saltstack-系统初始化
1 . 编写resolv.conf(dns) 文件# cat /srv/salt/system/dns/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://system/dns/resolv.conf
- user: root
- group: root
- mode: 644
2 . 给历史命令(history)添加时间
# cat /srv/salt/system/history/history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami`"
3 . 编写命令审计功能
# cat audit.sls
/etc/bashrc
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "":$(who am i):[`pwd`]"$msg"; }'
4 .更改内核参数
# cat sysctl.sls
vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 100000
5.集中管理上面4个配置文件
# cat /srv/salt/system/init.sls
include:
- system.dns
- system.history
- system.audit
- system.sysctl
6.执行salt
# salt '*' state.slssystem.dnssystem.historysystem.auditsystem.sysctl
7.查看minion端是否执行成功
# salt '*' cmd.run 'cat /etc/resolv.conf'
salt-minion:
nameserver 8.8.8.8
页:
[1]