- lamp的框架
- 1. 安装httpd
- 2. 安装mysql
- 3. 安装php
- 4. 编写zabbix项目配置
- 执行状态文件,部署lamp
- 在minion上查看服务是否起来
- 7. 网页测试
- 8. 系统初始化:
[root@master ~]# tree /srv/
/srv/
├── pillar
│ └── prod
│ ├── apache.sls
│ ├── mysql.sls
│ └── top.sls
└── salt
├── base
├── dev
├── prod
│ ├── modules
│ │ ├── application
│ │ │ └── php
│ │ │ ├── files
│ │ │ │ ├── httpd.conf
│ │ │ │ ├── index.php
│ │ │ │ ├── install.sh
│ │ │ │ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ │ │ │ ├── php-7.4.24.tar.gz
│ │ │ │ ├── php-fpm
│ │ │ │ ├── php-fpm.conf
│ │ │ │ ├── php-fpm.service
│ │ │ │ └── www.conf
│ │ │ └── install.sls
│ │ ├── database
│ │ │ └── mysql
│ │ │ ├── files
│ │ │ │ ├── my.cnf
│ │ │ │ ├── mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
│ │ │ │ ├── mysqld.service.j2
│ │ │ │ ├── mysql.server
│ │ │ │ └── mysql.sh
│ │ │ └── install.sls
│ │ └── web
│ │ └── httpd
│ │ ├── files
│ │ │ ├── apr-1.7.0.tar.gz
│ │ │ ├── apr-util-1.6.1.tar.gz
│ │ │ ├── httpd-2.4.51.tar.gz
│ │ │ ├── httpd.conf
│ │ │ ├── httpd.service.j2
│ │ │ └── install.sh
│ │ └── install.sls
│ └── zabbix
│ ├── apache.sls
│ ├── files
│ │ ├── index.php
│ │ ├── install.sh
│ │ ├── my.cnf
│ │ ├── mysql.conf
│ │ ├── php.ini
│ │ ├── vhosts.conf.j2
│ │ ├── zabbix-5.4.4.tar.gz
│ │ └── zabbix_server.conf
│ ├── install.sls
│ ├── main.sls
│ └── mysql.sls
└── test
19 directories, 38 files
[root@master ~]# vim /etc/salt/master 858 pillar_roots: 859 base: 860 - /srv/pillar/base 861 prod: 862 - /srv/pillar/prod [root@master ~]# systemctl restart salt-master1. 安装httpd
[root@master ~]# tree /srv/salt/prod/modules/web/
/srv/salt/prod/modules/web/
└── httpd
├── files
│ ├── apr-1.7.0.tar.gz
│ ├── apr-util-1.6.1.tar.gz
│ ├── httpd-2.4.51.tar.gz
│ ├── httpd.conf
│ ├── httpd.service.j2
│ └── install.sh
└── install.sls
2 directories, 7 files
[root@master ~]# cat /srv/salt/prod/modules/web/httpd/install.sls
"Development Tools":
pkg.group_installed
httpd-dep-package:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
create-apache-user:
user.present:
- name: apache
- createhome: false
- system: true
- shell: /sbin/nologin
download-apache:
file.managed:
- names:
- /usr/src/apr-1.7.0.tar.gz:
- source: salt://modules/web/httpd/files/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz:
- source: salt://modules/web/httpd/files/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.51.tar.gz:
- source: salt://modules/web/httpd/files/httpd-2.4.51.tar.gz
httpd-install:
cmd.script:
- name: salt://modules/web/httpd/files/install.sh {{ pillar['install_dir'] }}
- unless: test -d /usr/local/apache
{{ pillar['install_dir'] }}/conf/httpd.conf:
file.managed:
- source: salt://modules/web/httpd/files/httpd.conf
- user: root
- group: root
- mode: '0644'
- require:
- cmd: httpd-install
/usr/lib/systemd/system/httpd.service:
file.managed:
- source: salt://modules/web/httpd/files/httpd.service.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
[root@master ~]# cat /srv/salt/prod/modules/web/httpd/files/httpd.service.j2
[Unit]
Description=httpd server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['install_dir'] }}/bin/apachectl start
ExecStop={{ pillar['install_dir'] }}/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master ~]# vim /srv/salt/prod/modules/web/httpd/files/httpd.conf ## 启用httpd的相关模块 119 #LoadModule remoteip_module modules/mod_remoteip.so 120 LoadModule proxy_module modules/mod_proxy.so // 取消注释 121 #LoadModule proxy_connect_module modules/mod_proxy_connect.so 122 #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so 123 #LoadModule proxy_http_module modules/mod_proxy_http.so 124 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so // 取消注释 125 #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so 2602. 安装mysql261 DirectoryIndex index.php index.html //加上index.php 262 397 AddType application/x-compress .Z 398 AddType application/x-gzip .gz .tgz ## 搜索AddType,添加以下内容 399 AddType application/x-httpd-php .php 400 AddType application/x-httpd-php-source .phps 500 Include conf/extra/proxy-html.conf ## 添加以下内容 501 Include conf/extra/vhosts.conf 511512 SSLRandomSeed startup builtin 513 SSLRandomSeed connect builtin 514 515516 documentRoot "/usr/local/apache/htdocs/zabbix" 517 ServerName zabbix.example.com 518 ProxyRequests Off 519 ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/zabbix/$1 520 521 Options none 522 AllowOverride none 523 Require all granted 524 525
[root@master ~]# tree /srv/salt/prod/modules/database/
/srv/salt/prod/modules/database/
└── mysql
├── files
│ ├── my.cnf
│ ├── mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
│ ├── mysqld.service.j2
│ ├── mysql.server
│ └── mysql.sh
└── install.sls
2 directories, 6 files
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/install.sls
ncurses-compat-libs:
pkg.installed
mysql:
user.present:
- system: true
- createhome: false
- shell: /sbin/nologin
/usr/local:
archive.extracted:
- source: salt://modules/database/mysql/files/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
file.symlink:
- name: {{ pillar['data_dir'] }}
- target: /usr/local/mysql-5.7.34-linux-glibc2.12-x86_64
{{ pillar['data_dir'] }}:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- recurse:
- user
- group
/opt/data:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
- recurse:
- user
- group
/etc/profile.d/mysql.sh:
file.managed:
- source: salt://modules/database/mysql/files/mysql.sh
- user: root
- group: root
- mode: '0644'
{{ pillar['data_dir'] }}/support-files/mysql.server:
file.managed:
- source: salt://modules/database/mysql/files/mysql.server
- user: mysql
- group: mysql
- mode: '0755'
/usr/lib/systemd/system/mysqld.service:
file.managed:
- source: salt://modules/database/mysql/files/mysqld.service.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
mysql-initialize:
cmd.run:
- name: '{{ pillar['data_dir'] }}/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data/'
- require:
- archive: /usr/local
- user: mysql
- file: /opt/data
- unless: test $(ls -l /opt/data | wc -l) -gt 1
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/mysqld.service.j2
[Unit]
Description=mysql server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['data_dir'] }}/support-files/mysql.server start
ExecStop={{ pillar['data_dir'] }}/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/my.cnf [mysqld] basedir = /usr/local/mysql datadir = /opt/data socket = /tmp/mysql.sock port = 3306 pid-file = /opt/data/mysql.pid user = mysql skip-name-resolve
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/mysql.sh PATH=/usr/local/mysql/bin:$PATH
// 配置服务启动脚本 [root@master ~]# vim /srv/salt/prod/modules/database/mysql/files/mysql.server ## 修改配置文件以下两行内容 46 basedir=/usr/local/mysql 47 datadir=/opt/data3. 安装php
[root@master ~]# tree /srv/salt/prod/modules/application/
/srv/salt/prod/modules/application/
└── php
├── files
│ ├── httpd.conf
│ ├── index.php
│ ├── install.sh
│ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ ├── php-7.4.24.tar.gz
│ ├── php-fpm
│ ├── php-fpm.conf
│ ├── php-fpm.service
│ └── www.conf
└── install.sls
2 directories, 10 files
[root@master ~]# cat /srv/salt/prod/modules/application/php/install.sls
dnf -y install epel-release:
cmd.run
/tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- mode: '0644'
cmd.run:
- name: yum -y install /tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- unless: rpm -q oniguruma-devel
php-dep-package:
pkg.installed:
- pkgs:
- sqlite-devel
- libzip-devel
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
unarchive-php:
archive.extracted:
- name: /usr/src/
- source: salt://modules/application/php/files/php-7.4.24.tar.gz
php-install:
cmd.script:
- name: salt://modules/application/php/files/install.sh
- unless: test -d /usr/local/php7
copy-file-php:
file.managed:
- names:
- /usr/local/php7/etc/php-fpm.conf:
- source: salt://modules/application/php/files/php-fpm.conf
- /usr/local/php7/etc/php-fpm.d/www.conf:
- source: salt://modules/application/php/files/www.conf
- /usr/local/apache/conf/httpd.conf:
- source: salt://modules/application/php/files/httpd.conf
- /usr/local/apache/htdocs/index.php:
- source: salt://modules/application/php/files/index.php
- /etc/init.d/php-fpm:
- source: salt://modules/application/php/files/php-fpm
- user: root
- group: root
- mode: '0755'
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://modules/application/php/files/php-fpm.service
- require:
- cmd: php-install
php-fpm.service:
service.running:
- enable: true
- require:
- cmd: php-install
- file: copy-file-php
- watch:
- file: copy-file-php
[root@master ~]# cat /srv/salt/prod/modules/application/php/files/install.sh
#!/bin/bash
cd /usr/src/php-7.4.24
./configure --prefix=/usr/local/php7
--with-config-file-path=/etc
--enable-fpm
--disable-debug
--disable-rpath
--enable-shared
--enable-soap
--with-openssl
--enable-bcmath
--with-iconv
--with-bz2
--enable-calendar
--with-curl
--enable-exif
--enable-ftp
--enable-gd
--with-jpeg
--with-zlib-dir
--with-freetype
--with-gettext
--enable-mbstring
--enable-pdo
--with-mysqli=mysqlnd
--with-pdo-mysql=mysqlnd
--with-readline
--enable-shmop
--enable-simplexml
--enable-sockets
--with-zip
--enable-mysqlnd-compression-support
--with-pear
--enable-pcntl
--enable-posix &&
make && make install
[root@master ~]# cat /srv/salt/prod/modules/application/php/files/php-fpm.service [Unit] Description=php server daemon After=network.target [Service] Type=forking ExecStart=/etc/init.d/php-fpm start ExecStop=/etc/init.d/php-fpm stop ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
[root@master prod]# vim modules/application/php/files/www.conf.default listen = 0.0.0.0:9000 #查找listen这一行并改为此行显示的内容4. 编写zabbix项目配置
[root@master ~]# tree /srv/salt/prod/zabbix/ /srv/salt/prod/zabbix/ ├── apache.sls ├── files │ ├── index.php │ ├── install.sh │ ├── my.cnf │ ├── mysql.conf │ ├── php.ini │ ├── vhosts.conf.j2 │ ├── zabbix-5.4.4.tar.gz │ └── zabbix_server.conf ├── install.sls ├── main.sls └── mysql.sls 1 directory, 12 files
[root@master ~]# cat /srv/salt/prod/zabbix/apache.sls
include:
- modules.web.httpd.install
/usr/include/httpd:
file.symlink:
- target: {{ pillar['install_dir'] }}/include
{{ pillar['install_dir'] }}/htdocs/zabbix:
file.directory:
- user: root
- group: root
- mode: '0755'
- makedirs: true
{{ pillar['install_dir'] }}/conf/extra/vhosts.conf:
file.managed:
- source: salt://zabbix/files/vhosts.conf.j2
- user: root
- group: root
- mode: '0664'
- template: jinja
- require:
- cmd: httpd-install
{{ pillar['install_dir'] }}/htdocs/zabbix/index.php:
file.managed:
- source: salt://zabbix/files/index.php
- user: root
- group: root
- mode: '0664'
httpd.service:
service.running:
- enable: true
- reload: true
- require:
- cmd: httpd-install
- file: /usr/lib/systemd/system/httpd.service
- watch:
- file: {{ pillar['install_dir'] }}/conf/httpd.conf
- file: {{ pillar['install_dir'] }}/conf/extra/vhosts.conf
[root@master ~]# cat /srv/salt/prod/zabbix/mysql.sls
include:
- modules.database.mysql.install
lamp-dep-package:
pkg.installed:
- pkgs:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
- glibc
- glibc-gconv-extra
- libgcc
- libstdc++
/usr/local/include/mysql:
file.symlink:
- target: {{ pillar['data_dir'] }}/include
/etc/ld.so.conf.d/mysql.conf:
file.managed:
- source: salt://zabbix/files/mysql.conf
- user: root
- group: root
- mode: '0644'
/etc/my.cnf:
file.managed:
- source: salt://zabbix/files/my.cnf
- user: root
- group: root
- mode: '0644'
- watch_in:
- service: mysqld.service
mysqld.service:
service.running:
- enable: true
- reload: true
- require:
- archive: /usr/local
- file: /usr/lib/systemd/system/mysqld.service
- file: /etc/my.cnf
set-password-mysql:
cmd.run:
- name: {{ pillar['data_dir'] }}/bin/mysql -e "set password = password('1');"
- require:
- service: mysqld.service
- unless: {{ pillar['data_dir'] }}/bin/mysql -uroot -p1 -e 'exit'
[root@master ~]# cat /srv/salt/prod/zabbix/files/index.php
[root@master ~]# cat /srv/salt/prod/zabbix/files/my.cnf [mysqld] basedir = /usr/local/mysql datadir = /opt/data socket = /tmp/mysql.sock port = 3306 pid-file = /opt/data/mysql.pid user = mysql skip-name-resolve
[root@master ~]# cat /srv/salt/prod/zabbix/files/vhosts.conf.j2documentRoot "{{ pillar['install_dir'] }}/htdocs/zabbix" ServerName zabbix.example.com ProxyRequests Off ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000{{ pillar['install_dir'] }}/htdocs/zabbix/$1 Options none AllowOverride none Require all granted
[root@master ~]# cat /srv/salt/prod/zabbix/install.sls
zabbix-dep-packages:
pkg.installed:
- pkgs:
- net-snmp-devel
- libevent-devel
- gcc
- gcc-c++
- make
zabbix:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
/usr/src/zabbix-5.4.4.tar.gz:
file.managed:
- source: salt://zabbix/files/zabbix-5.4.4.tar.gz
salt://zabbix/files/install.sh:
cmd.script
/usr/local/etc/zabbix_server.conf:
file.managed:
- source: salt://zabbix/files/zabbix_server.conf
create-dir:
file.directory:
- name: /var/lib/mysql
- user: root
- group: root
- mode: '0644'
link:
cmd.run:
- name: ln -s /tmp/mysql.sock /var/lib/mysql/
/etc/php.ini:
file.managed:
- source: salt://zabbix/files/php.ini
copy-ui:
cmd.run:
- name: cp -a /usr/src/zabbix-5.4.4/ui/* /usr/local/apache/htdocs/zabbix/
start-service:
cmd.run:
- names:
- zabbix_server
- zabbix_agentd
[root@master ~]# vim /srv/salt/prod/zabbix/files/zabbix_server.conf 122 # Default: 123 DBPassword=zabbix123! ## 设置zabbix密码 124 125 ### Option: DBSocket
[root@master ~]# cat /srv/salt/prod/zabbix/files/install.sh #!/bin/bash cd /usr/src/ tar xf zabbix-5.4.4.tar.gz /usr/local/mysql/bin/mysql -uroot -p1 -e "create database zabbix character set utf8 collate utf8_bin;" /usr/local/mysql/bin/mysql -uroot -p1 -e "grant all privileges on zabbix.* to 'zabbix'@'localhost' identified by 'zabbix123!';" /usr/local/mysql/bin/mysql -uroot -p1 -e "flush privileges;" cd /usr/src/zabbix-5.4.4/database/mysql /usr/local/mysql/bin/mysql -uroot -p1 zabbix < schema.sql /usr/local/mysql/bin/mysql -uroot -p1 zabbix < images.sql /usr/local/mysql/bin/mysql -uroot -p1 zabbix < data.sql cd /usr/src/zabbix-5.4.4/ ./configure --enable-server --enable-agent --with-mysql --with-net-snmp --with-libcurl --with-libxml2 && make install
[root@master ~]# vim /srv/salt/prod/zabbix/files/php.ini ## 在配置文件里面修改以下内容的值 388 max_execution_time = 300 398 max_input_time = 300 694 post_max_size = 16M 962 ;date.timezone = 963 date.timezone = Asia/Shanghai ## 在配置文件里面添加这一行
[root@master ~]# cat /srv/salt/prod/zabbix/main.sls include: zabbix.apache zabbix.mysql modules.application.php.install zabbix.install执行状态文件,部署lamp
[root@master prod]# salt 'minion' state.sls zabbix.main saltenv=prod在minion上查看服务是否起来
[root@localhost ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:10050 0.0.0.0:* LISTEN 0 128 0.0.0.0:10051 0.0.0.0:* LISTEN 0 128 127.0.0.1:9000 0.0.0.0:* LISTEN 0 128 0.0.0.0:111 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 32 192.168.122.1:53 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 5 127.0.0.1:631 0.0.0.0:* LISTEN 0 80 *:3306 *:* LISTEN 0 128 [::]:111 [::]:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 5 [::1]:631 [::]:*7. 网页测试
- 关闭防火墙
- 关闭SELINUX
- 时间同步(配置ntp、chrony)
- 文件描述符,修改/etc/security/limits.conf配置最大文件打开数
- 内核优化(内存、tcp) sysctl
- SSH服务优化(关闭DNS解析、修改端口)
- 精简开机系统服务(只开启SSHD服务)
- DNS解析
- 历史记录优化history(记录时间、用户)
export HISTTIMEFORMAT="%F %T `whoami`"
- 设置终端超时时间 export TMOUT=300 、etc/profile file.append
- 设置yum源
- 安装各种agent,如zabbix_agent、salt-minion
- 基础用户、用户审计、sudo权限设置
- 常用基础命令,命令别名
- 用户登录提示、PS1设置
目录树
[root@master ~]# tree /srv/salt/base/
/srv/salt/base/
└── init
├── basepkg
│ └── main.sls
├── chrony
│ ├── files
│ │ └── chrony.conf
│ └── main.sls
├── firewall
│ └── main.sls
├── history
│ └── main.sls
├── kernel
│ ├── files
│ │ ├── limits.conf
│ │ └── sysctl.conf
│ └── main.sls
├── main.sls
├── salt-minion
│ ├── files
│ │ └── minion
│ └── main.sls
├── selinux
│ ├── files
│ │ └── config
│ └── main.sls
├── timeout
│ └── main.sls
└── yum
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel-7.repo
│ ├── epel-8.repo
│ ├── salt-7.repo
│ └── salt-8.repo
└── main.sls
15 directories, 21 files
selinux
[root@master ~]# cat /srv/salt/base/init/selinux/main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
'setenforce 0':
cmd.run
[root@master ~]# cat /srv/salt/base/init/selinux/main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
'setenforce 0':
cmd.run
firewalld
[root@master ~]# cat /srv/salt/base/init/firewall/main.sls
firewalld.service:
service.dead:
- enable: false
chrony
[root@master ~]# vim /srv/salt/base/init/chrony/files/chrony.conf
## 修改以下内容
3 pool time1.aliyun.com iburst
[root@master ~]# cat /srv/salt/base/init/chrony/main.sls
include:
- init.yum.main
chrony:
pkg.installed
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chronyd.service:
service.running:
- enable: true
history
[root@master ~]# cat /srv/salt/base/init/history/main.sls
/etc/profile:
file.managed:
- text: 'export HISTTIMEFORMAT="%F %T `whoami` "'
timeout
[root@master ~]# cat /srv/salt/base/init/timeout/main.sls
/etc/profile:
file.managed:
- text: 'export TMOUT=300'
kernel
[root@master ~]# cat /srv/salt/base/init/kernel/files/limits.conf
## 在配置文件中添加以下两行内容
60 * soft nofile 65535
61 * hard nofile 65535
[root@master ~]# cat /srv/salt/base/init/kernel/files/sysctl.conf
11 net.ipv4.ip_forward = 1 ## 在配置文件最后面加上这行
[root@master ~]# cat /srv/salt/base/init/timeout/main.sls
/etc/profile:
file.managed:
- text: 'export TMOUT=300'
[root@master ~]# cat /srv/salt/base/init/kernel/main.sls
/etc/security/limits.conf:
file.managed:
- source: salt://init/kernel/files/limits.conf
- user: root
- group: root
- mode: '0664'
/etc/sysctl.conf:
file.managed:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- group: root
- mode: '0664'
cmd.run:
- name: sysctl -p
yum
[root@master ~]# tree /srv/salt/base/init/yum
/srv/salt/base/init/yum
├── files
│ ├── centos-7.repo
│ ├── centos-8.repo
│ ├── epel-7.repo
│ ├── epel-8.repo
│ ├── salt-7.repo
│ └── salt-8.repo
└── main.sls
1 directory, 7 files
[root@master ~]# cat /srv/salt/base/init/yum/main.sls
{% if grains['os'] == 'RedHat' %}
/etc/yum.repos.d/centos-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/centos-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
{% endif %}
/etc/yum.repos.d/epel-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/epel-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
/etc/yum.repos.d/salt-{{ grains['osrelease'] }}.repo:
file.managed:
- source: salt://init/yum/files/salt-{{ grains['osrelease'] }}.repo
- user: root
- group: root
- mode: '0644'
salt-minion
[root@master ~]# vim /srv/salt/base/init/salt-minion/files/minion
## 修改以下内容
17 master: {{ pillar['master_ip'] }}
[root@master ~]# cat /srv/salt/base/init/salt-minion/main.sls
include:
- init.yum.main
salt-minion:
pkg.installed
/etc/salt/minion:
file.managed:
- source: salt://init/salt-minion/files/minion.j2
- user: root
- group: root
- mode: '0644'
salt-minion.service:
service.running:
- enable: true
[root@master ~]# cat /srv/pillar/base/salt-minion.sls
master_ip: 192.168.47.171
basepkg
[root@master ~]# cat /srv/salt/base/init/basepkg/main.sls
include:
- init.yum.main
install-base-packages:
pkg.installed:
- pkgs:
- screen
- tree
- psmisc
- openssl
- openssl-devel
- telnet
- iftop
- iotop
- sysstat
- wget
- dos2unix
- unix2dos
- lsof
- net-tools
- vim-enhanced
- zip
- unzip
- bzip2
- bind-utils
- gcc
- gcc-c++
- glibc
- make
- autoconf
