5、saltstack学习-数据系统-Grains
需求:让所有apache只监听本地IP地址
grains用法:
列出所有grains的参数,可以从返回里查到相应参数
[root@master-1 web]# salt node-1 grains.items node-1: ---------- SSDs: - xvda biosreleasedate: 05/11/2017 biosversion: 4.7.2-2.2 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - acpi - mmx - fxsr - sse - sse2 - ht - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - rep_good - nopl - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - fsgsbase - tsc_adjust - bmi1 - hle - avx2 - smep - bmi2 - erms - invpcid - rtm - rdseed - adx - smap - xsaveopt cpu_model: Intel(R) Xeon(R) CPU E5-2603 v4 @ 1.70GHz cpuarch: x86_64 cwd: / disks: - sr0 dns: ---------- domain: ip4_nameservers: - 202.106.0.20 ip6_nameservers: nameservers: - 202.106.0.20 options: search: sortlist: domain: fqdn: node-1 fqdn_ip4: - 192.168.5.21 fqdn_ip6: fqdns: gid: 0 gpus: |_ ---------- model: Device 1111 vendor: unknown groupname: root host: node-1 hwaddr_interfaces: ---------- docker0: 02:42:1c:f3:11:4e eth0: 52:71:a1:14:0e:96 eth1: c6:2b:f6:8c:5c:e6 eth2: a2:6d:e5:dd:6d:34 eth3: 5a:5c:f7:bf:ad:89 flannel.1: 22:72:e4:3c:79:dc lo: 00:00:00:00:00:00 veth11035f2: ee:13:af:04:67:3f veth1f294bd: 5e:ce:f6:2d:51:e0 veth2a3af2c: 6a:2d:77:74:f2:1a veth3fe2922: c6:9b:72:01:2f:bd veth6857aff: 76:5e:55:7c:6e:72 veth758c926: 16:93:0e:15:45:dd veth7a77873: 36:ac:84:b3:16:5f veth94d117c: ee:6d:12:f2:2e:9d vethab7b774: f6:17:cb:16:10:c5 vethb6e46cc: 82:aa:64:7b:10:0c vethdbe5613: de:8e:44:01:82:2d id: node-1 init: systemd ip4_gw: 192.168.5.1 ip4_interfaces: ---------- docker0: - 172.17.69.1 eth0: - 192.168.5.21 eth1: eth2: eth3: flannel.1: - 172.17.69.0 lo: - 127.0.0.1 veth11035f2: veth1f294bd: veth2a3af2c: veth3fe2922: veth6857aff: veth758c926: veth7a77873: veth94d117c: vethab7b774: vethb6e46cc: vethdbe5613: ip6_gw: False ip6_interfaces: ---------- docker0: eth0: eth1: eth2: eth3: flannel.1: lo: veth11035f2: veth1f294bd: veth2a3af2c: veth3fe2922: veth6857aff: veth758c926: veth7a77873: veth94d117c: vethab7b774: vethb6e46cc: vethdbe5613: ip_gw: True ip_interfaces: ---------- docker0: - 172.17.69.1 eth0: - 192.168.5.21 eth1: eth2: eth3: flannel.1: - 172.17.69.0 lo: - 127.0.0.1 veth11035f2: veth1f294bd: veth2a3af2c: veth3fe2922: veth6857aff: veth758c926: veth7a77873: veth94d117c: vethab7b774: vethb6e46cc: vethdbe5613: ipv4: - 127.0.0.1 - 172.17.69.0 - 172.17.69.1 - 192.168.5.21 ipv6: kernel: Linux kernelrelease: 3.10.0-862.el7.x86_64 kernelversion: #1 SMP Fri Apr 20 16:44:24 UTC 2018 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 timezone: unknown localhost: node-1 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux machine_id: 5c69dc8cafe240de891202ad2562cb9e manufacturer: Xen master: 192.168.5.18 mdadm: mem_total: 7812 nodename: node-1 num_cpus: 4 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.5.1804 osrelease_info: - 7 - 5 - 1804 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 4133 productname: HVM domU ps: ps -efHww pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 3000.6 saltversioninfo: - 3000 - 6 selinux: ---------- enabled: False enforced: Disabled serialnumber: 00d3ce4a-7f9c-0353-d420-88b270e18c3c server_id: 684731220 shell: /bin/sh swap_total: 0 systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 uid: 0 username: root uuid: 00d3ce4a-7f9c-0353-d420-88b270e18c3c virtual: xen virtual_hv_features: 00002705 virtual_hv_features_list: - writable_page_tables - auto_translated_physmap - hvm_callback_vector - hvm_safe_pvclock - hvm_pirqs - memory_op_vnode_supported virtual_hv_version: 4.7.2-2.2 virtual_hv_version_info: - 4 - 7 - .2-2.2 virtual_subtype: Xen HVM DomU zfs_feature_flags: False zfs_support: False zmqversion: 4.1.4
然后比如想要获取服务器所有内存:
[root@master-1 web]# salt node-1 grains.item mem_total node-1: ---------- mem_total: 7812
用grains判断操作系统为centos的执行命令
salt -G 'os:CentOS' cmd.run 'uptime'
用下边命令得到主机名反向解析到的IP地址
[root@master-1 web]# salt "*" grains.item fqdn_ip4
master-1: ---------- fqdn_ip4: - 192.168.5.18 master-2: ---------- fqdn_ip4: - 192.168.5.19 master-3: ---------- fqdn_ip4: - 192.168.5.20 node-1: ---------- fqdn_ip4: - 192.168.5.21 node-2: ---------- fqdn_ip4: - 192.168.5.22
cd /srv/salt/base/web
vim lamp.sls
lamp-install: # 安装 pkg.installed: - pkgs: - httpd - php - php-pdo - php-mysql #配置 apache-config: file.managed: # 文件管理 - name: /etc/httpd/conf/httpd.conf - source: salt://web/files/httpd.conf #这是个相对目录,相当于base目录下的web - user: root - group: root - mode: 644 - template: jinja # 将httpd.conf变成模板文件 - defaults: # 参数 PORT: 80 #定义的两个变量 IPADDR: {{ grains['fqdn_ip4'][0] }} - require: #依赖某个状态 - pkg: lamp-install apache-auth: pkg.installed: - name: httpd-tools - require_in: - cmd: apache-auth # 确保httpd-tools安装 cmd.run: - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin # 调用htpasswd命令生成用户名密码,用户名和密码都是admin,保存到认证文件/etc/httpd/conf/htpasswd_file - unless: test -f /etc/httpd/conf/htpasswd_file # 判断命令返回值为真,那么cmd.run就不执行 apache-conf: file.recurse: - name: /etc/httpd/conf.d - source: salt://web/files/apache-conf.d php-config: file.managed: - name: /etc/php.ini - source: salt://web/files/php.ini - user: root - group: root - mode: 644 lamp-service: service.running: - name: httpd - enable: True - reload: True - watch: # 关注某个状态,只要下边的配置文件有变更,就重载服务 - file: apache-conf #监控的状态模块,后边是状态ID - file: apache-config
修改httpd模板文件,修改第46行监听端口那里,就是调用了上边sls文件里定义的变量了。
[root@master-1 web]# vim files/httpd.conf
Listen {{ IPADDR }}:{{ PORT }}
下边就可以测试执行了,lamp.sls是通过top.sls定义引用的,直接执行就可以了
[root@master-1 web]# salt '*' state.highstate