系统初始化状态编写
系统安装完以后需要做的事:(用脚本的方式一键部署)
设置IP
修改主机名
网卡回归传统命令
免密登录
系统初始化时要做的事:(针对所有主机 运维)
安装常用软件
YUM源配置
关闭防火墙
关闭SELINUX
部署agent(zabbix-agent、salt-manion)
时间同步
通用账户创建
配置SSHD的端口号
设置终端超时时间
系统初始化sls包括:
cabbler装机
zabbix监控
系统初始化
服务部署:
redis主从
mysql主从
apache+php
haproxy+keepalived
监控
业务
有的需要开发部署些东西
其他
系统初始化sls中的系统初始化步骤如下:
下面进行下测试
环境说明:
[root@master ~]# cd /srv/salt/base/
[root@master base]# ls
[root@master base]# mkdir init
[root@master base]# ls
init
将在init里面进行测试
关闭SELINUX
[root@master init]# tree
.
└── selinux
├── files
│ └── config
└── main.sls
2 directories, 2 files
[root@master init]# cat selinux/files/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@master init]# cat selinux/main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
[root@master selinux]# salt 'minion' state.sls init.selinux.main
minion:
----------
ID: /etc/selinux/config
Function: file.managed
Result: True
Comment: File /etc/selinux/config is in the correct state
Started: 21:16:44.774206
Duration: 185.791 ms
Changes:
Summary for minion
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 185.791 ms
关闭防火墙
[root@master init]# ls
selinux
[root@master init]# mkdir firewall
[root@master init]# cd firewall/
[root@master firewall]# vim firewall.sls
[root@master firewall]# cat firewall.sls
firewalld.service:
service.dead:
- enable: false
[root@master firewall]# salt 'minion' test.ping
minion:
True
[root@master firewall]# salt 'minion' state.sls init.firewall.firewall
minion:
----------
ID: firewalld.service
Function: service.dead
Result: True
Comment: Service firewalld.service has been disabled, and is dead
Started: 21:31:02.084277
Duration: 1232.255 ms
Changes:
----------
firewalld.service:
True
Summary for minion
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 1.232 s
[root@master firewall]# ls
firewall.sls
[root@master firewall]# mv firewall.sls main.sls
[root@master firewall]# ls
main.sls
这里我改个名字,方便后期管理
#查看下是否成功
[root@minion ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor >
Active: inactive (dead)
Docs: man:firewalld(1)
11月 12 21:25:31 minion systemd[1]: Starting firewalld - dynamic firewall daemo>
11月 12 21:25:32 minion systemd[1]: Started firewalld - dynamic firewall daemon.
11月 12 21:25:32 minion firewalld[59096]: WARNING: AllowZoneDrifting is enabled>
11月 12 21:31:02 minion systemd[1]: Stopping firewalld - dynamic firewall daemo>
11月 12 21:31:02 minion systemd[1]: firewalld.service: Succeeded.
11月 12 21:31:02 minion systemd[1]: Stopped firewalld - dynamic firewall daemon.
时间同步
时间同步需要chrony和
[root@master chrony]# yum list all|grep chrony
chrony.x86_64 4.1-1.el8 baseos
collectd-chrony.x86_64 5.9.0-5.el8 epel
[root@master chrony]# yum -y install chrony.x86_64
[root@master chrony]# cp /etc/chrony.conf files/
[root@master chrony]# ls files/
chrony.conf
[root@master chrony]# vim files/chrony.conf
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst #改成aliyun的地址,之前是国外的地址,替换掉
# Record the rate at which the system clock gains/losses time.
[root@master init]# cat chrony/main.sls
include:
- init.yum.main #此处是写完yum源后添加的
chrony:
pkg.installed
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chronyd.service:
service.running:
- enable: true
[root@master chrony]# salt 'minion' state.sls init.chrony.main
minion:
----------
ID: chrony
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: chrony
Started: 21:46:35.062296
Duration: 42611.78 ms
Changes:
----------
chrony:
----------
new:
4.1-1.el8
old:
timedatex:
----------
new:
0.5-3.el8
old:
----<