Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /bin/bash
- set -x
- set -v
- set -f
- USERID=$(uname -a | awk '{ print $2 }' | cut -d '.' -f 1 | sed 's/.$//')
- MASTERIP=$(ip addr show | grep '172.31' | awk '{ print $2 }' | cut -d '/' -f 1)
- INITIALPASS='123456'
- SETPASSWD='yourmagicpassword'
- systemctl stop salt-master
- systemctl stop salt-minion
- yum-complete-transaction --cleanup-only
- yum remove -y salt-ssh
- yum remove -y salt-master
- yum remove -y salt-minion
- /bin/cp -f /dev/null /root/.ssh/known_hostsriteOut
- curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
- sh bootstrap-salt.sh -M
- yum install -y salt-ssh
- yum install -y moreutils
- yum install -y jq
- yum install -y expect
- # set up security for autosign.
- # set up roster for salt-ssh init
- cp /dev/null /etc/salt/autosign.conf
- cp /dev/null /etc/salt/roster
- for i in 1 2 3; do
- echo "${USERID}""${i}".mylabserver.com >> /etc/salt/autosign.conf
- cat << ROSTER >> /etc/salt/roster
- minion${i}:
- host: ${USERID}${i}.mylabserver.com
- user: user
- passwd: ${SETPASSWD}
- sudo: True
- tty: True
- ROSTER
- done
- for i in 1 2 3; do
- if [ "$i" -ne "1" ]
- then
- cat << MINIONEXPECT > /etc/salt/expect-minion${i}.tcl
- #!/usr/bin/expect -f
- spawn ssh ${USERID}${i}.mylabserver.com -l user
- expect "?(yes/no)?"
- send "yes\r"
- expect "?assword:"
- send "${INITIALPASS}\r"
- expect "?assword:"
- send "${INITIALPASS}\r"
- expect "?assword:"
- send "${SETPASSWD}\r"
- expect "?assword:"
- send "${SETPASSWD}\r"
- interact
- MINIONEXPECT
- chmod a+x /etc/salt/expect-minion${i}.tcl
- fi
- done
- for i in 2 3; do
- /etc/salt/expect-minion${i}.tcl
- done
- # enable autosign.conf
- sed -e 's/#autosign_file:/autosign_file:/' /etc/salt/master | sponge /etc/salt/master
- # write some state files
- mkdir -p /srv/salt/files/scripts
- cat << STATE01 > /srv/salt/hello.sls
- cmd_hello:
- cmd.run:
- - name: 'echo hello'
- STATE01
- cat << STATE02 > /srv/salt/sshd_off.sls
- sshd_off:
- service.dead:
- - enable: False
- STATE02
- cat << STATE02B > /srv/salt/sshd_on.sls
- sshd_on:
- service.running:
- - enable: True
- STATE02B
- cat << STATE03 > /srv/salt/minion.sls
- minion_setup:
- cmd.script:
- - source: salt://files/scripts/salt-minion-init.sh
- - cwd: /tmp
- - user: root
- # - args: ${MASTERIP}
- STATE03
- cat << STATE04 > /srv/salt/emacs.sls
- install_emacs:
- pkg.installed:
- - pkgs:
- - emacs
- STATE04
- cat << MINIONCFG > /srv/salt/files/scripts/salt-minion-init.sh
- #! /bin/bash
- systemctl stop salt-minion
- yum-complete-transaction --cleanup-only
- yum remove -y salt-minion
- curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
- sh bootstrap-salt.sh
- yum install -y moreutils
- if grep --quiet salt /etc/hosts; then
- sed -e 's/salt/abcdefg/g' /etc/hosts | sponge /etc/hosts
- fi
- # change master, edit /etc/hosts
- echo "${MASTERIP} salt" >> /etc/hosts
- # edit salt-minion id
- uname -a | awk '{ print \$2 }' > /etc/salt/minion_id
- # change master, remove cached public key
- rm -f /etc/salt/pki/minion/minion_master.pub
- pip install pyinotify
- systemctl restart salt-minion
- MINIONCFG
- # exit here to check/debug config
- #exit 0
- systemctl restart salt-master
- if [[ $1 == "expect" ]]
- then
- for i in 2 3 ; do
- /etc/salt/expect-minion${i}.tcl
- done
- fi
- salt-ssh -i minion[123456] state.sls minion
- # Password set example, directly set hash in shadow
- #PASSWD_HASH=$(salt-call --local shadow.gen_password '${SOMEPASSWD}' --out=json | jq '.local' | sed s/\"//g)
- #salt '*' shadow.set_password user '${PASSWD_HASH}'
- #salt '*' shadow.set_password root '${PASSWD_HASH}'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement