среда, 10 мая 2017 г.

Salt-States Examples

Примеры Salt-States

Смена DNS серверов
Удаление старых записей и пропись новых 172.16.16.1, 172.16.16.2

{% if grains['os_family'] == 'RedHat' %}

dns_ifcfg:
  cmd.run:
    - name: sed --in-place '/DNS/d' /etc/sysconfig/network-scripts/ifcfg-eth0 && echo 'DNS1=172.16.198.6' >> /etc/sysconfig/network-scripts/ifcfg-eth0 && echo 'DNS1=172.16.198.9' >> /etc/sysconfig/network-scripts/ifcfg-eth0 && cat /etc/sysconfig/network-scripts/ifcfg-eth0 | grep DNS

dns_resolv:
  cmd.run:
    - name: sed --in-place '/nameserver/d' /etc/resolv.conf && echo 'options rotate timeout:1 retries:1' >> /etc/resolv.conf && echo 'nameserver 172.16.198.6' >> /etc/resolv.conf && echo 'nameserver 172.16.198.9' >> /etc/resolv.conf && cat /etc/resolv.conf

{% endif %}

{% if grains['os_family'] == 'Debian'  %}

dns_ifcfg:
  cmd.run:
    - name: sed --in-place '/dns-nameservers/d' /etc/network/interfaces && echo 'dns-nameservers 172.16.198.6 172.16.198.9' >> /etc/network/interfaces && cat /etc/network/interfaces | grep dns-nameservers

dns_resolv:
  cmd.run:
    - name: sed --in-place '/nameserver/d' /etc/resolv.conf && echo 'options rotate timeout:1 retries:1' >> /etc/resolv.conf && echo 'nameserver 172.16.198.6' >> /etc/resolv.conf && echo 'nameserver 172.16.198.9' >> /etc/resolv.conf && cat /etc/resolv.conf

{% endif %}

{% if grains['os_family'] == 'Windows'  %}

dns_primary:
  cmd.run:
    - name: netsh interface ipv4 set dns name="Ethernet0" static 172.16.198.6

dns_secondary:
  cmd.run:
    - name: netsh interface ip add dns name="Ethernet0" 172.16.198.9 index=2

{% endif %}


Установка и настройка Power Brocker (PBIS)
http://it.kuchuk.net/2016/08/linux-activedirectory.html

pbis-open:
  pkg:
    - latest

update_pbis:
  cmd.run:
      - name: |
           /opt/pbis/bin/config Local_HomeDirTemplate "%H/%D/%U"
           /opt/pbis/bin/config  HomeDirTemplate "%H/%D/%U"
           /opt/pbis/bin/config AssumeDefaultDomain true
           /opt/pbis/bin/config UserDomainPrefix COX
           /opt/pbis/bin/config LoginShellTemplate /bin/bash
           /opt/pbis/bin/config RequireMembershipOf "COX\\linux^admins"
      - unless:

{% if grains['os_family'] == 'RedHat' %}

{% endif %}

{% if grains['os_family'] == 'Debian' %}
{% endif %}

update_sudoers:
  file.replace:
   - name: /etc/sudoers
   - pattern: |
       ^%Linux^Admins.*
   - repl: '%Linux^Admins        ALL=(ALL)       NOPASSWD:ALL '
   - append_if_not_found: True

Установка репозиториев

{% if grains['os_family'] == 'RedHat' %}

salt-repo-centos7:
  pkgrepo.managed:
    - name: salt-latest
    - humanname: SaltStack Latest Release Channel for RHEL/Centos $releasever
    - baseurl: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
    - gpgcheck: 0
    - gpgkey: https://repo.saltstack.com/yum/rhel7/SALTSTACK-GPG-KEY.pub

rsyslog-v8:
  pkgrepo.managed:
    - name: rsyslog_v8
    - humanname: Adiscon Rsyslog
    - baseurl: http://rpms.adiscon.com/v8-stable/epel-7/x86_64
    - gpgcheck: 0
    - gpgkey: http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon

epel:
  pkgrepo.managed:
    - humanname: Extra Packages for Enterprise Linux 7 - $basearch
    - name: epel
#    - baseurl: http://download.fedoraproject.org/pub/epel/7/$basearch
    - mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
    - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
    - gpgcheck: 0

pbiso:
  pkgrepo.managed:
    - humanname: PBISO- local packages for $basearch
    - name: pbiso
    - baseurl: http://repo.pbis.beyondtrust.com/yum/pbiso/$basearch
    - gpgkey: http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis
    - gpgcheck: 0

{% endif %}

{% if grains['os_family'] == 'Debian' %}

rsyslog-v8-ppa:
  pkgrepo.managed:
    - ppa: adiscon/v8-stable

pbiso:
  pkgrepo.managed:
    - humanname: pbiso
    - name: deb http://repo.pbis.beyondtrust.com/apt pbiso main
    - file: /etc/apt/sources.list.d/pbiso.list
    - key_url: http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis
    - gpgcheck: 0

saltstack-repo:
  pkgrepo.managed:
    - humanname: saltstack
    - name: deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main
    - file: /etc/apt/sources.list.d/saltstack.list
    - key_url: https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
    - gpgcheck: 1

{% endif %}

Установка и настройка NTP службы

{% if grains['os_family'] == 'RedHat' %}
ntp:
  pkg.installed

ntp-service:
  service.running:
    - name: ntpd
    - enable: True
    - reload: True
    - watch:
      - pkg: ntp

{% endif %}

{% if grains['os_family'] == 'Debian' %}

ntp:
  pkg.installed

ntp-service:
  service.running:
    - name: ntp
    - enable: True
    - reload: True
    - watch:
      - pkg: ntp

{% endif %}

Установка Пакетов/Приложений

stdapps:
#  pkg.installed:
  pkg.latest:
    - pkgs:
      - wget
#      - git
#      - mercurial
#      - subversion
      - iftop
      - iotop
#      - tmux
      - sysstat
#      - ncdu
      - htop
#      - dstat
#      - tzdata
#      - tzdata-java
      - salt-minion
      - mc
      - nano
      - traceroute
      - lsof

  {% if grains['os_family'] == 'RedHat' %}
      {% if grains['os'] == 'CentOS' or grains['os'] == 'RedHat' or grains['os'] == 'OEL' %}
      - epel-release
      - psmisc
        {% if grains['osmajorrelease'] == '6' %}
      - python-pip

        {% elif grains['osmajorrelease'] == '7' %}
      - vim-enhanced
      - python2-pip
        {% endif %}
      {% endif %}
  {% endif %}

  {% if grains['os'] == 'Debian' %}
      - python-pip
      - vim
  {% endif %}

{% if grains['os_family'] == 'RedHat' %}

#psmisc:
# pkg.installed

#epel-release:
#  pkg.installed

#salt-minion:
#  pkg.latest:
#   - refresh: True

telnet:
  pkg.installed

{% endif%}

{% if grains['os_family'] == 'Windows' %}

salt-minion:
  pkg.latest:
   - refresh: True

7zip:
  pkg.installed

#nxlog:
#  pkg.installed

{% endif%}

Настройка rpm-cache

{% if grains['location'] is defined %}
    {% set location = grains['location'] %}
{% else %}
    {% set location = 'BR' %}
{% endif %}

{% if location != 'HQ' and location != 'HQ2' %}

    {% if grains['os_family'] == 'RedHat' %}

yum-config:
  file.replace:
    - name: /etc/yum.conf
    - pattern: '^proxy=.*$'
    - repl: 'proxy=http://rpm-cache.river.ru:3128'
    - append_if_not_found: True
    - backup: '.bak'

        {% for filename in salt.file.find('/etc/yum.repos.d/',name='*.repo') %}

#repo-comment-{{ loop.index }}:
#  file.comment:
#    - name: {{ filename }}
#    - regex: '^mirrorlist=http'
#    - onlyif: grep '^mirrorlist' {{ filename }}

#repo-uncomment-{{ loop.index }}:
#  file.uncomment:
#    - name: {{ filename }}
#    - regex: 'baseurl=http'
#    - onlyif: grep '^#baseurl' {{ filename }}

repo-sed-comment-{{ loop.index }}:
  cmd.run:
    - name: sed -i 's/^mirrorlist=/#mirrorlist=/' {{ filename }}
    - onlyif: grep '^mirrorlist=' {{ filename }}

repo-sed-uncomment-{{ loop.index }}:
  cmd.run:
    - name: sed -i 's/^#baseurl=/baseurl=/' {{ filename }}
    - onlyif: grep '^#baseurl=' {{ filename }}

        {% endfor %}
    {% endif %}

    {% if grains['os_family'] == 'Debian' %}
   
apt_proxy:
  file.managed:
    - name: /etc/apt/apt.conf.d/01proxy
    - source: salt://store/common/etc/apt/apt.conf.d/01proxy
    - user: root
    - group: root
    - mode: 644

    {% endif %}

{% else %}
    {% if grains['os_family'] == 'RedHat' %}
yum-config:
  file.replace:
    - name: /etc/yum.conf
    - pattern: '^proxy=.*$'
    - repl: '#proxy=http://rpm-cache.river.ru:3128'
    - append_if_not_found: False
    - backup: '.bak'
    {% endif %}
{% endif %}

Правка sudoers

check_sudoers:
  file.replace:
   - name: /etc/sudoers
   - pattern: |
        ^%wheel.*
#       \%wheel\s{1,}ALL=\(ALL\)\s{1,}NOPASSWD: ALL
#   - pattern: '%wheel ALL=(ALL)         NOPASSWD: ALL'
   - repl: '%wheel        ALL=(ALL)       NOPASSWD: ALL'
   - append_if_not_found: True

Установка и настройка Zabbix-Agent

{% set zabbix_server = 'zabbix.river.ru,192.168.1.100' %}

### определяем местоположение
{% if grains['location'] is defined %}
    {% set location = grains['location'] %}
{% else %}
    {% set location = 'BR' %}
{% endif %}

### проверяем и настраиваем репозитории
{% if grains['os_family'] == 'RedHat' %}
    {% if grains['os'] == 'CentOS' or grains['os'] == 'RedHat' or grains['os'] == 'OEL' %}
        {% if grains['osmajorrelease'] == '6' %}

zabbix-repo-centos6:
  pkgrepo.managed:
    - name: zabbix
    - humanname: Zabbix Official Repository - $basearch
    - baseurl: http://repo.zabbix.com/zabbix/3.0/rhel/6/$basearch/
    - gpgcheck: 0

        {% elif grains['osmajorrelease'] == '7' %}

zabbix-repo-centos7:
  pkgrepo.managed:
    - name: zabbix
    - humanname: Zabbix Official Repository - $basearch
    - baseurl: http://repo.zabbix.com/zabbix/3.0/rhel/7/$basearch/
    - gpgcheck: 0

       {% endif %}
    {% endif %}
{% endif %}

{% if grains['os_family'] == 'Debian' %}
    {% if grains['os'] == 'Ubuntu'%}
        {% if grains['osrelease'] == '14.04'%}
zabbix-repo-ubuntu:
  pkgrepo.managed:
    - humanname: zabbix
    - name: deb http://repo.zabbix.com/zabbix/3.0/ubuntu trusty main
    - file: /etc/apt/sources.list.d/zabbix.list
    - gpgcheck: 0
        {% endif %}
{% if grains['os'] == 'Debian' and grains['oscodename'] == 'wheezy' %}
zabbix-repo-deb-wheezy:
  pkgrepo.managed:
    - humanname: zabbix
    - name: deb http://repo.zabbix.com/zabbix/3.0/debian wheezy main
    - file: /etc/apt/sources.list.d/zabbix.list
    - gpgcheck: 0
    {% endif %}

    {% if grains['os'] == 'Debian' and grains['oscodename'] == 'jessie' %}
zabbix-repo-deb-jessie:
  pkgrepo.managed:
    - humanname: zabbix
    - name: deb http://repo.zabbix.com/zabbix/3.0/debian jessie main
    - file: /etc/apt/sources.list.d/zabbix.list
    - gpgcheck: 0
    {% endif %}
{% endif %}

## проверяем версию релиза и обновляем по необходимости
zabbix-agent:
  pkg.latest:
   - refresh: True
  service:
  - running

zabbix-sender:
  pkg.latest:
   - refresh: True

## Копирование базы скриптов на миньоны
/etc/zabbix/scripts:
  file.recurse:
  - user: root
  - group: root
  - dir_mode: 755
  - file_mode: 755
  - source: salt://store/common/etc/zabbix/scripts

/etc/zabbix/zabbix_agentd.d:
  file.recurse:
  - user: root
  - group: root
  - dir_mode: 755
  - file_mode: 644
  - source: salt://store/common/etc/zabbix/zabbix_agentd.d

zabbix-agent-service:
  service:
    - name: zabbix-agent
    - running
    - enable: True
    - watch:
      - file: /etc/zabbix/scripts
      - file: /etc/zabbix/zabbix_agentd.d

### проверяем и настраиваем конфигурацию агента
{% if grains['os_family'] == 'RedHat' or grains['os_family'] == 'Debian'  %}

check_agentd_config_server:

  file.replace:
   - name: /etc/zabbix/zabbix_agentd.conf
   - pattern: |
        ^Server=.*
   - repl: 'Server={{ zabbix_server }} \n'
   - append_if_not_found: True

check_agentd_config_serveractive:
  file.replace:
   - name: /etc/zabbix/zabbix_agentd.conf
   - pattern: |
        ^ServerActive=.*
   - repl: 'ServerActive={{ zabbix_server }} \n'
   - append_if_not_found: True

check_agentd_config_include:
  file.replace:
   - name: /etc/zabbix/zabbix_agentd.conf
   - pattern: |
        ^Include=.*
   - repl: 'Include=/etc/zabbix/zabbix_agentd.d/ \n'
   - append_if_not_found: True

{% endif %}

{% if grains['os_family'] == 'Windows'  %}

check_agentd_config:
  file.replace:
   - name: C:/zabbix/conf/zabbix_agentd.conf
   - pattern: |
        ^Server=.*
   - repl: 'Server={{ zabbix_server }}'
   - append_if_not_found: True

{% endif %}

pyzabbix:
  pip.installed:
    - name: pyzabbix
    - require:
      - pkg: stdapps
Автор: на
Ярлыки: ,

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)