SaltStack——Pillar篇

数据中心管理——Pillar

Pillar is an interface for Salt designed to offer global values that can be distributed to minions. Pillar data is managed in a similar way as the Salt State Tree.(Pillar was added to Salt in version 0.9.8)

Pillar也是SaltStack组件中非常重要的组件之一,是数据管理中心,我们经常配合states在大规模的配置管理工作中使用它,Pillar在SaltStack中主要的作用就是存储和定义配置管理中需要的一些数据,比如软件版本号,用户名密码等信息,它的定义存储格式跟Grains类似,都是YAML格式。

Storing sensitive data
Pillar data is compiled on the master. Additionally, pillar data for a given minion is only accessible by the minion for which it is targeted in the pillar configuration. This makes pillar useful for storing sensitive data specific to a particular minion.

声明Master的Pillar

The Salt Master server maintains a pillar_roots setup that matches the structure of the file_roots used in the Salt file server. Like file_roots, the pillar_roots option maps environments to directories. The pillar data is then mapped to minions based on matchers in a top file which is laid out in the same way as the state top file. Salt pillars can use the same matcher types as the standard top file.

conf_master:pillar_roots is configured just like file_roots. For example:

在Master配置文件中有一段Pillar settings选项专门定义Pillar相关的参数:

pillar_roots:
  base:
    - /srv/pillar

This example configuration declares that the base environment will be located in the /srv/pillar directory. It must not be in a subdirectory of the state tree.

这里我们只需要了解pillar_roots相关的配置即可,默认Base环境下Pillar的工作目录在/srv/pillar目录下。

The top file used matches the name of the top file used for States, and has the same structure:

我这里只使用默认的配置,首先去pillar工作目录新建top.sls文件,Target匹配所有‘*‘,同时引用packages.sls,如下所示:

/srv/pillar/top.sls

base:
  ‘*‘:
    - packages

In the above top file, it is declared that in the base environment, the glob matching all minions will have the pillar data found in the packages pillar available to it. Assuming the pillar_roots value of /srv/pillar taken from above, the packages pillar would be located at /srv/pillar/packages.sls.

Any number of matchers can be added to the base environment. For example, here is an expanded version of the Pillar top file stated above:

如果你想定义多个环境不同的Pillar工作目录,只需要修改这样修改配置文件即可。

/srv/pillar/top.sls:

base:
  ‘*‘:
    - packages
  ‘web*‘:
    - vim

In this expanded top file, minions that match web* will have access to the /srv/pillar/packages.sls file, as well as the /srv/pillar/vim.sls file.

Another example shows how to use other standard top matching types to deliver specific salt pillar data to minions with different properties.

Here is an example using the grains matcher to target pillars to minions by their os grain:

dev:
  ‘os:Debian‘:
    - match: grain
    - servers

/srv/pillar/packages.sls

{% if grains[‘os‘] == ‘RedHat‘ %}
apache: httpd
git: git
{% elif grains[‘os‘] == ‘Debian‘ %}
apache: apache2
git: git-core
{% endif %}

company: Foo Industries

Warning: https://docs.saltstack.com/en/latest/faq.html#faq-grain-security

See Is Targeting using Grain Data Secure? for important security information.

The above pillar sets two key/value pairs. If a minion is running RedHat, then the apache key is set to httpd and the git key is set to the value of git. If the minion is running Debian, those values are changed to apache2 and git-core respectively. All minions that have this pillar targeting to them via a top file will have the key of company with a value of Foo Industries.

Consequently this data can be used from within modules, renderers, State SLS files, and more via the shared pillar dictionary:

apache:
  pkg.installed:
    - name: {{ pillar[‘apache‘] }}
git:
  pkg.installed:
    - name: {{ pillar[‘git‘] }}

Finally, the above states can utilize the values provided to them via Pillar. All pillar values targeted to a minion are available via the ‘pillar‘ dictionary. As seen in the above example, Jinja substitution can then be utilized to access the keys and values in the Pillar dictionary.

Note that you cannot just list key/value-information in top.sls. Instead, target a minion to a pillar file and then list the keys and values in the pillar. Here is an example top file that illustrates this point:

base:
  ‘*‘:
     - common_pillar

And the actual pillar file at ‘/srv/pillar/common_pillar.sls‘:

foo: bar
boo: baz

When working with multiple pillar environments, assuming that each pillar environment has its own top file, the jinja placeholder {{ saltenv }} can be used in place of the environment name:

{{ saltenv }}:
  ‘*‘:
     - common_pillar

Yes, this is {{ saltenv }}, and not {{ pillarenv }}. The reason for this is because the Pillar top files are parsed using some of the same code which parses top files when running states, so the pillar environment takes the place of {{ saltenv }} in the jinja context.

dynamic pillar environments New in version 2017.7.5,2018.3.1

If environment __env__ is specified in pillar_roots, all environments that are not explicitly specified in pillar_roots will map to the directories from __env__. This allows one to use dynamic git branch based environments for state/pillar files with the same file-based pillar applying to all environments. For example:

这个功能只能在‘New in version 2017.7.5,2018.3.1‘之后才能使用,我个人觉得很好。

pillar_roots:
  __env__:
    - /srv/pillar

ext_pillar:
  - git:
    - __env__ https://example.com/git-pillar.git

The separate pillar SLS files all merge down into a single dictionary of key-value pairs. When the same key is defined in multiple SLS files, this can result in unexpected behavior if care is not taken to how the pillar SLS files are laid out.

单独的pillar sls文件合并成一个single dictionary of key-value pairs时候,key要保持唯一性,不然会意外情况发生。

比如:Then a request for the bind pillar key will only return named. The bind9 value will be lost, because services.sls was evaluated later.

For example, given a top.sls containing the following:

base:
  ‘*‘:
    - packages
    - services

with packages.sls containing:

bind: bind9

and services.sls containing:

bind: named

PILLAR DICTIONARY MERGING

If the same pillar key is defined in multiple pillar SLS files, and the keys in both files refer to nested dictionaries, then the content from these dictionaries will be recursively merged.

如果多个pillar sls文件里有同样的key,并且在这些文件中的key有字典嵌套,那么这些字典文本将会被递归合并。

For example, keeping the top.sls the same, assume the following modifications to the pillar SLS files:

packages.sls:

bind:
  package-name: bind9
  version: 9.9.5

services.sls:

bind:
  port: 53
  listen-on: any

结果会变成:

$ salt-call pillar.get bind
local:
    ----------
    listen-on:
        any
    package-name:
        bind9
    port:
        53
    version:
        9.9.5

INCLUDING OTHER PILLARS New in version 0.16.0

Pillar SLS files may include other pillar files, similar to State files. Two syntaxes are available for this purpose. The simple form simply includes the additional pillar as if it were part of the same file:

include:
  - users

The full include form allows two additional options -- passing default values to the templating engine for the included pillar file as well as an optional key under which to nest the results of the included pillar:

include:
  - users:
      defaults:
          sudo: [‘bob‘, ‘paul‘]
      key: users

With this form, the included file (users.sls) will be nested within the ‘users‘ key of the compiled pillar. Additionally, the ‘sudo‘ value will be available as a template variable to users.sls.

IN-MEMORY PILLAR DATA VS ON-DEMAND PILLAR DATA

Since compiling pillar data is computationally expensive, the minion will maintain a copy of the pillar data in memory to avoid needing to ask the master to recompile and send it a copy of the pillar data each time pillar data is requested. This in-memory pillar data is what is returned by the pillar.itempillar.get, and pillar.raw functions.

Also, for those writing custom execution modules, or contributing to Salt‘s existing execution modules, the in-memory pillar data is available as the __pillar__ dunder dictionary.

The in-memory pillar data is generated on minion start, and can be refreshed using the saltutil.refresh_pillar function:

salt ‘*‘ saltutil.refresh_pillar

This function triggers the minion to asynchronously refresh the in-memory pillar data and will always return None.

In contrast to in-memory pillar data, certain actions trigger pillar data to be compiled to ensure that the most up-to-date pillar data is available. These actions include:

Performing these actions will not refresh the in-memory pillar data. So, if pillar data is modified, and then states are run, the states will see the updated pillar data, but pillar.item,pillar.get, and pillar.raw will not see this data unless refreshed using saltutil.refresh_pillar.

原文地址:https://www.cnblogs.com/zuoyang/p/9195778.html

时间: 2024-10-10 09:47:10

SaltStack——Pillar篇的相关文章

Saltstack pillar组件

 pillar组件 pillar也是Saltstack最重要的组件之一,其作用是定义与被控主机相关的任何数据,定义好的数据可以被其他组件使用,如模板.state.API等.在pillar中定义的数据与不同业务特性的被控主机相关联,这样不同被控主机只能看到自己匹配的数据,因此pillar安全性很高,适用于一些比较敏感的数据,这也是区别于grains最关键的一点,如定义不同业务组主机的用户ID.组ID.读写权限.程序包等信息,定义的规范是采用python字典形式,即键/值,最上层的键一般为主机的ID

saltstack学习篇

参考链接:http://sofar.blog.51cto.com/353572/1596960/ http://sofar.blog.51cto.com/353572/1596960/ 自动化运维工具SaltStack详细部署2014-12-28 17:30:34标签:saltstack原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 .作者信息和本声明.否则将追究法律责任.http://sofar.blog.51cto.com/353572/1596960============

SaltStack安装篇

一.基础介绍1.简介 salt 是一个基础平台管理工具 salt是一个配置管理系统,能够维护预定于状态的远程节点 salt是一个分布式远程执行系统,用来在远程节点上执行命令和查询数据 2.salt的核心功能: 使命令发送到远程系统是并行的而不是串行的 使用安全加密的协议 使用最小最快的网路载荷 提高简单的编程接口 3.salt优点: saltstack是用python编写,相当于设备是轻量级别的 saltstack通讯层采用zeroMQ实现,使得它很快速 saltstack是开源的,通过pyth

SaltStack入门篇(六)之部署Redis主从实现和Job管理

一.部署Redis主从 需求: 192.168.56.11是主,192.168.56.12是从 redis监听自己的ip地址,而不是0.0.0.0 分析: linux-node1 安装 配置 启动 linux-node2 安装 配置 启动 设置主从 [[email protected] ~]# yum install redis -y [[email protected]-node1 prod]# mkdir redis/files -p [[email protected]-node1 red

saltstack之grains与pillar

grains 收集被控主机获取信息,通常静态数据,CPU,操作系统,内核,虚拟化等.... 简单函数匹配server2 [[email protected] salt]# cat top.slsbase:  'roles:nginx':    - match: grain    - nginx.service [[email protected] salt]# pwd/etc/salt[[email protected] salt]# cat grains roles: nginxunit: m

Saltstack中Pillar那点事

Salt中Pillar那点事 基本简介 在 SaltStack 中, Pillar作为定义minion全局数据的接口. 默认存储在master端, Minion启动时会连接master获取最新的pillar数据. Pillar使用类似于State Tree的结构, 默认使用 YAML 作为其描述格式, 在Minion内部最终转换成 Python字典 . 那么在Salt内部, Pillar是如何工作的? 在哪些情况下,需要先执行刷新Pillar操作? 而哪些又不需要? 本文基于 Salt 2014

saltstack安装配置使用

背景:puppet 用ruby开发,saltstack用python语言开发的包 环境: 修改hostname和hosts文件, 关闭selinux,清空iptables 172.16.115.157  master.huangzp.com  ;hostname master 172.16.115.203  agent.huangzp.com  ;hostname agent 一.配置认证 1. 安装和启动Saltstack服务 master上: yum install  -y epel-rel

saltstack 全面介绍

一.关于salt简介,安装和基本配置 转载自: 来自:http://tech.mainwise.cn/?p=438 说明:salt是一个异构平台基础设置管理工具(虽然我们通常只用在Linux上),使用轻量级的通讯器ZMQ,用Python写成的批量管理工具,完全开源,遵守Apache2协议,与Puppet,Chef功能类似,有一个强大的远程执行命令引擎,也有一个强大的配置管理系统,通常叫做Salt State System. 基本原理: SaltStack 采用 C/S模式,server端就是sa

诗经 全文

诗经 全文 (带注释和译文) http://www.edu009.com/Article/HTML/Article_60756.html <诗经> 春秋·孔丘 <诗经>是我国第一部诗歌总集,先秦时代称为“诗”或“诗三百”,孔子加以了整理.汉武帝采纳董仲舒“罢黜百家,独尊儒术”的建议,尊“诗”为经典,定名为<诗经>. <诗经>现存诗歌 305 篇,包括西周初年到春秋中叶共 500 余年的民歌和朝庙乐章,分为风.雅.颂三章. “风”包括周南.召南.邶.鄘.卫.王