piller组件定义与客户端相关的任何数据(定义在master端),定义好的数据可以被其他组件调用(如state,api)
说通俗了,一句话,就是ansible vars里定义的变量,可以在整个playbook中引用,只不过pillar中只有指定的minion自己能看到自己的数据。
启用piller功能并查看
[root@k8s_master ~]# cat /etc/salt/master |grep -v '^#\|^$'
cachedir: /var/cache/salt/master
auto_accept: True
file_recv: True
file_roots:
base:
- /root
pillar_opts: True #开启pillar功能
pillar_roots:
base:
- /srv/pillar
nodegroups:
master1: 'L@k8s_master'
agents: 'L@k8s_node1,k8s_node2'
[root@k8s_master ~]# systemctl restart salt-master
效果如下
[root@k8s_master ~]# salt 'k8s_master' pillar.data
k8s_master:
----------
master:
----------
__role:
master
auth_mode:
1
auto_accept:
True
cache_sreqs:
True
cachedir:
/var/cache/salt/master
cli_summary:
False
client_acl:
----------
client_acl_blacklist:
----------
cluster_masters:
cluster_mode:
paranoid
con_cache:
False
conf_file:
/etc/salt/master
config_dir:
/etc/salt
cython_enable:
False
daemon:
False
default_include:
master.d/*.conf
enable_gpu_grains:
False
enforce_mine_cache:
False
enumerate_proxy_minions:
False
environment:
None
event_return:
event_return_blacklist:
event_return_queue:
0
event_return_whitelist:
ext_job_cache:
ext_pillar:
extension_modules:
/var/cache/salt/extmods
external_auth:
----------
failhard:
False
file_buffer_size:
1048576
file_client:
local
file_ignore_glob:
None
file_ignore_regex:
None
file_recv:
True
file_recv_max_size:
100
file_roots:
----------
base:
- /root
fileserver_backend:
- roots
fileserver_followsymlinks:
True
fileserver_ignoresymlinks:
False
fileserver_limit_traversal:
False
gather_job_timeout:
10
gitfs_base:
master
gitfs_env_blacklist:
gitfs_env_whitelist:
gitfs_insecure_auth:
False
gitfs_mountpoint:
gitfs_passphrase:
gitfs_password:
gitfs_privkey:
gitfs_pubkey:
gitfs_remotes:
gitfs_root:
gitfs_user:
hash_type:
md5
hgfs_base:
default
hgfs_branch_method:
branches
hgfs_env_blacklist:
hgfs_env_whitelist:
hgfs_mountpoint:
hgfs_remotes:
hgfs_root:
id:
k8s_master
interface:
0.0.0.0
ioflo_console_logdir:
ioflo_period:
0.01
ioflo_realtime:
True
ioflo_verbose:
0
ipv6:
False
jinja_lstrip_blocks:
False
jinja_trim_blocks:
False
job_cache:
True
keep_jobs:
24
key_logfile:
/var/log/salt/key
keysize:
2048
log_datefmt:
%H:%M:%S
log_datefmt_logfile:
%Y-%m-%d %H:%M:%S
log_file:
/var/log/salt/master
log_fmt_console:
[%(levelname)-8s] %(message)s
log_fmt_logfile:
%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s][%(process)d] %(message)s
log_granular_levels:
----------
log_level:
warning
loop_interval:
60
maintenance_floscript:
/usr/lib/python2.7/site-packages/salt/daemons/flo/maint.flo
master_floscript:
/usr/lib/python2.7/site-packages/salt/daemons/flo/master.flo
master_job_cache:
local_cache
master_pubkey_signature:
master_pubkey_signature
master_roots:
----------
base:
- /srv/salt-master
master_sign_key_name:
master_sign
master_sign_pubkey:
False
master_tops:
----------
master_use_pubkey_signature:
False
max_event_size:
1048576
max_minions:
0
max_open_files:
100000
minion_data_cache:
True
minionfs_blacklist:
minionfs_env:
base
minionfs_mountpoint:
minionfs_whitelist:
nodegroups:
----------
agents:
L@k8s_node1,k8s_node2
master1:
L@k8s_master
open_mode:
False
order_masters:
False
outputter_dirs:
peer:
----------
permissive_pki_access:
False
pidfile:
/var/run/salt-master.pid
pillar_opts:
True
pillar_roots:
----------
base:
- /srv/pillar
pillar_safe_render_error:
True
pillar_source_merging_strategy:
smart
pillar_version:
2
pillarenv:
None
ping_on_rotate:
False
pki_dir:
/etc/salt/pki/master
preserve_minion_cache:
False
pub_hwm:
1000
publish_port:
4505
publish_session:
86400
queue_dirs:
raet_alt_port:
4511
raet_clear_remotes:
False
raet_main:
True
raet_mutable:
False
raet_port:
4506
range_server:
range:80
reactor:
reactor_refresh_interval:
60
reactor_worker_hwm:
10000
reactor_worker_threads:
10
renderer:
yaml_jinja
ret_port:
4506
root_dir:
/
rotate_aes_key:
True
runner_dirs:
saltversion:
2015.5.10
search:
search_index_interval:
3600
serial:
msgpack
show_jid:
False
show_timeout:
True
sign_pub_messages:
False
sock_dir:
/var/run/salt/master
sqlite_queue_dir:
/var/cache/salt/master/queues
ssh_passwd:
ssh_port:
22
ssh_scan_ports:
22
ssh_scan_timeout:
0.01
ssh_sudo:
False
ssh_timeout:
60
ssh_user:
root
state_aggregate:
False
state_auto_order:
True
state_events:
False
state_output:
full
state_top:
salt://top.sls
state_top_saltenv:
None
state_verbose:
True
sudo_acl:
False
svnfs_branches:
branches
svnfs_env_blacklist:
svnfs_env_whitelist:
svnfs_mountpoint:
svnfs_remotes:
svnfs_root:
svnfs_tags:
tags
svnfs_trunk:
trunk
syndic_dir:
/var/cache/salt/master/syndics
syndic_event_forward_timeout:
0.5
syndic_jid_forward_cache_hwm:
100
syndic_master:
syndic_max_event_process_time:
0.5
syndic_wait:
5
timeout:
5
token_dir:
/var/cache/salt/master/tokens
token_expire:
43200
transport:
zeromq
user:
root
verify_env:
True
win_gitrepos:
- https://github.com/saltstack/salt-winrepo.git
win_repo:
/srv/salt/win/repo
win_repo_mastercachefile:
/srv/salt/win/repo/winrepo.p
worker_floscript:
/usr/lib/python2.7/site-packages/salt/daemons/flo/worker.flo
worker_threads:
5
zmq_filtering:
False
pillar 在sls中的使用
(1)定义pillar的主目录
[root@k8s_master ~]# cat /etc/salt/master |grep -v '^#\|^$'
file_roots:
base:
- /rootpillar_opts: True #开启pillar功能
pillar_roots: #主目录
base:
- /srv/pillar
[root@k8s_master ~]# systemctl restart salt-master
#创建pillar目录
[root@k8s_master ~]# install -d /srv/pillar
其他参数 (1)pillar 源,salt支持引入pillar外部资源,例如从数据库导入pillar值,默认是关闭的
ext_pillar_first: False
(2)开启pillar gitgs ssl验证
pillar_gitfs_ssl_verify: True
(3)开启pillar render 错误信息
pillar_safe_render_error: True
(4)设置pillar配置合并策略
pillar_source_merging_strategy: smart
(2)定义入口文件top.sls及要引用的变量文件
即定义pillar的数据覆盖被控主机的范围(要执行的主机),'*'代表所有主机,及储存变量的文件(data.sls)
示例及测试:
[root@k8s_master pillar]# pwd
/srv/pillar
[root@k8s_master pillar]# ls
data.sls top.sls
[root@k8s_master pillar]# cat top.sls
base:
'*':
- data
[root@k8s_master pillar]# cat data.sls
appname: master1
flow:
maxconn: 30000
maxmem: 1G
#测试
[root@k8s_master pillar]# salt 'k8s_master' pillar.data appname flow
k8s_master:
----------
appname:
master1
flow:
----------
maxconn:
30000
maxmem:
1G 如果显示不出结果,可用salt 'k8s_master' saltutil.refresh_pillar(saltutil.sync_all) 刷新pillar数据
[root@k8s_master pillar]# salt -I 'appname:master1' test.ping
k8s_master:
True
测试得出的结果可在state/模板等文件引用,引用方式如下:
格式:
{{ pillar变量 }}
#获取appname的值
{{ pillar['appname'] }} (一级字典)
#获取maxconn的值
{{ pillar['flow']['maxconn'] }} (二级字典)
{{ salt['pillar.get']('flow:maxconn',{})}}(二级字典)
pillar与jinja和grains的使用示例
[root@k8s_master pillar]# tree
.
├── data.sls
├── package.sls
├── top.sls
└── users
└── init.sls
1 directory, 4 files
[root@k8s_master pillar]# cat users/init.sls
hdfs:
namenode: 192.168.122.201
stadbynode: 192.168.122.202
hbase:
master: 192.168.122.201
[root@k8s_master pillar]# cat top.sls
base:
'*':
- data
- package
- test.test ##此处表示根目录下test目录下的test.sls文件(即,/srv/pillar/test/test.sls)【详细见saltstack sls随笔】
- users #此处表示users目录,top.sls会知己恩引用users 目录下的 init.sls(所有)文件 【详细见saltstack sls随笔】
[root@k8s_master pillar]# cat data.sls
appname:
master1
flow:
maxconn: 30000
maxmem: 1G
[root@k8s_master pillar]# cat package.sls
pkgs: # 模块名称
{% if grains['os'] == 'CentOS' %} # 使用jinja模板,通过grains筛选主机
apache: httpd # 安装包名称
git: git
{% elif grains['os'] == 'SUSE' %}
apache: apache2
git: git-core
{% endif %}
查看结果:
[root@k8s_master pillar]# salt 'k8s_master' saltutil.refresh_pillar #刷新
k8s_master:
True
[root@k8s_master pillar]# salt 'k8s_master' pillar.items #获取数据
k8s_master:
----------
appname: #data.sls信息
master1
flow:
----------
maxconn:
30000
maxmem:
1G
hbase: ##users目录信息
----------
master:
192.168.122.201
hdfs:
----------
namenode:
192.168.122.201
stadbynode:
192.168.122.202
master:
----------
__role:
master
auth_mode:
.......
pkgs: #package.sls信息
----------
apache:
httpd
git:
git
#以上蓝色字体为自定义的的pillar数据(变量),黑色字体为自带的pillar数据
Api调用方式
pillar['flow']['maxconn']
pillar.get('flow:appname',{})