Примеры Salt-States
Смена DNS серверов
Удаление старых записей и пропись новых 172.16.16.1, 172.16.16.2
{% if grains['os_family'] == 'RedHat' %}
dns_ifcfg:
cmd.run:
- name: sed --in-place '/DNS/d' /etc/sysconfig/network-scripts/ifcfg-eth0 && echo 'DNS1=172.16.198.6' >> /etc/sysconfig/network-scripts/ifcfg-eth0 && echo 'DNS1=172.16.198.9' >> /etc/sysconfig/network-scripts/ifcfg-eth0 && cat /etc/sysconfig/network-scripts/ifcfg-eth0 | grep DNS
dns_resolv:
cmd.run:
- name: sed --in-place '/nameserver/d' /etc/resolv.conf && echo 'options rotate timeout:1 retries:1' >> /etc/resolv.conf && echo 'nameserver 172.16.198.6' >> /etc/resolv.conf && echo 'nameserver 172.16.198.9' >> /etc/resolv.conf && cat /etc/resolv.conf
{% endif %}
{% if grains['os_family'] == 'Debian' %}
dns_ifcfg:
cmd.run:
- name: sed --in-place '/dns-nameservers/d' /etc/network/interfaces && echo 'dns-nameservers 172.16.198.6 172.16.198.9' >> /etc/network/interfaces && cat /etc/network/interfaces | grep dns-nameservers
dns_resolv:
cmd.run:
- name: sed --in-place '/nameserver/d' /etc/resolv.conf && echo 'options rotate timeout:1 retries:1' >> /etc/resolv.conf && echo 'nameserver 172.16.198.6' >> /etc/resolv.conf && echo 'nameserver 172.16.198.9' >> /etc/resolv.conf && cat /etc/resolv.conf
{% endif %}
{% if grains['os_family'] == 'Windows' %}
dns_primary:
cmd.run:
- name: netsh interface ipv4 set dns name="Ethernet0" static 172.16.198.6
dns_secondary:
cmd.run:
- name: netsh interface ip add dns name="Ethernet0" 172.16.198.9 index=2
{% endif %}
Установка и настройка Power Brocker (PBIS)
http://it.kuchuk.net/2016/08/linux-activedirectory.html
pbis-open:
pkg:
- latest
update_pbis:
cmd.run:
- name: |
/opt/pbis/bin/config Local_HomeDirTemplate "%H/%D/%U"
/opt/pbis/bin/config HomeDirTemplate "%H/%D/%U"
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config UserDomainPrefix COX
/opt/pbis/bin/config LoginShellTemplate /bin/bash
/opt/pbis/bin/config RequireMembershipOf "COX\\linux^admins"
- unless:
{% if grains['os_family'] == 'RedHat' %}
{% endif %}
{% if grains['os_family'] == 'Debian' %}
{% endif %}
update_sudoers:
file.replace:
- name: /etc/sudoers
- pattern: |
^%Linux^Admins.*
- repl: '%Linux^Admins ALL=(ALL) NOPASSWD:ALL '
- append_if_not_found: True
Установка репозиториев
{% if grains['os_family'] == 'RedHat' %}
salt-repo-centos7:
pkgrepo.managed:
- name: salt-latest
- humanname: SaltStack Latest Release Channel for RHEL/Centos $releasever
- baseurl: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
- gpgcheck: 0
- gpgkey: https://repo.saltstack.com/yum/rhel7/SALTSTACK-GPG-KEY.pub
rsyslog-v8:
pkgrepo.managed:
- name: rsyslog_v8
- humanname: Adiscon Rsyslog
- baseurl: http://rpms.adiscon.com/v8-stable/epel-7/x86_64
- gpgcheck: 0
- gpgkey: http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
epel:
pkgrepo.managed:
- humanname: Extra Packages for Enterprise Linux 7 - $basearch
- name: epel
# - baseurl: http://download.fedoraproject.org/pub/epel/7/$basearch
- mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
- gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
- gpgcheck: 0
pbiso:
pkgrepo.managed:
- humanname: PBISO- local packages for $basearch
- name: pbiso
- baseurl: http://repo.pbis.beyondtrust.com/yum/pbiso/$basearch
- gpgkey: http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis
- gpgcheck: 0
{% endif %}
{% if grains['os_family'] == 'Debian' %}
rsyslog-v8-ppa:
pkgrepo.managed:
- ppa: adiscon/v8-stable
pbiso:
pkgrepo.managed:
- humanname: pbiso
- name: deb http://repo.pbis.beyondtrust.com/apt pbiso main
- file: /etc/apt/sources.list.d/pbiso.list
- key_url: http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis
- gpgcheck: 0
saltstack-repo:
pkgrepo.managed:
- humanname: saltstack
- name: deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main
- file: /etc/apt/sources.list.d/saltstack.list
- key_url: https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
- gpgcheck: 1
{% endif %}
Установка и настройка NTP службы
{% if grains['os_family'] == 'RedHat' %}
ntp:
pkg.installed
ntp-service:
service.running:
- name: ntpd
- enable: True
- reload: True
- watch:
- pkg: ntp
{% endif %}
{% if grains['os_family'] == 'Debian' %}
ntp:
pkg.installed
ntp-service:
service.running:
- name: ntp
- enable: True
- reload: True
- watch:
- pkg: ntp
{% endif %}
Установка Пакетов/Приложений
stdapps:
# pkg.installed:
pkg.latest:
- pkgs:
- wget
# - git
# - mercurial
# - subversion
- iftop
- iotop
# - tmux
- sysstat
# - ncdu
- htop
# - dstat
# - tzdata
# - tzdata-java
- salt-minion
- mc
- nano
- traceroute
- lsof
{% if grains['os_family'] == 'RedHat' %}
{% if grains['os'] == 'CentOS' or grains['os'] == 'RedHat' or grains['os'] == 'OEL' %}
- epel-release
- psmisc
{% if grains['osmajorrelease'] == '6' %}
- python-pip
{% elif grains['osmajorrelease'] == '7' %}
- vim-enhanced
- python2-pip
{% endif %}
{% endif %}
{% endif %}
{% if grains['os'] == 'Debian' %}
- python-pip
- vim
{% endif %}
{% if grains['os_family'] == 'RedHat' %}
#psmisc:
# pkg.installed
#epel-release:
# pkg.installed
#salt-minion:
# pkg.latest:
# - refresh: True
telnet:
pkg.installed
{% endif%}
{% if grains['os_family'] == 'Windows' %}
salt-minion:
pkg.latest:
- refresh: True
7zip:
pkg.installed
#nxlog:
# pkg.installed
{% endif%}
Настройка rpm-cache
{% if grains['location'] is defined %}
{% set location = grains['location'] %}
{% else %}
{% set location = 'BR' %}
{% endif %}
{% if location != 'HQ' and location != 'HQ2' %}
{% if grains['os_family'] == 'RedHat' %}
yum-config:
file.replace:
- name: /etc/yum.conf
- pattern: '^proxy=.*$'
- repl: 'proxy=http://rpm-cache.river.ru:3128'
- append_if_not_found: True
- backup: '.bak'
{% for filename in salt.file.find('/etc/yum.repos.d/',name='*.repo') %}
#repo-comment-{{ loop.index }}:
# file.comment:
# - name: {{ filename }}
# - regex: '^mirrorlist=http'
# - onlyif: grep '^mirrorlist' {{ filename }}
#repo-uncomment-{{ loop.index }}:
# file.uncomment:
# - name: {{ filename }}
# - regex: 'baseurl=http'
# - onlyif: grep '^#baseurl' {{ filename }}
repo-sed-comment-{{ loop.index }}:
cmd.run:
- name: sed -i 's/^mirrorlist=/#mirrorlist=/' {{ filename }}
- onlyif: grep '^mirrorlist=' {{ filename }}
repo-sed-uncomment-{{ loop.index }}:
cmd.run:
- name: sed -i 's/^#baseurl=/baseurl=/' {{ filename }}
- onlyif: grep '^#baseurl=' {{ filename }}
{% endfor %}
{% endif %}
{% if grains['os_family'] == 'Debian' %}
apt_proxy:
file.managed:
- name: /etc/apt/apt.conf.d/01proxy
- source: salt://store/common/etc/apt/apt.conf.d/01proxy
- user: root
- group: root
- mode: 644
{% endif %}
{% else %}
{% if grains['os_family'] == 'RedHat' %}
yum-config:
file.replace:
- name: /etc/yum.conf
- pattern: '^proxy=.*$'
- repl: '#proxy=http://rpm-cache.river.ru:3128'
- append_if_not_found: False
- backup: '.bak'
{% endif %}
{% endif %}
Правка sudoers
check_sudoers:
file.replace:
- name: /etc/sudoers
- pattern: |
^%wheel.*
# \%wheel\s{1,}ALL=\(ALL\)\s{1,}NOPASSWD: ALL
# - pattern: '%wheel ALL=(ALL) NOPASSWD: ALL'
- repl: '%wheel ALL=(ALL) NOPASSWD: ALL'
- append_if_not_found: True
Установка и настройка Zabbix-Agent
{% set zabbix_server = 'zabbix.river.ru,192.168.1.100' %}
### определяем местоположение
{% if grains['location'] is defined %}
{% set location = grains['location'] %}
{% else %}
{% set location = 'BR' %}
{% endif %}
### проверяем и настраиваем репозитории
{% if grains['os_family'] == 'RedHat' %}
{% if grains['os'] == 'CentOS' or grains['os'] == 'RedHat' or grains['os'] == 'OEL' %}
{% if grains['osmajorrelease'] == '6' %}
zabbix-repo-centos6:
pkgrepo.managed:
- name: zabbix
- humanname: Zabbix Official Repository - $basearch
- baseurl: http://repo.zabbix.com/zabbix/3.0/rhel/6/$basearch/
- gpgcheck: 0
{% elif grains['osmajorrelease'] == '7' %}
zabbix-repo-centos7:
pkgrepo.managed:
- name: zabbix
- humanname: Zabbix Official Repository - $basearch
- baseurl: http://repo.zabbix.com/zabbix/3.0/rhel/7/$basearch/
- gpgcheck: 0
{% endif %}
{% endif %}
{% endif %}
{% if grains['os_family'] == 'Debian' %}
{% if grains['os'] == 'Ubuntu'%}
{% if grains['osrelease'] == '14.04'%}
zabbix-repo-ubuntu:
pkgrepo.managed:
- humanname: zabbix
- name: deb http://repo.zabbix.com/zabbix/3.0/ubuntu trusty main
- file: /etc/apt/sources.list.d/zabbix.list
- gpgcheck: 0
{% endif %}
{% if grains['os'] == 'Debian' and grains['oscodename'] == 'wheezy' %}
zabbix-repo-deb-wheezy:
pkgrepo.managed:
- humanname: zabbix
- name: deb http://repo.zabbix.com/zabbix/3.0/debian wheezy main
- file: /etc/apt/sources.list.d/zabbix.list
- gpgcheck: 0
{% endif %}
{% if grains['os'] == 'Debian' and grains['oscodename'] == 'jessie' %}
zabbix-repo-deb-jessie:
pkgrepo.managed:
- humanname: zabbix
- name: deb http://repo.zabbix.com/zabbix/3.0/debian jessie main
- file: /etc/apt/sources.list.d/zabbix.list
- gpgcheck: 0
{% endif %}
{% endif %}
## проверяем версию релиза и обновляем по необходимости
zabbix-agent:
pkg.latest:
- refresh: True
service:
- running
zabbix-sender:
pkg.latest:
- refresh: True
## Копирование базы скриптов на миньоны
/etc/zabbix/scripts:
file.recurse:
- user: root
- group: root
- dir_mode: 755
- file_mode: 755
- source: salt://store/common/etc/zabbix/scripts
/etc/zabbix/zabbix_agentd.d:
file.recurse:
- user: root
- group: root
- dir_mode: 755
- file_mode: 644
- source: salt://store/common/etc/zabbix/zabbix_agentd.d
zabbix-agent-service:
service:
- name: zabbix-agent
- running
- enable: True
- watch:
- file: /etc/zabbix/scripts
- file: /etc/zabbix/zabbix_agentd.d
### проверяем и настраиваем конфигурацию агента
{% if grains['os_family'] == 'RedHat' or grains['os_family'] == 'Debian' %}
check_agentd_config_server:
file.replace:
- name: /etc/zabbix/zabbix_agentd.conf
- pattern: |
^Server=.*
- repl: 'Server={{ zabbix_server }} \n'
- append_if_not_found: True
check_agentd_config_serveractive:
file.replace:
- name: /etc/zabbix/zabbix_agentd.conf
- pattern: |
^ServerActive=.*
- repl: 'ServerActive={{ zabbix_server }} \n'
- append_if_not_found: True
check_agentd_config_include:
file.replace:
- name: /etc/zabbix/zabbix_agentd.conf
- pattern: |
^Include=.*
- repl: 'Include=/etc/zabbix/zabbix_agentd.d/ \n'
- append_if_not_found: True
{% endif %}
{% if grains['os_family'] == 'Windows' %}
check_agentd_config:
file.replace:
- name: C:/zabbix/conf/zabbix_agentd.conf
- pattern: |
^Server=.*
- repl: 'Server={{ zabbix_server }}'
- append_if_not_found: True
{% endif %}
pyzabbix:
pip.installed:
- name: pyzabbix
- require:
- pkg: stdapps
Комментариев нет:
Отправить комментарий