grains是什么
grains是minion服务启动后,采集的客户端的一些基本信息,硬件信息,软件信息,网络信息,软件版本等。你可以在minion上自定义一些grains信息。
它是静态的信息,minion服务启动后采集,如果一些信息变更,需要重启minion服务。grains适合做一些静态的属性值的采集
grains的使用
salt 'minionid' grains.ls
salt 'minionid' grains.items
salt 'minionid' grains.item os
salt 'minionid' grains.get os
salt 'minionid' grains.ls
列出minion所有的grains项的key
[root@master pillar]# salt 'minion01' grains.ls
minion01:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gpus
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- lsb_distrib_release
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- virtual
- zmqversion
[root@master pillar]#
salt 'minionid' grains.items
列出minion所有的grains项的key和value
[root@master pillar]# salt 'minion01' grains.items
minion01:
----------
SSDs:
biosreleasedate:
07/02/2015
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- unfair_spinlock
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- ida
- arat
- xsaveopt
- pln
- pts
- dts
- fsgsbase
- bmi1
- hle
- avx2
- smep
- bmi2
- invpcid
- rtm
- rdseed
- adx
cpu_model:
Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
cpuarch:
x86_64
domain:
fqdn:
minion01
fqdn_ip4:
fqdn_ip6:
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
host:
minion01
hwaddr_interfaces:
----------
eth0:
00:0c:29:22:4b:e9
lo:
00:00:00:00:00:00
id:
minion01
init:
upstart
ip4_interfaces:
----------
eth0:
- 10.0.1.172
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
- fe80::20c:29ff:fe22:4be9
lo:
- ::1
ip_interfaces:
----------
eth0:
- 10.0.1.172
- fe80::20c:29ff:fe22:4be9
lo:
- 127.0.0.1
- ::1
ipv4:
- 10.0.1.172
- 127.0.0.1
ipv6:
- ::1
- fe80::20c:29ff:fe22:4be9
kernel:
Linux
kernelrelease:
2.6.32-504.el6.x86_64
locale_info:
----------
defaultencoding:
UTF8
defaultlanguage:
en_US
detectedencoding:
UTF-8
localhost:
minion01
lsb_distrib_codename:
Final
lsb_distrib_id:
CentOS
lsb_distrib_release:
6.6
machine_id:
749e39b6649273bf0c83d26300000026
manufacturer:
VMware, Inc.
master:
master
mdadm:
mem_total:
3946
nodename:
minion01
num_cpus:
4
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
Final
osfinger:
CentOS-6
osfullname:
CentOS
osmajorrelease:
6
osrelease:
6.6
osrelease_info:
- 6
- 6
path:
/sbin:/usr/sbin:/bin:/usr/bin
productname:
VMware Virtual Platform
ps:
ps -efH
pythonexecutable:
/usr/bin/python2.6
pythonpath:
- /usr/bin
- /usr/lib64/python26.zip
- /usr/lib64/python2.6
- /usr/lib64/python2.6/plat-linux2
- /usr/lib64/python2.6/lib-tk
- /usr/lib64/python2.6/lib-old
- /usr/lib64/python2.6/lib-dynload
- /usr/lib64/python2.6/site-packages
- /usr/lib64/python2.6/site-packages/gst-0.10
- /usr/lib64/python2.6/site-packages/gtk-2.0
- /usr/lib64/python2.6/site-packages/webkit-1.0
- /usr/lib/python2.6/site-packages
- /usr/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg-info
pythonversion:
- 2
- 6
- 6
- final
- 0
saltpath:
/usr/lib/python2.6/site-packages/salt
saltversion:
2015.5.10
saltversioninfo:
- 2015
- 5
- 10
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d d2 3c be 05 36 b5-e6 19 4e ef 0b 22 4b e9
server_id:
1310197239
shell:
/bin/sh
virtual:
VMware
zmqversion:
3.2.5
[root@master pillar]#
salt 'minionid' grains.item os
能取出某一个item的值
[root@master pillar]# salt 'minion01' grains.item os
minion01:
----------
os:
CentOS
[root@master pillar]#
salt 'minionid' grains.get os
也能取出某一个项的值,以后推荐使用grains.get
[root@master pillar]# salt 'minion01' grains.get os
minion01:
CentOS
[root@master pillar]#
grains的用途
比如使用salt管理的一些机器,有一些是Centos的系统。需要打某个补丁,就可以根基os这个可以找出是哪些机器,
[root@master pillar]# salt -G 'os:CentOS' test.ping
minion01:
True
minion02:
True
[root@master pillar]#
自定义一些grains项
因为grains主要从minion端获取,因此主要还是在minion端去定义,比如我们登陆minion01机器,定义一个role:nginx
打开minion端的配置文件
vim /etc/salt/minion
看到第9到12行提示,说可以在当前目录下创建minion.d目录,此目录下以*.conf格式的文件会被加载为配置文件
9 # Per default the minion will automatically include all config files 10 # from minion.d/*.conf (minion.d is a directory in the same directory 11 # as the main minion config file). 12 #default_include: minion.d/*.conf
在85行到94行查看自定义grains的格式
85 # Custom static grains for this minion can be specified here and used in SLS 86 # files just like all other grains. This example sets 4 custom grains, with 87 # the 'roles' grain having two values that can be matched against. 88 #grains: 89 # roles: 90 # - webserver 91 # - memcache 92 # deployment: datacenter4 93 # cabinet: 13 94 # cab_u: 14-15
接下来在minion01自定义grains。
下面给minion01定义了一个role这个key,值为nginx。 注意文件格式是yaml的。配置完毕后重启minion服务
[root@minion01 ~]# mkdir /etc/salt/minion.d -p [root@minion01 ~]# cd /etc/salt/minion.d/ [root@minion01 minion.d]# pwd /etc/salt/minion.d [root@minion01 minion.d]# touch my_grains.conf [root@minion01 minion.d]# vim my_grains.conf [root@minion01 minion.d]# cat my_grains.conf grains: role: nginx [root@minion01 minion.d]# /etc/init.d/salt-minion restart Stopping salt-minion daemon: [ OK ] Starting salt-minion daemon: [ OK ] [root@minion01 minion.d]#
master端测试,看到只有我们自定义的minion01机器有这一项
[root@master pillar]# salt '*' grains.get role
minion01:
nginx
minion02:
[root@master pillar]# salt -G 'role:nginx' test.ping
minion01:
True
[root@master pillar]#
其实可以不用重启minion,让更改的配置生效,这需要在master端执行刷新命令
操作如下,比如,minion01把自定义的grains改成如下
[root@minion01 minion.d]# vim my_grains.conf [root@minion01 minion.d]# cat my_grains.conf grains: role: apache [root@minion01 minion.d]#
master端执行刷新此minion的grains,如下
[root@master pillar]# salt 'minion01' saltutil.sync_grains
minion01:
[root@master pillar]# salt '*' grains.get role
minion02:
minion01:
apache
[root@master pillar]#
另外有一个地方也可以自定义grains
这个时候第一行不用写grains了
minion01上操作如下,比如自定义一个role2:tomcat
[root@minion01 minion.d]# touch /etc/salt/grains [root@minion01 minion.d]# vim /etc/salt/grains [root@minion01 minion.d]# cat /etc/salt/grains role2: tomcat [root@minion01 minion.d]#
master端操作,先刷新,再取值
[root@master pillar]# salt 'minion01' saltutil.sync_grains
minion01:
[root@master pillar]# salt '*' grains.get role2
minion01:
tomcat
minion02:
[root@master pillar]#
接下来学习配置管理
SLS(代表SaLt State文件)是Salt State系统的核心。SLS描述了系统的目标状态,由格式简单的数据构成。这经常被称作配置管理 首先,在master上面定义salt的主目录,默认是在/srv/salt/下面,vim /etc/salt/master:
file_roots:
base:
- /srv/salt
dev:
- /srv/salt-dev
给minion安装apache服务,我们知道通过salt的远程执行命令我们可以给minion安装apache,然后通过命令也能启动minion端的apache服务,但是有个缺点就是,我们需要每次手动去输入命令,非常不方便。
试想怎么通过配置文件把我要执行的东西都配置好呢,然后执行此配置文件,比如:安装apache,设置开机自启动,启动服务等这一系列的东西呢。
这点就是salt的配置管理了。通过配置文件管理minion
首先需要打开master端相关的配置项
[root@master ~]# vim /etc/salt/master
找到416行,打开注释,注意缩进,salt中2个空格作为一个缩进。
file_roots:
base:
- /srv/salt
然后重启master服务,建立配置管理目录
[root@master ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [ OK ] Starting salt-master daemon: [ OK ] [root@master ~]# mkdir /srv/salt -p [root@master ~]#
编写配置管理文件
[root@master ~]# cd /srv/salt/ [root@master salt]# ls [root@master salt]# vim apache.sls
apache.sls里面写了两大功能,第一大功能是安装包,第二打功能是运行服务,这里的apache.sls文件名不是固定的,可以随意写,但是为了便于阅读性,就写成这个了,sls这个扩展名是必须有的
pkg.installed pkg是模块,installed是方法
service.running service是模块,running是方法
下面的是参数,
enable:True表示开机自动启动
reload:True 表示可以重载
name和names 指定哪个或哪些对象(包名,服务名),如果你不写name的话,它会默认把id当成name
其中apache-install和apache-service都是id,可以随便取,但是必须唯一。
apache-install:
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
保存,退出,执行此文件,在执行之前先查看minion端机器是否已经安装,服务是否设置了开机自动启动,以及服务当前状态
找minion01先查看下,安装了httpd,但是没安装httpd-devel,服务是没启动状态,同时也不是开机自启动
[root@minion01 ~]# rpm -qa httpd httpd-2.2.15-39.el6.centos.x86_64 [root@minion01 ~]# rpm -qa httpd-devel [root@minion01 ~]# chkconfig --list httpd httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@minion01 ~]# ps -ef | grep httpd root 10102 9931 0 15:03 pts/0 00:00:00 grep --colour=auto httpd [root@minion01 ~]#
我们执行下状态文件试试,注意执行语法如下apache就是那个apache.sls文件,执行的时候,需要省去sls
另外执行下面语句的时候,不必在/srv/salt目录下,无论在哪里执行,master都会去/srv/salt去找apache.sls文件来执行
[root@master salt]# salt 'minion01' state.sls apache
minion01:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 15:05:57.576469
Duration: 1009.635 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 15:05:58.586254
Duration: 59776.234 ms
Changes:
----------
apr-devel:
----------
new:
1.3.9-5.el6_2
old:
apr-util-devel:
----------
new:
1.3.9-3.el6_0.1
old:
cyrus-sasl:
----------
new:
2.1.23-15.el6_6.2
old:
2.1.23-15.el6
cyrus-sasl-devel:
----------
new:
2.1.23-15.el6_6.2
old:
cyrus-sasl-gssapi:
----------
new:
2.1.23-15.el6_6.2
old:
2.1.23-15.el6
cyrus-sasl-lib:
----------
new:
2.1.23-15.el6_6.2
old:
2.1.23-15.el6
cyrus-sasl-md5:
----------
new:
2.1.23-15.el6_6.2
old:
2.1.23-15.el6
cyrus-sasl-plain:
----------
new:
2.1.23-15.el6_6.2
old:
2.1.23-15.el6
expat:
----------
new:
2.0.1-13.el6_8
old:
2.0.1-11.el6_2
expat-devel:
----------
new:
2.0.1-13.el6_8
old:
httpd:
----------
new:
2.2.15-55.el6.centos.2
old:
2.2.15-39.el6.centos
httpd-devel:
----------
new:
2.2.15-55.el6.centos.2
old:
httpd-tools:
----------
new:
2.2.15-55.el6.centos.2
old:
2.2.15-39.el6.centos
openldap:
----------
new:
2.4.40-12.el6
old:
2.4.39-8.el6
openldap-devel:
----------
new:
2.4.40-12.el6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 15:06:58.376744
Duration: 166.666 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@master salt]#
在上面执行过程中,可以看到minion01里有执行yum安装
[root@minion01 ~]# ps -ef |grep yum root 10177 10110 4 15:06 ? 00:00:00 /usr/bin/python /usr/bin/yum --quiet check-update root 10189 9931 0 15:06 pts/0 00:00:00 grep --colour=auto yum [root@minion01 ~]#
检查结果,和我们配置文件里设定的都完成了
[root@minion01 ~]# rpm -qa httpd httpd-2.2.15-55.el6.centos.2.x86_64 [root@minion01 ~]# rpm -qa httpd-devel httpd-devel-2.2.15-55.el6.centos.2.x86_64 [root@minion01 ~]# chkconfig --list httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@minion01 ~]# ps -ef | grep httpd root 10289 1 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10300 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10301 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10302 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10303 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10304 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10305 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10306 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd apache 10307 10289 0 15:06 ? 00:00:00 /usr/sbin/httpd root 10326 9931 0 15:09 pts/0 00:00:00 grep --colour=auto httpd [root@minion01 ~]#
关于上面的命令
salt 'minion01' state.sls apache
state.sls 其中,state是模块,sls是方法
配置管理也支持多次执行,就是apache服务已经安装了,再次执行此文件不会报错。
关于执行apache.sls,还有另外一种方式执行,通过top.sls文件执行,它也叫入口文件
在master机器上 vim /etc/salt/master 找到329行,看到它是状态管理的入口文件,默认是top.sls ,当然你也可以自定义这个名字。
这个文件必须放在/srv/salt/下面
##### State System settings ##### ########################################## # The state system uses a "top" file to tell the minions what environment to # use and what modules to use. The state_top file is defined relative to the # root of the base environment as defined in "File Server settings" below. #state_top: top.sls
操作如下
注意'*' 代表所有的minion
[root@master salt]# cd /srv/salt/
[root@master salt]# vim top.sls
[root@master salt]# cat top.sls
base:
'*':
- apache
[root@master salt]#
虽然上面写了'*'
但是你可以在执行命令的时候指定minion执行,这样其余没指定的minion不会执行此文件
执行命令如下,它会执行top.sls文件。你top.sls文件里又写了apache.sls文件。这样它就执行apache.sls文件了
[root@master salt]# salt 'minion01' state.highstate
以上学习了通过saltstack简单安装并配置apache服务,对于大批量机器管理非常有用
配置管理结合grains
获取grains信息,看到minion02的主机名也就是它的fqdn名为minion02
[root@master salt]# salt '*' grains.get fqdn
minion02:
minion02
minion01:
minion01
[root@master salt]#
修改top.sls文件,让匹配到grains的minion执行安装
看到minion01 没匹配到这个fqdn,只有minion02匹配到了,执行了
[root@master salt]# cd /srv/salt/ [root@master salt]# vim top.sls [root@master salt]# cat top.sls base: 'fqdn:minion02': - match: grain - apache [root@master salt]# salt '*' state.highstate minion01: ---------- ID: states Function: no.None Result: False Comment: No Top file or external nodes data matches found. Started: Duration: Changes: Summary ------------ Succeeded: 0 Failed: 1 ------------ Total states run: 1 minion02: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 15:48:28.024297 Duration: 994.259 ms Changes: ---------- ID: apache-install Function: pkg.installed Name: httpd-devel Result: True Comment: The following packages were installed/updated: httpd-devel Started: 15:48:29.018697 Duration: 49304.666 ms Changes: ---------- apr-devel: ---------- new: 1.3.9-5.el6_2 old: apr-util-devel: ---------- new: 1.3.9-3.el6_0.1 old: cyrus-sasl: ---------- new: 2.1.23-15.el6_6.2 old: 2.1.23-15.el6 cyrus-sasl-devel: ---------- new: 2.1.23-15.el6_6.2 old: cyrus-sasl-gssapi: ---------- new: 2.1.23-15.el6_6.2 old: 2.1.23-15.el6 cyrus-sasl-lib: ---------- new: 2.1.23-15.el6_6.2 old: 2.1.23-15.el6 cyrus-sasl-md5: ---------- new: 2.1.23-15.el6_6.2 old: 2.1.23-15.el6 cyrus-sasl-plain: ---------- new: 2.1.23-15.el6_6.2 old: 2.1.23-15.el6 expat: ---------- new: 2.0.1-13.el6_8 old: 2.0.1-11.el6_2 expat-devel: ---------- new: 2.0.1-13.el6_8 old: httpd: ---------- new: 2.2.15-55.el6.centos.2 old: 2.2.15-39.el6.centos httpd-devel: ---------- new: 2.2.15-55.el6.centos.2 old: httpd-tools: ---------- new: 2.2.15-55.el6.centos.2 old: 2.2.15-39.el6.centos openldap: ---------- new: 2.4.40-12.el6 old: 2.4.39-8.el6 openldap-devel: ---------- new: 2.4.40-12.el6 old: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 15:49:18.337679 Duration: 162.474 ms Changes: ---------- httpd: True Summary ------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3 ERROR: Minions returned with non-zero exit code [root@master salt]#