 - sse4_2 - x2apic - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - fsgsbase - tsc_adjust - smep - dtherm - ida - arat - pln - pts cpu_model: //cpu的具体型号 Intel(R) Xeon(R) CPU E5-2630 v2 @ 2.60GHz cpuarch: //cpu架构 x86_64 disks: - sda - sr0 - dm-0 - dm-1 dns: ---------- domain: ip4_nameservers: - 223.5.5.5 - 223.6.6.6 ip6_nameservers: nameservers: - 223.5.5.5 - 223.6.6.6 options: search: sortlist: domain: fqdn: minion fqdn_ip4: //ip地址 - 192.168.69.202 fqdn_ip6: - fe80::6860:c429:1c06:1639 gid: 0 gpus: |_ ---------- model: SVGA II Adapter vendor: unknown groupname: root host: //主机名 minion hwaddr_interfaces: ---------- ens32: 00:0c:29:d8:05:54 lo: 00:00:00:00:00:00 id: //minion的ID 192.168.69.202 init: systemd ip4_gw: 192.168.69.1 ip4_interfaces: ---------- ens32: - 192.168.69.202 lo: - 127.0.0.1 ip6_gw: False ip6_interfaces: ---------- ens32: - fe80::6860:c429:1c06:1639 lo: - ::1 ip_gw: True ip_interfaces: ---------- ens32: - 192.168.69.202 - fe80::6860:c429:1c06:1639 lo: - 127.0.0.1 - ::1 ipv4: - 127.0.0.1 - 192.168.69.202 ipv6: - ::1 - fe80::6860:c429:1c06:1639 kernel: Linux kernelrelease: 3.10.0-693.el7.x86_64 kernelversion: #1 SMP Tue Aug 22 21:09:27 UTC 2017 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 localhost: minion lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux machine_id: 59745bbcb85b42a1a8441ffed7b54cba manufacturer: VMware, Inc. master: 192.168.69.201 mdadm: mem_total: 1823 nodename: localhost.localdomain num_cpus: 8 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.4.1708 osrelease_info: - 7 - 4 - 1708 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 9407 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 2018.3.3 saltversioninfo: - 2018 - 3 - 3 - 0 selinux: ---------- enabled: True enforced: Permissive serialnumber: VMware-56 4d b9 cc 33 9d ad d5-08 1d 49 ac bd d8 05 54 server_id: 1679846262 shell: /bin/sh swap_total: 2047 systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 uid: 0 username: root uuid: 564db9cc-339d-add5-081d-49acbdd80554 virtual: VMware zfs_feature_flags: False zfs_support: False zmqversion: 4.1.4 //只查询所有的grains的key[root@master ~]# salt '192.168.69.202' grains.ls192.168.69.202: - SSDs - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - disks - dns - domain - fqdn - fqdn_ip4 - fqdn_ip6 - gid - gpus - groupname - host - hwaddr_interfaces - id - init - ip4_gw - ip4_interfaces - ip6_gw - ip6_interfaces - ip_gw - ip_interfaces - ipv4 - ipv6 - kernel - kernelrelease - kernelversion - locale_info - localhost - lsb_distrib_codename - lsb_distrib_id - machine_id - manufacturer - master - mdadm - mem_total - nodename - num_cpus - num_gpus - os - os_family - osarch - oscodename - osfinger - osfullname - osmajorrelease - osrelease - osrelease_info - path - pid - productname - ps - pythonexecutable - pythonpath - pythonversion - saltpath - saltversion - saltversioninfo - selinux - serialnumber - server_id - shell - swap_total - systemd - uid - username - uuid - virtual - zfs_feature_flags - zfs_support - zmqversion//查询某个key的值，比如想获取ip地址[root@master ~]# salt '*' grains.get fqdn_ip4192.168.69.201: - 127.0.0.1192.168.69.202: - 192.168.69.202[root@master ~]# salt '*' grains.get ip4_interfaces192.168.69.201: ---------- ens32: - 192.168.69.201 lo: - 127.0.0.1192.168.69.202: ---------- ens32: - 192.168.69.202 lo: - 127.0.0.1[root@master ~]# salt '*' grains.get ip4_interfaces:ens32192.168.69.201: - 192.168.69.201192.168.69.202: - 192.168.69.202目标匹配实例：用Grains来匹配minion：//在所有centos系统中执行命令[root@master ~]# salt -G 'os:CentOS' cmd.run 'uptime'192.168.69.202: 16:16:42 up 2 days, 7:27, 1 user, load average: 0.00, 0.01, 0.05192.168.69.201: 16:16:42 up 1 day, 2:17, 1 user, load average: 0.00, 0.03, 0.05

在top file里面使用Grains：

[root@master ~]# vim /srv/salt/base/top.slsbase: 'os:CentOS': - match: grain - web.apache.apache

自定义Grains的两种方法：

minion配置文件，在配置文件中搜索grains在/etc/salt下生成一个grains文件，在此文件中定义(推荐方式)

[root@master ~]# vim /etc/salt/grainstest-grains: linux-node1[root@master ~]# systemctl restart salt-minion[root@master ~]# salt '*' grains.get test-grains192.168.69.201: linux-node1192.168.69.202:

不重启的情况下自定义Grains：

[root@master ~]# vim /etc/salt/grainstest-grains: linux-node1wangqing: runtime[root@master ~]# salt '*' saltutil.sync_grains192.168.69.202:192.168.69.201:[root@master ~]# salt '*' grains.get wangqing192.168.69.201: runtime192.168.69.202:

2.2 SaltStack组件之Pillar

Pillar也是SaltStack组件中非常重要的组件之一，是数据管理中心，经常配置states在大规模的配置管理工作中使用它。Pillar在SaltStack中主要的作用就是存储和定义配置管理中需要的一些数据，比如软件版本号、用户名密码等信息，它的定义存储格式与Grains类似，都是YAML格式。

在Master配置文件中有一段Pillar settings选项专门定义Pillar相关的一些参数：

#pillar_roots:# base:# - /srv/pillar

默认Base环境下Pillar的工作目录在/srv/pillar目录下。若你想定义多个环境不同的Pillar工作目录，只需要修改此处配置文件即可。

Pillar的特点

可以给指定的minion定义它需要的数据只有指定的人才能看到定义的数据在master配置文件里设置

//查看pillar的信息[root@master ~]# salt '*' pillar.items192.168.69.202: ----------192.168.69.201: ----------

默认pillar是没有任何信息的，如果想查看信息，需要在 master 配置文件上把 pillar_opts的注释取消，并将其值设为 True。

[root@master ~]# vim /etc/salt/master# master config file that can then be used on minions.pillar_opts: True# The pillar_safe_render_error option prevents the master from passing pillar//重启master并查看pillar的信息[root@master ~]# systemctl restart salt-master[root@master ~]# salt '*' pillar.items....此处省略N行winrepo_passphrase: winrepo_password: winrepo_privkey: winrepo_pubkey: winrepo_refspecs: - +refs/heads/*:refs/remotes/origin/* - +refs/tags/*:refs/tags/* winrepo_remotes: - winrepo_remotes_ng: - winrepo_ssl_verify: True winrepo_user: worker_floscript: /usr/lib/python2.7/site-packages/salt/daemons/flo/worker.flo worker_threads: 5 zmq_backlog: 1000 zmq_filtering: False zmq_monitor: False

pillar自定义数据: 在master的配置文件里找pillar_roots可以看到其存放pillar的位置

[root@master ~]# vim /etc/salt/master...省略N行##### Pillar settings ################################################ Salt Pillars allow for the building of global data that can be made selectively# available to different minions based on minion grain filtering. The Salt# Pillar is laid out in the same fashion as the file server, with environments,# a top file and sls files. However, pillar data does not need to be in the# highstate format, and is generally just key/value pairs.pillar_roots: base: - /srv/pillar/base prod: - /srv/pillar/prod#ext_pillar:# - hiera: /etc/hiera.yaml# - cmd_yaml: cat /etc/salt/yaml[root@master ~]# mkdir -p /srv/pillar/{base,prod}[root@master ~]# tree /srv/pillar//srv/pillar/├── base└── prod2 directories, 0 files[root@master ~]# systemctl restart salt-master[root@master ~]# vim /srv/pillar/base/apache.sls{% if grains['os'] == 'CentOS' %}apache: elif grains['os'] == 'Debian' %}apache: apache2{% endif %}//定义top file入口文件[root@master ~]# vim /srv/pillar/base/top.slsbase: //指定环境 '192.168.69.202': //指定目标 - apache //引用apache.sls或apache/init.sls//这个top.sls文件的意思表示的是192.168.69.202这台主机的base环境能够访问到apache这个pillar[root@master ~]# salt '*' pillar.items192.168.69.202: ---------- apache: ---------- //在salt下修改apache的状态文件，引用pillar的数据[root@master ~]# vim /srv/salt/base/web/apache/apache.slsapache-install: pkg.installed: - name: {{ pillar['apache'] }}apache-service: service.running: - name: {{ pillar['apache'] }} - enable: True//执行高级状态文件[root@master ~]# salt '192.168.69.202' state.highstate192.168.69.202:---------- ID: apache-install Function: pkg.installed Name: Result: True Comment: All specified packages are already installed Started: 19:04:03.507998 Duration: 1437.852 ms Changes:---------- ID: apache-service Function: service.running Name: Result: True Comment: The service is already running Started: 19:04:04.949120 Duration: 88.905 ms Changes:Summary for 192.168.69.202------------Succeeded: 2Failed: 0------------Total states run: 2Total run time: 1.527 s

2.3 Grains与Pillar的区别

Grains: 存储位置:minion 类型 :静态 采集方式:1.minion启动时采集 2.可通过刷新避免重启minion服务 应用场景::1.信息查询 2.在命令行下进行目标匹配 3.在top file中进行目标匹配 4.在模板中进行目标匹配

Pillar 存储位置:master 类型 :动态 采集方式:指定，实时生效 应用场景::1.目标匹配 2.敏感数据配置

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。