saltstack配置管理和数据系统
文章目录
- 1.YAML语言
- 2. 用SaltStack配置一个yum安装的nginx实例
- 3. top file
- 3.1 top file介绍
- 3.2 top file实例
- 3.3 高级状态highstate的使用
- 4. SaltStack之数据系统
- 4.1 什么是数据系统
- 4.2 Grains
- 4.2.1 查询Grains信息
- 4.2.2 通过`grains.get xx`查询某个key的值
- 4.2.3 目标匹配实例:
- 4.2.4 在top file里面使用Grains:
- 4.2.5 自定义Grains的两种方法
- 4.3 Pillar
- 4.3.1 查询Pillar信息
- 4.3.2 pillar自定义数据
- 4.4 Grains与Pillar的区别
1.YAML语言
YAML(YAML Ain’t Markup Language)语言(发音 /ˈjæməl/ )是一个类似 XML、JSON 的标记性语言。YAML 强调以数据为中心,并不是以标识语言为重点。因而 YAML 本身的定义比较简单,号称“一种人性化的数据格式语言”。目的就是方便人类读写。
它实质上是一种通用的数据串行化格式,容易和脚本语言交互,用来表达资料序列的编程语言。
YAML语言的格式如下:
house:family:name: Doeparents:- John- Janechildren:- Paul- Mark- Simoneaddress:number: 34street: Main Streetcity: Nowheretownzipcode: 12345
YAML语言的基本语法规则:
- 使用缩进来表示层级关系,每层2个空格,只允许使用空格,禁止使用TAB键
- 缩进的空格数目不重要,只要相同层级的元素左侧对齐即可
- 当冒号不是处于最后时,冒号后面必须有一个空格
- 用 - 表示列表,- 的后面必须有一个空格
- 用 # 表示注释
- 大小写敏感
YAML配置文件要放到SaltStack让我们放的位置,可以在SaltStack的 Master 配置文件中查找file_roots即可看到。
[root@master ~]# vim /etc/salt/master
...此处省略N行
file_roots:base:- /srv/salt/basetest:- /srv/salt/testdev:- /srv/salt/devprod:- /srv/salt/prod
...此处省略N行[root@master ~]# mkdir -p /srv/salt/{base,test,dev,prod}
[root@master ~]# tree /srv/salt/
/srv/salt/
├── base
├── dev
├── prod
└── test4 directories, 0 files
[root@master ~]# systemctl restart salt-master
需要注意:
base是默认的位置,如果file_roots只有一个,则base是必备的且必须叫base,不能改名。
2. 用SaltStack配置一个yum安装的nginx实例
在master上部署sls配置文件并执行
[root@master ~]# mkdir -p /srv/salt/web/nginx
[root@master ~]# cd /srv/salt/web/nginx
[root@master nginx]# vim install.sls #生成状态描述文件
nginx-install:pkg.installed:- name: nginxnginx-service:service.running:- name: nginx- enable: True
// YAML 配置文件中顶格写的被称作ID,必须全局唯一,不能重复
// SaltStack 读 YAML 配置文件时是从上往下读,所以要把先执行的写在前面//执行状态描述文件
[root@master ~]# salt 'minion' state.sls web.nginx.install
minion:
----------ID: nginx-installFunction: pkg.installedName: nginxResult: TrueComment: The following packages were installed/updated: nginxStarted: 16:52:31.968433Duration: 28912.614 msChanges: ----------gd:----------new:2.2.5-7.el8old:libXpm:----------new:3.5.12-8.el8old:libwebp:----------new:1.0.0-5.el8old:nginx:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:nginx-all-modules:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:nginx-filesystem:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:nginx-mod-http-image-filter:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:nginx-mod-http-perl:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:nginx-mod-http-xslt-filter:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:nginx-mod-mail:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:nginx-mod-stream:----------new:1:1.14.1-9.module_el8.0.0+184+e34fea82old:perl-Carp:----------new:1.42-396.el8old:perl-Data-Dumper:----------new:2.167-399.el8old:perl-Digest:----------new:1.17-395.el8old:perl-Digest-MD5:----------new:2.55-396.el8old:perl-Encode:----------new:4:2.97-3.el8old:perl-Errno:----------new:1.28-420.el8old:perl-Exporter:----------new:5.72-396.el8old:perl-File-Path:----------new:2.15-2.el8old:perl-File-Temp:----------new:0.230.600-1.el8old:perl-Getopt-Long:----------new:1:2.50-4.el8old:perl-HTTP-Tiny:----------new:0.074-1.el8old:perl-IO:----------new:1.38-420.el8old:perl-IO-Socket-IP:----------new:0.39-5.el8old:perl-IO-Socket-SSL:----------new:2.066-4.module_el8.4.0+517+be1595ffold:perl-MIME-Base64:----------new:3.15-396.el8old:perl-Mozilla-CA:----------new:20160104-7.module_el8.3.0+416+dee7bcefold:perl-Net-SSLeay:----------new:1.88-1.module_el8.4.0+517+be1595ffold:perl-PathTools:----------new:3.74-1.el8old:perl-Pod-Escapes:----------new:1:1.07-395.el8old:perl-Pod-Perldoc:----------new:3.28-396.el8old:perl-Pod-Simple:----------new:1:3.35-395.el8old:perl-Pod-Usage:----------new:4:1.69-395.el8old:perl-Scalar-List-Utils:----------new:3:1.49-2.el8old:perl-Socket:----------new:4:2.027-3.el8old:perl-Storable:----------new:1:3.11-3.el8old:perl-Term-ANSIColor:----------new:4.06-396.el8old:perl-Term-Cap:----------new:1.17-395.el8old:perl-Text-ParseWords:----------new:3.30-395.el8old:perl-Text-Tabs+Wrap:----------new:2013.0523-395.el8old:perl-Time-Local:----------new:1:1.280-1.el8old:perl-URI:----------new:1.73-3.el8old:perl-Unicode-Normalize:----------new:1.25-396.el8old:perl-constant:----------new:1.33-396.el8old:perl-interpreter:----------new:4:5.26.3-420.el8old:perl-libnet:----------new:3.11-3.el8old:perl-libs:----------new:4:5.26.3-420.el8old:perl-macros:----------new:4:5.26.3-420.el8old:perl-parent:----------new:1:0.237-1.el8old:perl-podlators:----------new:4.11-1.el8old:perl-threads:----------new:1:2.21-2.el8old:perl-threads-shared:----------new:1.58-2.el8old:
----------ID: nginx-serviceFunction: service.runningName: nginxResult: TrueComment: Service nginx has been enabled, and is runningStarted: 16:53:00.976044Duration: 899.623 msChanges: ----------nginx:TrueSummary for minion
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 29.812 s
在Minion上查看nginx状态
[root@minion ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)Active: active (running) since Sat 2021-07-03 16:53:01 CST; 10min agoMain PID: 3696 (nginx)Tasks: 3 (limit: 16538)Memory: 9.8MCGroup: /system.slice/nginx.service├─3696 nginx: master process /usr/sbin/nginx├─3698 nginx: worker process└─3699 nginx: worker process7月 03 16:53:01 minion systemd[1]: Starting The nginx HTTP and reverse proxy server...
7月 03 16:53:01 minion nginx[3358]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
7月 03 16:53:01 minion nginx[3358]: nginx: configuration file /etc/nginx/nginx.conf test is successful
7月 03 16:53:01 minion systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@minion ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:*
网页访问
执行状态文件时可以先用test.ping测试需要执行状态文件的主机是否能正常通信,然后再执行状态文件。
3. top file
3.1 top file介绍
从以上的实例我们可以看出直接通过命令执行sls文件时我们还要告诉某台主机要执行某个任务,如果有几百太机器呢?我们还要一条条的去执行,显然这不是自动化。自动化的本质应该是我们让它干活时,它自己就知道哪台主机要干什么活,但是直接通过命令执行sls文件并不能达到这个目的,为了解决这个问题,top file 应运而生。
top file就是一个入口,top file的文件名可通过在 master的配置文件中搜索top.sls找出,且此文件必须在 base 环境中,默认情况下此文件必须叫top.sls。
top file的作用就是告诉对应的主机要干什么活,比如让web服务器启动web服务,让数据库服务器安装mysql等等。
top file的格式
Env: #环境Target: #目标- StateFile #状态文件
这三个组件之间的关系如下:
- 环境包含目标
- 目标包含环境
3.2 top file实例
我们继续以nginx服务为例,先停掉minion上的nginx。
[root@minion ~]# systemctl stop nginx
[root@minion ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
在 /srv/salt/base/下面生成top.sls文件
[root@master ~]# vim /srv/salt/base/top.sls
base: #执行状态文件的环境minion: #执行状态文件的目标- web.nginx.install #要执行的状态文件
使用高级状态highstate来执行
[root@master ~]# salt '*' state.highstate
master:
----------ID: statesFunction: no.NoneResult: FalseComment: No Top file or master_tops data matches found. Please see master log for details.Changes: Summary for master
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
minion:
----------ID: nginx-installFunction: pkg.installedName: nginxResult: TrueComment: All specified packages are already installedStarted: 17:23:09.001801Duration: 1151.354 msChanges:
----------ID: nginx-serviceFunction: service.runningName: nginxResult: TrueComment: Service nginx is already enabled, and is runningStarted: 17:23:10.155707Duration: 193.941 msChanges: ----------nginx:TrueSummary for minion
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 1.345 s
ERROR: Minions returned with non-zero exit code
在Minion上查看nginx状态
[root@minion ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:*
[root@minion ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)Active: active (running) since Sat 2021-07-03 17:23:10 CST; 3min 25s agoProcess: 4308 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)Process: 4305 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)Process: 4303 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)Main PID: 4309 (nginx)Tasks: 3 (limit: 16538)Memory: 5.6MCGroup: /system.slice/nginx.service├─4309 nginx: master process /usr/sbin/nginx├─4310 nginx: worker process└─4311 nginx: worker process7月 03 17:23:10 minion systemd[1]: Starting The nginx HTTP and reverse proxy server...
7月 03 17:23:10 minion nginx[4305]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
7月 03 17:23:10 minion nginx[4305]: nginx: configuration file /etc/nginx/nginx.conf test is successful
7月 03 17:23:10 minion systemd[1]: Started The nginx HTTP and reverse proxy server
注意:
如果top file里面的目标是用 * 表示的,则意味着所有的目标都要执行。而 salt ‘*’ state.highstate 里面的 * 表示通知所有机器干活,而是否要干活则是由top file来指定的。
上面我们在top file里面没有给master安排任务,所以当我们执行salt ‘*’ state.highstate 的时候,看到它提示master找不到任务。
3.3 高级状态highstate的使用
管理SaltStack时一般使用的管理操作就是执行高级状态,这也是自动化的意义所在。
若在执行高级状态时加上参数test=True,则它会告诉我们它将会做什么,但是它不会真的去执行这个操作。
//停掉nginx服务
[root@minion ~]# systemctl stop nginx
[root@minion ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:* //在master上执行高级状态的测试
[root@master ~]# salt 'minion' state.highstate test=True
minion:
----------ID: nginx-installFunction: pkg.installedName: nginxResult: TrueComment: All specified packages are already installedStarted: 17:34:48.896395Duration: 1036.339 msChanges:
----------ID: nginx-serviceFunction: service.runningName: nginxResult: NoneComment: Service nginx is set to startStarted: 17:34:49.935327Duration: 58.789 msChanges: Summary for minion
------------
Succeeded: 2 (unchanged=1)
Failed: 0
------------
Total states run: 2
Total run time: 1.095 s//在minion上查看nginx是否启动
[root@minion ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@minion ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)Active: inactive (dead) since Sat 2021-07-03 17:32:43 CST; 3min 20s agoProcess: 4308 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)Process: 4305 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)Process: 4303 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)Main PID: 4309 (code=exited, status=0/SUCCESS)7月 03 17:23:10 minion systemd[1]: Starting The nginx HTTP and reverse proxy server...
7月 03 17:23:10 minion nginx[4305]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
7月 03 17:23:10 minion nginx[4305]: nginx: configuration file /etc/nginx/nginx.conf test is successful
7月 03 17:23:10 minion systemd[1]: Started The nginx HTTP and reverse proxy server.
7月 03 17:32:43 minion systemd[1]: Stopping The nginx HTTP and reverse proxy server...
7月 03 17:32:43 minion systemd[1]: nginx.service: Succeeded.
7月 03 17:32:43 minion systemd[1]: Stopped The nginx HTTP and reverse proxy server.
//此处可见nginx并没有启动,所以高级状态是没有执行的。
4. SaltStack之数据系统
4.1 什么是数据系统
数据系统是指由数据获取、数据存储、数据更新、数据流通和数据挖掘5部分组成的按照不同的层次分布式存储而成的系统。这样,我们就可以快速地、完整地、形象地、变尺度地了解各种宏观和微观的情况,并充分发挥这些数据的作用。
SaltStack有两大数据系统,分别是:
- Grains
- Pillar
4.2 Grains
Grains是SaltStack的一个组件,其存放着minion启动时收集到的信息
Grains是SaltStack组件中非常重要的组件之一,因为我们在做配置部署的过程中会经常使用它,Grains是SaltStack记录minion的一些静态信息的组件。可简单理解为Grains记录着每台minion的一些常用属性,比如CPU、内存、磁盘、网络信息等。我们可以通过grains.items查看某台minion的所有Grains信息。
Grains的功能:
- 收集资产信息
Grains应用场景:
- 信息查询
- 在命令行下进行目标匹配
- 在top file中进行目标匹配
- 在模板中进行目标匹配
模板中进行目标匹配请查看网址:https://docs.saltstack.com/en/latest/topics/pillar/
4.2.1 查询Grains信息
我们先在一台Ubuntu系统的主机上部署salt-minion
可参考官方地址:https://repo.saltproject.io/#ubuntu
//部署Ubuntu的时候是普通账号,先给root用户设置密码
iping@liping-virtual-machine:~/桌面$ sudo passwd
[sudo] liping 的密码:
新的 密码:
重新输入新的 密码:
passwd:已成功更新密码
liping@liping-virtual-machine:~/桌面$ su root
密码: //先安装curl命令,Ubuntu使用apt命令安装
root@liping-virtual-machine:/home/liping/桌面# apt install curl
root@liping-virtual-machine:/home/liping/桌面# cd /etc/apt
root@liping-virtual-machine:/etc/apt# ls
apt.conf.d preferences.d sources.list.d trusted.gpg
auth.conf.d sources.list sources.list.save trusted.gpg.d//Ubuntu默认使用的国外源,可能会很慢,我们将配置成清华大学的源
//先备份sources.list
root@liping-virtual-machine:~# cd /etc/apt
root@liping-virtual-machine:/etc/apt# ls
apt.conf.d preferences.d sources.list.bak sources.list.save trusted.gpg.d
auth.conf.d sources.list sources.list.d trusted.gpg
//替换sources.list
root@liping-virtual-machine:/etc/apt# echo '' > sources.list
root@liping-virtual-machine:/etc/apt# vi sources.list
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse//配置saltstack的源
root@liping-virtual-machine:/etc/apt# sudo curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest/salt-archive-keyring.gpg
root@liping-virtual-machine:/etc/apt# echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest focal main" | sudo tee /etc/apt/sources.list.d/salt.list//更新仓库
root@liping-virtual-machine:/etc/apt# sudo apt-get update//安装salt-minion
root@liping-virtual-machine:/etc/apt# sudo apt-get install salt-minion//修改配置文件
root@liping-virtual-machine:/etc/apt# vi /etc/salt/minion
master: 192.168.249.141 #添加主控端IP//启动salt-minion
root@liping-virtual-machine:/etc/apt# sudo systemctl restart salt-minion//在master上查看公钥是否传输过来
[root@master ~]# systemctl restart salt-master
[root@master ~]# salt-key -L
Accepted Keys:
master
minion
Denied Keys:
Unaccepted Keys:
liping-virtual-machine #传输成功
Rejected Keys:
//接受公钥
[root@master ~]# salt-key -yA
The following keys are going to be accepted:
Unaccepted Keys:
liping-virtual-machine
Key for minion liping-virtual-machine accepted.
[root@master ~]# salt-key -L
Accepted Keys:
liping-virtual-machine
master
minion
Denied Keys:
Unaccepted Keys:
Rejected Keys://远程执行一下,看是否存活。
[root@master ~]# salt 'liping-virtual-machine'
liping-virtual-machine:True
查看所有的minion用salt '*' grains.items
,或者知道某一台salt 'minion' grains.items
minion:----------biosreleasedate: #bios的时间04/13/2018 biosversion: #bios的版本6.00cpu_flags: #cpu相关的属性- fpu- vme- de- pse- tsc- msr- pae- mce- cx8- apic- sep- mtrr- pge- mca- cmov- pat- pse36- clflush- mmx- fxsr- sse- sse2- ss- ht- syscall- nx- pdpe1gb- rdtscp- lm- constant_tsc- arch_perfmon- nopl- xtopology- tsc_reliable- nonstop_tsc- cpuid- pni- pclmulqdq- ssse3- fma- cx16- pcid- sse4_1- sse4_2- x2apic- movbe- popcnt- tsc_deadline_timer- aes- xsave- avx- f16c- rdrand- hypervisor- lahf_lm- abm- 3dnowprefetch- cpuid_fault- invpcid_single- pti- ssbd- ibrs- ibpb- stibp- fsgsbase- tsc_adjust- bmi1- avx2- smep- bmi2- invpcid- mpx- rdseed- adx- smap- clflushopt- xsaveopt- xsavec- xsaves- arat- flush_l1d- arch_capabilitiescpu_model: #cpu的具体型号Intel(R) Core(TM) i5-6200U CPU @ 2.30GHzcpuarch: #cpu架构x86_64cwd:/disks:- sr0- sdadns:----------domain:ip4_nameservers:- 192.168.249.2ip6_nameservers:nameservers:- 192.168.249.2options:search:- localdomainsortlist:domain:fqdn:minionfqdn_ip4: #ip地址- 192.168.249.145fqdn_ip6:- fe80::dd3:b80d:8d2a:19eefqdns:- miniongid:0gpus:|_----------model:SVGA II Adaptervendor:vmwaregroupname:roothost: #主机名minionhwaddr_interfaces:----------ens33:00:0c:29:e3:d6:a4lo:00:00:00:00:00:00id: #minion的IDminioninit:systemdip4_gw:192.168.249.2ip4_interfaces:----------ens33:- 192.168.249.145lo:- 127.0.0.1ip6_gw:Falseip6_interfaces:----------ens33:- fe80::dd3:b80d:8d2a:19eelo:- ::1ip_gw:Trueip_interfaces:----------ens33:- 192.168.249.145- fe80::dd3:b80d:8d2a:19eelo:- 127.0.0.1- ::1ipv4:- 127.0.0.1- 192.168.249.145ipv6:- ::1- fe80::dd3:b80d:8d2a:19eekernel:Linuxkernelparams:|_- BOOT_IMAGE- (hd0,msdos1)/vmlinuz-4.18.0-257.el8.x86_64|_- root- /dev/mapper/cs-root|_- ro- None|_- crashkernel- auto|_- resume- /dev/mapper/cs-swap|_- rd.lvm.lv- cs/root|_- rd.lvm.lv- cs/swap|_- rhgb- None|_- quiet- Nonekernelrelease:4.18.0-257.el8.x86_64kernelversion:#1 SMP Thu Dec 3 22:16:23 UTC 2020locale_info:----------defaultencoding:UTF-8defaultlanguage:zh_CNdetectedencoding:UTF-8timezone:CSTlocalhost:minionlsb_distrib_codename:CentOS Stream 8lsb_distrib_id:CentOS Streamlsb_distrib_release:8lvm:----------cs:- root- swapmachine_id:f1c3821253604c5684b5bb81ef5a45f6manufacturer:VMware, Inc.master:192.168.249.141mdadm:mem_total:2623nodename:minionnum_cpus:2num_gpus:1os:CentOS Streamos_family:RedHatosarch:x86_64oscodename:CentOS Stream 8osfinger:CentOS Stream-8osfullname:CentOS Streamosmajorrelease:8osrelease:8osrelease_info:- 8path:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/binpid:1494productname:VMware Virtual Platformps:ps -efHwwpythonexecutable:/usr/bin/python3.6pythonpath:- /usr/bin- /usr/lib64/python36.zip- /usr/lib64/python3.6- /usr/lib64/python3.6/lib-dynload- /usr/lib64/python3.6/site-packages- /usr/lib/python3.6/site-packagespythonversion:- 3- 6- 8- final- 0saltpath:/usr/lib/python3.6/site-packages/saltsaltversion:3003.1saltversioninfo:- 3003- 1selinux:----------enabled:Falseenforced:Disabledserialnumber:VMware-56 4d a0 c4 e2 5b 5e 0c-43 ca 55 8c d9 e3 d6 a4server_id:279719642shell:/bin/shssds:swap_total:2047systemd:----------features:+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacyversion:239systempath:- /usr/local/sbin- /usr/local/bin- /usr/sbin- /usr/binuid:0username:rootuuid:c4a04d56-5be2-0c5e-43ca-558cd9e3d6a4virtual:VMwarezfs_feature_flags:Falsezfs_support:Falsezmqversion:4.3.4
只查询所有的grains的key
[root@master ~]# salt 'minion' grains.ls
minion:- biosreleasedate- biosversion- cpu_flags- cpu_model- cpuarch- cwd- disks- dns- domain- fqdn- fqdn_ip4- fqdn_ip6- fqdns- gid- gpus- groupname- host- hwaddr_interfaces- id- init- ip4_gw- ip4_interfaces- ip6_gw- ip6_interfaces- ip_gw- ip_interfaces- ipv4- ipv6- kernel- kernelparams- kernelrelease- kernelversion- locale_info- localhost- lsb_distrib_codename- lsb_distrib_id- lsb_distrib_release- lvm- machine_id- manufacturer- master- mdadm- mem_total- nodename- num_cpus- num_gpus- os- os_family- osarch- oscodename- osfinger- osfullname- osmajorrelease- osrelease- osrelease_info- path- pid- productname- ps- pythonexecutable- pythonpath- pythonversion- saltpath- saltversion- saltversioninfo- selinux- serialnumber- server_id- shell- ssds- swap_total- systemd- systempath- uid- username- uuid- virtual- zfs_feature_flags- zfs_support- zmqversion
4.2.2 通过grains.get xx
查询某个key的值
[root@master ~]# salt 'minion' grains.get ipv4
minion:- 127.0.0.1- 192.168.249.145
[root@master ~]# salt '*' grains.get ipv4
minion:- 127.0.0.1- 192.168.249.145
liping-virtual-machine:- 127.0.0.1- 192.168.249.137
master:- 127.0.0.1- 192.168.249.141
4.2.3 目标匹配实例:
用Grains来匹配minion:
//在所有Ubuntu系统中执行命令
[root@master ~]# salt -G 'os:Ubuntu' cmd.run 'uptime'
liping-virtual-machine:21:38:18 up 1:39, 1 user, load average: 0.13, 0.04, 0.01[root@master ~]# salt -G 'os:Ubuntu' cmd.run 'hostname'
liping-virtual-machine:liping-virtual-machine//在所有CentOS Stream系统中执行命令
[root@master ~]# salt -G 'os:CentOS Stream' cmd.run 'uptime'
master:21:41:46 up 4:54, 1 user, load average: 0.31, 0.11, 0.05
minion:21:41:46 up 8 min, 1 user, load average: 0.17, 0.30, 0.28
4.2.4 在top file里面使用Grains:
[root@master ~]# vim /srv/salt/base/top.sls
base:'os:CentOS Stream':- match: grain- web.nginx.install//高级状态执行一下
[root@master ~]# salt '*' state.highstate
liping-virtual-machine:
----------ID: statesFunction: no.NoneResult: FalseComment: No Top file or master_tops data matches found. Please see master log for details.Changes: Summary for liping-virtual-machine
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
minion:
----------ID: nginx-installFunction: pkg.installedName: nginxResult: TrueComment: All specified packages are already installedStarted: 22:05:10.249531Duration: 1554.552 msChanges:
----------ID: nginx-serviceFunction: service.runningName: nginxResult: TrueComment: Service nginx is already enabled, and is runningStarted: 22:05:11.809131Duration: 277.223 msChanges: ----------nginx:TrueSummary for minion
------------
Succeeded: 2 (changed=1) #执行成功
Failed: 0
------------
Total states run: 2
Total run time: 1.832 s
master:Minion did not return. [No response]The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:salt-run jobs.lookup_jid 20210703140506671974
ERROR: Minions returned with non-zero exit code
4.2.5 自定义Grains的两种方法
- minion配置文件,在配置文件中搜索grains
- 在/etc/salt下生成一个grains文件,在此文件中定义(推荐方式)
[root@minion ~]# cd /etc/salt/
[root@minion salt]# vim grains
test-grains: hello world
//重启服务
[root@minion salt]# systemctl restart salt-minion//在master获取key值
[root@master ~]# salt '*' grains.get test-grains
liping-virtual-machine:
master:
minion:hello world
不重启的情况下自定义Grains:
[root@minion salt]# vim grains
test-grains: hello world
lxr: da shuai ge #添加此行//去master获取
[root@master ~]# salt '*' grains.get lxr
liping-virtual-machine:
minion:da shuai ge
master:
4.3 Pillar
Pillar也是SaltStack组件中非常重要的组件之一,是数据管理中心,经常配置states在大规模的配置管理工作中使用它。Pillar在SaltStack中主要的作用就是存储和定义配置管理中需要的一些数据,比如软件版本号、用户名密码等信息,它的定义存储格式与Grains类似,都是YAML格式。
Pillar是动态的,Pillar存储在master端,提供给minion端。
在Master配置文件中有专门定义Pillar的一些参数:
[root@master ~]# vim /etc/salt/master
#pillar_roots:
# base:
# - /srv/pillar
默认Base环境下Pillar的工作目录在/srv/pillar目录下。若你想定义多个环境不同的Pillar工作目录,只需要修改此处配置文件即可。
Pillar的特点:
- 可以给指定的minion定义它需要的数据
- 只有指定的人才能看到定义的数据
- 在master配置文件里设置
4.3.1 查询Pillar信息
[root@master ~]# salt '*' pillar.items
liping-virtual-machine:----------
minion:----------
master:----------
默认pillar是没有任何信息的,如果想查看信息,需要在 master 配置文件上把 pillar_opts的注释取消,并将其值设为 True。
[root@master ~]# vim /etc/salt/master
# master config file that can then be used on minions.
pillar_opts: True #取消注释并设为True
[root@master ~]# salt '*' pillar.items
...此处省略N行winrepo_branch:masterwinrepo_cachefile:winrepo.pwinrepo_dir:/srv/salt/win/repowinrepo_dir_ng:/srv/salt/win/repo-ngwinrepo_fallback:winrepo_insecure_auth:Falsewinrepo_passphrase:winrepo_password:winrepo_privkey:winrepo_pubkey:winrepo_refspecs:- +refs/heads/*:refs/remotes/origin/*- +refs/tags/*:refs/tags/*winrepo_remotes:- https://github.com/saltstack/salt-winrepo.gitwinrepo_remotes_ng:- https://github.com/saltstack/salt-winrepo-ng.gitwinrepo_ssl_verify:Truewinrepo_user:worker_threads:5zmq_backlog:1000zmq_filtering:Falsezmq_monitor:False
4.3.2 pillar自定义数据
在master的配置文件里找pillar_roots可以看到其存放pillar的位置。
//创建环境目录
[root@master ~]# mkdir -p /srv/pillar/{base,prod}
[root@master ~]# tree /srv/pillar/
/srv/pillar/
├── base
└── prod2 directories, 0 files//修改配置文件
[root@master ~]# vim /etc/salt/master
##### Pillar settings #####
##########################################
# Salt Pillars allow for the building of global data that can be made selectively
# available to different minions based on minion grain filtering. The Salt
# Pillar is laid out in the same fashion as the file server, with environments,
# a top file and sls files. However, pillar data does not need to be in the
# highstate format, and is generally just key/value pairs.
pillar_roots:base:- /srv/pillar/baseprod:- /srv/pillar/prod//重启服务
[root@master ~]# systemctl restart salt-master//定义变量
[root@master ~]# vim /srv/pillar/base/apache.sls
{% if grains['os'] == 'CentOS Stream' %}
apache: httpd
{% elif grains['os'] == 'Ubuntu' %}
apache: apache2
{% endif %}
定义top file入口文件
[root@master ~]# vim /srv/pillar/base/top.sls
base: #指定环境'*': #指定目标,哪些主机有任务要执行- apache #引用状态文件
//这个top.sls的意思就是所以得主机都能访问到install这个pillar
查看pillar信息
[root@master ~]# salt '*' pillar.items
[root@master ~]# salt '*' pillar.items
master:----------install:httpd
minion:----------install:httpd
liping-virtual-machine:----------install:apache2
定义apache的状态文件,引用pillar的数据
[root@master ~]# mkdir -p /srv/base/web/apache
[root@master ~]# vim /srv/salt/base/web/apache/install.sls
apache-install:pkg.installed:- name: {{ pillar['apache'] }}apache-service:service.running:- name: {{ pillar['apache'] }}- enable: True
定义top file文件
[root@master ~]# vim /srv/salt/base/top.sls
base:'*':- web.apache.install
执行高级状态
[root@master apache]# salt '*' state.highstate
liping-virtual-machine:
----------ID: apache-installFunction: pkg.installedName: apache2Result: FalseComment: An error was encountered while installing package(s): E: The repository 'http://ppa.launchpad.net/saltstack/salt/ubuntu focal Release' does not have a Release file.Started: 21:50:11.148338Duration: 4112.015 msChanges: Summary for liping-virtual-machine
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 4.112 s
ERROR: Minions returned with non-zero exit code
执行高级状态文件时,在Ubuntu上安装apache2可能会报错,错误如上。
这是作者在替换Ubuntu的源的时候出现的错误,原因是仓库 “http://ppa.launchpad.net/saltstack/salt/ubuntu focal Release” 没有Release 文件。作者没有注意,所以导致报错。
解决方案如下:
//切换到sources.list.d目录下面,删除对应的ppa,为了安起见,我们找到无法下载的对应PPA目录,用mv命令将该文件添加后缀.bak
root@liping-virtual-machine:/etc/apt# cd sources.list.d
root@liping-virtual-machine:/etc/apt/sources.list.d# ls
salt.list salt.list: saltstack-ubuntu-salt-focal.list
root@liping-virtual-machine:/etc/apt/sources.list.d# mv saltstack-ubuntu-salt-focal.list saltstack-ubuntu-salt-focal.list.bak
root@liping-virtual-machine:/etc/apt/sources.list.d# ls
salt.list salt.list: saltstack-ubuntu-salt-focal.list.bak
再次执行高级状态
[root@master ~]# salt '*' state.highstate
liping-virtual-machine:
----------ID: apache-installFunction: pkg.installedName: apache2Result: TrueComment: All specified packages are already installedStarted: 22:15:49.899656Duration: 86.166 msChanges:
----------ID: apache-serviceFunction: service.runningName: apache2Result: TrueComment: The service apache2 is already runningStarted: 22:15:49.988967Duration: 57.768 msChanges: Summary for liping-virtual-machine
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 143.934 ms
master:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: All specified packages are already installedStarted: 22:15:56.274269Duration: 1663.765 msChanges:
----------ID: apache-serviceFunction: service.runningName: httpdResult: TrueComment: The service httpd is already runningStarted: 22:15:57.941716Duration: 107.425 msChanges: Summary for master
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 1.771 s
minion:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: All specified packages are already installedStarted: 22:15:59.829424Duration: 2451.547 msChanges:
----------ID: apache-serviceFunction: service.runningName: httpdResult: TrueComment: The service httpd is already runningStarted: 22:16:02.287679Duration: 137.895 msChanges: Summary for minion
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 2.589 s
验证
//Ubuntu主机验证
root@liping-virtual-machine:/etc/apt# systemctl status apache2
● apache2.service - The Apache HTTP ServerLoaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor pres>Active: active (running) since Sun 2021-07-04 22:09:39 CST; 39min agoDocs: https://httpd.apache.org/docs/2.4/Main PID: 10585 (apache2)Tasks: 55 (limit: 2279)Memory: 6.9MCGroup: /system.slice/apache2.service├─10585 /usr/sbin/apache2 -k start├─10587 /usr/sbin/apache2 -k start└─10589 /usr/sbin/apache2 -k start7月 04 22:09:38 liping-virtual-machine systemd[1]: Starting The Apache HTTP Se>
7月 04 22:09:39 liping-virtual-machine apachectl[10583]: AH00558: apache2: Cou>
7月 04 22:09:39 liping-virtual-machine systemd[1]: Started The Apache HTTP Ser>
lines 1-15/15 (END)//master主机验证
[root@master ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)Active: active (running) since Sun 2021-07-04 22:15:25 CST; 35min agoDocs: man:httpd.service(8)Main PID: 87914 (httpd)Status: "Running, listening on: port 80"Tasks: 213 (limit: 18851)Memory: 25.5MCGroup: /system.slice/httpd.service├─87914 /usr/sbin/httpd -DFOREGROUND├─88139 /usr/sbin/httpd -DFOREGROUND├─88140 /usr/sbin/httpd -DFOREGROUND├─88141 /usr/sbin/httpd -DFOREGROUND└─88142 /usr/sbin/httpd -DFOREGROUNDJul 04 22:15:09 master systemd[1]: Starting The Apache HTTP Server...
Jul 04 22:15:25 master httpd[87914]: AH00558: httpd: Could not reliably determine the server's fully qualified >
Jul 04 22:15:25 master systemd[1]: Started The Apache HTTP Server.
Jul 04 22:15:35 master httpd[87914]: Server configured, listening on: port 80//minion主机验证
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)Active: active (running) since Sun 2021-07-04 22:15:30 CST; 35min agoDocs: man:httpd.service(8)Main PID: 13504 (httpd)Status: "Running, listening on: port 80"Tasks: 213 (limit: 11200)Memory: 38.2MCGroup: /system.slice/httpd.service├─13504 /usr/sbin/httpd -DFOREGROUND├─13537 /usr/sbin/httpd -DFOREGROUND├─13538 /usr/sbin/httpd -DFOREGROUND├─13539 /usr/sbin/httpd -DFOREGROUND└─13601 /usr/sbin/httpd -DFOREGROUND7月 04 22:15:14 minion systemd[1]: Starting The Apache HTTP Server...
7月 04 22:15:30 minion httpd[13504]: AH00558: httpd: Could not reliably determine the server's fully qualified >
7月 04 22:15:30 minion systemd[1]: Started The Apache HTTP Server.
7月 04 22:15:47 minion httpd[13504]: Server configured, listening on: port 80
网页访问
Ubuntu主机
master主机
minion主机
4.4 Grains与Pillar的区别
数据系统 | 存储位置 | 类型 | 采集方式 | 应用场景 |
---|---|---|---|---|
Grains | minion | 静态 |
minion启动时采集 可通过刷新避免重启minion服务 |
信息查询 在命令行下进行目标匹配 在top file中进行目标匹配 在模板中进行目标匹配 |
Pillar | master | 动态 | 指定,实时生效 |
目标匹配 敏感数据配置 |
saltstack配置管理和数据系统相关推荐
- saltstack配置管理数据系统
saltstack配置管理 1.YAML语言 2.用SaltStack配置一个apache实例 3.top file 3.1 highstate高级状态的使用 4.数据系统grains和pillar的 ...
- SaltStack配置管理
1.YAML语言 YAML是一种直观的能够被电脑识别的数据序列化格式,是一个可读性高并且容易被人类阅读,容易和脚本语言交互,用来表达资料序列的编程语言. 它类似于标准通用标记语言的子集XML的数据描述 ...
- SaltStack实战之数据系统-Grains
1. Grains应用场景 Grains可以在state系统中使用,用于配置管理模块. Grains可以在target中使用,用来匹配minion,比如匹配操作系统,使用-G选项. Grains可以用 ...
- saltstack(八):saltstack配置管理-安装配置启动tomcat样例
Saltstack配置启动tomcat 判断minion有没有安装jdk和tomcat,没有就分别源码安装,并以普通用户启动. #有一个认识上的坑,saltstack实际上是基于状态管理,例如说tom ...
- SaltStack配置管理之Gains与State测试
SaltStack的Grains主要是收集了minion的一些配置信息,如CPU.内存.硬盘.网络.操作系统等很少发生变化的静态数据,我们也可以在minion自定义Grains项和相应的值,Grain ...
- saltstack配置管理之YAML(二)
YAML语言有三个格则,掌握好一定要,要不然很多坑 一定要用.sls结尾 1.缩进(层级关系) 2个空格,不要使用TAB键(跟python很像) 2.冒号: 层级关系 键值对 :号后面要有空格 3.短 ...
- 标杆徐2018 Linux自动化运维实战,标杆徐2018 Linux自动化运维系列⑦: SaltStack自动化配置管理实战...
结合企业自动化集群场景讲解,轻松玩转SaltStack自动化配置管理工具 第1章 SaltStack基础应用 SaltStack安装 SaltStack认证 Saltstack远程执行 SaltSta ...
- 自动化运维之SaltStack实践
自动化运维之SaltStack实践 1.1.环境 linux-node1(master服务端) 192.168.0.15 linux-node2(minion客户端) 192.168.0.16 1.2 ...
- saltstack之基础入门系列文章简介
使用saltstack已有一段时间,最近由于各种原因,特来整理了saltstack基础入门系列文章,已备后续不断查阅(俗话说好记性不如烂笔头),也算是使用此工具的一个总结. saltstack的前六篇 ...
最新文章
- 百余位中外学者探讨神经科技挑战:伦理担忧与监管难题并存
- Linux运维实战之用户和组
- 原创:QQ群发言统计
- Android成长日记-使用GridView显示多行数据
- 利用Matlab求解函数导数并绘图
- 常用电子元器件参考资料(参数手册大全)
- 关于iOS端引入Myscript 的爬坑过程(pod install error)
- 分享 编写子程序代码(把伪代码转换为真正的代码)
- python下载小说
- python程序填空快乐的数字_Python习题之快乐的数字
- 计算机无法进入bios模式,电脑系统无法进入bios界面解决方法
- 共轭相似以及共轭对角化
- 微信Web APP应用
- Java - io输入输出流 --转换流
- 笃行致远,人大金仓荣获“2021年度卓越表现数据库”
- contiki 学习笔记 leds实现部分
- Obsidian DataView插件介绍
- 基于springboot的校园二手交易商城
- 内推安排!阿里淘系算法!
- 通过一个大型项目来学习分布式算法(2)