saltstack----zabbix部署状态文件编写
lamp的框架
[root@master ~]# tree /srv/
/srv/
├── pillar
│ └── prod
│ ├── apache.sls
│ ├── mysql.sls
│ └── top.sls
└── salt
├── base
├── dev
├── prod
│ ├── modules
│ │ ├── application
│ │ │ └── php
│ │ │ ├── files
│ │ │ │ ├── httpd.conf
│ │ │ │ ├── index.php
│ │ │ │ ├── install.sh
│ │ │ │ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ │ │ │ ├── php-7.4.24.tar.gz
│ │ │ │ ├── php-fpm
│ │ │ │ ├── php-fpm.conf
│ │ │ │ ├── php-fpm.service
│ │ │ │ └── www.conf
│ │ │ └── install.sls
│ │ ├── database
│ │ │ └── mysql
│ │ │ ├── files
│ │ │ │ ├── my.cnf
│ │ │ │ ├── mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
│ │ │ │ ├── mysqld.service.j2
│ │ │ │ ├── mysql.server
│ │ │ │ └── mysql.sh
│ │ │ └── install.sls
│ │ └── web
│ │ └── httpd
│ │ ├── files
│ │ │ ├── apr-1.7.0.tar.gz
│ │ │ ├── apr-util-1.6.1.tar.gz
│ │ │ ├── httpd-2.4.51.tar.gz
│ │ │ ├── httpd.conf
│ │ │ ├── httpd.service.j2
│ │ │ └── install.sh
│ │ └── install.sls
│ └── zabbix
│ ├── apache.sls
│ ├── files
│ │ ├── index.php
│ │ ├── install.sh
│ │ ├── my.cnf
│ │ ├── mysql.conf
│ │ ├── php.ini
│ │ ├── vhosts.conf.j2
│ │ ├── zabbix-5.4.4.tar.gz
│ │ └── zabbix_server.conf
│ ├── install.sls
│ ├── main.sls
│ └── mysql.sls
└── test
19 directories, 38 files
[root@master ~]# vim /etc/salt/master
858 pillar_roots:
859 base:
860 - /srv/pillar/base
861 prod:
862 - /srv/pillar/prod
[root@master ~]# systemctl restart salt-master
1. 安装httpd
[root@master ~]# tree /srv/salt/prod/modules/web/
/srv/salt/prod/modules/web/
└── httpd
├── files
│ ├── apr-1.7.0.tar.gz
│ ├── apr-util-1.6.1.tar.gz
│ ├── httpd-2.4.51.tar.gz
│ ├── httpd.conf
│ ├── httpd.service.j2
│ └── install.sh
└── install.sls
2 directories, 7 files
[root@master ~]# cat /srv/salt/prod/modules/web/httpd/install.sls
"Development Tools":
pkg.group_installed
httpd-dep-package:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
create-apache-user:
user.present:
- name: apache
- createhome: false
- system: true
- shell: /sbin/nologin
download-apache:
file.managed:
- names:
- /usr/src/apr-1.7.0.tar.gz:
- source: salt://modules/web/httpd/files/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz:
- source: salt://modules/web/httpd/files/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.51.tar.gz:
- source: salt://modules/web/httpd/files/httpd-2.4.51.tar.gz
httpd-install:
cmd.script:
- name: salt://modules/web/httpd/files/install.sh {{ pillar['install_dir'] }}
- unless: test -d /usr/local/apache
{{ pillar['install_dir'] }}/conf/httpd.conf:
file.managed:
- source: salt://modules/web/httpd/files/httpd.conf
- user: root
- group: root
- mode: '0644'
- require:
- cmd: httpd-install
/usr/lib/systemd/system/httpd.service:
file.managed:
- source: salt://modules/web/httpd/files/httpd.service.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
[root@master ~]# cat /srv/salt/prod/modules/web/httpd/files/httpd.service.j2
[Unit]
Description=httpd server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['install_dir'] }}/bin/apachectl start
ExecStop={{ pillar['install_dir'] }}/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master ~]# vim /srv/salt/prod/modules/web/httpd/files/httpd.conf
## 启用httpd的相关模块
119 #LoadModule remoteip_module modules/mod_remoteip.so
120 LoadModule proxy_module modules/mod_proxy.so // 取消注释
121 #LoadModule proxy_connect_module modules/mod_proxy_connect.so
122 #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
123 #LoadModule proxy_http_module modules/mod_proxy_http.so
124 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so // 取消注释
125 #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
260 <IfModule dir_module>
261 DirectoryIndex index.php index.html //加上index.php
262 </IfModule>
397 AddType application/x-compress .Z
398 AddType application/x-gzip .gz .tgz
## 搜索AddType,添加以下内容
399 AddType application/x-httpd-php .php
400 AddType application/x-httpd-php-source .phps
500 Include conf/extra/proxy-html.conf
## 添加以下内容
501 Include conf/extra/vhosts.conf
511 <IfModule ssl_module>
512 SSLRandomSeed startup builtin
513 SSLRandomSeed connect builtin
514 </IfModule>
515 <VirtualHost *:80>
516 DocumentRoot "/usr/local/apache/htdocs/zabbix"
517 ServerName zabbix.example.com
518 ProxyRequests Off
519 ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/zabbix/$1
520 <Directory "/usr/local/apache/htdocs/zabbix">
521 Options none
522 AllowOverride none
523 Require all granted
524 </Directory>
525 </VirtualHost>
2. 安装mysql
[root@master ~]# tree /srv/salt/prod/modules/database/
/srv/salt/prod/modules/database/
└── mysql
├── files
│ ├── my.cnf
│ ├── mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
│ ├── mysqld.service.j2
│ ├── mysql.server
│ └── mysql.sh
└── install.sls
2 directories, 6 files
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/install.sls
ncurses-compat-libs:
pkg.installed
mysql:
user.present:
- system: true
- createhome: false
- shell: /sbin/nologin
/usr/local:
archive.extracted:
- source: salt://modules/database/mysql/files/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
file.symlink:
- name: {{ pillar['data_dir'] }}
- target: /usr/local/mysql-5.7.34-linux-glibc2.12-x86_64
{{ pillar['data_dir'] }}:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- recurse:
- user
- group
/opt/data:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
- recurse:
- user
- group
/etc/profile.d/mysql.sh:
file.managed:
- source: salt://modules/database/mysql/files/mysql.sh
- user: root
- group: root
- mode: '0644'
{{ pillar['data_dir'] }}/support-files/mysql.server:
file.managed:
- source: salt://modules/database/mysql/files/mysql.server
- user: mysql
- group: mysql
- mode: '0755'
/usr/lib/systemd/system/mysqld.service:
file.managed:
- source: salt://modules/database/mysql/files/mysqld.service.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
mysql-initialize:
cmd.run:
- name: '{{ pillar['data_dir'] }}/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data/'
- require:
- archive: /usr/local
- user: mysql
- file: /opt/data
- unless: test $(ls -l /opt/data | wc -l) -gt 1
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/mysqld.service.j2
[Unit]
Description=mysql server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['data_dir'] }}/support-files/mysql.server start
ExecStop={{ pillar['data_dir'] }}/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/mysql.sh
PATH=/usr/local/mysql/bin:$PATH
// 配置服务启动脚本
[root@master ~]# vim /srv/salt/prod/modules/database/mysql/files/mysql.server
## 修改配置文件以下两行内容
46 basedir=/usr/local/mysql
47 datadir=/opt/data
3. 安装php
[root@master ~]# tree /srv/salt/prod/modules/application/
/srv/salt/prod/modules/application/
└── php
├── files
│ ├── httpd.conf
│ ├── index.php
│ ├── install.sh
│ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ ├── php-7.4.24.tar.gz
│ ├── php-fpm
│ ├── php-fpm.conf
│ ├── php-fpm.service
│ └── www.conf
└── install.sls
2 directories, 10 files
[root@master ~]# cat /srv/salt/prod/modules/application/php/install.sls
dnf -y install epel-release:
cmd.run
/tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- mode: '0644'
cmd.run:
- name: yum -y install /tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- unless: rpm -q oniguruma-devel
php-dep-package:
pkg.installed:
- pkgs:
- sqlite-devel
- libzip-devel
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
unarchive-php:
archive.extracted:
- name: /usr/src/
- source: salt://modules/application/php/files/php-7.4.24.tar.gz
php-install:
cmd.script:
- name: salt://modules/application/php/files/install.sh
- unless: test -d /usr/local/php7
copy-file-php:
file.managed:
- names:
- /usr/local/php7/etc/php-fpm.conf:
- source: salt://modules/application/php/files/php-fpm.conf
- /usr/local/php7/etc/php-fpm.d/www.conf:
- source: salt://modules/application/php/files/www.conf
- /usr/local/apache/conf/httpd.conf:
- source: salt://modules/application/php/files/httpd.conf
- /usr/local/apache/htdocs/index.php:
- source: salt://modules/application/php/files/index.php
- /etc/init.d/php-fpm:
- source: salt://modules/application/php/files/php-fpm
- user: root
- group: root
- mode: '0755'
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://modules/application/php/files/php-fpm.service
- require:
- cmd: php-install
php-fpm.service:
service.running:
- enable: true
- require:
- cmd: php-install
- file: copy-file-php
- watch:
- file: copy-file-php
[root@master ~]# cat /srv/salt/prod/modules/application/php/files/install.sh
#!/bin/bash
cd /usr/src/php-7.4.24
./configure --prefix=/usr/local/php7 \
--with-config-file-path=/etc \
--enable-fpm \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix && \
make && make install
[root@master ~]# cat /srv/salt/prod/modules/application/php/files/php-fpm.service
[Unit]
Description=php server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/php-fpm start
ExecStop=/etc/init.d/php-fpm stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master prod]# vim modules/application/php/files/www.conf.default
listen = 0.0.0.0:9000 #查找listen这一行并改为此行显示的内容
4. 编写zabbix项目配置
[root@master ~]# tree /srv/salt/prod/zabbix/
/srv/salt/prod/zabbix/
├── apache.sls
├── files
│ ├── index.php
│ ├── install.sh
│ ├── my.cnf
│ ├── mysql.conf
│ ├── php.ini
│ ├── vhosts.conf.j2
│ ├── zabbix-5.4.4.tar.gz
│ └── zabbix_server.conf
├── install.sls
├── main.sls
└── mysql.sls
1 directory, 12 files
[root@master ~]# cat /srv/salt/prod/zabbix/apache.sls
include:
- modules.web.httpd.install
/usr/include/httpd:
file.symlink:
- target: {{ pillar['install_dir'] }}/include
{{ pillar['install_dir'] }}/htdocs/zabbix:
file.directory:
- user: root
- group: root
- mode: '0755'
- makedirs: true
{{ pillar['install_dir'] }}/conf/extra/vhosts.conf:
file.managed:
- source: salt://zabbix/files/vhosts.conf.j2
- user: root
- group: root
- mode: '0664'
- template: jinja
- require:
- cmd: httpd-install
{{ pillar['install_dir'] }}/htdocs/zabbix/index.php:
file.managed:
- source: salt://zabbix/files/index.php
- user: root
- group: root
- mode: '0664'
httpd.service:
service.running:
- enable: true
- reload: true
- require:
- cmd: httpd-install
- file: /usr/lib/systemd/system/httpd.service
- watch:
- file: {{ pillar['install_dir'] }}/conf/httpd.conf
- file: {{ pillar['install_dir'] }}/conf/extra/vhosts.conf
[root@master ~]# cat /srv/salt/prod/zabbix/mysql.sls
include:
- modules.database.mysql.install
lamp-dep-package:
pkg.installed:
- pkgs:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
- glibc
- glibc-gconv-extra
- libgcc
- libstdc++
/usr/local/include/mysql:
file.symlink:
- target: {{ pillar['data_dir'] }}/include
/etc/ld.so.conf.d/mysql.conf:
file.managed:
- source: salt://zabbix/files/mysql.conf
- user: root
- group: root
- mode: '0644'
/etc/my.cnf:
file.managed:
- source: salt://zabbix/files/my.cnf
- user: root
- group: root
- mode: '0644'
- watch_in:
- service: mysqld.service
mysqld.service:
service.running:
- enable: true
- reload: true
- require:
- archive: /usr/local
- file: /usr/lib/systemd/system/mysqld.service
- file: /etc/my.cnf
set-password-mysql:
cmd.run:
- name: {{ pillar['data_dir'] }}/bin/mysql -e "set password = password('1');"
- require:
- service: mysqld.service
- unless: {{ pillar['data_dir'] }}/bin/mysql -uroot -p1 -e 'exit'
[root@master ~]# cat /srv/salt/prod/zabbix/files/index.php
<?php
phpinfo();
?>
[root@master ~]# cat /srv/salt/prod/zabbix/files/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
[root@master ~]# cat /srv/salt/prod/zabbix/files/vhosts.conf.j2
<VirtualHost *:80>
DocumentRoot "{{ pillar['install_dir'] }}/htdocs/zabbix"
ServerName zabbix.example.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000{{ pillar['install_dir'] }}/htdocs/zabbix/$1
<Directory "{{ pillar['install_dir'] }}/htdocs/zabbix">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
[root@master ~]# cat /srv/salt/prod/zabbix/install.sls
zabbix-dep-packages:
pkg.installed:
- pkgs:
- net-snmp-devel
- libevent-devel
- gcc
- gcc-c++
- make
zabbix:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
/usr/src/zabbix-5.4.4.tar.gz:
file.managed:
- source: salt://zabbix/files/zabbix-5.4.4.tar.gz
salt://zabbix/files/install.sh:
cmd.script
/usr/local/etc/zabbix_server.conf:
file.managed:
- source: salt://zabbix/files/zabbix_server.conf
create-dir:
file.directory:
- name: /var/lib/mysql
- user: root
- group: root
- mode: '0644'
link:
cmd.run:
- name: ln -s /tmp/mysql.sock /var/lib/mysql/
/etc/php.ini:
file.managed:
- source: salt://zabbix/files/php.ini
copy-ui:
cmd.run:
- name: cp -a /usr/src/zabbix-5.4.4/ui/* /usr/local/apache/htdocs/zabbix/
start-service:
cmd.run:
- names:
- zabbix_server
- zabbix_agentd
[root@master ~]# vim /srv/salt/prod/zabbix/files/zabbix_server.conf
122 # Default:
123 DBPassword=zabbix123! ## 设置zabbix密码
124
125 ### Option: DBSocket
[root@master ~]# cat /srv/salt/prod/zabbix/files/install.sh
#!/bin/bash
cd /usr/src/
tar xf zabbix-5.4.4.tar.gz
/usr/local/mysql/bin/mysql -uroot -p1 -e "create database zabbix character set utf8 collate utf8_bin;"
/usr/local/mysql/bin/mysql -uroot -p1 -e "grant all privileges on zabbix.* to 'zabbix'@'localhost' identified by 'zabbix123!';"
/usr/local/mysql/bin/mysql -uroot -p1 -e "flush privileges;"
cd /usr/src/zabbix-5.4.4/database/mysql
/usr/local/mysql/bin/mysql -uroot -p1 zabbix < schema.sql
/usr/local/mysql/bin/mysql -uroot -p1 zabbix < images.sql
/usr/local/mysql/bin/mysql -uroot -p1 zabbix < data.sql
cd /usr/src/zabbix-5.4.4/
./configure --enable-server --enable-agent --with-mysql --with-net-snmp --with-libcurl --with-libxml2 && make install
[root@master ~]# vim /srv/salt/prod/zabbix/files/php.ini
## 在配置文件里面修改以下内容的值
388 max_execution_time = 300
398 max_input_time = 300
694 post_max_size = 16M
962 ;date.timezone =
963 date.timezone = Asia/Shanghai ## 在配置文件里面添加这一行
[root@master ~]# cat /srv/salt/prod/zabbix/main.sls
include:
zabbix.apache
zabbix.mysql
modules.application.php.install
zabbix.install
执行状态文件,部署lamp
[root@master prod]# salt 'minion' state.sls zabbix.main saltenv=prod
在minion上查看服务是否起来
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:10050 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10051 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
7. 网页测试
8. 系统初始化:
- 关闭防火墙
- 关闭SELINUX
- 时间同步(配置ntp、chrony)
- 文件描述符,修改/etc/security/limits.conf配置最大文件打开数
- 内核优化(内存、tcp) sysctl
- SSH服务优化(关闭DNS解析、修改端口)
- 精简开机系统服务(只开启SSHD服务)
- DNS解析
- 历史记录优化history(记录时间、用户)
export HISTTIMEFORMAT="%F %T `whoami`"
- 设置终端超时时间 export TMOUT=300 、etc/profile file.append
- 设置yum源
- 安装各种agent,如zabbix_agent、salt-minion
- 基础用户、用户审计、sudo权限设置
- 常用基础命令,命令别名
- 用户登录提示、PS1设置
目录树
[root@master ~]# tree /srv/salt/base/
/srv/salt/base/
└── init
├── basepkg
│ └── main.sls
├── chrony
│ ├── files
│ │ └── chrony.conf
│ └── main.sls
├── firewall
│ └── main.sls
├── history
│ └── main.sls
├── kernel
│ ├── files
│ │ ├── limits.conf
│ │ └── sysctl.conf
│ └── main.sls
├── main.sls
├── salt-minion
│ ├── files
│ │ └── minion
│ └── main.sls
├── selinux
│ ├── files
│ │ └── config
│ └── main.sls
├── timeout
│ └── main.sls
└── yum
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel-7.repo
│ ├── epel-8.repo
│ ├── salt-7.repo
│ └── salt-8.repo
└── main.sls
15 directories, 21 files
selinux
[root@master ~]# cat /srv/salt/base/init/selinux/main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
'setenforce 0':
cmd.run
[root@master ~]# cat /srv/salt/base/init/selinux/main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
'setenforce 0':
cmd.run
firewalld
[root@master ~]# cat /srv/salt/base/init/firewall/main.sls
firewalld.service:
service.dead:
- enable: false
chrony
[root@master ~]# vim /srv/salt/base/init/chrony/files/chrony.conf
## 修改以下内容
3 pool time1.aliyun.com iburst
[root@master ~]# cat /srv/salt/base/init/chrony/main.sls
include:
- init.yum.main
chrony:
pkg.installed
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chronyd.service:
service.running:
- enable: true
history
[root@master ~]# cat /srv/salt/base/init/history/main.sls
/etc/profile:
file.managed:
- text: 'export HISTTIMEFORMAT="%F %T `whoami` "'
timeout
[root@master ~]# cat /srv/salt/base/init/timeout/main.sls
/etc/profile:
file.managed:
- text: 'export TMOUT=300'
kernel
[root@master ~]# cat /srv/salt/base/init/kernel/files/limits.conf
## 在配置文件中添加以下两行内容
60 * soft nofile 65535
61 * hard nofile 65535
[root@master ~]# cat /srv/salt/base/init/kernel/files/sysctl.conf
11 net.ipv4.ip_forward = 1 ## 在配置文件最后面加上这行
[root@master ~]# cat /srv/salt/base/init/timeout/main.sls
/etc/profile:
file.managed:
- text: 'export TMOUT=300'
[root@master ~]# cat /srv/salt/base/init/kernel/main.sls
/etc/security/limits.conf:
file.managed:
- source: salt://init/kernel/files/limits.conf
- user: root
- group: root
- mode: '0664'
/etc/sysctl.conf:
file.managed:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- group: root
- mode: '0664'
cmd.run:
- name: sysctl -p
yum
[root@master ~]# tree /srv/salt/base/init/yum
/srv/salt/base/init/yum
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel-7.repo
│ ├── epel-8.repo
│ ├── salt-7.repo
│ └── salt-8.repo
└── main.sls
1 directory, 7 files
[root@master ~]# cat /srv/salt/base/init/yum/main.sls
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
{% endif %}
/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
/etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
salt-minion
[root@master ~]# vim /srv/salt/base/init/salt-minion/files/minion
## 修改以下内容
17 master: {{ pillar['master_ip'] }}
[root@master ~]# cat /srv/salt/base/init/salt-minion/main.sls
include:
- init.yum.main
salt-minion:
pkg.installed
/etc/salt/minion:
file.managed:
- source: salt://init/salt-minion/files/minion.j2
- user: root
- group: root
- mode: '0644'
salt-minion.service:
service.running:
- enable: true
[root@master ~]# cat /srv/pillar/base/salt-minion.sls
master_ip: 192.168.47.171
basepkg
[root@master ~]# cat /srv/salt/base/init/basepkg/main.sls
include:
- init.yum.main
install-base-packages:
pkg.installed:
- pkgs:
- screen
- tree
- psmisc
- openssl
- openssl-devel
- telnet
- iftop
- iotop
- sysstat
- wget
- dos2unix
- unix2dos
- lsof
- net-tools
- vim-enhanced
- zip
- unzip
- bzip2
- bind-utils
- gcc
- gcc-c++
- glibc
- make
- autoconf