ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 其他分享> 文章详细

系统初始化状态编写

2021-11-13 09:31:40  阅读:154  来源: 互联网

标签:files 初始化 状态 salt zabbix master 编写 main root


状态文件目录结构

[root@master ~]# cd /srv/salt/base/
[root@master base]# tree init/
init/
├── chrony
│   ├── files
│   │   └── chrony.conf
│   └── main.sls
├── firewalld
│   └── main.sls
├── history
│   └── main.sls
├── kernel
│   ├── files
│   │   ├── limits.conf
│   │   └── sysctl.conf
│   └── main.sls
├── salt-minion
│   ├── files
│   │   └── minion.j2
│   └── main.sls
├── selinux
│   ├── files
│   │   └── config
│   └── main.sls
├── timeout
│   └── main.sls
├── yum
│   ├── files
│   │   ├── centos-7.repo
│   │   ├── centos-8.repo
│   │   ├── epel-7.repo
│   │   ├── epel-8.repo
│   │   ├── salt-7.repo
│   │   └── salt-8.repo
│   └── main.sls
└── zabbix-agentd
    ├── files
    │   ├── zabbix-5.4.4.tar.gz
    │   ├── zabbix_agentd.conf.j2
    │   └── zabbix.sh
    └── main.sls

15 directories, 23 files

selinux

[root@master init]# cd selinux/
[root@master selinux]# ls
files  main.sls
[root@master selinux]# cat main.sls 
/etc/selinux/config:
  file.managed:
    - source: salt://init/selinux/files/config
    - user: root
    - group: root
    - mode: '0644'
    
'setenforce 0':
  cmd.run
[root@master selinux]# cat files/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

防火墙

[root@master firewalld]# cat main.sls 
firewalld.service:
  service.dead:
    - enable: false

chrony时间同步

[root@master chrony]# cat files/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst		 #修改时间同步服务器地址

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
.......
[root@master chrony]# cat main.sls 
include:
  - init.yum.main
chrony:
  pkg.installed:

/etc/chrony.conf:
  file.managed:
    - source: salt://init/chrony/files/chrony.conf
    - user: root
    - group: root
    - mode: '0644'
chrony.service:
  service.running:
    - enable: true

kernel文件描述符

[root@master kernel]# cp /etc/security/limits.conf files/
[root@master kernel]# cp /etc/sysctl.conf files/
[root@master kernel]# vim files/limits.conf 
#ftp             hard    nproc           0
#@student        -       maxlogins       4
*                soft    nofile         65535  	#添加
*                hard    nofile         65535  	#添加
[root@master kernel]# vim files/sysctl.conf 
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4ip_forward = 1
[root@master kernel]# cat main.sls 
/etc/security/limits.conf:
  file.managed:
    - source: salt://init/kernel/files/limits.conf
    - user: root
    - group: root
    - mode: '0644'
/etc/sysctl.conf:
  file.managed:
    - source: salt://init/kernel/files/sysctl.conf
    - user: root
    - group: root
    - mode: '0644'
  cmd.run
    - name: sysctl -p

history历史记录

[root@master history]# cat main.sls 
/etc/profile:
  file.append:
    - test: 'export HISTTIMEFORMAT="%F %T `whoami`"'

timeout连接超时

[root@master timeout]# cat main.sls 
/etc/profile:
  file.append:
    - test: 'export TMOUT=300'

yum源

[root@master yum]# ls files/
centos-7.repo  centos-8.repo  epel-7.repo  epel-8.repo  salt-8.repo  salt-8.repo

[root@master yum]# cat main.sls 
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
  file.managed:
    - source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
    - user: root
    - group: root
    - mode: '0644'
{% endif %}


/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:
  file.managed:
    - source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo
    - user: root
    - group: root
    - mode: '0644'


/etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:
  file.managed:
    - source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo
    - user: root
    - group: root
    - mode: '0644'

基础命令安装

[root@master basepkg]# cat main.sls 
include:
  - init.yum.main
install-base-pkgages:
  pkg.installed:
    - pkgs:
      - screen
      - tree
      - psmisc
      - openssl
      - openssl-devel
      - telnet
      - iftop
      - iotop
      - sysstat
      - wget
      - dos2unix
      - unix2dos
      - lsof
      - net-tools
      - vim-enhanced
      - zip
      - unzip
      - bzip2
      - bind-utils
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf

安装各种agent ,安装salt-minion、zabbix-agent

salt-minion

[root@master salt-minion]# cp /etc/salt/minion ./files/minion.j2
[root@master salt-minion]# vim files/minion.j2 
# resolved, then the minion will fail to start.
#master: salt
master: {{ pillar['salt_master_ip'] }} 		#定义变量

##定义变量值
[root@master base]# pwd
/srv/pillar/base
[root@master base]# vim salt-minion.sls 	
[root@master base]# cat salt-minion.sls 
salt_master_ip:192.168.71.128

[root@master salt-minion]# cat main.sls 
include:
  - init.yum.main
salt-minion
  pkg.installed
/etc/salt/minion:
  file.managed:
    - source: salt://init/salt-minion/files/minion.j2
    - user: root
    - group: root
    - mode: '0644'
    - template: true
salt-minion.service:
  service.running:
    - enable: true

zabbix-agent

[root@master zabbix-agentd]# ls
files  main.sls
[root@master zabbix-agentd]# cat main.sls 
include:
  - init.yum.main
zabbix-dep-package:
  pkg.installed:
    - pkgs:
      - gcc
      - gcc-c++
      - make
      - pcre-devel
      - openssl
      - openssl-devel

/usr/src:
  archive.extracted:
    - source: salt://init/zabbix-agentd/files/zabbix-5.4.4.tar.gz

create-zabbix-user:
  user.present:
    - name: zabbix
    - shell: /sbin/nologin
    - createhome: false
    - system: true

salt://init/zabbix-agentd/files/zabbix.sh:
  cmd.script:
   - unless: test -d /usr/local/etc/zabbix_agentd.conf.d

/usr/local/etc/zabbix_agentd.conf:
  file.managed:
    - source: salt://init/zabbix-agentd/files/zabbix_agentd.conf.j2:
    - user: root
    - group: root
    - mkde: '0644'
    - template: true

zabbix.agentd:
  cmd.run

[root@master zabbix-agentd]# cd files/
[root@master files]# ls
zabbix-5.4.4.tar.gz  zabbix_agentd.conf.j2  zabbix.sh
[root@master files]# cat zabbix.sh 
#!/bin/bash
cd /usr/src/zabbix-5.4.4

./configure --enable-agent && \
        make install


[root@master files]# vim zabbix_agentd.conf.j2
Server= {{ pillar['zabbix_master_ip'] }}		#113行
ServerActive= {{ pillar['zabbix_master_ip'] }}	#154行
Hostname= {{ grains['host'] }}				    #165行 


[root@master files]# cd /srv/pillar/base/
[root@master base]# cat zabbix-master.sls 
zabbix_master_ip: 192.168.71.142

标签:files,初始化,状态,salt,zabbix,master,编写,main,root
来源: https://blog.csdn.net/qq_58668102/article/details/121300029

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有