---- hosts: genghuanip remote_user: root vars: http_port: 8088 tasks: - name: yum env yum: name=epel-release,sysstat,dstat,net-tools,wget,lrzsz,mailx,vim,tcpdump,iotop state=installed - name: mkdir tools file: path=/tools state=directory
tags: mkdir_tools
- name: disable selinux
lineinfile: path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=disabled" tags: selinux
- name: mail config
shell: echo -e "set from=发件邮箱名 \nset smtp=smtps://smtp.exmail.qq.com:465 \nset smtp-auth-user=发件邮箱 \nset smtp-auth-password=邮箱服务密码 \nset smtp-auth=login \nset ssl-verify=ignore \nset nss-config-dir=/root/.certs" >> /etc/mail.rc
tags: configmail
- name: mail cert
shell: mkdir -p /root/.certs/ && cd /root/.certs/ && echo -n | openssl s_client -connect smtp.exmail.qq.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> ~/.certs/exmail.qq.crt && certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/exmail.qq.crt && certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/exmail.qq.crt && certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ~/.certs/./ -i exmail.qq.crt && certutil -L -d /root/.certs
tags: mailcert
- name: scp file
copy: src=/tools/lxj-zj/ dest=/tools/
tags: scp
- name: add monitor cron
cron: name="服务器性能,磁盘等检测" minute=*/10 job='python /tools/monitor/monitor.py >> /tools/monitor/m.log 2>&1 &' tags: monitor
- name: add cronbackup cron
cron: name="cron定时任务备份脚本" minute=30 hour=19 job='bash /tools/crontab/cron_backup.sh >> /tools/crontab/cron_backup.log 2>&1 &' tags: addcronbk
- name: add fail2ban
shell: cd /tools/fail2ban && tar -zxvf fail2ban-0.9.4.tar.gz && cd fail2ban-0.9.4 && ./setup.py install && mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak && mv /etc/fail2ban/action.d/mail-whois-lines.conf /etc/fail2ban/action.d/mail-whois-lines.conf.bak && cp /tools/fail2ban/jail.conf /etc/fail2ban/ && cp /tools/fail2ban/mail-whois-lines.conf /etc/fail2ban/action.d/ && cp /tools/fail2ban/fail2ban-0.9.4/files/redhat-initd /etc/init.d/fail2ban && sed -i 's@Starting fail2ban.*@&\n [ ! -e "/var/run/fail2ban" ] \&\& mkdir /var/run/fail2ban@' /etc/init.d/fail2ban && chkconfig fail2ban on && service fail2ban start
tags: addfail2ban
- name: add node_exporter
shell: cd /tools && tar -zxvf node_exporter-0.18.1.linux-amd64.tar.gz -C /usr/local/ && cd /usr/local/ && mv node_exporter-0.18.1.linux-amd64/ node_exporter && firewall-cmd --add-port=9100/tcp --permanent && firewall-cmd --reload && chmod +x /etc/rc.local && echo 'nohup /usr/local/node_exporter/node_exporter > /usr/local/node_exporter/node_exporter.log 2>&1 &' >> /etc/rc.local && nohup /usr/local/node_exporter/node_exporter > /usr/local/node_exporter/node_exporter.log 2>&1 &
tags: addnodeexporter
- name: 添加管理用户 user: name=jumpadmin password="用户密码" - name: 添加sudo blockinfile: path=/etc/sudoers block="jumpadmin ALL=(ALL) NOPASSWD:ALL" tags: addsudo
- name: add check users
shell: /bin/bash /tools/monitor/xs_user_passwd_monitor.sh install
tags: addcheckusers
- name: add checkusers cron
cron: name="user-monitor log:/tmp/diff.log" minute=*/10 job='/bin/bash /tools/monitor/xs_user_passwd_monitor.sh start' tags: addcheckuserscron
- name: delete 180history
cron: name="删除180天前的历史命令记录" minute=30 hour=19 job='find /var/log/history_record/ -type f -mtime +180 -delete' tags: delete_180history
- name: scp file
copy: src=/etc/ansible/playbook/hs_rcd.sh dest=/etc/profile.d/
tags: scp