使用ansible-playbook脚本部署服务器环境，以及必要的软件。

---#固定格式- hosts: genghuanip      #定义需要执行主机  remote_user: root       #远程用户  vars:                   #定义变量    http_port: 8088       #变量  tasks:                             #定义一个任务的开始#安装环境    - name: yum env         #定义任务的名称      yum: name=epel-release,sysstat,dstat,net-tools,wget,lrzsz,mailx,vim,tcpdump,iotop state=installed   #调用模块，具体要做的事情#创建文件夹    - name: mkdir tools         #定义任务的名称      file: path=/tools state=directory
      tags: mkdir_tools
#关闭selinux    - name: disable selinux
      lineinfile: path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=disabled"      tags: selinux
#修改邮箱配置文件    - name: mail config
      shell: echo -e "set from=发件邮箱名 \nset smtp=smtps://smtp.exmail.qq.com:465 \nset smtp-auth-user=发件邮箱 \nset smtp-auth-password=邮箱服务密码 \nset smtp-auth=login \nset ssl-verify=ignore \nset nss-config-dir=/root/.certs" >> /etc/mail.rc
      tags: configmail
#邮箱证书    - name: mail cert
      shell: mkdir -p /root/.certs/  && cd /root/.certs/ && echo -n | openssl s_client -connect smtp.exmail.qq.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> ~/.certs/exmail.qq.crt && certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/exmail.qq.crt && certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/exmail.qq.crt && certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ~/.certs/./ -i exmail.qq.crt && certutil -L -d /root/.certs
      tags: mailcert
#传输装机文件夹    - name: scp file
      copy: src=/tools/lxj-zj/ dest=/tools/
      tags: scp
#添加服务器检测脚本定时任务    - name: add monitor cron
      cron: name="服务器性能，磁盘等检测" minute=*/10 job='python /tools/monitor/monitor.py >> /tools/monitor/m.log 2>&1 &'      tags: monitor
#添加定时任务备份任务    - name: add cronbackup cron
      cron: name="cron定时任务备份脚本" minute=30 hour=19 job='bash /tools/crontab/cron_backup.sh >> /tools/crontab/cron_backup.log 2>&1 &'      tags: addcronbk
#安装fail2ban软件    - name: add fail2ban
      shell: cd /tools/fail2ban &&  tar -zxvf fail2ban-0.9.4.tar.gz && cd fail2ban-0.9.4 && ./setup.py install && mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak && mv /etc/fail2ban/action.d/mail-whois-lines.conf /etc/fail2ban/action.d/mail-whois-lines.conf.bak && cp /tools/fail2ban/jail.conf /etc/fail2ban/ && cp /tools/fail2ban/mail-whois-lines.conf /etc/fail2ban/action.d/ && cp /tools/fail2ban/fail2ban-0.9.4/files/redhat-initd /etc/init.d/fail2ban && sed -i 's@Starting fail2ban.*@&\n    [ ! -e "/var/run/fail2ban" ] \&\& mkdir /var/run/fail2ban@' /etc/init.d/fail2ban && chkconfig fail2ban on && service fail2ban start
      tags: addfail2ban
#安装nodee_exporter    - name: add node_exporter
      shell: cd /tools && tar -zxvf node_exporter-0.18.1.linux-amd64.tar.gz -C /usr/local/ && cd /usr/local/ && mv node_exporter-0.18.1.linux-amd64/ node_exporter && firewall-cmd --add-port=9100/tcp --permanent && firewall-cmd --reload && chmod +x /etc/rc.local && echo 'nohup /usr/local/node_exporter/node_exporter > /usr/local/node_exporter/node_exporter.log 2>&1 &' >> /etc/rc.local && nohup /usr/local/node_exporter/node_exporter > /usr/local/node_exporter/node_exporter.log 2>&1 &
      tags: addnodeexporter
    - name: 添加管理用户       #定义任务的名称      user: name=jumpadmin password="用户密码"#调用模块，具体要做的事情    - name: 添加sudo         #定义任务的名称      blockinfile: path=/etc/sudoers block="jumpadmin    ALL=(ALL)       NOPASSWD:ALL"      tags: addsudo
#安装用户检测脚本    - name: add check users
      shell: /bin/bash /tools/monitor/xs_user_passwd_monitor.sh install
      tags: addcheckusers
#添加用户检测脚本定时任务    - name: add checkusers cron
      cron: name="user-monitor   log：/tmp/diff.log" minute=*/10 job='/bin/bash /tools/monitor/xs_user_passwd_monitor.sh start'      tags: addcheckuserscron
#删除180天前的历史命令记录    - name: delete 180history
      cron: name="删除180天前的历史命令记录" minute=30 hour=19 job='find /var/log/history_record/ -type f -mtime +180 -delete'      tags: delete_180history
#复制调用脚本    - name: scp file
      copy: src=/etc/ansible/playbook/hs_rcd.sh dest=/etc/profile.d/
      tags: scp