环境初始化存放在/srv/salt/base/init目录下
[admin@master base]$ pwd
/srv/salt/base
[admin@master base]$ sudo mkdir init
[admin@master base]$ cd init
1)配置DNS
如下
* 编写dns.sls
[admin@master init]$ sudo vim dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
* 拷贝文件,并编辑
[admin@master init]$ sudo mkdir files
[admin@master init]$ sudo cp /etc/resolv.conf files/
[admin@master init]$ ll files/
total 4
-rw-r--r--. 1 root root 51 Jan 27 10:37 resolv.conf
[admin@master init]$ sudo vim files/resolv.conf
# Generated by NetworkManager
nameserver 10.1.10.6
nameserver 202.96.209.133
测试:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.dns test=true
2)配置History记录时间
[admin@master init]$ sudo vim history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami`"
测试:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.history test=true
3)命令审计,把书写的命令记录到/var/log/messages
[admin@master init]$ sudo vim audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y;}); logger "[euid=$(whoami)]":$(who am i):[`pwd`] "$msg";}'
~
测试:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.audit test=true
4) 内核参数优化
第一种方法:通过file.managed, 把优化的syctl.conf拷贝到指定文件,然后发给所有minion端
[admin@master init]$ sudo cp /etc/sysctl.conf /srv/salt/base/init/config/
[admin@master init]$ sudo vim /srv/salt/base/init/sysctl.sls
/etc/sysctl.conf:
file.managed:
- source: salt://init/config/sysctl.conf
- user: root
- group: root
- mode: 644
第二种方法: 通过sysctl模块
知识点:sysctl模块
~~~
[admin@master init]$ sudo salt 'node2.51yuki.cn' sys.list_state_functions sysctl
node2.51yuki.cn:
- sysctl.present
[admin@master init]$ sudo salt 'node2.51yuki.cn' sys.state_doc sysctl.present
node2.51yuki.cn:
----------
sysctl:
Configuration of the Linux kernel using sysctl
==============================================
Control the kernel sysctl system.
vm.swappiness:
sysctl.present:
- value: 20
sysctl.present:
Ensure that the named sysctl value is set in memory and persisted to the
named configuration file. The default sysctl configuration file is
/etc/sysctl.conf
name
The name of the sysctl value to edit
value
The sysctl value to apply
config
The location of the sysctl configuration file. If not specified, the
proper location will be detected based on platform.
~~~
该模块使用方法:
[admin@master salt]$ sudo salt 'node2.51yuki.cn' sys.list_state_functions sysctl
node2.51yuki.cn:
- sysctl.present
使用案例:
vm.swappiness:
sysctl.present:
- value: 20
主要参数:
value: 给该参数设置的值
案例:
[admin@master init]$ sudo vim sysctl.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
测试:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.sysctl test=true
5)安装yum仓库(配置epel源)
[admin@master init]$ sudo vim epel-7.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
测试:
~~~
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.epel-7 test=true
node2.51yuki.cn:
----------
ID: yum_repo_release
Function: pkg.installed
Result: None
Comment: The following packages are set to be installed/updated: epel-release
Started: 16:08:42.321923
Duration: 1046.723 ms
Changes:
Summary
------------
Succeeded: 1 (unchanged=1) (表示成功)
Failed: 0
------------
Total states run: 1
~~~
6) 配置ssh
[admin@master init]$ sudo sed -i 's%#Port 22%Port 32357%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%GSSAPIAuthentication yes%GSSAPIAuthentication no%' /etc/ssh/sshd_config
[admin@master init]$ sudo mkdir /srv/salt/base/init/config/
[admin@master init]$ sudo cp /etc/ssh/sshd_config /srv/salt/base/init/config/
[admin@master init]$ sudo vim ssh.sls
ssh-managed:
file.managed:
- name: /etc/ssh/sshd_config
- source: salt://config/sshd_config
- user: root
- group: root
- mode: 644
cmd.run:
- name: systemctl restart sshd
- require:
- file: ssh-managed
service.running:
- name: sshd
- enable: True
- reload: True
- require:
- file: ssh-managed
~
测试:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.ssh test=true
知识点:
require: 表示依赖,只有当前一个成功后,才会被执行
7) crontab
功能: 设置定时任务同步时间,所有服务器都要运行的定时任务
查看帮助:[admin@master salt]$ sudo salt 'node2.51yuki.cn' sys.state_doc cron.present
配置案例:
[admin@master init]$ sudo vim cron.sls
ntpdate-list:
pkg.installed:
- name: ntpdate
set-crontab:
cron.present:
- name: /usr/sbin/ntpdate time1.aliyun.com >> /dev/null 2>&1
- user: admin
- minute: "*5"
测试:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.cron test=true
8) 安装常用命令
[admin@master init]$ sudo vim yum.sls
yum-base-soft:
pkg.installed:
- names:
- gcc
- gcc-c++
- make
- autoconf
- net-tools
- vim
- openssh-clients
- lsof
- tree
- lrzsz
- wget
- sysstat
- man
- cmake
测试执行:
~~~
[admin@master init]$ sudo salt 'node2*' state.sls init.yum test=true
node2.51yuki.cn:
----------
ID: yum-base-soft
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 13:45:33.589338
Duration: 1027.4 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: cmake
Result: None
Comment: The following packages are set to be installed/updated: cmake
Started: 13:45:34.617020
Duration: 4134.306 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: lsof
Result: None
Comment: The following packages are set to be installed/updated: lsof
Started: 13:45:38.751996
Duration: 2.53 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 13:45:38.754663
Duration: 0.561 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: tree
Result: True
Comment: Package tree is already installed.
Started: 13:45:38.755336
Duration: 0.524 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: openssh-clients
Result: True
Comment: Package openssh-clients is already installed.
Started: 13:45:38.755979
Duration: 0.567 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: lrzsz
Result: True
Comment: Package lrzsz is already installed.
Started: 13:45:38.756705
Duration: 0.549 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: sysstat
Result: None
Comment: The following packages are set to be installed/updated: sysstat
Started: 13:45:38.757363
Duration: 0.91 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: net-tools
Result: True
Comment: Package net-tools is already installed.
Started: 13:45:38.758392
Duration: 0.54 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: man-db
Result: True
Comment: Package man-db is already installed.
Started: 13:45:38.759063
Duration: 0.558 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: wget
Result: True
Comment: Package wget is already installed.
Started: 13:45:38.759742
Duration: 0.565 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 13:45:38.760411
Duration: 0.482 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 13:45:38.761008
Duration: 0.54 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: vim-enhanced
Result: True
Comment: Package vim-enhanced is already installed.
Started: 13:45:38.761716
Duration: 0.569 ms
Changes:
Summary
-------------
Succeeded: 14 (unchanged=3)
Failed: 0
-------------
Total states run: 14
[admin@master init]$
~~~
为了避免把这些所有的sls编写到top.sls中,造成sls文件变得非常庞大。因为我们会单独建立一个sls,如这些sls文件添加到刚刚新建的sls中,然后在top.sls只要引用这一个sls文件即可
案例:
[admin@master init]$ sudo vim env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.ssh
- init.yum
- init.cron
- init.epel-7
~
然后在topfile中编写
[admin@master base]$ vim top.sls
base:
'*':
- init.env_init
最后执行以下高级状态(执行前),先执行如下,看看都感谢啥,sls文件有没有写错
[admin@master base]$ sudo salt '*' state.highstate test=True
Summary
-------------
Succeeded: 27 (unchanged=12, changed=2) (表示成功)
Failed: 0
-------------
Total states run: 27
然后在执行
[admin@master base]$ sudo salt '*' state.highstate
Summary
-------------
Succeeded: 27 (changed=2)
Failed: 0
-------------
Total states run: 27
(表示成功)
- 第一章:saltstack的基本介绍
- 第二章:saltstack的安装部署
- 第一节:在centos7系统上安装saltstack工具
- 第二节:在windows server 2008上安装salt-minion
- 第三章: saltstack的配置管理
- 第一节:salt-master配置
- 第二节:salt-minion配置
- 第三节:了解YAML
- 第四节:salt-master配置文件详解
- 第五节:了解Jinja2
- 第六节:配置普通用户可以运行saltstack的模块
- 第四章:远程执行
- 第一节:远程执行基础介绍
- 第二节:目标定位
- 一、全局及正则表达式匹配
- 二、列表匹配
- 三、Grains
- 四: Pillar
- 五:subnet and ip
- 六:组合匹配
- 七: node group
- 第三节:常用模块
- 一、查看帮助
- 二、Network模块
- 三、Service模块
- 四:State模块
- 五、Cron模块
- 六、File模块
- 七、iptables模块
- 八、pkg包管理
- 第四节:Salt其他命令
- 一、salt-cp(拷贝文件)
- 二、salt-ssh
- 三、salt-key
- 第五节:saltstack返回程序
- 第一节:返回保持到数据库(mysql)
- 第五章:配置管理
- 第一节:简单入门
- 第二节:状态间关系
- 第六章:数据系统
- 第一节:grains
- 第二节:pillar
- 第七章:saltstack配置管理
- 第一节:系统初始化操作
- 第二节:功能模块
- 一、haproxy模块
- 二、keepalived模块
- 三、nginx模块
- 四: pcre模块
- 五: zlib模块
- 六:user模块
- 七:php模块
- 第三节:业务模块
- 第一节:haproxy代理
- 第二节:keepalived业务
- 第八章:自动化管理工具saltstack
- 第一节:文件管理
- 第二节:软件管理
- 第三节:服务管理
- 第四节:sysctl模块管理