系统初始化状态文件编写

selinux

[root@master selinux]# tree
.
|-- files
    └── config
`-- main.sls
[root@master selinux]# cat files/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@master selinux]# cat main.sls 
/etc/selinux/config:
  file.managed:
    - source: salt://init/selinux/files/config
    - user: root
    - group: root
    - mode: '0644'
    
'setenforce 0':
  cmd.run

firewalld

[root@master firewalld]# cat main.sls 
firewalld.service:
  service.dead:
    - enable: false

chrony

[root@master chrony]# tree
.
├── files
│   └── chrony.conf
└── main.sls
[root@master chrony]# cat files/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst		 #修改时间同步服务器地址

.......


[root@master chrony]# cat main.sls 
include:
  - init.yum.main
chrony:
  pkg.installed:

/etc/chrony.conf:
  file.managed:
    - source: salt://init/chrony/files/chrony.conf
    - user: root
    - group: root
    - mode: '0644'
chrony.service:
  service.running:
    - enable: true

kernel

[root@master kernel]# tree
.
├── files
│       ├── limits.conf
│       └── sysctl.conf
└── main.sls
[root@master kernel]# cp /etc/security/limits.conf files/
[root@master kernel]# cp /etc/sysctl.conf files/
[root@master kernel]# vim files/limits.conf 
#ftp             hard    nproc           0
#@student        -       maxlogins       4
*                soft    nofile         65535  	
*                hard    nofile         65535  	


[root@master kernel]# vim files/sysctl.conf 
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4ip_forward = 1


[root@master kernel]# cat main.sls 
/etc/security/limits.conf:
  file.managed:
    - source: salt://init/kernel/files/limits.conf
    - user: root
    - group: root
    - mode: '0644'
/etc/sysctl.conf:
  file.managed:
    - source: salt://init/kernel/files/sysctl.conf
    - user: root
    - group: root
    - mode: '0644'
  cmd.run
    - name: sysctl -p

history

[root@master history]# cat main.sls 
/etc/profile:
  file.append:
    - test: 'export HISTTIMEFORMAT="%F %T `whoami`"'

timeout

[root@master timeout]# cat main.sls 
/etc/profile:
  file.append:
    - test: 'export TMOUT=300'

基础命令

[root@master basepkg]# cat main.sls 
include:
  - init.yum.main
install-base-pkgages:
  pkg.installed:
    - pkgs:
      - screen
      - tree
      - psmisc
      - openssl
      - openssl-devel
      - telnet
      - iftop
      - iotop
      - sysstat
      - wget
      - dos2unix
      - unix2dos
      - lsof
      - net-tools
      - vim-enhanced
      - zip
      - unzip
      - bzip2
      - bind-utils
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf

安装salt-agent

[root@master salt-minion]# cp /etc/salt/minion ./files/minion.j2
[root@master salt-minion]# vim files/minion.j2 
# resolved, then the minion will fail to start.
#master: salt
master: {{ pillar['salt_master_ip'] }} 		
......

//定义变量值
[root@master base]# pwd
/srv/pillar/base
[root@master base]# vim salt-minion.sls 	
[root@master base]# cat salt-minion.sls 
salt_master_ip:192.168.172.142

[root@master salt-minion]# cat main.sls 
include:
  - init.yum.main
salt-minion
  pkg.installed
/etc/salt/minion:
  file.managed:
    - source: salt://init/salt-minion/files/minion.j2
    - user: root
    - group: root
    - mode: '0644'
    - template: true
salt-minion.service:
  service.running:
    - enable: true