環境初始化存放在/srv/salt/base/init目錄下
[admin@master base]$ pwd
/srv/salt/base
[admin@master base]$ sudo mkdir init
[admin@master base]$ cd init
1)配置DNS
如下
* 編寫dns.sls
[admin@master init]$ sudo vim dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
* 拷貝文件,并編輯
[admin@master init]$ sudo mkdir files
[admin@master init]$ sudo cp /etc/resolv.conf files/
[admin@master init]$ ll files/
total 4
-rw-r--r--. 1 root root 51 Jan 27 10:37 resolv.conf
[admin@master init]$ sudo vim files/resolv.conf
# Generated by NetworkManager
nameserver 10.1.10.6
nameserver 202.96.209.133
測試:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.dns test=true
2)配置History記錄時間
[admin@master init]$ sudo vim history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami`"
測試:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.history test=true
3)命令審計,把書寫的命令記錄到/var/log/messages
[admin@master init]$ sudo vim audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y;}); logger "[euid=$(whoami)]":$(who am i):[`pwd`] "$msg";}'
~
測試:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.audit test=true
4) 內核參數優化
第一種方法:通過file.managed, 把優化的syctl.conf拷貝到指定文件,然后發給所有minion端
[admin@master init]$ sudo cp /etc/sysctl.conf /srv/salt/base/init/config/
[admin@master init]$ sudo vim /srv/salt/base/init/sysctl.sls
/etc/sysctl.conf:
file.managed:
- source: salt://init/config/sysctl.conf
- user: root
- group: root
- mode: 644
第二種方法: 通過sysctl模塊
知識點:sysctl模塊
~~~
[admin@master init]$ sudo salt 'node2.51yuki.cn' sys.list_state_functions sysctl
node2.51yuki.cn:
- sysctl.present
[admin@master init]$ sudo salt 'node2.51yuki.cn' sys.state_doc sysctl.present
node2.51yuki.cn:
----------
sysctl:
Configuration of the Linux kernel using sysctl
==============================================
Control the kernel sysctl system.
vm.swappiness:
sysctl.present:
- value: 20
sysctl.present:
Ensure that the named sysctl value is set in memory and persisted to the
named configuration file. The default sysctl configuration file is
/etc/sysctl.conf
name
The name of the sysctl value to edit
value
The sysctl value to apply
config
The location of the sysctl configuration file. If not specified, the
proper location will be detected based on platform.
~~~
該模塊使用方法:
[admin@master salt]$ sudo salt 'node2.51yuki.cn' sys.list_state_functions sysctl
node2.51yuki.cn:
- sysctl.present
使用案例:
vm.swappiness:
sysctl.present:
- value: 20
主要參數:
value: 給該參數設置的值
案例:
[admin@master init]$ sudo vim sysctl.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
測試:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.sysctl test=true
5)安裝yum倉庫(配置epel源)
[admin@master init]$ sudo vim epel-7.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
測試:
~~~
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.epel-7 test=true
node2.51yuki.cn:
----------
ID: yum_repo_release
Function: pkg.installed
Result: None
Comment: The following packages are set to be installed/updated: epel-release
Started: 16:08:42.321923
Duration: 1046.723 ms
Changes:
Summary
------------
Succeeded: 1 (unchanged=1) (表示成功)
Failed: 0
------------
Total states run: 1
~~~
6) 配置ssh
[admin@master init]$ sudo sed -i 's%#Port 22%Port 32357%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
[admin@master init]$ sudo sed -i 's%GSSAPIAuthentication yes%GSSAPIAuthentication no%' /etc/ssh/sshd_config
[admin@master init]$ sudo mkdir /srv/salt/base/init/config/
[admin@master init]$ sudo cp /etc/ssh/sshd_config /srv/salt/base/init/config/
[admin@master init]$ sudo vim ssh.sls
ssh-managed:
file.managed:
- name: /etc/ssh/sshd_config
- source: salt://config/sshd_config
- user: root
- group: root
- mode: 644
cmd.run:
- name: systemctl restart sshd
- require:
- file: ssh-managed
service.running:
- name: sshd
- enable: True
- reload: True
- require:
- file: ssh-managed
~
測試:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.ssh test=true
知識點:
require: 表示依賴,只有當前一個成功后,才會被執行
7) crontab
功能: 設置定時任務同步時間,所有服務器都要運行的定時任務
查看幫助:[admin@master salt]$ sudo salt 'node2.51yuki.cn' sys.state_doc cron.present
配置案例:
[admin@master init]$ sudo vim cron.sls
ntpdate-list:
pkg.installed:
- name: ntpdate
set-crontab:
cron.present:
- name: /usr/sbin/ntpdate time1.aliyun.com >> /dev/null 2>&1
- user: admin
- minute: "*5"
測試:
[admin@master init]$ sudo salt 'node2.51yuki.cn' state.sls init.cron test=true
8) 安裝常用命令
[admin@master init]$ sudo vim yum.sls
yum-base-soft:
pkg.installed:
- names:
- gcc
- gcc-c++
- make
- autoconf
- net-tools
- vim
- openssh-clients
- lsof
- tree
- lrzsz
- wget
- sysstat
- man
- cmake
測試執行:
~~~
[admin@master init]$ sudo salt 'node2*' state.sls init.yum test=true
node2.51yuki.cn:
----------
ID: yum-base-soft
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 13:45:33.589338
Duration: 1027.4 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: cmake
Result: None
Comment: The following packages are set to be installed/updated: cmake
Started: 13:45:34.617020
Duration: 4134.306 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: lsof
Result: None
Comment: The following packages are set to be installed/updated: lsof
Started: 13:45:38.751996
Duration: 2.53 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 13:45:38.754663
Duration: 0.561 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: tree
Result: True
Comment: Package tree is already installed.
Started: 13:45:38.755336
Duration: 0.524 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: openssh-clients
Result: True
Comment: Package openssh-clients is already installed.
Started: 13:45:38.755979
Duration: 0.567 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: lrzsz
Result: True
Comment: Package lrzsz is already installed.
Started: 13:45:38.756705
Duration: 0.549 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: sysstat
Result: None
Comment: The following packages are set to be installed/updated: sysstat
Started: 13:45:38.757363
Duration: 0.91 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: net-tools
Result: True
Comment: Package net-tools is already installed.
Started: 13:45:38.758392
Duration: 0.54 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: man-db
Result: True
Comment: Package man-db is already installed.
Started: 13:45:38.759063
Duration: 0.558 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: wget
Result: True
Comment: Package wget is already installed.
Started: 13:45:38.759742
Duration: 0.565 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 13:45:38.760411
Duration: 0.482 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 13:45:38.761008
Duration: 0.54 ms
Changes:
----------
ID: yum-base-soft
Function: pkg.installed
Name: vim-enhanced
Result: True
Comment: Package vim-enhanced is already installed.
Started: 13:45:38.761716
Duration: 0.569 ms
Changes:
Summary
-------------
Succeeded: 14 (unchanged=3)
Failed: 0
-------------
Total states run: 14
[admin@master init]$
~~~
為了避免把這些所有的sls編寫到top.sls中,造成sls文件變得非常龐大。因為我們會單獨建立一個sls,如這些sls文件添加到剛剛新建的sls中,然后在top.sls只要引用這一個sls文件即可
案例:
[admin@master init]$ sudo vim env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.ssh
- init.yum
- init.cron
- init.epel-7
~
然后在topfile中編寫
[admin@master base]$ vim top.sls
base:
'*':
- init.env_init
最后執行以下高級狀態(執行前),先執行如下,看看都感謝啥,sls文件有沒有寫錯
[admin@master base]$ sudo salt '*' state.highstate test=True
Summary
-------------
Succeeded: 27 (unchanged=12, changed=2) (表示成功)
Failed: 0
-------------
Total states run: 27
然后在執行
[admin@master base]$ sudo salt '*' state.highstate
Summary
-------------
Succeeded: 27 (changed=2)
Failed: 0
-------------
Total states run: 27
(表示成功)
- 第一章:saltstack的基本介紹
- 第二章:saltstack的安裝部署
- 第一節:在centos7系統上安裝saltstack工具
- 第二節:在windows server 2008上安裝salt-minion
- 第三章: saltstack的配置管理
- 第一節:salt-master配置
- 第二節:salt-minion配置
- 第三節:了解YAML
- 第四節:salt-master配置文件詳解
- 第五節:了解Jinja2
- 第六節:配置普通用戶可以運行saltstack的模塊
- 第四章:遠程執行
- 第一節:遠程執行基礎介紹
- 第二節:目標定位
- 一、全局及正則表達式匹配
- 二、列表匹配
- 三、Grains
- 四: Pillar
- 五:subnet and ip
- 六:組合匹配
- 七: node group
- 第三節:常用模塊
- 一、查看幫助
- 二、Network模塊
- 三、Service模塊
- 四:State模塊
- 五、Cron模塊
- 六、File模塊
- 七、iptables模塊
- 八、pkg包管理
- 第四節:Salt其他命令
- 一、salt-cp(拷貝文件)
- 二、salt-ssh
- 三、salt-key
- 第五節:saltstack返回程序
- 第一節:返回保持到數據庫(mysql)
- 第五章:配置管理
- 第一節:簡單入門
- 第二節:狀態間關系
- 第六章:數據系統
- 第一節:grains
- 第二節:pillar
- 第七章:saltstack配置管理
- 第一節:系統初始化操作
- 第二節:功能模塊
- 一、haproxy模塊
- 二、keepalived模塊
- 三、nginx模塊
- 四: pcre模塊
- 五: zlib模塊
- 六:user模塊
- 七:php模塊
- 第三節:業務模塊
- 第一節:haproxy代理
- 第二節:keepalived業務
- 第八章:自動化管理工具saltstack
- 第一節:文件管理
- 第二節:軟件管理
- 第三節:服務管理
- 第四節:sysctl模塊管理