pillar和grains一样也是一个数据系统,但是应用场景不同。动态:更改配置文件不用刷新。
pillar是将信息动态的存放在master端,主要存放私密、敏感信息(如用 户名密码等),而且可以指定某一个minion才可以看到对应的信息。pillar更加适合在配置管理中运用
官方文档:http://docs.saltstack.cn/topics/pillar/index.html
1.声明pillar
[root@server11 ~]# vim /etc/salt/master#查看pillar基础目录
#pillar_roots:
# base:
# - /srv/pillar
[root@server11 ~]# mkdir /srv/pillar
[root@server11 ~]# cd /srv/pillar
2.自定义pillar项
[root@server11 ~]# cd /srv/pillar
[root@server11 pillar]# vim package.sls
[root@server11 pillar]# cat package.sls
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
package: apache
{% endif %}
[root@server11 pillar]# vim top.sls
[root@server11 pillar]# cat top.sls #package要与pillar的定义package一致
base:
'*':
- package
[root@server11 pillar]# salt '*' saltutil.refresh_pillar#要刷新
[root@server11 pillar]# salt '*' pillar.items
[root@server11 pillar]# salt '*' pillar.item package
3.定义变量,引用变量的方法
[root@server11 pillar]# cd /srv/salt/apache/
[root@server11 apache]# ls
files init.sls
[root@server11 apache]# vim init.sls
[root@server11 apache]# cd /srv/pillar/
[root@server11 pillar]# vim package.sls
[root@server11 pillar]# cat package.sls
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
port: 8080
bind: 192.168.100.242
{% endif %}
[root@server11 pillar]# salt server12 state.sls apache
#查看效果
[root@server12 ~]# netstat -antlp | grep 8080
[root@server11 pillar]# vim /srv/salt/apache/init.sls
#改动:
bind: {
{ grains['ipv4'][-1] }}#直接引用grains变量
[root@server11 pillar]# vim /srv/salt/apache/files/httpd.conf
#改动:
Listen {
{ bind }}:{
{ pillar['port'] }}
[root@server11 pillar]# vim package.sls
[root@server11 pillar]# cat package.sls
{% if grains['fqdn'] == 'server13' %}
package: nginx
{% elif grains['fqdn'] == 'server12' %}
port: 80#改成80
bind: 192.168.100.242
{% endif %}
[root@server1 apache]# salt server2 state.sls apache
#查看效果
[root@server12 ~]# netstat -antlp | grep httpd
%jinjia模板使用方式
[root@server11 pillar]# vim /srv/salt/apache/lib.sls
[root@server11 pillar]# cat /srv/salt/apache/lib.sls
{% set port = 8080 %}
#httpd.conf文件里最上方直接引用,这个的优先级优于pillar的port
[root@server11 pillar]# vim /srv/salt/apache/files/httpd.conf
添加{% from 'apache/lib.sls' import port %}
改动Listen {
{ bind }}:{
{ port }}
#查看效果,lib.sls的变量优先
[root@server12 ~]# netstat -antlp | grep httpd
4.高可用.高级推keepalived
安装
[root@server12 ~]# yum list keepalived
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Available Packages
keepalived.x86_64 1.3.5-6.el7
#挂载镜像,先安装一下keepalived
[root@server11 ~]# cd /srv/salt/
[root@server11 salt]# mkdir keepalived
[root@server11 salt]# cd keepalived/
[root@server11 keepalived]# vim init.sls
[root@server11 keepalived]# cat init.sls
kp-install:
pkg.installed:
- name: keepalived
[root@server11 keepalived]# salt server12 state.sls keepalived
配置文件
[root@server11 keepalived]# vim /srv/pillar/package.sls
[root@server11 keepalived]# cat /srv/pillar/package.sls
{% if grains['fqdn'] == 'server13' %}
package: nginx
state: BACKUP
vrid: 51
pri: 50
{% elif grains['fqdn'] == 'server12' %}
port: 80
bind: 192.168.100.242
state: MASTER
vrid: 51
pri: 100
{% endif %}
[root@server11 keepalived]# mkdir files
[root@server11 keepalived]# cd files/
[root@server11 files]# pwd
/srv/salt/keepalived/files
[root@server11 files]# scp server12:/etc/keepalived/keepalived.conf .
root@server12's password:
keepalived.conf
[root@server11 keepalived]# vim keepalived.conf
[root@server11 keepalived]# cat keepalived.conf
[root@server11 files]# cd ..
[root@server11 keepalived]# vim init.sls
[root@server11 keepalived]# cat init.sls
kp-install:
pkg.installed:
- name: keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {
{ pillar['state'] }}
VRID: {
{ pillar['vrid'] }}
PRI: {
{ pillar['pri'] }}
service.running:
- name: keepalived
- enable: true
- reload: true
- watch:
- file: kp-install
[root@server11 keepalived]# vim /srv/salt/top.sls
[root@server11 keepalived]# cat /srv/salt/top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- nginx
- keepalived
[root@server11 keepalived]# vim /srv/salt/apache/files/httpd.conf
删除第一行{% from 'apache/lib.sls' import port %}
改动Listen {
{ port }}
[root@server11 keepalived]# salt '*' state.highstate
#查看效果
[root@server12 ~]# ip addr show
inet 192.168.100.100/32 scope global eth0
[root@server11 keepalived]# curl 192.168.100.100
RedHat - server12
192.168.100.242
[root@server13 ~]# netstat -antlp|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3185/nginx: master
[root@server12 ~]# systemctl stop keepalived.service
[root@server13 ~]# cat /var/log/messages
Entering MASTER STATE