SaltStack之数据系统
文章目录
1. SaltStack数据系统
SaltStack有两大数据系统,分别是:
- Grains
- Pillar
2. SaltStack数据系统组件
2.1 SaltStack组件之Grains
Grains是SaltStack的一个组件,其存放着minion启动时收集到的信息。
Grains是SaltStack组件中非常重要的组件之一,因为我们在做配置部署的过程中会经常使用它,Grains是SaltStack记录minion的一些静态信息的组件。可简单理解为Grains记录着每台minion的一些常用属性,比如CPU、内存、磁盘、网络信息等。我们可以通过grains.items查看某台minion的所有Grains信息。
Grains的功能:
- 收集资产信息
Grains应用场景:
- 信息查询
- 在命令行下进行目标匹配
- 在top file中进行目标匹配
- 在模板中进行目标匹配
模板中进行目标匹配请看:https://docs.saltstack.com/en/latest/topics/pillar/
信息查询实例:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 |
列出所有grains的key和value
[root@master ~]# salt '192.168.153.141' grains.items
192.168.153.141:
----------
SSDs:
- dm-0
- dm-1
- nvme0n1
biosreleasedate: //bios的时间
04/13/2018
biosversion: //bios的版本
6.00
cpu_flags: //cpu相关的属性
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- eagerfpu
- pni
- pclmulqdq
- vmx
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- ssbd
- ibrs
- ibpb
- stibp
- tpr_shadow
- vnmi
- ept
- vpid
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- mpx
- rdseed
- adx
- smap
- clflushopt
- xsaveopt
- xsavec
- arat
- spec_ctrl
- intel_stibp
- flush_l1d
- arch_capabilities
cpu_model: //cpu的具体型号
Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
cpuarch: //cpu的架构
x86_64
disks:
- sr0
dns:
----------
domain:
ip4_nameservers:
- 192.168.153.2
ip6_nameservers:
nameservers:
- 192.168.153.2
options:
search:
- localdomain
sortlist:
domain:
fqdn:
minion
fqdn_ip4: //ip地址
- 192.168.153.141
fqdn_ip6:
- fe80::20c:29ff:fe65:2d90
fqdns:
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
vmware
groupname:
root
host: //主机名
minion
hwaddr_interfaces:
----------
ens32:
00:0c:29:65:2d:90
lo:
00:00:00:00:00:00
id: //minion的ID
192.168.153.141
init:
systemd
ip4_gw:
192.168.153.2
ip4_interfaces:
----------
ens32:
- 192.168.153.141
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens32:
- fe80::20c:29ff:fe65:2d90
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens32:
- 192.168.153.141
- fe80::20c:29ff:fe65:2d90
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.153.141
ipv6:
- ::1
- fe80::20c:29ff:fe65:2d90
kernel:
Linux
kernelrelease:
3.10.0-957.el7.x86_64
kernelversion:
#1 SMP Thu Nov 8 23:39:32 UTC 2018
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
zh_CN
detectedencoding:
UTF-8
localhost:
minion
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
6f280181d6cc47b0825de02f2c7e76a3
manufacturer:
VMware, Inc.
master:
192.168.153.136
mdadm:
mem_total:
1538
nodename:
minion
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.6.1810
osrelease_info:
- 7
- 6
- 1810
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
7461
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib64/python2.7/site-packages/gtk-2.0
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2019.2.0
saltversioninfo:
- 2019
- 2
- 0
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d aa 3c 10 d5 dc e0-87 ec ee 70 30 65 2d 90
server_id:
1797657207
shell:
/bin/sh
swap_total:
3071
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
3caa4d56-d510-e0dc-87ec-ee7030652d90
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
只查询所有的grains的key
[root@master ~]# salt '192.168.153.141' grains.ls
192.168.153.141:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- fqdns
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
查询某个key的值,比如想获取ip地址
[root@master ~]# salt '*' grains.get fqdn_ip4
192.168.153.141:
- 192.168.153.141
192.168.153.136:
- 192.168.153.136
[root@master ~]# salt '*' grains.get ip4_interfaces
192.168.153.141:
----------
ens32:
- 192.168.153.141
lo:
- 127.0.0.1
192.168.153.136:
----------
ens32:
- 192.168.153.136
lo:
- 127.0.0.1
[root@master ~]# salt '*' grains.get ip4_interfaces:ens32
192.168.153.141:
- 192.168.153.141
192.168.153.136:
- 192.168.153.136 |
目标匹配实例:
用Grains来匹配minion:
1 2 3 4 5 6 |
在所有centos系统中执行命令
[root@master ~]# salt -G 'os:CentOS' cmd.run 'uptime'
192.168.153.141:
19:41:29 up 1:33, 1 user, load average: 0.00, 0.01, 0.05
192.168.153.136:
19:41:29 up 1:33, 1 user, load average: 0.00, 0.01, 0.05 |
在top file里面使用Grains:
1 2 3 4 5 6 7 8 9 10 |
[root@master ~]# vim /srv/salt/base/top.sls
base:
'192.168.153.141':
- web.apache.apache
'os:CentOS':
- match: grain
- fspub.vsftpd
效果:141这个主机会执行apache这个文件,所有centos主机会执行vsftpd这个文件 |
自定义Grains的两种方法:
- minion配置文件,在配置文件中搜索grains
- 在/etc/salt下生成一个grains文件,在此文件中定义(推荐方式)
1 2 3 4 5 6 7 |
[root@master ~]# vim /etc/salt/grains
test-grains: linux-node1
[root@master ~]# systemctl restart salt-minion
[root@master ~]# salt '*' grains.get test-grains
192.168.153.141:
192.168.153.136:
linux-node1 |
不重启的情况下自定义Grains:
1 2 3 4 5 6 7 8 9 10 11 |
[root@master ~]# vim /etc/salt/grains
test-grains: linux-node1
itwhs: design
[root@master ~]# salt '*' saltutil.sync_grains
192.168.153.136:
192.168.153.141:
[root@master ~]# salt '*' grains.get itwhs
192.168.153.136:
design
192.168.153.141: |
2.2 SaltStack组件之Pillar
Pillar也是SaltStack组件中非常重要的组件之一,是数据管理中心,经常配置states在大规模的配置管理工作中使用它。Pillar在SaltStack中主要的作用就是存储和定义配置管理中需要的一些数据,比如软件版本号、用户名密码等信息,它的定义存储格式与Grains类似,都是YAML格式。
在Master配置文件中有一段Pillar settings选项专门定义Pillar相关的一些参数:
1 2 3 |
#pillar_roots: # base: # - /srv/pillar |
默认Base环境下Pillar的工作目录在/srv/pillar目录下。若你想定义多个环境不同的Pillar工作目录,只需要修改此处配置文件即可。
Pillar的特点:
- 可以给指定的minion定义它需要的数据
- 只有指定的人才能看到定义的数据
- 在master配置文件里设置
1 2 3 4 5 6 |
查看pillar的信息
[root@master ~]# salt '*' pillar.items
192.168.153.136:
----------
192.168.153.141:
---------- |
默认pillar是没有任何信息的,如果想查看信息,需要在 master 配置文件上把 pillar_opts的注释取消,并将其值设为 True。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[root@master ~]# vim /etc/salt/master
# master config file that can then be used on minions.
pillar_opts: True
# The pillar_safe_render_error option prevents the master from passing pillar
重启master并查看pillar的信息
[root@master ~]# systemctl restart salt-master
[root@master ~]# salt '*' pillar.items
....此处省略N行
winrepo_passphrase:
winrepo_password:
winrepo_privkey:
winrepo_pubkey:
winrepo_refspecs:
- +refs/heads/*:refs/remotes/origin/*
- +refs/tags/*:refs/tags/*
winrepo_remotes:
- https://github.com/saltstack/salt-winrepo.git
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
winrepo_ssl_verify:
True
winrepo_user:
worker_floscript:
/usr/lib/python2.7/site-packages/salt/daemons/flo/worker.flo
worker_threads:
5
zmq_backlog:
1000
zmq_filtering:
False
zmq_monitor:
False |
pillar自定义数据: 在master的配置文件里找pillar_roots可以看到其存放pillar的位置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
[root@master ~]# vim /etc/salt/master
...省略N行
##### Pillar settings #####
##########################################
# Salt Pillars allow for the building of global data that can be made selectively
# available to different minions based on minion grain filtering. The Salt
# Pillar is laid out in the same fashion as the file server, with environments,
# a top file and sls files. However, pillar data does not need to be in the
# highstate format, and is generally just key/value pairs.
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
#ext_pillar:
# - hiera: /etc/hiera.yaml
# - cmd_yaml: cat /etc/salt/yaml
[root@master ~]# mkdir -p /srv/pillar/{base,prod}
[root@master ~]# tree /srv/pillar/
/srv/pillar/
├── base
└── prod
2 directories, 0 files
[root@master ~]# systemctl restart salt-master
[root@master ~]# vim /srv/pillar/base/apache.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
{% elif grains['os'] == 'Debian' %}
apache: apache2
{% endif %}
定义top file入口文件
[root@master ~]# vim /srv/pillar/base/top.sls
base: //指定环境
'192.168.153.141': //指定目标
- apache //引用apache.sls或apache/init.sls
这个top.sls文件的意思表示的是192.168.153.141这台主机的base环境能够访问到apache这个pillar
[root@master ~]# salt '*' pillar.items
192.168.153.141:
----------
apache:
httpd
master: //这里的master就是136这个主机
----------
........
在salt下修改apache的状态文件,引用pillar的数据
[root@master ~]# vim /srv/salt/base/web/apache/apache.sls
apache-install:
pkg.installed:
- name: {{ pillar['apache'] }}
apache-service:
service.running:
- name: {{ pillar['apache'] }}
- enable: True
执行高级状态文件
[root@master ~]# salt '192.168.153.141' state.highstate
192.168.153.141:
----------
ID: apache-install
Function: pkg.installed
Name: httpd //根据系统类型,自动安装的是httpd
Result: True
Comment: All specified packages are already installed
Started: 20:18:05.355675
Duration: 952.802 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 20:18:06.310231
Duration: 52.423 ms
Changes:
----------
ID: vsftpd_install
Function: pkg.installed
Name: vsftpd
Result: True
Comment: All specified packages are already installed
Started: 20:18:06.363005
Duration: 19.337 ms
Changes:
----------
ID: vsftpd_install
Function: pkg.installed
Name: httpd-tools
Result: True
Comment: All specified packages are already installed
Started: 20:18:06.382502
Duration: 16.545 ms
Changes:
----------
ID: vsftpd_systemctl
Function: service.running
Name: vsftpd
Result: True
Comment: The service vsftpd is already running
Started: 20:18:06.399288
Duration: 39.108 ms
Changes:
Summary for 192.168.153.141
------------
Succeeded: 5
Failed: 0
------------
Total states run: 5
Total run time: 1.080 s |
2.3 Grains与Pillar的区别
| 存储位置 | 类型 | 采集方式 | 应用场景 | |
|---|---|---|---|---|
| Grains | minion | 静态 | minion启动时采集 可通过刷新避免重启minion服务 |
1.信息查询 2.在命令行下进行目标匹配 3.在top file中进行目标匹配 4.在模板中进行目标匹配 |
| Pillar | master | 动态 | 指定,实时生效 | 1.目标匹配 2.敏感数据配置 |