SaltStack数据系统
两种数据系统:Grains和Pillar
1、Grains介绍
Grains又被成为静态数据。Minion启动的时候收集的minion本地的相关信息(操作系统版本,内核版本,CPU,内存,硬盘,设备型号,序列号)。
Grains功能
(1)资产管理;信息查询
(2)用于目标选择
(3)配置管理中使用
2、查看grains
把所有grains里的key都列出来[root@linux-node1 /etc/salt]# salt 'linux-node1*' grains.lslinux-node1.example.com: - SSDs - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - disks - dns - domain - fqdn - fqdn_ip4 - fqdn_ip6 - gid - gpus - groupname - host - hwaddr_interfaces - id - init - ip4_interfaces - ip6_interfaces - ip_interfaces - ipv4 - ipv6 - kernel - kernelrelease - locale_info - localhost - lsb_distrib_codename - lsb_distrib_id - machine_id - manufacturer - master - mdadm - mem_total - nodename - num_cpus - num_gpus - os - os_family - osarch - oscodename - osfinger - osfullname - osmajorrelease - osrelease - osrelease_info - path - pid - productname - ps - pythonexecutable - pythonpath - pythonversion - saltpath - saltversion - saltversioninfo - selinux - serialnumber - server_id - shell - systemd - uid - username - uuid - virtual - zmqversion
查看所有的grains的item
[root@linux-node1 /etc/salt]# salt 'linux-node1*' grains.itemslinux-node1.example.com: ---------- SSDs: biosreleasedate: 05/20/2014 biosversion: 6.00 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - dts - mmx - fxsr - sse - sse2 - ss - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - pebs - bts - nopl - xtopology - tsc_reliable - nonstop_tsc - aperfmperf - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - ida - arat - epb - pln - pts - dtherm - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - invpcid - xsaveopt cpu_model: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz cpuarch: x86_64 disks: - fd0 - sda - sr0 - dm-0 - dm-1 dns: ---------- domain: ip4_nameservers: - 192.168.56.2 ip6_nameservers: nameservers: - 192.168.56.2 search: domain: example.com fqdn: linux-node1.example.com fqdn_ip4: - 192.168.56.11 fqdn_ip6: gid: 0 gpus: |_ ---------- model: SVGA II Adapter vendor: unknown groupname: root host: linux-node1 hwaddr_interfaces: ---------- eth0: 00:0c:29:83:fc:c2 lo: 00:00:00:00:00:00 id: linux-node1.example.com init: systemd ip4_interfaces: ---------- eth0: - 192.168.56.11 - 192.168.56.20 lo: - 127.0.0.1 ip6_interfaces: ---------- eth0: - fe80::20c:29ff:fe83:fcc2 lo: - ::1 ip_interfaces: ---------- eth0: - 192.168.56.11 - 192.168.56.20 - fe80::20c:29ff:fe83:fcc2 lo: - 127.0.0.1 - ::1 ipv4: - 127.0.0.1 - 192.168.56.11 - 192.168.56.20 ipv6: - ::1 - fe80::20c:29ff:fe83:fcc2 kernel: Linux kernelrelease: 3.10.0-327.18.2.el7.x86_64 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 localhost: linux-node1 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux machine_id: bce98aed5563467fa74b78a99c46f6f5 manufacturer: VMware, Inc. master: 192.168.56.11 mdadm: mem_total: 1824 nodename: linux-node1 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.2.1511 osrelease_info: - 7 - 2 - 1511 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/bin:/sbin pid: 13810 productname: VMware Virtual Platform ps: ps -efH pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib64/python2.7/site-packages/gtk-2.0 - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 2016.3.1 saltversioninfo: - 2016 - 3 - 1 - 0 selinux: ---------- enabled: False enforced: Disabled serialnumber: VMware-56 4d 5f 3f de d4 01 f1-b8 8a e4 d6 84 83 fc c2 server_id: 1981947194 shell: /bin/sh systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 uid: 0 username: root uuid: 564d5f3f-ded4-01f1-b88a-e4d68483fcc2 virtual: VMWare zmqversion: 4.0.5
查看所有主机的IP地址
[root@linux-node1 /etc/salt]# salt '*' grains.item fqdn_ip4linux-node2.example.com: ---------- fqdn_ip4: - 192.168.56.12linux-node1.example.com: ---------- fqdn_ip4: - 192.168.56.11
使用参数-G,用于目标选择
[root@linux-node1 /etc/salt]# salt -G 'os:CentOS' test.pinglinux-node1.example.com: Truelinux-node2.example.com: True[root@linux-node1 /etc/salt]# salt -G 'os:CentOS' cmd.run 'w'linux-node1.example.com: 10:52:01 up 13:06, 2 users, load average: 0.02, 0.04, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 06:56 3:54m 0.18s 0.18s -bash root pts/0 192.168.56.1 09:39 1.00s 0.88s 0.72s /usr/bin/python /usr/bin/salt -G os:CentOS cmd.run wlinux-node2.example.com: 08:00:58 up 1 day, 17:30, 1 user, load average: 0.32, 0.08, 0.07 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 [root@linux-node1 /etc/salt]# salt -G 'fqdn_ip4:192.168.56.*' test.pinglinux-node1.example.com: Truelinux-node2.example.com: True
3、定义grains
在minion配置文件里修改
vi /etc/salt/minion搜索grains,然后将其注释取消掉,并定义rolesgrains: roles: apache切记,修改完需要重启systemctl restart salt-minion
查看grains有哪些角色
[root@linux-node1 /etc/salt]# salt '*' grains.item roleslinux-node1.example.com: ---------- roles:linux-node2.example.com: ---------- roles: apache由于只在node2上定义的role,所以只有node2上有返回值
重启所有角色为apache的服务
[root@linux-node1 /etc/salt]# salt -G 'roles:apache' cmd.run 'systemctl restart httpd'linux-node2.example.com:[root@linux-node1 /etc/salt]#
4、自定义grains
写grains
单独创建一个名称为grains的文件,minion会在此目录下找vi /etc/salt/grainscloud:openstack重启minion后查看[root@linux-node1 /etc/salt]# salt '*' grains.item cloudlinux-node1.example.com: ---------- cloud:linux-node2.example.com: ---------- cloud: openstack或者使用salt '*' saltutil.sync_grains 刷新grains
在top.sls文件中使用grains做目标选择
base: '*': - init.init 'roles:apache': - match: grains #使用grain方式进行匹配 - web.apache #动作
5、配置管理
自己开发一个Grains:
cd /srv/saltmkdir _grains
创建一个python文件my_grains.py
#!/usr/bin/env python#-*_ coding: utf-8 -*-def my_grains(): grains = {} grains['iaas'] = 'openstack' grains['edu'] = 'hehe' return grains 接下来需要将自定义的grains发送给minion
[root@linux-node1 /srv/salt/_grains]# salt '*' saltutil.sync_grainslinux-node2.example.com:linux-node1.example.com:
进入minion目录,查看自定义的grains被同步到什么地方
/var/cache/salt/minion/extmods查看新增的grainssalt '*' grains.item iaas
6、pillar
给特定的minion指定特定的数据。
修改pillar配置文件vi /etc/salt/pillarpillar_roots: base: - /srv/pillar/base prod: - /srv/pillar/prod
自己编写pillar
[root@linux-node1 /srv/pillar/web]# cat apache.sls {% if grains['os'] == 'CentOS' %}apache: httpd{% elif grains['os'] == 'Debian' %}apache: apache2{% endif %} 写完pillar后,需要执行salt '*' saltutil.refresh_pillar 进行刷新后才能看到新增的pillar
[root@linux-node1 /srv/pillar/web]# salt '*' pillar.items apachelinux-node1.example.com: ---------- apache: httpdlinux-node2.example.com: ---------- apache:
pillar使用场景
pillar使用参数-I进行匹配
salt -I 'apache:httpd' test.ping
salt -I 'apache:httpd' cmd.run 'w'
7、Grains VS Pillar
类型 数据采集方式 应用场景 定义位置Grains 静态 minion启动时收集 数据查询 目标选择 配置管理 minionPillar 动态 master自定义 目标选择 配置管理 敏感数据 master