有关grains在http://blog.51cto.com/12107790/2317369已经有简单介绍。
官方文档https://docs.saltstack.com/en/latest/topics/grains/index.html。
grains是描述minion的静态数据,数据包括系统运行状态、cpu信息、网络信息。可以自行设置grains来为minions进行分组和管理。
grains是在minions启动时加载并缓存在内存中。
列出minion的grains项
[root@Management-Machine-140 salt]# salt '136' grains.ls 136: - SSDs - cpu_flags - cpu_model - cpuarch - domain - edit
列出minion的grains项和值
[root@Management-Machine-140 salt]# salt '136' grains.items 136: ---------- cpu_model: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz cpuarch: x86_64 domain: edit:
列出minion的grains指定项目的值
[root@Management-Machine-140 salt]# salt '136' grains.item init 136: ---------- init: upstart [root@Management-Machine-140 salt]#
自定义grains项方法
1.在minion的配置文件中定义/etc/salt/minion。不建议使用。
2.将自定义的grains写入minions端 /etc/salt/grains文件中,独立存储便于查找,通过grains模块编写grains。
编写grains数据项和值
单个数据项和值 [root@Management-Machine-140 salt]# salt '136' grains.setval my_grain bar 136: ---------- my_grain: bar 多个数据项和值 [root@Management-Machine-140 salt]# salt '136' grains.setvals "{'key1':'var1','key2':'var2'}" 136: ---------- key1: var1 key2: var2 单个数据项和多个值 [root@Management-Machine-140 salt]# salt '136' grains.setval my_grain_dict '["one","two","three"]' 136: ---------- my_grain_dict: - one - two - three master端查询 [root@Management-Machine-140 salt]# salt '136' grains.item my_grain_dict 136: ---------- my_grain_dict: - one - two - three [root@Management-Machine-140 salt]# minion端查询 [root@WebA-136 ~]# cat /etc/salt/grains edit: yan env: test key1: var1 key2: var2 my_grain: bar my_grain_dict: - one - two - three role: nginx test: test 删除grains项目和值 [root@Management-Machine-140 salt]# salt '136' grains.delval my_grain_dict 136: None [root@Management-Machine-140 salt]# 查询 [root@WebA-136 ~]# cat /etc/salt/grains edit: yang env: test key1: var1 key2: var2 my_grain: bar my_grain_dict: null role: nginx test: test [root@WebA-136 ~]#
2.pillar是master端保存的动态数据,每个minions只可以看到自己的pillar数据。而且每个minions的pillar数据都进行加密了。适用于敏感数据。
官方文档:https://docs.saltstack.com/en/latest/topics/pillar/index.html
master端设置pillar数据
[root@Management-Machine-140 pillar]# cat top.sls #总入口文件 base: '136': - test [root@Management-Machine-140 pillar]# cat test.sls#测试文件 conf: /etc/123.conf myname: yang [root@Management-Machine-140 pillar]# salt '136' pillar.items#验证136 ---------- conf: /etc/123.conf myname: yang [root@Management-Machine-140 pillar]# salt -I 'conf:/tmp/123.conf' test.ping #-I 指定pillar136: True [root@Management-Machine-140 pillar]#
查看master端设置的pillar数据
[root@Management-Machine-140 pillar]# salt '136' pillar.items ---------- conf: /etc/123.conf myname: yang
3.jinja是sls文件中默认模版语言,可以用代码动态生成配置文件,如下示例
{% set motd = ['/etc/motd'] %} {% if grains['os'] == 'Debian' %} {% set motd = ['/etc/motd.tail', '/var/run/motd'] %} {% endif %} {% for motdfile in motd %} {{ motdfile }}: file.managed: - source: salt://motd{% endfor %}
jinja取变量使用{{ 变量 }},表达式使用{% 表达式 %}
设置变量 {% set var = 'good' %} 取变量值 {{ var }} {{ grains['id'] }}
示例:
[root@Management-Machine-140 pillar]# cat common.sls {% if grains['id'] == '136' %} user: - yang - yang1 - yang2 createBy: - test-yan {% elif grains['id'] == '137' %} user: - jiang - jiang1 - jiang2 {% endif %}
for 循环
{% for user in users%} {{ user }} {{ endfor }}
使用jinja模版和grains pillar扩展配置文件
#vim apache.sls install_httpd: pkg.installed: - name: httpd
上面列子只适合在centos中安装apache,在Ubuntu中安装apache需要apache2.如下示例:
#vim apache.sls install_httpd: pkg.installed: {% if grains['os'] == 'CentOS' %} - name: httpd {% elif grains['os'] == 'Ubuntu' %} - name: apache2 {% endif %}
示例
#iptables iptables pkg: - installed service: - running - watch: - pkg: iptables - file: iptables file: - managed - source: salt://iptables/iptables {% if grains['os'] == ['CentOS'] %} - name: /etc/sysconfig/iptables {% elif grains['os'] == ['Ubuntu'] %} - name: /etc/conf.d/iptables {% endif %}
示例:动态创建用户
[root@Management-Machine-140 salt]# cat adduser.sls {% for i in pillar['user'] %} add-{{ i }}: user.present: - name: {{ i }} {% endfor %} [root@Management-Machine-140 salt]# salt '136' state.sls adduser 136: ---------- user_|-add-ya1_|-ya1_|-present: ……………… user_|-add-ya2_|-ya2_|-present: ……………… user_|-add-ya3_|-ya3_|-present: ………………