Carlos Álvaro
@@ -71,3 +71,30 @@ sed -i -e "s|^[# ]*StrictHostKeyChecking.*$| StrictHostKeyChecking no|" /etc/
|
||||
echo " UserKnownHostsFile /dev/null" >> /etc/ssh/ssh_config
|
||||
echo " LogLevel ERROR" >> /etc/ssh/ssh_config
|
||||
echo "# IdentityFile salt_ssh_key" >> /etc/ssh/ssh_config
|
||||
|
||||
# Configure logrotate
|
||||
echo "Configuring logrotate ..."
|
||||
|
||||
# move supervisord.log file to ${SALT_LOGS_DIR}/supervisor/
|
||||
sed -i "s|^[#]*logfile=.*|logfile=${SALT_LOGS_DIR}/supervisor/supervisord.log ;|" /etc/supervisor/supervisord.conf
|
||||
|
||||
# fix "unknown group 'syslog'" error preventing logrotate from functioning
|
||||
sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf
|
||||
|
||||
# Configure supervisor
|
||||
echo "Configuring supervisor ..."
|
||||
|
||||
# configure supervisord to start unicorn
|
||||
cat > /etc/supervisor/conf.d/salt-master.conf <<EOF
|
||||
[program:salt-master]
|
||||
priority=5
|
||||
directory=${SALT_HOME}
|
||||
environment=HOME=${SALT_HOME}
|
||||
command=salt-master
|
||||
user=${SALT_USER}
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stopsignal=QUIT
|
||||
stdout_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
|
||||
stderr_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
|
||||
EOF
|
||||
|
||||
@@ -47,7 +47,7 @@ master_use_pubkey_signature: {{SALT_MASTER_USE_PUBKEY_SIGNATURE}}
|
||||
##### Salt-SSH Configuration #####
|
||||
##########################################
|
||||
# The log file of the salt-ssh command:
|
||||
ssh_log_file: {{SALT_LOGS_DIR}}/ssh
|
||||
ssh_log_file: {{SALT_LOGS_DIR}}/salt/ssh
|
||||
|
||||
|
||||
##### File Server settings #####
|
||||
@@ -94,14 +94,14 @@ pillar_roots:
|
||||
# to receive commands from.
|
||||
|
||||
# The log file of the salt-syndic daemon:
|
||||
syndic_log_file: {{SALT_LOGS_DIR}}/syndic
|
||||
syndic_log_file: {{SALT_LOGS_DIR}}/salt/syndic
|
||||
|
||||
|
||||
##### Logging settings #####
|
||||
##########################################
|
||||
# The location of the master log file
|
||||
log_file: {{SALT_LOGS_DIR}}/master
|
||||
key_logfile: {{SALT_LOGS_DIR}}/key
|
||||
log_file: {{SALT_LOGS_DIR}}/salt/master
|
||||
key_logfile: {{SALT_LOGS_DIR}}/salt/key
|
||||
|
||||
# The level of messages to send to the console.
|
||||
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
||||
|
||||
@@ -3,6 +3,9 @@
|
||||
DEBUG=${DEBUG:-false}
|
||||
TIMEZONE=${TIMEZONE:-UTC}
|
||||
|
||||
SALT_LOG_ROTATE_FREQUENCY=${SALT_LOG_ROTATE_FREQUENCY:-weekly}
|
||||
SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52}
|
||||
|
||||
# https://docs.saltstack.com/en/latest/ref/configuration/master.html
|
||||
|
||||
##### Logging settings #####
|
||||
|
||||
@@ -171,22 +171,58 @@ function initialize_datadir()
|
||||
[[ -d /srv ]] && [[ ! -L /srv ]] && rm -rf /srv
|
||||
ln -sfnv ${SALT_BASE_DIR} /srv
|
||||
|
||||
# Set Slat root permissions
|
||||
chown -R ${SALT_USER} ${SALT_ROOT_DIR}
|
||||
# Set Salt root permissions
|
||||
chown -R ${SALT_USER}: ${SALT_ROOT_DIR}
|
||||
|
||||
# Set Salt run permissions
|
||||
mkdir -p /var/run/salt
|
||||
chown -R ${SALT_USER} /var/run/salt
|
||||
chown -R ${SALT_USER}: /var/run/salt
|
||||
|
||||
# Set cache permissions
|
||||
mkdir -p /var/cache/salt/master
|
||||
chown -R salt /var/cache/salt
|
||||
chown -R ${SALT_USER}: /var/cache/salt
|
||||
|
||||
# Logs directory
|
||||
mkdir -p ${SALT_LOGS_DIR}/salt ${SALT_LOGS_DIR}/supervisor
|
||||
chmod -R 0755 ${SALT_LOGS_DIR}/supervisor
|
||||
chown -R root: ${SALT_LOGS_DIR}/supervisor
|
||||
|
||||
[[ -d /var/log/salt ]] && [[ ! -L /var/log/salt ]] && rm -rf /var/log/salt
|
||||
mkdir -p /var/log
|
||||
ln -sfnv ${SALT_LOGS_DIR} /var/log/salt
|
||||
chown -R ${SALT_USER} ${SALT_LOGS_DIR}
|
||||
mkdir -p ${SALT_LOGS_DIR}/salt /var/log
|
||||
ln -sfnv ${SALT_LOGS_DIR}/salt /var/log/salt
|
||||
chown -R ${SALT_USER}: ${SALT_LOGS_DIR}/salt
|
||||
}
|
||||
|
||||
# Configures logrotate
|
||||
function configure_logrotate()
|
||||
{
|
||||
echo "Configuring logrotate ..."
|
||||
|
||||
# configure supervisord log rotation
|
||||
cat > /etc/logrotate.d/supervisord <<EOF
|
||||
${SALT_LOGS_DIR}/supervisor/*.log {
|
||||
${SALT_LOG_ROTATE_FREQUENCY}
|
||||
missingok
|
||||
rotate ${SALT_LOG_ROTATE_RETENTION}
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
copytruncate
|
||||
}
|
||||
EOF
|
||||
|
||||
# configure salt-master log rotation
|
||||
cat > /etc/logrotate.d/salt <<EOF
|
||||
${SALT_LOGS_DIR}/salt/* {
|
||||
${SALT_LOG_ROTATE_FREQUENCY}
|
||||
missingok
|
||||
rotate ${SALT_LOG_ROTATE_RETENTION}
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
copytruncate
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
# Initializes the system
|
||||
@@ -194,8 +230,10 @@ function initialize_system()
|
||||
{
|
||||
map_uidgid
|
||||
initialize_datadir
|
||||
configure_logrotate
|
||||
configure_timezone
|
||||
configure_salt_master
|
||||
setup_salt_keys
|
||||
setup_ssh_keys
|
||||
rm -rf /var/run/supervisor.sock
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user