收集被控主机获取信息,通常静态数据,CPU,操作系统,内核,虚拟化等....
[root@server1 salt]# cat top.sls
base:
‘roles:nginx‘:
- match: grain
- nginx.service
[root@server2 salt]# pwd
/etc/salt
[root@server2 salt]# cat grains
roles: nginx
unit: miaomiao
[root@server1 salt]# salt server2.lalala.com grains.items
server2.lalala.com:
----------
SSDs:
biosreleasedate:
01/01/2011
biosversion:
0.5.1
cpu_flags:
- fpu
- de
- pse
- tsc
[root@server1 salt]# salt server2.lalala.com grains.item roles
server2.lalala.com:
----------
roles:
nginx
[root@server1 salt]# salt -G ‘roles:nginx‘ test.ping
server2.lalala.com:
True
[root@server1 salt]# salt -G ‘roles:nginx‘ cmd.run ‘uptime‘
server2.lalala.com:
21:50:12 up 1:05, 1 user, load average: 0.00, 0.02, 0.00
[root@server1 salt]# salt -C ‘* and not G@roles:nginx‘ cmd.run ‘uptime‘
server3.lalala.com:
21:51:00 up 1:03, 1 user, load average: 0.00, 0.00, 0.00
[root@server1 salt]# cat top.sls
base:
‘roles:nginx‘:
- match: grain
- nginx.service
‘server3.lalala.com‘:
- httpd.apache
[root@server1 _grains]# pwd
/srv/salt/_grains
[root@server1 _grains]# cat my_grains.py
#!/usr/bin/env python
#coding: utf8
def my_grains():
grains={}
grains[‘salt‘]=‘saltstack‘
grains[‘roles‘]=‘httpd‘
return grains
同步自定义的grains函数
[root@server1 salt]# salt server3.lalala.com saltutil.sync_grains
server3.lalala.com:
- grains.my_grains
[root@server1 salt]# salt server3.lalala.com grains.item salt
server3.lalala.com:
----------
salt:
saltstack
[root@server3 ~]# salt-call --local grains.item salt
local:
----------
salt:
saltstack
敏感信息
[root@server1 web]# pwd
/srv/pillar/web
[root@server1 web]# cat init.sls
{% if grains[‘roles‘] == ‘nginx‘ %}
apache: httpd
{% elif grains[‘roles‘] == ‘httpd‘ %}
apache: apache2
{% endif %}
[root@server1 web]# cd ..
[root@server1 pillar]# pwd
/srv/pillar
[root@server1 pillar]# cat top.sls
base:
‘*‘:
- web.init
[root@server1 pillar]# salt ‘*‘ saltutil.refresh_pillar
server3.lalala.com:
True
server2.lalala.com:
True
[root@server1 pillar]# salt ‘*‘ pillar.item apache
server3.lalala.com:
----------
apache:
apache2
server2.lalala.com:
----------
apache:
httpd
其他检测语法
[root@server1 pillar]# salt -I ‘apache:httpd‘ test.ping
server2.lalala.com:
True
[root@server1 pillar]# salt -I ‘apache:apache2‘ test.ping
server3.lalala.com:
True
[root@server1 pillar]# salt -C ‘* and not I@apache:apache2‘ test.ping
server2.lalala.com:
True
[root@server1 pillar]# salt -C ‘* or not I@apache:apache2‘ test.ping
server2.lalala.com:
True
server3.lalala.com:
True
[root@server1 pillar]# salt -C ‘G@salt:saltstack or I@apache:apache2‘ test.ping
server3.lalala.com:
True
server2.lalala.com:
True
[root@server1 pillar]# salt -C ‘G@salt:nginx or I@apache:apache2‘ test.ping
server3.lalala.com:
True
[root@server1 pillar]# salt -C ‘S@172.25.88.0/24 and not I@apache:apache2‘ test.ping
server2.lalala.com:
True
-I, --pillar
-G, --grain
-S,--ipcidr Match based on Subnet (CIDR notation) or IP address.
本文出自 “12049878” 博客,谢绝转载!
原文地址:http://12059878.blog.51cto.com/12049878/1923551