状态文件目录结构

[root@master ~]# cd /srv/salt/base/
[root@master base]# tree init/
init/
├── chrony
│   ├── files
│   │   └── chrony.conf
│   └── main.sls
├── firewalld
│   └── main.sls
├── history
│   └── main.sls
├── kernel
│   ├── files
│   │   ├── limits.conf
│   │   └── sysctl.conf
│   └── main.sls
├── salt-minion
│   ├── files
│   │   └── minion.j2
│   └── main.sls
├── selinux
│   ├── files
│   │   └── config
│   └── main.sls
├── timeout
│   └── main.sls
├── yum
│   ├── files
│   │   ├── centos-7.repo
│   │   ├── centos-8.repo
│   │   ├── epel-7.repo
│   │   ├── epel-8.repo
│   │   ├── salt-7.repo
│   │   └── salt-8.repo
│   └── main.sls
└── zabbix-agentd
    ├── files
    │   ├── zabbix-5.4.4.tar.gz
    │   ├── zabbix_agentd.conf.j2
    │   └── zabbix.sh
    └── main.sls

15 directories, 23 files

1.selinux

[root@master init]# cd selinux/
[root@master selinux]# ls
files  main.sls
[root@master selinux]# cat main.sls 
/etc/selinux/config:
  file.managed:
    - source: salt://init/selinux/files/config
    - user: root
    - group: root
    - mode: '0644'
    
'setenforce 0':
  cmd.run
[root@master selinux]# cat files/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

2.防火墙

[root@master firewalld]# cat main.sls 
firewalld.service:
  service.dead:
    - enable: false

3.chrony时间同步

[root@master chrony]# cat files/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst		 #修改时间同步服务器地址

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
.......
[root@master chrony]# cat main.sls 
include:
  - init.yum.main
chrony:
  pkg.installed:

/etc/chrony.conf:
  file.managed:
    - source: salt://init/chrony/files/chrony.conf
    - user: root
    - group: root
    - mode: '0644'
chrony.service:
  service.running:
    - enable: true

3.kernel文件描述符

[root@master kernel]# cp /etc/security/limits.conf files/
[root@master kernel]# cp /etc/sysctl.conf files/
[root@master kernel]# vim files/limits.conf 
#ftp             hard    nproc           0
#@student        -       maxlogins       4
*                soft    nofile         65535  	#添加
*                hard    nofile         65535  	#添加
[root@master kernel]# vim files/sysctl.conf 
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4ip_forward = 1
[root@master kernel]# cat main.sls 
/etc/security/limits.conf:
  file.managed:
    - source: salt://init/kernel/files/limits.conf
    - user: root
    - group: root
    - mode: '0644'
/etc/sysctl.conf:
  file.managed:
    - source: salt://init/kernel/files/sysctl.conf
    - user: root
    - group: root
    - mode: '0644'
  cmd.run
    - name: sysctl -p

4.history历史记录

[root@master history]# cat main.sls 
/etc/profile:
  file.append:
    - test: 'export HISTTIMEFORMAT="%F %T `whoami`"'

5. timeout连接超时

[root@master timeout]# cat main.sls 
/etc/profile:
  file.append:
    - test: 'export TMOUT=300'

6.yum源

[root@master yum]# ls files/
centos-7.repo  centos-8.repo  epel-7.repo  epel-8.repo  salt-8.repo  salt-8.repo

[root@master yum]# cat main.sls 
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
  file.managed:
    - source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
    - user: root
    - group: root
    - mode: '0644'
{% endif %}


/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:
  file.managed:
    - source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo
    - user: root
    - group: root
    - mode: '0644'


/etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:
  file.managed:
    - source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo
    - user: root
    - group: root
    - mode: '0644'

7. 基础命令安装

[root@master basepkg]# cat main.sls 
include:
  - init.yum.main
install-base-pkgages:
  pkg.installed:
    - pkgs:
      - screen
      - tree
      - psmisc
      - openssl
      - openssl-devel
      - telnet
      - iftop
      - iotop
      - sysstat
      - wget
      - dos2unix
      - unix2dos
      - lsof
      - net-tools
      - vim-enhanced
      - zip
      - unzip
      - bzip2
      - bind-utils
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf

8.安装各种agent ，安装salt-minion、zabbix-agent

salt-minion

[root@master salt-minion]# cp /etc/salt/minion ./files/minion.j2
[root@master salt-minion]# vim files/minion.j2 
# resolved, then the minion will fail to start.
#master: salt
master: {{ pillar['salt_master_ip'] }} 		#定义变量

##定义变量值
[root@master base]# pwd
/srv/pillar/base
[root@master base]# vim salt-minion.sls 	
[root@master base]# cat salt-minion.sls 
salt_master_ip:192.168.47.115

[root@master salt-minion]# cat main.sls 
include:
  - init.yum.main
salt-minion
  pkg.installed
/etc/salt/minion:
  file.managed:
    - source: salt://init/salt-minion/files/minion.j2
    - user: root
    - group: root
    - mode: '0644'
    - template: true
salt-minion.service:
  service.running:
    - enable: true

zabbix-agent

[root@master zabbix-agentd]# ls
files  main.sls
[root@master zabbix-agentd]# cat main.sls 
include:
  - init.yum.main
zabbix-dep-package:
  pkg.installed:
    - pkgs:
      - gcc
      - gcc-c++
      - make
      - pcre-devel
      - openssl
      - openssl-devel

/usr/src:
  archive.extracted:
    - source: salt://init/zabbix-agentd/files/zabbix-5.4.4.tar.gz

create-zabbix-user:
  user.present:
    - name: zabbix
    - shell: /sbin/nologin
    - createhome: false
    - system: true

salt://init/zabbix-agentd/files/zabbix.sh:
  cmd.script:
   - unless: test -d /usr/local/etc/zabbix_agentd.conf.d

/usr/local/etc/zabbix_agentd.conf:
  file.managed:
    - source: salt://init/zabbix-agentd/files/zabbix_agentd.conf.j2:
    - user: root
    - group: root
    - mkde: '0644'
    - template: true

zabbix.agentd:
  cmd.run

[root@master zabbix-agentd]# cd files/
[root@master files]# ls
zabbix-5.4.4.tar.gz  zabbix_agentd.conf.j2  zabbix.sh
[root@master files]# cat zabbix.sh 
#!/bin/bash
cd /usr/src/zabbix-5.4.4

./configure --enable-agent && \
        make install


[root@master files]# vim zabbix_agentd.conf.j2
Server= {{ pillar['zabbix_master_ip'] }}		#113行
ServerActive= {{ pillar['zabbix_master_ip'] }}	#154行
Hostname= {{ grains['host'] }}				    #165行 


[root@master files]# cd /srv/pillar/base/
[root@master base]# cat zabbix-master.sls 
zabbix_master_ip: 192.168.47.120

系统初始化状态编写saltstack

文章目录

状态文件目录结构

1.selinux

2.防火墙

3.chrony时间同步

3.kernel文件描述符

4.history历史记录

5. timeout连接超时

6.yum源

7. 基础命令安装

8.安装各种agent ，安装salt-minion、zabbix-agent