Saltstack生产案例之系统初始化
把之前的配置打个包zip -r salt.zip *
拷贝到/root/tools目录
博客园文件里面也保留一份,删除之前所有的salt配置文件重新开始
想
1,系统初始化
2,功能模块:设置单独的目录haproxy nginx php mysql memcached
3,业务模块:根据业务类型,例如web 服务 论坛 bbs
include
做
1,salt环境配置
开发,测试(功能测试环境,性能测试环境) 预生产 生成
base 基础环境
init目录,环境初始化 1.dns配置2history记录时间 3记录命令操作 4内核参数优化 5安装yum仓库 6安装Zabbix-agent
2,prod生成环境
vim /etc/salt/master
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514173448410-1700999180.png
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514173639191-1641031038.png
mkdir -p /srv/salt/base
mkdir -p /srv/salt/prod
mkdir -p /srv/pillar/base
mkdir -p /srv/pillar/prod
重启
systemctl restart salt-master
cd /srv/salt/base/
mkdir init
cd init
vim dns.sls
/etc/resolv.conf: file.managed:
- source: salt://init/files/resolv.conf
- user: root
- gourp: root
- mode: 644
新建文件命令,拷贝配置文件
mkdir files
cp /etc/resolv.conffiles/
vim history.sls
/etc/profile: file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami` "
PS:在/etc/profile 末尾追加一行显示执行时间以及执行者
vim audit.sls
/etc/bashrc: file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "":$(who am i):[`pwd`]"$msg"; }'
PS:记录命令的操作即命令审计
vim sysctl.sls
net.ipv4.ip_local_port_range: sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
PS:内核参数优化
net.ipv4.ip_local_port_range: 本地可用端口范围 作为客户端发起连接的时候
net.ipv4.ip_forward: 开启转发
sysctl.present:交换分区使用权重为0是尽量不使用
vim epel.sls
yum_repo_release: pkg.installed:
- sources:
- epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
vim zabbix-agent.sls
zabbix-agent: pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
- require:
- pkg: zabbix-agent
service.running:
- enable: True
- watch:
- pkg: zabbix-agent
- file: zabbix-agent
zabbix_agentd.conf.d:
file.directory:
- name: /etc/zabbix/zabbix_agentd.conf.d
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file: zabbix-agent
拷贝配置文件
cp /etc/zabbix/zabbix_agentd.conf files/
vim files/zabbix_agentd.conf
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514223609285-1430398797.png
PS:这里{}内变量名称Server要和/srv/salt/base/init/zabbix-agent.sls一样为Server
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514223701707-664487672.png
直接执行出错
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514183836285-767143190.png
因为没有配置pillar
cd /srv/pillar/base/
mkdir zabbix
cd zabbix/
vim agent.sls
zabbix-agent: Zabbix_Server: 10.8.45.27
这样设置还不行,需要master指定给
vim /srv/pillar/base/top.sls
base: '*':
- zabbix.agent
salt '*' state.sls init.zabbix-agent
执行状态成功了
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514223852019-1136253740.png
到此初始化写完了
cd /srv/salt/base/init
vim init.sls
include: - init.dns
- init.history
- init.audit
- init.sysctl
- init.epel
- init.zabbix-agent
执行salt '10-8-86-172' state.sls init.init
成功了
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514230111144-833444278.png
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514230126379-1414607100.png
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514230139316-383663929.png
这个是执行单个配置文件 高级状态是定义top.sls
cd /srv/salt/base
vim top.sls
base: '*':
- init.init
先tree一下
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170514232733394-2017575561.png
使用salt '*' state.highstate执行top.sls 因为这里定的是 * init.init 其实效果和上面的是一样的
PS:使用backup: minion可以在配置文件有更新的时候把原始配置文件备份
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170518230021260-242187221.png
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170518230125932-1709172444.png‘
一旦配置文件有更新会把原始配置文件备份一遍
https://images2015.cnblogs.com/blog/1144139/201705/1144139-20170518230454057-1425406888.png
参考文档
https://github.com/unixhot/saltbook-code/blob/master/salt/
页:
[1]