1SaltStack data system
SaltStack has two major data systems:
- Grains
- Pillar
2 SaltStack data system components
2.1 Grains of saltstack components
Grains is a component of SaltStack, which stores the information collected when minion starts.
Grains is one of the most important components in SaltStack components, because we often use it in the process of configuration and deployment. Grains is a component of SaltStack that records some static information of minion. It can be simply understood that grains records some common attributes of each minion, such as CPU, memory, disk, network information, etc. We can view all grains information of a minion through grains.items.
Functions of Grains
- Collect asset information
Grains application scenario
- Information Service
- Target matching at the command line
- Target matching in top file
- Target matching in template
For target matching in the template, see: https://docs.saltstack.com/en/latest/topics/pillar/
Information Service
//List the key s and value s of all grains
[root@master ~]# salt '192.168.25.147' grains.items
192.168.25.147:
----------
biosreleasedate: //bios time
11/12/2020
biosversion: //Version of bios
6.00
cpu_flags: //cpu related properties
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- cpuid
- pni
- pclmulqdq
- vmx
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- cpuid_fault
- invpcid_single
- pti
- ssbd
- ibrs
- ibpb
- stibp
- tpr_shadow
- vnmi
- ept
- vpid
- ept_ad
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- rdseed
- adx
- smap
- clflushopt
- xsaveopt
- xsavec
- xgetbv1
- xsaves
- arat
- md_clear
- flush_l1d
- arch_capabilities
cpu_model: //Specific model of cpu
Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz
cpuarch: //cpu architecture
x86_64
cwd:
/
disks:
- sr0
- sda
dns:
----------
domain:
ip4_nameservers:
- 192.168.25.2
ip6_nameservers:
nameservers:
- 192.168.25.2
options:
search:
- localdomain
sortlist:
domain:
efi:
False
efi-secure-boot:
False
fqdn:
minion
fqdn_ip4: //ip address
- 192.168.25.147
fqdn_ip6:
- fe80::5ce7:c114:d39e:59b8
fqdns:
- minion
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
vmware
groupname:
root
host: //host name
minion
hwaddr_interfaces:
----------
ens33:
00:0c:29:a8:82:48
lo:
00:00:00:00:00:00
id: //ID of minion
192.168.25.147
init:
systemd
ip4_gw:
192.168.25.2
ip4_interfaces:
----------
ens33:
- 192.168.25.147
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens33:
- fe80::5ce7:c114:d39e:59b8
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens33:
- 192.168.25.147
- fe80::5ce7:c114:d39e:59b8
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.25.147
ipv6:
- ::1
- fe80::5ce7:c114:d39e:59b8
kernel:
Linux
kernelparams:
|_
- BOOT_IMAGE
- (hd0,msdos1)/vmlinuz-4.18.0-257.el8.x86_64
|_
- root
- /dev/mapper/cs-root
|_
- ro
- None
|_
- crashkernel
- auto
|_
- resume
- /dev/mapper/cs-swap
|_
- rd.lvm.lv
- cs/root
|_
- rd.lvm.lv
- cs/swap
|_
- rhgb
- None
|_
- quiet
- None
kernelrelease:
4.18.0-257.el8.x86_64
kernelversion:
#1 SMP Thu Dec 3 22:16:23 UTC 2020
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
zh_CN
detectedencoding:
UTF-8
timezone:
EDT
localhost:
minion
lsb_distrib_codename:
CentOS Stream 8
lsb_distrib_id:
CentOS Stream
lsb_distrib_release:
8
lvm:
----------
cs:
- home
- root
- swap
machine_id:
e40266b237074f11a92c9a4d2255f626
manufacturer:
VMware, Inc.
master:
192.168.25.146
mdadm:
mem_total:
7740
nodename:
minion
num_cpus:
4
num_gpus:
1
os:
CentOS Stream
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Stream 8
osfinger:
CentOS Stream-8
osfullname:
CentOS Stream
osmajorrelease:
8
osrelease:
8
osrelease_info:
- 8
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
1562
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python3.6
pythonpath:
- /usr/bin
- /usr/lib64/python36.zip
- /usr/lib64/python3.6
- /usr/lib64/python3.6/lib-dynload
- /usr/lib64/python3.6/site-packages
- /usr/lib/python3.6/site-packages
pythonversion:
- 3
- 6
- 8
- final
- 0
saltpath:
/usr/lib/python3.6/site-packages/salt
saltversion:
3004
saltversioninfo:
- 3004
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d e0 be 81 0c ed ca-ea b5 19 43 eb a8 82 48
server_id:
67665537
shell:
/bin/sh
ssds:
swap_total:
8063
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy
version:
239
systempath:
- /usr/local/sbin
- /usr/local/bin
- /usr/sbin
- /usr/bin
transactional:
False
uid:
0
username:
root
uuid:
bee04d56-0c81-caed-eab5-1943eba88248
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.3.4
//Only query the key s of all grains
[root@master ~]# salt '192.168.25.147' grains.ls
192.168.25.147:
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- cwd
- disks
- dns
- domain
- efi
- efi-secure-boot
- fqdn
- fqdn_ip4
- fqdn_ip6
- fqdns
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelparams
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- lsb_distrib_release
- lvm
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- ssds
- swap_total
- systemd
- systempath
- transactional
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
//Query the value of a key
[root@master ~]# salt '*' grains.get fqdn_ip4
192.168.25.147:
- 192.168.25.147
192.168.25.148:
- 127.0.0.1
192.168.25.161:
- 192.168.25.161
master:
- 192.168.25.146
[root@master ~]# salt '192.168.25.147' grains.get ip4_interfaces
192.168.25.147:
----------
ens33:
- 192.168.25.147
lo:
- 127.0.0.1
[root@master ~]# salt '192.168.25.147' grains.get ip4_interfaces:lo
192.168.25.147:
- 127.0.0.1
Target matching
[root@master ~]# salt -G 'os:CentOS' cmd.run 'date'
192.168.25.161:
Tue Nov 2 15:40:45 CST 2021
[root@master ~]# salt -G 'os:CentOS Stream' cmd.run 'date'
192.168.25.147:
Tue Nov 2 03:41:04 EDT 2021
192.168.25.148:
Tue Nov 2 03:41:04 EDT 2021
master:
Tue Nov 2 03:41:04 EDT 2021
Use Grains in top file
[root@master ~]# cat /srv/salt/base/top.sls
base:
'os:CentOS':
- match: grain
- web.apache.install
[root@master ~]# salt -G 'os:CentOS' state.highstate
192.168.25.161:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 15:49:11.866162
Duration: 1433.613 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 15:49:13.303557
Duration: 88.338 ms
Changes:
Summary for 192.168.25.161
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 1.522 s
Two ways to customize Grains
- minion configuration file, search for grains in the configuration file
[root@minion ~]# vim /etc/salt/minion
# Custom static grains for this minion can be specified here and used in SLS
# files just like all other grains. This example sets 4 custom grains, with
# the 'roles' grain having two values that can be matched against.
grains: //note off
roles: //note off
- webserver //note off
- memcache //note off
//Restart the salt minion service
[root@master ~]# salt '192.168.25.147' grains.get roles
192.168.25.147:
- webserver
- Generate a grains file under / etc/salt and define it in this file (recommended method)
[root@minion ~]# cat /etc/salt/grains
Cai Cai: Real food
[root@minion ~]# systemctl restart salt-minion
[root@master ~]# salt '192.168.25.147' grains.get Cai Cai
192.168.25.147:
Real food
Customize Grains without restarting
[root@minion ~]# cat /etc/salt/grains
Cai Cai: Real food
Restart it: Polar sea listening to thunder
[root@master ~]# salt '192.168.25.147' saltutil.sync_grains
192.168.25.147:
[root@master ~]# salt '192.168.25.147' grains.get restart
192.168.25.147:
Polar sea listening to thunder
2.2 Pillar of saltstack component
Pillar is also one of the very important components of the SaltStack component. It is a data management center. It often configures states and uses it in large-scale configuration management. The main function of pillar in SaltStack is to store and define some data required in configuration management, such as software version number, user name, password and other information. Its definition storage format is similar to Grains, which is YAML format.
There is a section of Pillar settings in the Master configuration file, which specifically defines some parameters related to Pillar
[root@master ~]# vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar
In the default Base environment, the working directory of Pillar is under / srv/pillar directory. If you want to define multiple Pillar working directories with different environments, you only need to modify the configuration file here.
Characteristics of Pillar
- You can define the data required for the specified minion
- Only the specified person can see the defined data
- Set in master configuration file
//View pillar information
[root@master ~]# salt '*' pillar.items
192.168.25.148:
----------
192.168.25.147:
----------
192.168.25.161:
----------
master:
----------
The default pillar does not have any information. If you want to view the information, you need to set the pillar in the master configuration file_ The annotation of opts is uncommented and its value is set to True
[root@master ~]# vim /etc/salt/master
# The pillar_opts option adds the master configuration file data to a dict in
# the pillar called "master". This is used to set simple configurations in the
# master config file that can then be used on minions.
pillar_opts: True
//Restart the master and view the pillar information
[root@master ~]# systemctl restart salt-master
....Omitted here N that 's ok
winrepo_passphrase:
winrepo_password:
winrepo_privkey:
winrepo_pubkey:
winrepo_refspecs:
- +refs/heads/*:refs/remotes/origin/*
- +refs/tags/*:refs/tags/*
winrepo_remotes:
- https://github.com/saltstack/salt-winrepo.git
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
winrepo_ssl_verify:
True
winrepo_user:
worker_floscript:
/usr/lib/python2.7/site-packages/salt/daemons/flo/worker.flo
worker_threads:
5
zmq_backlog:
1000
zmq_filtering:
False
zmq_monitor:
False
pillar custom data
Find pillar in the master configuration file_ Roots can see where they store the pillar
[root@master ~]# mkdir /srv/pillar
[root@master ~]# cd /srv/pillar/
[root@master pillar]# mkdir base
[root@master pillar]# cat base/apache.sls
{% if grains['os'] == 'CentOS Stream' %}
webserver: nginx
{% elif grains['os'] == 'CentOS' %}
webserver: httpd
{% endif %}
//Define top file entry file
[root@master pillar]# cat base/top.sls
base: //Specify environment
'192.168.25.161': //Specify target
- apache //Reference apache.sls or apache/init.sls
//The top.sls file means that the base environment of the host 192.168.25.161 can access the apache pillar
[root@master pillar]# salt '*' pillar.items
192.168.25.148:
----------
192.168.25.147:
----------
master:
----------
192.168.25.161:
----------
webserver:
httpd
/stay salt Next modification apache Status file, reference pillar Data
[root@master base]# cat web/apache/install.sls
apache-install:
pkg.installed:
- name: "{{ pillar ['webserver'] }}"
apache-service:
service.running:
- name: "{{ pillar ['webserver'] }}"
- enable: true
//Execute advanced status file
[root@master ~]# salt '*' state.highstate
192.168.25.148:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found. Please see master log for details.
Changes:
Summary for 192.168.25.148
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
192.168.25.147:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found. Please see master log for details.
Changes:
Summary for 192.168.25.147
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
master:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found. Please see master log for details.
Changes:
Summary for master
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
192.168.25.161:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 17:30:24.804938
Duration: 617.577 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 17:30:25.424697
Duration: 35.343 ms
Changes:
Summary for 192.168.25.161
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 652.920 ms
2.3 differences between grains and Pillar
| Storage location | type | Acquisition mode | Application scenario | |
|---|---|---|---|---|
| Grains | minion | static state | When minion starts, the collection can avoid restarting minion service by refreshing | 1. Information query 2. Perform target matching on the command line 3. Perform target matching in the top file 4. Target matching in the template |
| Pillar | master | dynamic | Specify and take effect in real time | 1. Target matching 2. Sensitive data configuration |