salt manage pillar

salt 数据管理中心

1. salt pillar组件

   Pillar是SaltStack组件中非常重要的组件之一,它在SaltStack中主要的作用就是存储和定义配置管理中需要的一些数据,比如:软件版本号,用户名密码等信息.

2. 查看pillar位置

   [root@salt-master]# cat /etc/salt/master
   pillar_roots:
     base:
       - /mnt/data/salt.repo/pillar/base
     dev:
       - /mnt/data/salt.repo/pillar/dev
     prod:
       - /mnt/data/salt.repo/pillar/prod

3. 在pillar工作目录创建top.sls文件并引用两个sls文件

   [root@salt-master]# vim /mnt/data/salt.repo/pillar/base/top.sls
   base:
     '*':
       - packages
       - services
   
   [root@salt-master]# vim /mnt/data/salt.repo/pillar/base/packages.sls
   zabbix:
     package-name: zabbix
     version: 2.2.4
   
   [root@salt-master]# vim /mnt/data/salt.repo/pillar/base/services.sls
   zabbix:
     port: 10050
     user: zabbix

4. 使用refresh_pillar命令进行刷新,只能放在master端

   [root@salt-master]# salt 'salt-minion-187' saltutil.refresh_pillar

5. 通过pillar.items获取相关信息

   [root@salt-master]# salt 'salt-minion-187' pillar.item zabbix
   salt-minion-187:
       ----------
       zabbix:
           ----------
           package-name:
               zabbix
           port:
               10050
           user:
               zabbix
           version:
               2.2.4
   
   [root@salt-master]# salt 'salt-minion-187' pillar.item zabbix:package-name
   salt-minion-187:
       ----------
       zabbix:package-name:
           zabbix

6. 查看相关grains命令和帮助

   salt minion sys.list_functions pillar
   salt minion sys.doc pillar

7. 根据操作系统版本进行包安装

   [root@salt-master]# vim /mnt/data/salt.repo/pillar/base/top.sls
   base:
     '*':
       - packages
   
   [root@salt-master]# vim /mnt/data/salt.repo/pillar/base/packages.sls
   pkgs:
     {% if grains['os'] == 'CentOS' %}
     apache: httpd
     git: git
     {% elif grains['os'] == 'SUSE' %}
     apache: apache2
     git: git-core
     {% endif %}
   
   [root@salt-master]# salt 'salt-minion-187' saltutil.refresh_pillar
   
   [root@salt-master]# salt 'salt-minion-187' pillar.item pkgs
   salt-minion-187:
       ----------
       pkgs:
           ----------
           apache:
               httpd
           git:
               git

8. state组件里调用pillar

   apache:
     pkg.installed:
       - name: {{ pillar['pkgs']['apache'] }}
   
   或者:
   
   apache:
     pkg.installed:
       - name: {{ salt['pillar.get']('pkgs:apache', 'httpd') }}

9. 敏感数据加密

   */pillar/base/database.sls:
   dbname: project
   dbuser: username
   dbpass: password
   dbhost: localhost
   
   # cat website.conf
   // MySQL settings
   define('DB_NAME', '{{ pillar['dbname'] }}');
   // MySQL database username
   define('DB_USER', '{{ pillar['dbuser'] }}');
   // MySQL database password
   define('DB_PASSWORD', '{{ pillar['dbpass'] }}');
   // MySQL hostname
   define('DB_HOST', '{{ pillar['dbhost'] }}');