saltstack之grains與pillar

grains

收集被控主機獲取信息,通常靜態數據,CPU,操作系統,內核,虛擬化等....

簡單函數匹配server2

[root@server1 salt]# cat top.sls
base:
  'roles:nginx':
    - match: grain
    - nginx.service

[root@server2 salt]# pwd
/etc/salt
[root@server2 salt]# cat grains 
roles: nginx
unit: miaomiao

查看信息

[root@server1 salt]# salt server2.lalala.com grains.items 
server2.lalala.com:
    ----------
    SSDs:
    biosreleasedate:
        01/01/2011
    biosversion:
        0.5.1
    cpu_flags:
        - fpu
        - de
        - pse
        - tsc

成功配置之後,還可以這樣查看

[root@server1 salt]# salt server2.lalala.com grains.item roles
server2.lalala.com:
    ----------
    roles:
        nginx
[root@server1 salt]# salt -G 'roles:nginx' test.ping
server2.lalala.com:
    True

grains的其他語法

[root@server1 salt]# salt -G 'roles:nginx' cmd.run 'uptime'
server2.lalala.com:
     21:50:12 up  1:05,  1 user,  load average: 0.00, 0.02, 0.00
[root@server1 salt]# salt -C '* and not G@roles:nginx' cmd.run 'uptime'
server3.lalala.com:
     21:51:00 up  1:03,  1 user,  load average: 0.00, 0.00, 0.00

自定義grains函數匹配server3

[root@server1 salt]# cat top.sls 
base:
  'roles:nginx':
    - match: grain
    - nginx.service

  'server3.lalala.com':
    - httpd.apache
[root@server1 _grains]# pwd
/srv/salt/_grains
[root@server1 _grains]# cat my_grains.py 
#!/usr/bin/env python
#coding: utf8

def my_grains():
    grains={}
    grains['salt']='saltstack'
    grains['roles']='httpd'
    return grains

同步自定義的grains函數

[root@server1 salt]# salt server3.lalala.com saltutil.sync_grains
server3.lalala.com:
    - grains.my_grains
[root@server1 salt]# salt server3.lalala.com grains.item salt
server3.lalala.com:
    ----------
    salt:
        saltstack

[root@server3 ~]#  salt-call --local grains.item salt
local:
    ----------
    salt:
        saltstack

pillar

敏感信息

[root@server1 web]# pwd
/srv/pillar/web
[root@server1 web]# cat init.sls 
{% if grains['roles'] == 'nginx' %}
apache: httpd
{% elif grains['roles'] == 'httpd' %}
apache: apache2
{% endif %}

[root@server1 web]# cd ..
[root@server1 pillar]# pwd
/srv/pillar
[root@server1 pillar]# cat top.sls 
base:
  '*':
    - web.init

[root@server1 pillar]# salt '*' saltutil.refresh_pillar
server3.lalala.com:
    True
server2.lalala.com:
    True
[root@server1 pillar]# salt '*' pillar.item apache
server3.lalala.com:
    ----------
    apache:
        apache2
server2.lalala.com:
    ----------
    apache:
        httpd

其他檢測語法

[root@server1 pillar]# salt -I 'apache:httpd' test.ping 
server2.lalala.com:
    True
[root@server1 pillar]# salt -I 'apache:apache2' test.ping 
server3.lalala.com:
    True
[root@server1 pillar]# salt -C '* and not I@apache:apache2' test.ping 
server2.lalala.com:
    True
[root@server1 pillar]# salt -C '* or not I@apache:apache2' test.ping 
server2.lalala.com:
    True
server3.lalala.com:
    True

[root@server1 pillar]# salt -C 'G@salt:saltstack or I@apache:apache2' test.ping 
server3.lalala.com:
    True
server2.lalala.com:
    True
[root@server1 pillar]# salt -C 'G@salt:nginx or I@apache:apache2' test.ping 
server3.lalala.com:
    True
[root@server1 pillar]# salt -C '[email protected]/24 and not I@apache:apache2' test.ping 
server2.lalala.com:
    True

-I, --pillar

-G, --grain 

-S,--ipcidr        Match based on Subnet (CIDR notation) or IP address.