一、描述
拿到一批机器,需要做首先是修改ssh端口,防火墙配置,以及limits.conf控制文件描述符,进程数,栈大小等。
二、剧本如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
---
- hosts:
"{{ host }}"
remote_user:
"{{ user }}"
gather_facts:
false
tasks:
- name: Modify
ssh
port 69410
lineinfile:
dest:
/etc/ssh/
{{ item }}
regexp:
'^Port 69410'
insertafter:
'#Port 22'
line:
'Port 69410'
with_items:
- sshd_config
- ssh_config
tags:
- sshport
- name: Set sysctl
file
limiits
# pam_limits: domain='*' limit_type=`item`.`limit_type` limit_item=`item`.`limit_item` value=`item`.`value`
pam_limits:
dest:
"{{ item.dest }}"
domain:
'*'
limit_type:
"{{ item.limit_type }}"
limit_item:
"{{ item.limit_item }}"
value:
"{{ item.value }}"
with_items:
- { dest:
'/etc/security/limits.conf'
,limit_type:
'soft'
,limit_item:
'nofile'
, value:
'655350'
}
- { dest:
'/etc/security/limits.conf'
,limit_type:
'hard'
,limit_item:
'nofile'
, value:
'655350'
}
- { dest:
'/etc/security/limits.conf'
,limit_type:
'soft'
,limit_item:
'nproc'
, value:
'102400'
}
- { dest:
'/etc/security/limits.conf'
,limit_type:
'hard'
,limit_item:
'nproc'
, value:
'102400'
}
- { dest:
'/etc/security/limits.conf'
,limit_type:
'soft'
,limit_item:
'sigpending'
, value:
'255377'
}
- { dest:
'/etc/security/limits.conf'
,limit_type:
'hard'
,limit_item:
'sigpending'
, value:
'255377'
}
- { dest:
'/etc/security/limits.d/90-nproc.conf'
, limit_type:
'soft'
,limit_item:
'nproc'
, value:
'262144'
}
- { dest:
'/etc/security/limits.d/90-nproc.conf'
, limit_type:
'hard'
,limit_item:
'nproc'
, value:
'262144'
}
tags:
- setlimits
|
本文转自 zouqingyun 51CTO博客,原文链接:http://blog.51cto.com/zouqingyun/1885014,如需转载请自行联系原作者
