系统初始化
关闭selinux
[root@master init]# pwd
/srv/salt/base/init
[root@master init]# tree selinux/
selinux/
├── files
│ └── config
└── main.sls
[root@master selinux]# cat main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/files/config
- user: root
- group: root
- mode: '0644'
'setenforce 0':
cmd.run
关闭firewalld
[root@master init]# pwd
/srv/salt/base/init
[root@master init]# tree firewalld/
firewalld/
└── main.sls
[root@master firewalld]# cat main.sls
firewalld.service:
service.dead:
- enable: false
时间同步chrony
[root@master init]# pwd
/srv/salt/base/init
[root@master init]# tree chrony
chrony
├── files
│ └── chrony.conf
└── main.sls
[root@master chrony]# cat main.sls
chrony:
pkg.installed
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chrony.service:
service.running:
- enable: true
文件描述和内核优化
[root@master init]# pwd
/srv/salt/base/init
[root@master init]# tree kernel/
kernel/
├── files
│ ├── limits.conf
│ └── sysctl.conf
└── main.sls
//在文件limit.conf最后加上以下两行
* soft nofile 65535
* hard nofile 65535
//在文件sysctl.conf最后添加以下一行,开启ip转发功能
net.ipv4.ip_forward = 1
[root@master kernel]# cat main.sls
/etc/security/limits.conf:
file.managed:
- source: salt://init/kernel/files/limits.conf
- user: root
- group: root
- mode: '0644'
/etc/sysctl.conf:
file.managed:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- group: root
- mode: '0644'
cmd.run:
- name: sysctl -p
历史记录优化(记录时间、用户)
[root@master init]# pwd
/srv/salt/base/init
[root@master init]# tree history/
history/
└── main.sls
[root@master history]# cat main.sls
/etc/profile:
file.append:
- text: 'export HISTTIMEFORMAT="%F %T `whoami` "'
设置超时
[root@master init]# pwd
/srv/salt/base/init
[root@master init]# tree timeout/
timeout/
└── main.sls
[root@master timeout]# cat main.sls
/etc/profile:
file.append:
- text: 'export TMOUT=300'
配置YUM源
[root@master init]# pwd
/srv/salt/base/init
[root@master init]# tree yum/
yum/
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel-7.repo
│ ├── epel-8.repo
│ ├── salt-7.repo
│ └── salt-8.repo
└── main.sls
[root@master files]# pwd
/srv/salt/base/init/yum/files
[root@master files]# ls
centos-7.repo epel-7.repo salt-7.repo
centos-8.repo epel-8.repo salt-8.repo
[root@master yum]# pwd
/srv/salt/base/init/yum
[root@master yum]# cat main.sls
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
{% endif %}
/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
/etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'