关闭selinux
[root@master selinux]# cat man.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
"setenforce 0":
cmd.run:
- require:
- file: /etc/selinux/config
关闭防火墙
[root@master init]# cd firewalld/
[root@master firewalld]# cat main.sls
stop-filrewalld:
service.dead:
- name: firewalld
- enable: false
时间同步chrony
[root@master init]# cd chrony/
[root@master chrony]# cat main.sls
include:
- init.yum.main
chrony:
pkg.installed:
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chrony.service:
service.running:
- enable: true
[root@master chrony]# cat files/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst #修改时间同步服务器地址
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
kernel文件描述
[root@master init]# cd kernel/
[root@master kernel]# cat main.sls
/etc/security/limits.conf:
file.managed:
- source: salt://init/kernel/files/limits.conf
- user: root
- group: root
- mode: '0644'
/etc/sysctl.conf:
file.managed:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- group: root
- mode: '0644'
cmd.run
- name: sysctl -p
[root@master kernel]# vim files/limits.conf
#ftp hard nproc 0
#@student - maxlogins 4
* soft nofile 65535 #添加
* hard nofile 65535 #添加
[root@master kernel]# vim files/sysctl.conf
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4ip_forward = 1
基础命令
[root@master init]# cd basepkg/
[root@master basepkg]# cat main.sls
include:
- init.yum.main
install-base-pkgages:
pkg.installed:
- pkgs:
- screen
- tree
- psmisc
- openssl
- openssl-devel
- telnet
- iftop
- iotop
- sysstat
- wget
- dos2unix
- unix2dos
- lsof
- net-tools
- vim-enhanced
- zip
- unzip
- bzip2
- bind-utils
- gcc
- gcc-c++
- glibc
- make
yum源
[root@master yum]# cat main.sls
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
{% endif %}
/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
/etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
[root@master yum]# ls files/
centos-7.repo centos-8.repo epel-7.repo epel-8.repo salt-8.repo salt-8.repo
zabbix-agent
[root@master init]# cd zabbix-agent/
[root@master zabbix-agent]# cat main.sls
include:
- init.yum.main
zabbix-dep-package:
pkg.installed:
- pkgs:
- gcc
- gcc-c++
- make
- pcre-devel
- openssl
- openssl-devel
/usr/src:
archive.extracted:
- source: salt://init/zabbix-agentd/files/zabbix-5.4.4.tar.gz
create-zabbix-user:
user.present:
- name: zabbix
- shell: /sbin/nologin
- createhome: false
- system: true
salt://init/zabbix-agentd/files/zabbix.sh:
cmd.script:
- unless: test -d /usr/local/etc/zabbix_agentd.conf.d
/usr/local/etc/zabbix_agentd.conf:
file.managed:
- source: salt://init/zabbix-agentd/files/zabbix_agentd.conf.j2:
- user: root
- group: root
- mkde: '0644'
- template: true
zabbix.agentd:
cmd.run
[root@master zabbix-agent]# cd files/
[root@master files]# ls
zabbix-5.4.4.tar.gz zabbix_agentd.conf.j2 zabbix.sh
[root@master files]# cat zabbix.sh
#!/bin/bash
cd /usr/src/zabbix-5.4.4
./configure --enable-agent && \
make install
[root@master files]# vim zabbix_agentd.conf.j2
Server= {{ pillar['zabbix_master_ip'] }} #113行
ServerActive= {{ pillar['zabbix_master_ip'] }} #154行
Hostname= {{ grains['host'] }} #165行
[root@master files]# cd /srv/pillar/base/
[root@master base]# cat zabbix-master.sls
zabbix_master_ip: 192.168.197.128
salt-minion
[root@master init]# cd salt-minion/
[root@master salt-minion]# cat main.sls
include:
- init.yum.main
salt-minion:
pkg.installed:
- pkg: salt-minion
/etc/salt/minion
file.managed:
- source: salt://init/salt_minion/files/minion.j2
- user: root
- user: root
- mode: '0644'
- template: jinja
salt-minion.service:
service.running:
- enable: true
[root@master salt-minion]# vim files/minion.j2
master: {{ pillar['salt_master_ip'] }}