数据系统-Pillar
pillar和grains类似,但是它能给minion指定它想要的数据,安全性较好,另外它是在master端设置的
应用场景:
grains的特性–每次启动汇报、静态决定了它没有pillar灵活,要知道pillar是随时可变的,只要在master端修改了那一般都会立刻生效的。
grains的特性–每次启动汇报、静态决定了它没有pillar灵活,要知道pillar是随时可变的,只要在master端修改了那一般都会立刻生效的。
所以grains更适合做一些静态的属性值的采集,例如设备的角色(role),磁盘个数(disk_num)等诸如此类非常固定的属性。
如果你想定义的属性值是经常变化的,那请采用pillar,如果是很固定、不易变的那请用grains。
grain和pillar区别
1.grains存储的是静态、不常变化的内容,pillar则相反
2.grains是存储在minion本地,而pillar存储在master本地
3.minion有权限操作自己的grains值,如增加、删除,但minion只能查看自己的pillar,无权修改
如果你想定义的属性值是经常变化的,那请采用pillar,如果是很固定、不易变的那请用grains。
grain和pillar区别
1.grains存储的是静态、不常变化的内容,pillar则相反
2.grains是存储在minion本地,而pillar存储在master本地
3.minion有权限操作自己的grains值,如增加、删除,但minion只能查看自己的pillar,无权修改
查看当前默认的pillar,其实是有的,因为用处不大,默认给关闭了
[root@master pillar]# salt '*' pillar.items
minion01:
----------
minion02:
----------
[root@master pillar]#
vim /etc/salt/master
第552行
# The pillar_opts option adds the master configuration file data to a dict in # the pillar called "master". This is used to set simple configurations in the # master config file that can then be used on minions. #pillar_opts: False
取消注释,把False改成True
# The pillar_opts option adds the master configuration file data to a dict in # the pillar called "master". This is used to set simple configurations in the # master config file that can then be used on minions. pillar_opts: True
重启master服务
[root@master pillar]# /etc/init.d/salt-master restart Stopping salt-master daemon: [ OK ] Starting salt-master daemon: [ OK ] [root@master pillar]#
查看默认的pillar信息
[root@master pillar]# salt 'minion01' pillar.items
minion01:
----------
master:
----------
__role:
master
auth_mode:
1
auto_accept:
False
cache_sreqs:
True
cachedir:
/var/cache/salt/master
cli_summary:
False
client_acl:
----------
client_acl_blacklist:
----------
cluster_masters:
cluster_mode:
paranoid
con_cache:
False
conf_file:
/etc/salt/master
config_dir:
/etc/salt
cython_enable:
False
daemon:
True
default_include:
master.d/*.conf
enable_gpu_grains:
False
enforce_mine_cache:
False
enumerate_proxy_minions:
False
environment:
None
event_return:
event_return_blacklist:
event_return_queue:
0
event_return_whitelist:
ext_job_cache:
ext_pillar:
extension_modules:
/var/cache/salt/extmods
external_auth:
----------
failhard:
False
file_buffer_size:
1048576
file_client:
local
file_ignore_glob:
None
file_ignore_regex:
None
file_recv:
False
file_recv_max_size:
100
file_roots:
----------
base:
- /srv/salt
fileserver_backend:
- roots
fileserver_followsymlinks:
True
fileserver_ignoresymlinks:
False
fileserver_limit_traversal:
False
gather_job_timeout:
10
gitfs_base:
master
gitfs_env_blacklist:
gitfs_env_whitelist:
gitfs_insecure_auth:
False
gitfs_mountpoint:
gitfs_passphrase:
gitfs_password:
gitfs_privkey:
gitfs_pubkey:
gitfs_remotes:
gitfs_root:
gitfs_user:
hash_type:
md5
hgfs_base:
default
hgfs_branch_method:
branches
hgfs_env_blacklist:
hgfs_env_whitelist:
hgfs_mountpoint:
hgfs_remotes:
hgfs_root:
id:
minion01
interface:
0.0.0.0
ioflo_console_logdir:
ioflo_period:
0.01
ioflo_realtime:
True
ioflo_verbose:
0
ipv6:
False
jinja_lstrip_blocks:
False
jinja_trim_blocks:
False
job_cache:
True
keep_jobs:
24
key_logfile:
/var/log/salt/key
keysize:
2048
log_datefmt:
%H:%M:%S
log_datefmt_logfile:
%Y-%m-%d %H:%M:%S
log_file:
/var/log/salt/master
log_fmt_console:
[%(levelname)-8s] %(message)s
log_fmt_logfile:
%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s][%(process)d] %(message)s
log_granular_levels:
----------
log_level:
debug
loop_interval:
60
maintenance_floscript:
/usr/lib/python2.6/site-packages/salt/daemons/flo/maint.flo
master_floscript:
/usr/lib/python2.6/site-packages/salt/daemons/flo/master.flo
master_job_cache:
local_cache
master_pubkey_signature:
master_pubkey_signature
master_roots:
----------
base:
- /srv/salt-master
master_sign_key_name:
master_sign
master_sign_pubkey:
False
master_tops:
----------
master_use_pubkey_signature:
False
max_event_size:
1048576
max_minions:
0
max_open_files:
100000
minion_data_cache:
True
minionfs_blacklist:
minionfs_env:
base
minionfs_mountpoint:
minionfs_whitelist:
nodegroups:
----------
lamp:
L@minion01,minion02
lnmp:
minion02
open_mode:
False
order_masters:
False
outputter_dirs:
peer:
----------
permissive_pki_access:
False
pidfile:
/var/run/salt-master.pid
pillar_opts:
True
pillar_roots:
----------
base:
- /srv/pillar
pillar_safe_render_error:
True
pillar_source_merging_strategy:
smart
pillar_version:
2
pillarenv:
None
ping_on_rotate:
False
pki_dir:
/etc/salt/pki/master
preserve_minion_cache:
False
pub_hwm:
1000
publish_port:
4505
publish_session:
86400
queue_dirs:
raet_alt_port:
4511
raet_clear_remotes:
False
raet_main:
True
raet_mutable:
False
raet_port:
4506
range_server:
range:80
reactor:
reactor_refresh_interval:
60
reactor_worker_hwm:
10000
reactor_worker_threads:
10
renderer:
yaml_jinja
ret_port:
4506
root_dir:
/
rotate_aes_key:
True
runner_dirs:
saltversion:
2015.5.10
search:
search_index_interval:
3600
serial:
msgpack
show_jid:
False
show_timeout:
True
sign_pub_messages:
False
sock_dir:
/var/run/salt/master
sqlite_queue_dir:
/var/cache/salt/master/queues
ssh_passwd:
ssh_port:
22
ssh_scan_ports:
22
ssh_scan_timeout:
0.01
ssh_sudo:
False
ssh_timeout:
60
ssh_user:
root
state_aggregate:
False
state_auto_order:
True
state_events:
False
state_output:
full
state_top:
salt://top.sls
state_top_saltenv:
None
state_verbose:
True
sudo_acl:
False
svnfs_branches:
branches
svnfs_env_blacklist:
svnfs_env_whitelist:
svnfs_mountpoint:
svnfs_remotes:
svnfs_root:
svnfs_tags:
tags
svnfs_trunk:
trunk
syndic_dir:
/var/cache/salt/master/syndics
syndic_event_forward_timeout:
0.5
syndic_jid_forward_cache_hwm:
100
syndic_master:
syndic_max_event_process_time:
0.5
syndic_wait:
5
timeout:
5
token_dir:
/var/cache/salt/master/tokens
token_expire:
43200
transport:
zeromq
user:
root
verify_env:
True
win_gitrepos:
- https://github.com/saltstack/salt-winrepo.git
win_repo:
/srv/salt/win/repo
win_repo_mastercachefile:
/srv/salt/win/repo/winrepo.p
worker_floscript:
/usr/lib/python2.6/site-packages/salt/daemons/flo/worker.flo
worker_threads:
5
zmq_filtering:
False
[root@master pillar]#
用处不大,关闭即可
自定义pillar信息,pillar也有自己的file_root
vim /etc/salt/master
找到529行,取消这3行的注释
##### Pillar settings #####
##########################################
# Salt Pillars allow for the building of global data that can be made selectively
# available to different minions based on minion grain filtering. The Salt
# Pillar is laid out in the same fashion as the file server, with environments,
# a top file and sls files. However, pillar data does not need to be in the
# highstate format, and is generally just key/value pairs.
pillar_roots:
base:
- /srv/pillar
重启服务,创建目录
[root@master pillar]# vim /etc/salt/master [root@master pillar]# /etc/init.d/salt-master restart Stopping salt-master daemon: [ OK ] Starting salt-master daemon: [ OK ] [root@master pillar]# mkdir /srv/pillar -p [root@master pillar]#
另外pillar也有top file
这个top.sls也可以改名,比如改为hehe.sls
但是这个文件必须放在pillar的base目录下
pillar和grains的base目录是两回事不要弄混了,它们都有自己的base目录
自定义一些pillar信息
结合jinja语法和grains信息,jinja语法是一种语法格式,具体的可以查看jinja语法这篇笔记,难度不大,容易懂
操作如下,另外它也有自己的top.sls入口文件,在自己的base目录下
[root@master ~]# salt '*' pillar.items
minion02:
----------
minion01:
----------
[root@master ~]# cd /srv/pillar/
[root@master pillar]# ls
packages.sls top.sls
[root@master pillar]# cat packages.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
git: git
{% elif grains['os'] == 'Debian' %}
apache: apache2
git: git-core
{% endif %}
[root@master pillar]# cat top.sls
base:
minion02:
- packages
[root@master pillar]#
上面我们设置了,给centos系统设置pillar信息
让apache的显示httpd
git显示git
然后通过top.sls只给minion02执行这个pillar信息
[root@master pillar]# salt '*' pillar.items
minion01:
----------
minion02:
----------
apache:
httpd
git:
git
[root@master pillar]#
修改下文件,这样下次管理很多minion的时候,安装包时,就可以根据不同系统执行不同的安装操作了
[root@master pillar]# cat packages.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
{% elif grains['os'] == 'Debian' %}
apache: apache2
{% endif %}
[root@master pillar]# cat top.sls
base:
'*':
- packages
[root@master pillar]# salt '*' pillar.items
minion02:
----------
apache:
httpd
minion01:
----------
apache:
httpd
[root@master pillar]#
还可以通过pillar信息,然后在命令行远程执行test.ping找出哪些机器是centos系统的
看到下面minion01是不是无响应,是因为pillar信息是在master上定义的,所以上面执行pillar.items能显示就是因为信息在master上,但是没有刷新到minion上呢
[root@master pillar]# salt -I 'apache:httpd' test.ping
minion02:
True
minion01:
Minion did not return. [No response]
[root@master pillar]#
所以每次定义完pillar信息,需要先刷新到minion上,再执行命令
如下刷新方法
[root@master pillar]# salt '*' saltutil.refresh_pillar
minion02:
True
minion01:
True
[root@master pillar]# salt -I 'apache:httpd' test.ping
minion02:
True
minion01:
True
[root@master pillar]#