系统初始化状态编写

最新推荐文章于 2024-05-16 06:07:09 发布

早川语

最新推荐文章于 2024-05-16 06:07:09 发布

阅读量2k

点赞数

分类专栏： Linux 文章标签：运维 linux centos

本文链接：https://blog.csdn.net/qq_29188123/article/details/121288293

版权

这篇博客详细介绍了Linux系统初始化的过程，包括脚本方式的一键部署、系统运维任务，如关闭SELINUX、防火墙，时间同步，SSH服务优化等。此外，还涉及到yum源配置和安装salt-minion以实现自动化运维。

摘要由CSDN通过智能技术生成

系统初始化状态编写

系统安装完以后需要做的事：（用脚本的方式一键部署）

设置IP
修改主机名
网卡回归传统命令
免密登录

系统初始化时要做的事：（针对所有主机运维）

安装常用软件
YUM源配置
关闭防火墙
关闭SELINUX
部署agent（zabbix-agent、salt-manion）
时间同步
通用账户创建
配置SSHD的端口号
设置终端超时时间

系统初始化sls包括：

cabbler装机
zabbix监控
系统初始化
服务部署：
	redis主从
	mysql主从
	apache+php
	haproxy+keepalived
监控
业务
	有的需要开发部署些东西
其他

系统初始化sls中的系统初始化步骤如下：

在这里插入图片描述

下面进行下测试

环境说明：

[root@master ~]# cd /srv/salt/base/
[root@master base]# ls
[root@master base]# mkdir init
[root@master base]# ls
init

将在init里面进行测试

关闭SELINUX

[root@master init]# tree
.
└── selinux
    ├── files
    │   └── config
    └── main.sls

2 directories, 2 files

[root@master init]# cat selinux/files/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@master init]# cat selinux/main.sls 
/etc/selinux/config:
  file.managed:
    - source: salt://init/selinux/files/config
    - user: root
    - group: root
    - mode: '0644'

[root@master selinux]# salt 'minion' state.sls init.selinux.main
minion:
----------
          ID: /etc/selinux/config
    Function: file.managed
      Result: True
     Comment: File /etc/selinux/config is in the correct state
     Started: 21:16:44.774206
    Duration: 185.791 ms
     Changes:   

Summary for minion
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time: 185.791 ms

关闭防火墙

[root@master init]# ls
selinux
[root@master init]# mkdir firewall
[root@master init]# cd firewall/
[root@master firewall]# vim firewall.sls
[root@master firewall]# cat firewall.sls 
firewalld.service:
  service.dead:
    - enable: false
[root@master firewall]# salt 'minion' test.ping
minion:
    True
[root@master firewall]# salt 'minion' state.sls init.firewall.firewall
minion:
----------
          ID: firewalld.service
    Function: service.dead
      Result: True
     Comment: Service firewalld.service has been disabled, and is dead
     Started: 21:31:02.084277
    Duration: 1232.255 ms
     Changes:   
              ----------
              firewalld.service:
                  True

Summary for minion
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   1.232 s

[root@master firewall]# ls
firewall.sls
[root@master firewall]# mv firewall.sls main.sls
[root@master firewall]# ls
main.sls
这里我改个名字，方便后期管理

#查看下是否成功
[root@minion ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor >
   Active: inactive (dead)
     Docs: man:firewalld(1)

11月 12 21:25:31 minion systemd[1]: Starting firewalld - dynamic firewall daemo>
11月 12 21:25:32 minion systemd[1]: Started firewalld - dynamic firewall daemon.
11月 12 21:25:32 minion firewalld[59096]: WARNING: AllowZoneDrifting is enabled>
11月 12 21:31:02 minion systemd[1]: Stopping firewalld - dynamic firewall daemo>
11月 12 21:31:02 minion systemd[1]: firewalld.service: Succeeded.
11月 12 21:31:02 minion systemd[1]: Stopped firewalld - dynamic firewall daemon.

时间同步

时间同步需要chrony和

[root@master chrony]# yum list all|grep chrony
chrony.x86_64                                                     4.1-1.el8                                              baseos           
collectd-chrony.x86_64                                            5.9.0-5.el8                                            epel             

[root@master chrony]# yum -y install chrony.x86_64

[root@master chrony]# cp /etc/chrony.conf files/
[root@master chrony]# ls files/
chrony.conf

[root@master chrony]# vim files/chrony.conf 
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst      #改成aliyun的地址，之前是国外的地址，替换掉

# Record the rate at which the system clock gains/losses time.

[root@master init]# cat chrony/main.sls 
include:
  - init.yum.main   #此处是写完yum源后添加的
chrony:
  pkg.installed

/etc/chrony.conf:
  file.managed:
    - source: salt://init/chrony/files/chrony.conf
    - user: root
    - group: root
    - mode: '0644'

chronyd.service:
  service.running:
    - enable: true

[root@master chrony]# salt 'minion' state.sls init.chrony.main
minion:
----------
          ID: chrony
    Function: pkg.installed
      Result: True
     Comment: The following packages were installed/updated: chrony
     Started: 21:46:35.062296
    Duration: 42611.78 ms
     Changes:   
              ----------
              chrony:
                  ----------
                  new:
                      4.1-1.el8
                  old:
              timedatex:
                  ----------
                  new:
                      0.5-3.el8
                  old:
----<