一、SaltStack之系统初始化部署状态文件
环境说明:
centos8
| 主机名 | IP地址 | 部署功能 | 性能 |
|---|---|---|---|
| master | 192.168.143.101 | salt-master salt-minion | 4核8G |
| node3 | 192.168.143.104 | salt-minion init | 4核2G |
[root@master init]# tree
.
├── basepkg
│ └── main.sls
├── chrony
│ ├── files
│ │ └── chrony.conf
│ └── main.sls
├── firewall
│ └── main.sls
├── history
│ └── main.sls
├── kernel
│ ├── files
│ │ ├── limits.conf
│ │ └── sysctl.conf
│ └── main.sls
├── main.sls
├── salt-minion
│ ├── files
│ │ └── minion.j2
│ └── main.sls
├── selinux
│ ├── files
│ │ └── config
│ └── main.sls
├── service
│ └── main.sls
├── timeout
│ └── main.sls
├── timezone
│ ├── files
│ │ └── clock
│ └── main.sls
├── yum
│ ├── files
│ │ ├── centos-7.repo
│ │ ├── centos-8.repo
│ │ ├── epel.repo
│ │ ├── salt-7.repo
│ │ └── salt-8.repo
│ └── main.sls
└── zabbix-agentd
├── files
│ ├── install.sh
│ ├── zabbix-5.4.4.tar.gz
│ └── zabbix_agentd.conf.j2
└── main.sls
19 directories, 27 files
关闭 selinux
[root@master init]# tree selinux/
selinux/
├── files
│ └── config
└── main.sls
1 directory, 2 files
[root@master init]# vim selinux/main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
setenforce 0:
cmd.run:
- name: setenforce0
关闭 firewall
[root@master init]# tree firewall/
firewall/
└── main.sls
0 directories, 1 file
[root@master init]# vim firewall/main.sls
firewalld:
service.dead:
- enable: false
同步 chrony
[root@master init]# tree chrony/
chrony/
├── files
│ └── chrony.conf
└── main.sls
1 directory, 2 files
[root@master init]# vim chrony/main.sls
chrony:
pkg.installed
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chronyd.service:
service.running:
- enable: true
设置 timezone
[root@master init]# tree timezone/
timezone/
├── files
│ └── clock
└── main.sls
1 directory, 2 files
[root@master init]# vim timezone/main.sls
/etc/sysconfig/clock:
file.managed:
- source: salt://init/timezone/files/clock
rm -rf:
cmd.run:
- name: rm -rf /etc/localtime
/etc/localtime:
file.symlink:
- target: /usr/share/zoneinfo/Asia/Shanghai
[root@master init]# vim timezone/files/clock
zone = Asia/Shshanghai
内核优化 kernel
[root@master init]# tree kernel/
kernel/
├── files
│ ├── limits.conf
│ └── sysctl.conf
└── main.sls
1 directory, 3 files
[root@master init]# vim kernel/main.sls
/etc/sysctl.conf:
file.managed:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- gorup: root
- mode: '0644'
/etc/security/limits.conf:
file.managed:
- source: salt://init/kernel/files/limits.conf
- user: root
- gorup: root
- mode: '0644'
'sysctl -p':
cmd.run
[root@master init]# vim kernel/files/limits.conf
。。。
#@student - maxlogins 4
* soft nofile 65535
* hard nofile 65535
# End of file
。。。
[root@master init]# vim kernel/files/sysctl.conf
。。。
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1
精简开机 service
[root@master init]# tree service/
service/
└── main.sls
0 directories, 1 file
[root@master init]# vim service/main.sls
postfix.service:
service.dead:
- enable: false
优化 history
[root@master init]# tree history/
history/
└── main.sls
0 directories, 1 file
[root@master init]# vim history/main.sls
/etc/profile:
file.append:
- text: 'export HISTTIMEFORMAT="%F %T `whoami` "'
设置终端超时 timeout
[root@master init]# tree timeout/
timeout/
└── main.sls
0 directories, 1 file
[root@master init]# cat timeout/main.sls
/etc/profile:
file.append:
- text: 'export TMOUT=300'
配置 yum
[root@master init]# tree yum
yum
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel.repo
│ ├── salt-7.repo
│ └── salt-8.repo
└── main.sls
1 directory, 6 files
[root@master init]# vim yum/main.sls
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
/etc/yum.repos.d/epel.repo:
file.managed:
- source: salt://init/yum/files/epel.repo
- user: root
- group: root
- mode: '0644'
{% endif %}
{% if grains['os'] == 'CentOS' %}
epel-release:
pkg.installed
{% endif %}
/etc/yum.repos.d/salt-{{ grains['osmajorrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/salt-{{ grains['osmajorrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
#基于基础源eple,阿里云源配置
cd files/
curl -o centos-7.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -o centos-8.repo https://mirrors.aliyun.com/repo/Centos-8.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' centos-*.repo
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
mv /etc/yum.repos.d/epel.repo .
vim epel.repo
:%s#baseurl=https://download.example/pub#baseurl=https://mirrors.a
liyun.com#g
:%s/^#baseurl/baseurl/g
:%s/^metalink/#metalink/g
[root@master init]# vim yum/files/salt-7.repo
[salt-latest-repo]
name=Salt repo for RHEL/CentOS 7 PY3
baseurl=https://repo.saltproject.io/py3/redhat/7/x86_64/latest
skip_if_unavailable=True
failovermethod=priority
enabled=1
enabled_metadata=1
gpgcheck=1
gpgkey=https://repo.saltproject.io/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub, https://repo.saltproject.io/py3/redhat/7/x86_64/latest/base/RPM-GPG-KEY-CentOS-7
[root@master init]# vim yum/files/salt-8.repo
[salt-latest-repo]
name=Salt repo for RHEL/CentOS 8 PY3
baseurl=https://repo.saltproject.io/py3/redhat/8/x86_64/latest
skip_if_unavailable=True
failovermethod=priority
enabled=1
enabled_metadata=1
gpgcheck=1
gpgkey=https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
安装 salt-minion
[root@master init]# tree salt-minion/
salt-minion/
├── files
│ └── minion.j2
└── main.sls
1 directory, 2 files
[root@master init]# vim salt-minion/main.sls
include:
- init.yum.main
salt-minion:
pkg.installed
/etc/salt/minion:
file.managed:
- source: salt://init/salt-minion/files/minion.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
salt-minion.service:
service.running:
- enable: true
//配置变量
[root@master ~]# cd /srv/pillar/
[root@master pillar]# ls
base prod
[root@master base]# vim salt-minion.sls
master_ip: 192.168.143.101
[root@master base]# vim top.sls
base:
'*':
- salt-minion
[root@master init]# vim salt-minion/files/minion.j2
。。。
#master: salt
//修改此行
master: {{ pillar['master_ip'] }}
# Set http proxy information for the minion when doing requests
。。。
安装 zabbix-agentd
[root@master zabbix-agentd]# tree
.
├── files
│ ├── install.sh
│ ├── zabbix-5.4.4.tar.gz
│ └── zabbix_agentd.conf.j2
└── main.sls
1 directory, 4 files
[root@master base]# pwd
/srv/pillar/base
[root@master base]# vim zabbix-ip.sls
zabbix_ip: 192.168.143.101
[root@master base]# vim zabbix-name.sls
zabbix_name: lTbqtJ5m
[root@master base]# vim top.sls
base:
'*':
- zabbix-ip
- zabbix-name
[root@master zabbix-agentd]# vim files/install.sh
#! /bin/bash
cd /usr/src
tar xf zabbix-5.4.4.tar.gz
cd zabbix-5.4.4
./configure --enable-agent && make install
[root@master zabbix-agentd]# vim main.sls
include:
- init.basepkg.main
zabbix-user:
user.present:
- name: zabbix
- shell: /sbin/nologin
- system: true
- createhome: false
/usr/src/zabbix-5.4.4.tar.gz:
file.managed:
- source: salt://init/zabbix-agentd/files/zabbix-5.4.4.tar.gz
agentd-install:
cmd.script:
- name: salt://init/zabbix-agentd/files/install.sh
unless: test -d /usr/local/etc/zabbix_agentd.conf.d
/usr/local/etc/zabbix_agentd.conf:
file.managed:
- source: salt://init/zabbix-agentd/files/zabbix_agentd.conf.j2
- user: root
- group: root
- mode: '0644'
- requitre:
- cmd: agentd-install
- template: jinja
#开机自启
/etc/init.d/zabbix_agentd:
file.managed:
- source: salt://init/zabbix-agentd/files/zabbix_agentd
- user: root
- group: root
- mode: '0755'
'zabbix_agentd':
cmd.run
'/etc/init.d/zabbix_agentd start':
cmd.run
'chkconfig zabbix_agentd on':
cmd.run
安装 basepkg
[root@master init]# tree basepkg/
basepkg/
└── main.sls
0 directories, 1 file
[root@master init]# vim basepkg/main.sls
include:
- init.yum.main
base.packages:
pkg.installed:
- pkgs:
- screen
- tree
- psmisc
- openssl
- openssl-devel
- telnet
- iftop
- iotop
- sysstat
- wget
- dos2unix
- lsof
- net-tools
- vim-enhanced
- zip
- unzip
- bzip2
- bind-utils
- gcc
- gcc-c++
- glibc
- make
- autoconf
- pcre-devel
- libpsl
二、SaltStack之系统初始化部署状态文件执行
[root@master init]# tree
.
├── basepkg
│ └── main.sls
├── chrony
│ ├── files
│ │ └── chrony.conf
│ └── main.sls
├── firewall
│ └── main.sls
├── history
│ └── main.sls
├── kernel
│ ├── files
│ │ ├── limits.conf
│ │ └── sysctl.conf
│ └── main.sls
├── main.sls
├── salt-minion
│ ├── files
│ │ └── minion.j2
│ └── main.sls
├── selinux
│ ├── files
│ │ └── config
│ └── main.sls
├── service
│ └── main.sls
├── timeout
│ └── main.sls
├── timezone
│ ├── files
│ │ └── clock
│ └── main.sls
└── yum
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel.repo
│ ├── salt-7.repo
│ └── salt-8.repo
└── main.sls
17 directories, 23 files
[root@master init]# vim main.sls
//增加要包含的状态,即可
include:
- init.yum.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
- init.xx.main
//由于要随使用者添加状态,仅参考,没执行
[root@master init]# salt 'node3' state.sls init.main
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
