初始化系统
树形结构
[root@server1 salt]# tree base/
base/
`-- init
|-- 1
|-- chrony
| |-- 1
| |-- files
| | `-- chrony.conf
| `-- main.sls
|-- firewall
| |-- files
| | `-- config
| `-- main.sls
|-- history
| |-- 1
| |-- main.sls
| `-- main2.sls
|-- kernel
| |-- files
| | |-- limits.conf
| | `-- sysctl.conf
| `-- main.sls
|-- open
| |-- files
| | `-- sshd_config
| `-- main.sls
|-- salt-minion
| |-- 1
| |-- files
| | `-- minion.j2
| `-- main.sls
|-- selinux
| |-- files
| | `-- config
| `-- main.sls
|-- timeout
| |-- 1
| `-- main.sls
`-- yum
|-- files
| |-- centos-7.repo
| |-- centos-8.repo
| |-- epel.repo
| |-- salt-7.repo
| `-- salt-8.repo
`-- main.sls
设置防火墙
[root@server1 init]# tree firewall/
firewall/
|-- files
| `-- config
`-- main.sls
1 directory, 2 files
[root@server1 init]# cat firewall/main.sls
stop-firewalld:
service.dead:
- name: firewalld
- enable: false
设置seLinux
[root@server1 init]# tree selinux/
selinux/
|-- files
| `-- config
`-- main.sls
修改config文件
....
SELINUX=disabled
.....
编写main.sls文件
[root@server1 init]# cat selinux/main.sls
copy-selinux-config:
file.managed:
- names:
- /etc/selinux/config:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: "0644"
"setenforce 0":
cmd.run:
- require:
- file: copy-selinux-config
配置时间同步
[root@server1 init]# tree chrony/
chrony/
|-- 1
|-- files
| `-- chrony.conf
`-- main.sls
1 directory, 3 files
修改chrony.conf文件
[root@server1 init]# cat chrony/files/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst #阿里云服务器时间
编写main.sls文件
[root@server1 init]# cat chrony/main.sls
chrony:
pkg.installed
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chronyd.service:
service.running:
- enable: true
文件描述符/内存优化
[root@server1 init]# tree kernel/
kernel/
|-- files
| |-- limits.conf
| `-- sysctl.conf
`-- main.sls
修改limits.conf文件
#ftp hard nproc 0
#@student - maxlogins 4
* soft nofile 65535 #添加
* hard nofile 65535 #添加
修改sysctl.conf文件
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1 #添加
编写main.sls文件
[root@server1 init]# cat kernel/main.sls
copy-files:
file.managed:
- names:
- /etc/sysctl.conf:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- group: root
- mode: '0644'
- /etc/security/limits.conf:
- source: salt://init/kernel/files/limits.conf
- user: root
- group: root
- mode: '0644'
'sysctl -p':
cmd.run
openSSH服务
[root@server1 init]# tree open/
open/
|-- files
| `-- sshd_config
`-- main.sls
修改sshd_config
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 22 #修改所需的端口
编写main.sls文件
[root@server1 init]# cat open/main.sls
copy-open:
file.managed:
- names:
- /etc/ssh/sshd_config:
- source: salt://init/open/files/sshd_config - user: root
- group: root
- mode: '0600'
设置历史优化记录
[root@server1 init]# tree history/
history/
|-- 1
|-- main.sls
`-- main2.sls
[root@server1 init]# cat history/main.sls
/etc/profile:
file.line:
- mode: insert
- content: 'export HISTTIMEFORMAT="%F %T `whoami`"'
- before: 'System' #在指定文本上一行添加字段
/etc/profile:
file.append:
- text: 'export HISTTIMEFORMAT="%F %T `whoami`"'
#在某行添加文本
设置终端超时时间
[root@server1 init]# mkdir timeout
[root@server1 timeout]# vim main.sls
/etc/profile:
file.append: #在文本末尾加数据
- text: 'export TMOUT=300' #超时时间设置为300秒
#执行
[root@server1 init]# salt node1 state.sls init.timeout.main
node1:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 21:52:26.157664
Duration: 21.058 ms
Changes:
----------
diff:
---
+++
@@ -85,3 +85,4 @@
fi
fi
export HISTTIMEFORMAT="%F %T `whoami`"
+export TMOUT=300
Summary for node1
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 21.058 ms
查看结果
[root@node1 ~]# cat /etc/profile
.......
......
# Check for double sourcing is done in /etc/bashrc.
. /etc/bashrc
fi
fi
export HISTTIMEFORMAT="%F %T `whoami`"
export TMOUT=300
配置yum源
在阿里云镜像网站上下载到 yum/files也把saltstack源也下载到目录里
配置源
[root@server1 files]# vim /etc/yum.repos.d/epel.repo
#用末行模式
%s#要修改的文本#修改后的文本#
%s///
[root@server1 init]# tree yum
yum
|-- files
| |-- centos-7.repo
| |-- centos-8.repo
| |-- epel.repo
| |-- salt-7.repo
| `-- salt-8.repo
`-- main.sls
[root@server1 init]# cat yum/main.sls
{% if grains['os'] == 'RedHat' %}
copy-yum:
file.managed:
- names:
- /etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
{% endif %}
copy-yum-epel:
file.managed:
- names:
- /etc/yum.repos.d/epel.repo:
- source: salt://init/yum/files/epel.repo
- user: root
- group: root
- mode: '0644'
copy-yum:
file.managed:
- names:
- /etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:
- source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
#执行
[root@server1 init]# salt node1 state.sls init.yum.main
安装salt-minion
配置IP变量
[root@server1 salt-minion]# cd /srv/pillar/base/
[root@server1 base]# ls
apache.sls top.sls
[root@server1 base]# vim salt-minion.sls
[root@server1 base]# vim top.sls
[root@server1 base]# ls
apache.sls salt-minion.sls top.sls
[root@server1 base]# cat salt-minion.sls
master_ip: 192.168.244.131
[root@server1 base]# cat top.sls
base:
'*':
- salt-minion
修改 files/minion文件
[root@server1 salt-minion]# cat files/minion.j2
.......
#master: salt
master: {{ pillar['master_ip'] }}
......
编写执行文件
[root@server1 salt-minion]# cat main.sls
include:
- init.yum.main
salt-minion:
pkg.installed
/etc/salt/minion:
file.managed:
- source: salt://init/salt-minion/files/minion.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
salt-minion-service:
service.running:
- name: salt-minion
- enable: true
安装基础命令
[root@server1 salt-minion]# cat main.sls
include:
- init.yum.main
pkg-install-base:
pkg.installed:
- pkgs:
- screen
- tree
- psmisc
- openssl
- openssl-devel
- telnet
- iftop
- iotop
- sysstat
- wget
- dos2unix
- unix2dos
- lsof
- net-tools
- vim-enhanced
- zip
- unzip
- bzip2
- bind-utils
- gcc
- gcc-c++
- gilbc
- make
- autocnf
salt-minion:
pkg.installed
/etc/salt/minion:
file.managed:
- source: salt://init/salt-minion/files/minion.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
salt-minion-service:
service.running:
- name: salt-minion
- enable: true