Advertisement
Guest User

Untitled

a guest
Mar 23rd, 2017
99
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.44 KB | None | 0 0
  1. #! /bin/bash
  2. set -x
  3. set -v
  4. set -f
  5. USERID=$(uname -a | awk '{ print $2 }' | cut -d '.' -f 1 | sed 's/.$//')
  6. MASTERIP=$(ip addr show | grep '172.31' | awk '{ print $2 }' | cut -d '/' -f 1)
  7. INITIALPASS='123456'
  8. SETPASSWD='yourmagicpassword'
  9. systemctl stop salt-master
  10. systemctl stop salt-minion
  11. yum-complete-transaction --cleanup-only
  12. yum remove -y salt-ssh
  13. yum remove -y salt-master
  14. yum remove -y salt-minion
  15. /bin/cp -f /dev/null /root/.ssh/known_hostsriteOut
  16. curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
  17. sh bootstrap-salt.sh -M
  18. yum install -y salt-ssh
  19. yum install -y moreutils
  20. yum install -y jq
  21. yum install -y expect
  22. # set up security for autosign.
  23. # set up roster for salt-ssh init
  24. cp /dev/null /etc/salt/autosign.conf
  25. cp /dev/null /etc/salt/roster
  26. for i in 1 2 3; do
  27. echo "${USERID}""${i}".mylabserver.com >> /etc/salt/autosign.conf
  28. cat << ROSTER >> /etc/salt/roster
  29. minion${i}:
  30. host: ${USERID}${i}.mylabserver.com
  31. user: user
  32. passwd: ${SETPASSWD}
  33. sudo: True
  34. tty: True
  35. ROSTER
  36. done
  37. for i in 1 2 3; do
  38.  
  39. if [ "$i" -ne "1" ]
  40. then
  41. cat << MINIONEXPECT > /etc/salt/expect-minion${i}.tcl
  42. #!/usr/bin/expect -f
  43. spawn ssh ${USERID}${i}.mylabserver.com -l user
  44. expect "?(yes/no)?"
  45. send "yes\r"
  46. expect "?assword:"
  47. send "${INITIALPASS}\r"
  48. expect "?assword:"
  49. send "${INITIALPASS}\r"
  50. expect "?assword:"
  51. send "${SETPASSWD}\r"
  52. expect "?assword:"
  53. send "${SETPASSWD}\r"
  54. interact
  55. MINIONEXPECT
  56. chmod a+x /etc/salt/expect-minion${i}.tcl
  57. fi
  58. done
  59.  
  60. for i in 2 3; do
  61. /etc/salt/expect-minion${i}.tcl
  62. done
  63.  
  64. # enable autosign.conf
  65. sed -e 's/#autosign_file:/autosign_file:/' /etc/salt/master | sponge /etc/salt/master
  66. # write some state files
  67. mkdir -p /srv/salt/files/scripts
  68. cat << STATE01 > /srv/salt/hello.sls
  69. cmd_hello:
  70. cmd.run:
  71. - name: 'echo hello'
  72. STATE01
  73. cat << STATE02 > /srv/salt/sshd_off.sls
  74. sshd_off:
  75. service.dead:
  76. - enable: False
  77. STATE02
  78. cat << STATE02B > /srv/salt/sshd_on.sls
  79. sshd_on:
  80. service.running:
  81. - enable: True
  82. STATE02B
  83. cat << STATE03 > /srv/salt/minion.sls
  84. minion_setup:
  85. cmd.script:
  86. - source: salt://files/scripts/salt-minion-init.sh
  87. - cwd: /tmp
  88. - user: root
  89. # - args: ${MASTERIP}
  90. STATE03
  91. cat << STATE04 > /srv/salt/emacs.sls
  92. install_emacs:
  93. pkg.installed:
  94. - pkgs:
  95. - emacs
  96. STATE04
  97. cat << MINIONCFG > /srv/salt/files/scripts/salt-minion-init.sh
  98. #! /bin/bash
  99. systemctl stop salt-minion
  100. yum-complete-transaction --cleanup-only
  101. yum remove -y salt-minion
  102. curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
  103. sh bootstrap-salt.sh
  104. yum install -y moreutils
  105. if grep --quiet salt /etc/hosts; then
  106. sed -e 's/salt/abcdefg/g' /etc/hosts | sponge /etc/hosts
  107. fi
  108. # change master, edit /etc/hosts
  109. echo "${MASTERIP} salt" >> /etc/hosts
  110. # edit salt-minion id
  111. uname -a | awk '{ print \$2 }' > /etc/salt/minion_id
  112. # change master, remove cached public key
  113. rm -f /etc/salt/pki/minion/minion_master.pub
  114. pip install pyinotify
  115. systemctl restart salt-minion
  116. MINIONCFG
  117. # exit here to check/debug config
  118. #exit 0
  119. systemctl restart salt-master
  120. if [[ $1 == "expect" ]]
  121. then
  122. for i in 2 3 ; do
  123. /etc/salt/expect-minion${i}.tcl
  124. done
  125. fi
  126. salt-ssh -i minion[123456] state.sls minion
  127.  
  128. # Password set example, directly set hash in shadow
  129. #PASSWD_HASH=$(salt-call --local shadow.gen_password '${SOMEPASSWD}' --out=json | jq '.local' | sed s/\"//g)
  130. #salt '*' shadow.set_password user '${PASSWD_HASH}'
  131. #salt '*' shadow.set_password root '${PASSWD_HASH}'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement