系统初始化状态编写

系统初始化状态编写

文章目录

  • 系统初始化状态编写
      • 目录结构
      • 关闭selinux
      • 时间同步(配置ntp、chrony)
      • 文件描述符,修改/etc/security/limits.conf配置最大文件打开数,内存优化(内存、tcp)sysctl
      • ssh服务优化(关闭dns解析、修改端口)
      • 精简开机系统服务(只开启sshd服务)
      • 历史记录优化history(记录时间、用户)
      • 设置终端超时时间
      • 配置yum源
      • 安装各种agent,如zabbix_agent、salt-minion
      • 安装常用的软件依赖包

目录结构

[root@master init]# tree
.
├── basepkg
│   └── main.sls
├── chrony
│   ├── files
│   │   └── chrony.conf
│   └── main.sls
├── filrewalld
│   └── main.sls
├── histofy
│   └── main.sls
├── kernel
│   ├── files
│   │   ├── limits.conf
│   │   └── sysctl.conf
│   └── main.sls
├── salt_minion
│   ├── files
│   │   └── minion.j2
│   └── minion.sls
├── selinux
│   ├── files
│   │   └── config
│   └── main.sls
├── service
│   └── main.sls
├── ssh
│   ├── files
│   │   └── sshd_config
│   └── main.sls
├── timeout
│   └── main.sls
├── yum
│   ├── files
│   │   ├── centos-7.repo
│   │   ├── centos-8.repo
│   │   ├── epel.repo
│   │   └── salt.repo
│   └── main.sls
└── zabbix_agent
    ├── files
    │   ├── zabbix-5.4.4.tar.gz
    │   ├── zabbix_agentd.conf.j2
    │   └── zabbix_agent.sh
    └── main.sls

19 directories, 25 files

关闭selinux

[root@master selinux]# tree
.
├── files
│   └── config
└── main.sls

1 directory, 2 files

[root@master selinux]# cat main.sls 
/etc/selinux/config:
  file.managed:
    - source: salt://init/selinux/files/config
    - user: root
    - group: root
    - mode: '0644'

"setenforce 0":
  cmd.run:
    - require:
      - file: /etc/selinux/config

关闭防火墙

[root@master filrewalld]# tree
.
└── main.sls

0 directories, 1 file

[root@master filrewalld]# cat main.sls 
firewalld.service:
  service.dead:
    - enable: false

时间同步(配置ntp、chrony)

[root@master chrony]# tree
.
├── files
│   └── chrony.conf
└── main.sls

1 directory, 2 files

[root@master chrony]# cat main.sls 
chrony-install:
  pkg.installed:
   - name: chrony

/etc/chrony.conf:
  file.managed:
    - source: salt://init/chrony/files/chrony.conf
    - user: root
    - group: root
    - mode: '0644'

chronyd.service:
  service.running:
    - enable: true

文件描述符,修改/etc/security/limits.conf配置最大文件打开数,内存优化(内存、tcp)sysctl

[root@master kernel]# tree
.
├── files
│   ├── limits.conf
│   └── sysctl.conf
└── main.sls

1 directory, 3 files

[root@master kernel]# cat main.sls 
/etc/sysctl.conf:
  file.managed:
    - source: salt://init/kernel/files/sysctl.conf
    - user: root
    - group: root
    - mode: '0644'

/etc/security/limits.conf:
  file.managed:
    - source: salt://init/kernel/files/limits.conf
    - user: root
    - group: root
    - mode: '0644'

'sysctl -p':
  cmd.run

ssh服务优化(关闭dns解析、修改端口)

[root@master ssh]# tree
.
├── files
│   └── sshd_config
└── main.sls

1 directory, 2 files

[root@master ssh]# cat main.sls 
/etc/ssh/sshd_config:
  file.managed:
    - source: salt://init/ssh/files/sshd_config
    - user: root
    - group: root
    - mode: '0644'

sshd.service:
  service.running:
    - enable: true

精简开机系统服务(只开启sshd服务)

[root@master service]# cat main.sls 
postfix.service:
  service.dead:
    - enable: true
[root@master service]# tree
.
└── main.sls

0 directories, 1 file
[root@master service]# cat main.sls 
postfix.service:
  service.dead:
    - enable: true

历史记录优化history(记录时间、用户)

[root@master histofy]# tree
.
└── main.sls

0 directories, 1 file
[root@master histofy]# cat main.sls 
/etc/profile:
  file.line:
    - mode: insert
    - content: 'export HISTTIMEFORMAT="%F %T `whoami`"'
    - before: 'System'

设置终端超时时间

[root@master timeout]# tree
.
└── main.sls

0 directories, 1 file
[root@master timeout]# cat main.sls 
/etc/profile:
  file.append: 
    - text: 'export TMOUT=300'

配置yum源

[root@master yum]# tree
.
├── files
│   ├── centos-7.repo
│   ├── centos-8.repo
│   ├── epel.repo
│   └── salt.repo
└── main.sls

1 directory, 5 files
[root@master yum]# cat main.sls 
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo
  file.managed:
    - source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
    - user: root
    - group: root
    - mode: '0644'
{% endif %}

/etc/yum.repos.d/epel.repo:
  file.managed:
    - source: salt://init/yum/files/epel.repo
    - user: root
    - group: root
    - mode: '0644'

/etc/yum.repos.d/salt.repo:
  file.managed:
    - source: salt://init/yum/files/salt.repo
    - user: root
    - group: root
    - mode: '0644'

安装各种agent,如zabbix_agent、salt-minion

##设置变量
[root@master prod]# cat serverip.sls 
master_ip: 192.168.240.50
Hostname: zabbix server
[root@master prod]# cat top.sls 
prod:
  '*':
    - serverip
[root@master prod]# salt '*' pillar.items
master:
    ----------
    Hostname:
        zabbix server
    master_ip:
        192.168.240.50

##zabbix_agent
[root@master zabbix_agent]# tree
.
├── files
│   ├── zabbix-5.4.4.tar.gz
│   ├── zabbix_agentd.conf.j2
│   └── zabbix_agent.sh
└── main.sls

1 directory, 4 files
[root@master zabbix_agent]# cat main.sls 
zabbix-agentpkg:
  pkg.installed:
    - pkgs:
      - wget 
      - make 
      - gcc 
      - gcc-c++ 
      - pcre-devel

zabbix:
  user.present:
    - shell: /sbin/nologin
    - createhome: false
    - system: true

/usr/src/zabbix-5.4.4.tar.gz:
  file.managed:
    - source: salt://init/zabbix_agent/files/zabbix-5.4.4.tar.gz

zabbix-installsh:
  cmd.script:
    - name: salt://init/zabbix_agent/files/zabbix_agent.sh

/usr/local/etc/zabbix_agentd.conf:
  file.managed:
    - source: salt://init/zabbix_agent/files/zabbix_agentd.conf.j2
    - user: root
    - group: root
    - mode: '0644'
    - template: jinja

zabbix_agentd:
  cmd.run


##salt-minion
[root@master salt_minion]# tree
.
├── files
│   └── minion.j2
└── minion.sls

1 directory, 2 files
[root@master salt_minion]# cat minion.sls 
include:
  - init.yum.main

salt-minion:
  pkg.installed:
    - pkg: salt-minion

/etc/salt/minion
  file.managed:
    - source: salt://init/salt_minion/files/minion.j2
    - user: root
    - user: root
    - mode: '0644'
    - template: jinja

salt-minion.service:
  service.running:
    - enable: true

安装常用的软件依赖包

[root@master basepkg]# tree
.
└── main.sls

0 directories, 1 file
[root@master basepkg]# cat main.sls 
include:
  - init.yum.main

install-base-package:
  pkg.install:
    - pkgs:
      - screen
      - tree
      - psmidc
      - openssl
      - openssl-devel
      - telnet
      - iftop
      - iotop
      - wget
      - dos2unix
      - lsof
      - net-tools
      - vim-enhanced
      - zip
      - sysstat
      - unzip 
      - bzip2
      - bind-utils
      - gcc
      - gcc-c++
      - make
      - autoconf

你可能感兴趣的:(salt,stack,linux,运维,ssh,服务器)