系统初始化状态编写
系统初始化状态编写
文章目录
- 系统初始化状态编写
-
-
- 目录结构
- 关闭selinux
- 时间同步(配置ntp、chrony)
- 文件描述符,修改/etc/security/limits.conf配置最大文件打开数,内存优化(内存、tcp)sysctl
- ssh服务优化(关闭dns解析、修改端口)
- 精简开机系统服务(只开启sshd服务)
- 历史记录优化history(记录时间、用户)
- 设置终端超时时间
- 配置yum源
- 安装各种agent,如zabbix_agent、salt-minion
- 安装常用的软件依赖包
-
目录结构
[root@master init]# tree
.
├── basepkg
│ └── main.sls
├── chrony
│ ├── files
│ │ └── chrony.conf
│ └── main.sls
├── filrewalld
│ └── main.sls
├── histofy
│ └── main.sls
├── kernel
│ ├── files
│ │ ├── limits.conf
│ │ └── sysctl.conf
│ └── main.sls
├── salt_minion
│ ├── files
│ │ └── minion.j2
│ └── minion.sls
├── selinux
│ ├── files
│ │ └── config
│ └── main.sls
├── service
│ └── main.sls
├── ssh
│ ├── files
│ │ └── sshd_config
│ └── main.sls
├── timeout
│ └── main.sls
├── yum
│ ├── files
│ │ ├── centos-7.repo
│ │ ├── centos-8.repo
│ │ ├── epel.repo
│ │ └── salt.repo
│ └── main.sls
└── zabbix_agent
├── files
│ ├── zabbix-5.4.4.tar.gz
│ ├── zabbix_agentd.conf.j2
│ └── zabbix_agent.sh
└── main.sls
19 directories, 25 files
关闭selinux
[root@master selinux]# tree
.
├── files
│ └── config
└── main.sls
1 directory, 2 files
[root@master selinux]# cat main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
"setenforce 0":
cmd.run:
- require:
- file: /etc/selinux/config
关闭防火墙
[root@master filrewalld]# tree
.
└── main.sls
0 directories, 1 file
[root@master filrewalld]# cat main.sls
firewalld.service:
service.dead:
- enable: false
时间同步(配置ntp、chrony)
[root@master chrony]# tree
.
├── files
│ └── chrony.conf
└── main.sls
1 directory, 2 files
[root@master chrony]# cat main.sls
chrony-install:
pkg.installed:
- name: chrony
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chronyd.service:
service.running:
- enable: true
文件描述符,修改/etc/security/limits.conf配置最大文件打开数,内存优化(内存、tcp)sysctl
[root@master kernel]# tree
.
├── files
│ ├── limits.conf
│ └── sysctl.conf
└── main.sls
1 directory, 3 files
[root@master kernel]# cat main.sls
/etc/sysctl.conf:
file.managed:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- group: root
- mode: '0644'
/etc/security/limits.conf:
file.managed:
- source: salt://init/kernel/files/limits.conf
- user: root
- group: root
- mode: '0644'
'sysctl -p':
cmd.run
ssh服务优化(关闭dns解析、修改端口)
[root@master ssh]# tree
.
├── files
│ └── sshd_config
└── main.sls
1 directory, 2 files
[root@master ssh]# cat main.sls
/etc/ssh/sshd_config:
file.managed:
- source: salt://init/ssh/files/sshd_config
- user: root
- group: root
- mode: '0644'
sshd.service:
service.running:
- enable: true
精简开机系统服务(只开启sshd服务)
[root@master service]# cat main.sls
postfix.service:
service.dead:
- enable: true
[root@master service]# tree
.
└── main.sls
0 directories, 1 file
[root@master service]# cat main.sls
postfix.service:
service.dead:
- enable: true
历史记录优化history(记录时间、用户)
[root@master histofy]# tree
.
└── main.sls
0 directories, 1 file
[root@master histofy]# cat main.sls
/etc/profile:
file.line:
- mode: insert
- content: 'export HISTTIMEFORMAT="%F %T `whoami`"'
- before: 'System'
设置终端超时时间
[root@master timeout]# tree
.
└── main.sls
0 directories, 1 file
[root@master timeout]# cat main.sls
/etc/profile:
file.append:
- text: 'export TMOUT=300'
配置yum源
[root@master yum]# tree
.
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel.repo
│ └── salt.repo
└── main.sls
1 directory, 5 files
[root@master yum]# cat main.sls
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo
file.managed:
- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
{% endif %}
/etc/yum.repos.d/epel.repo:
file.managed:
- source: salt://init/yum/files/epel.repo
- user: root
- group: root
- mode: '0644'
/etc/yum.repos.d/salt.repo:
file.managed:
- source: salt://init/yum/files/salt.repo
- user: root
- group: root
- mode: '0644'
安装各种agent,如zabbix_agent、salt-minion
##设置变量
[root@master prod]# cat serverip.sls
master_ip: 192.168.240.50
Hostname: zabbix server
[root@master prod]# cat top.sls
prod:
'*':
- serverip
[root@master prod]# salt '*' pillar.items
master:
----------
Hostname:
zabbix server
master_ip:
192.168.240.50
##zabbix_agent
[root@master zabbix_agent]# tree
.
├── files
│ ├── zabbix-5.4.4.tar.gz
│ ├── zabbix_agentd.conf.j2
│ └── zabbix_agent.sh
└── main.sls
1 directory, 4 files
[root@master zabbix_agent]# cat main.sls
zabbix-agentpkg:
pkg.installed:
- pkgs:
- wget
- make
- gcc
- gcc-c++
- pcre-devel
zabbix:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
/usr/src/zabbix-5.4.4.tar.gz:
file.managed:
- source: salt://init/zabbix_agent/files/zabbix-5.4.4.tar.gz
zabbix-installsh:
cmd.script:
- name: salt://init/zabbix_agent/files/zabbix_agent.sh
/usr/local/etc/zabbix_agentd.conf:
file.managed:
- source: salt://init/zabbix_agent/files/zabbix_agentd.conf.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
zabbix_agentd:
cmd.run
##salt-minion
[root@master salt_minion]# tree
.
├── files
│ └── minion.j2
└── minion.sls
1 directory, 2 files
[root@master salt_minion]# cat minion.sls
include:
- init.yum.main
salt-minion:
pkg.installed:
- pkg: salt-minion
/etc/salt/minion
file.managed:
- source: salt://init/salt_minion/files/minion.j2
- user: root
- user: root
- mode: '0644'
- template: jinja
salt-minion.service:
service.running:
- enable: true
安装常用的软件依赖包
[root@master basepkg]# tree
.
└── main.sls
0 directories, 1 file
[root@master basepkg]# cat main.sls
include:
- init.yum.main
install-base-package:
pkg.install:
- pkgs:
- screen
- tree
- psmidc
- openssl
- openssl-devel
- telnet
- iftop
- iotop
- wget
- dos2unix
- lsof
- net-tools
- vim-enhanced
- zip
- sysstat
- unzip
- bzip2
- bind-utils
- gcc
- gcc-c++
- make
- autoconf