Ansible Tower
# Generated by iptables-save v1.4.7 on Tue Aug 23 04:58:34 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2048 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Tue Aug 23 04:58:34 2016
iptables
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1E3h6EO5zu28LaSQBqMhKRxJQQH+TwX/6m9VtAImW2uxkQ15GUa8CRmDGTQuG3y7OgnY5CUeBVZQgtLPJl3WY4bfz2LXT1ysRzEDPZCIMBFCFSktzeWoIcuaVg59S3ta5LZIp1TOM03vsipaU0zghVO6XbrJ74/YOZIE3ngWuC3ZCMiykRehPoIToLphoG1XKb001hA01cxppwqTKSPhs0YvAOhMy8On9woj2kvWYhbW7R6rPzwCVhBw1VSunYPmGHUEqcQKbfdrnENKYW0w9yM96BUkK4Y4GhikGgwngorsQh6feXDzVOeJ/UOoaa2bgE+Pv6e6OonGiiNeGz9+3w== root@iZ23k44penhZ
authorized_keys
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value. #Port 22
#ListenAddress 0.0.0.0
#ListenAddress :: # Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2 # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024 # Logging
# obsoletes QuietMode and FascistLogging
#LogLevel INFO # Authentication: #LoginGraceTime 2m
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10 #RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PermitEmptyPasswords no # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PAM authentication via ChallengeResponseAuthentication may bypass
# If you just want the PAM account and session checks to run without
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS #AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none # no default banner path
#Banner none # override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
UseDNS no
AddressFamily inet
PermitRootLogin yes
SyslogFacility AUTHPRIV
Port 2048
PasswordAuthentication no
sshd_config
#!/bin/bash
# BLOG: https://blog.linuxeye.com
# Project home page:
# https://oneinstack.com
# https://github.com/lj2007331/oneinstack export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
export LANG=en_US.UTF-8
clear
printf "
#######################################################################
# OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+ #
# Auto fdisk #
# For more information please visit http://oneinstack.com #
#######################################################################
" echo=echo
for cmd in echo /bin/echo; do
$cmd >/dev/null 2>&1 || continue
if ! $cmd -e "" | grep -qE '^-e'; then
echo=$cmd
break
fi
done
CSI=$($echo -e "\033[")
CEND="${CSI}0m"
CDGREEN="${CSI}32m"
CRED="${CSI}1;31m"
CGREEN="${CSI}1;32m"
CYELLOW="${CSI}1;33m"
CBLUE="${CSI}1;34m"
CMAGENTA="${CSI}1;35m"
CCYAN="${CSI}1;36m"
CSUCCESS="$CDGREEN"
CFAILURE="$CRED"
CQUESTION="$CMAGENTA"
CWARNING="$CYELLOW"
CMSG="$CCYAN" # Check if user is root
[ $(id -u) != "" ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; } MOUNT_DIR=/data
FSTAB_FILE=/etc/fstab count=0
TMP1=/tmp/.tmp1
TMP2=/tmp/.tmp2 > $TMP1
> $TMP2 # check lock file, one time only let the script run one time
LOCKfile=/tmp/.$(basename $0)
if [ -f "$LOCKfile" ];then
echo
echo "${CWARNING}The script is already exist, please next time to run this script${CEND}"
echo
exit
else
echo
echo "${CMSG}Step 1.No lock file, begin to create lock file and continue${CEND}"
echo
touch $LOCKfile
fi # check disk partition
check_disk() {
> $LOCKfile
for i in `fdisk -l | grep "Disk" | grep "/dev" | awk '{print $2}' | awk -F: '{print $1}' | grep "vd"`
do
if [ -z "$(blkid | grep -v 'PTTYPE="dos"' | grep -w "$i")" ];then
DEVICE_COUNT=$(fdisk -l $i | grep "$i" | awk '{print $2}' | awk -F: '{print $1}' | wc -l)
NEW_MOUNT=$(df -h)
if [ $DEVICE_COUNT -lt 2 ];then
if [ -n "$(echo $NEW_MOUNT | grep -w "$i")" -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $2}')" == '/' -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $3}')" == 'swap' ];then
echo "${CWARNING}The $i disk is mounted${CEND}"
else
echo $i >> $LOCKfile
echo "You have a free disk, Now will fdisk it and mount it"
fi
fi
fi
done
DISK_LIST=$(cat $LOCKfile)
if [ "X$DISK_LIST" == "X" ];then
echo
echo "${CWARNING}No free disk need to be fdisk. Exit script${CEND}"
echo
rm -rf $LOCKfile
exit 0
else
echo "${CMSG}This system have free disk :${CEND}"
for i in `echo $DISK_LIST`
do
echo "$i"
count=$((count+1))
done
[ $count -gt 1 ] && { echo "${CWARNING}This system has at least two free disk, You must manually mount it${CEND}"; exit 0; }
fi
} # check os
check_os() {
os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null)
os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ];then
if echo "$os_release" | grep "release 5" >/dev/null 2>&1;then
os_release=aliyun5
modify_env
fi
fi
} # install ext4
modify_env() {
modprobe ext4
yum -y install e4fsprogs
} # fdisk ,formating and create the file system
fdisk_fun() {
fdisk -S 56 $1 << EOF
n
p
1 wq
EOF sleep 5
mkfs.ext4 ${1}1
} # make directory
make_dir() {
echo "${CMSG}Step 4.Begin to make directory${CEND}"
[ -d "$MOUNT_DIR" ] && mv ${MOUNT_DIR}{,_bk}
mkdir -p $MOUNT_DIR
echo "$MOUNT_DIR" >> $TMP1
} # config /etc/fstab and mount device
main() {
for i in `echo $DISK_LIST`
do
echo
echo "${CMSG}Step 3.Begin to fdisk free disk${CEND}"
[ -n "`df -h | grep ${i}1`" ] && { echo "${CFAILURE}The ${i}1 already mount${CEND}"; echo; exit 0; }
fdisk_fun $i > /dev/null 2>&1
echo
echo "${i}1" >> $TMP2
done
make_dir
> $LOCKfile
paste $TMP2 $TMP1 > $LOCKfile
echo
echo "${CMSG}Step 5.Begin to write configuration to /etc/fstab and mount device${CEND}"
while read a b
do
[ -z "`grep ^${a} $FSTAB_FILE`" -a -z "`grep ${b} $FSTAB_FILE`" ] && echo "${a} $b ext4 defaults 0 0" >> $FSTAB_FILE
done < $LOCKfile
mount -a
echo
} # start script
echo "${CMSG}Step 2.Begin to check free disk${CEND}"
#service mysqld stop
#mv /data /root
check_os
check_disk
main
df -h
#mv /root/data/* /data
#service mysqld start
rm -rf $LOCKfile $TMP1 $TMP2
auto_disk.sh
# /etc/profile # System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc # It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates. pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
} if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`id -u`
UID=`id -ru`
fi
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi # Path manipulation
if [ "$EUID" = "" ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
pathmunge /sbin after
fi HOSTNAME=`/bin/hostname 2>/dev/null` HISTFILESIZE=200
HISTSIZE=100
HISTTIMEFORMAT="%Y%m%d-%H%M%S: " #or HISTTIMEFORMAT="%Y%m%d %T "
export HISTTIMEFORMA if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL # By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null 2>&1
fi
fi
done unset i
unset -f pathmunge
profile
options timeout:1 attempts:1 rotate
nameserver 10.143.22.116
nameserver 10.143.22.118
nameserver 8.8.8.8
nameserver 114.114.114.114
resolv.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 150000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 8192 4336600 873200
net.ipv4.tcp_rmem = 32768 4336600 873200
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
sysctl.conf
com2sec notConfigUser default 1public1 #default is all IP address
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser # name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1 access notConfigGroup "" any noauth exact all none none
view all included .1 80
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
snmpd.conf
- hosts: all
remote_user: root
tasks:
- name: ####System update ####
yum: name=* state=latest
- name: ####INSTALL LRZSX NETHOGS NLOAD####
yum: name={{item}} state=present
with_items:
- lrzsz
- nethogs
- nload - name: ####Install EPEL Yum Repo####
yum: name=http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm state=present
- name: ####Install NTP####
yum: name=ntp state=latest - name: ####Install Java 1.7 and some basic dependencies####
yum: name={{item}} state=present
with_items:
- java-1.7.0-openjdk
- libselinux-python
- libsemanage-python - name: ##### Configure iptables #####
- copy: src=iptables/iptables dest=/etc/sysconfig/iptables force=yes - name: ##### Create and Copy SSH #####
- file: path=/root/.ssh state=directory mode=0644
- copy: src=ssh/sshd_config dest=/etc/ssh/sshd_config force=yes
- copy: src=ssh/authorized_keys dest=/root/.ssh/authorized_keys force=yes
- file: path=/root/.ssh/authorized_keys mode=0600 - name: ##### Replace sysctl and profile #####
- copy: src=system/sysctl.conf dest=/etc/sysctl.conf force=yes
- copy: src=system/profile dest=/etc/profile force=yes - name: ##### Enable iptables to be started at boot #####
- service: name=iptables enabled=yes state=started - name: ##### Auto Disk to /data #####
- copy: src=fdisk/auto_disk.sh dest=/tmp/auto_disk.sh
- file: path=/tmp/auto_disk.sh mode=0700
- command: /tmp/auto_disk.sh - name: ##### INSTALL Snmpd #####
yum: name={{item}} state=present
with_items:
- net-snmp
- copy: src=snmp/snmpd.conf dest=/etc/snmp/snmpd.conf force=yes
- service: name=snmpd enabled=yes state=restarted - name: ##### Reboot #####
- command: shutdown -r now
Ansible Tower的更多相关文章
- Ansible Tower系列 四(使用tower执行一个命令)【转】
在主机清单页面中,选择一个主机清单,进入后,选择hosts里的主机 Paste_Image.png 点击 RUN COMMANDS MODULE 选择 commandARGUMENTS 填写 ifco ...
- Ansible Tower系列 三(使用tower执行一个任务)【转】
创建playbook Tower playbook 项目默认存在 /var/lib/awx/projects/ su - awx cd projects/ mkdir ansible-for-devo ...
- Ansible Tower系列 二(安装 Tower)【转】
文档:http://docs.ansible.com/ansible-tower/ 安装前检查 python版本为2.6 保持网络畅通 内存预留充足 安装用户为root 软件下载 下载地址:http: ...
- Ansible Tower 3.5.1 平台部署和破解
原创 Ansible Tower 3.5.1 平台部署和破解 Ansible Tower (以前叫’AWX’)是能够帮助任何IT团队更容易使用Ansible的解决方案.该方案基于web. Tower允 ...
- 自动运维:Ansible -ansible tower
文档主页:http://docs.ansible.com/参考文档:http://docs.ansible.com/ansible/参考文档:http://docs.ansible.com/ansib ...
- Ansible学习记录六:Tower安装
0.特别说明 1. 本文档没有特殊说明,均已root用户安装 2. 本文档中ftp传输文件的工具采用filezilla. 3. 本文档中的执行命令必须严格按照顺序而来. 4. 本文档中所用浏览器为Go ...
- Ansible Notes: Tower Credential的本质
Ansible AWX/Tower credential 的本质 Ansible Tower (社区版本叫AWX)用credential这个资源来对象来存储playbook运行过程中用到的机密信息.比 ...
- Ansible-Tower快速入门-6.查看tower的仪表板【翻译】
查看tower的仪表板 到这一步,我们已经可以在屏幕上看到tower的仪表板了,我们可以看到你目前"主机""资产清单"和"项目"的汇总信息, ...
- 【Ansible 文档】【译文】Playbooks 变量
Variables 变量 自动化的存在使得重复的做事情变得很容易,但是我们的系统不可能完全一样. 在某些系统中,你可能想要设置一些与其他系统不一样的行为和配置. 同样地,远程系统的行为和状态也可以影响 ...
随机推荐
- 第二章 搭建Android开发环境
这一章为我们讲解了如何搭建Android开发环境. 首先要了解的是Android底层开发需要哪些工具:搭建android应用程序开发环境.android NDK开发环境和交叉编译环境,前两个用来测试L ...
- 【zz】matlab 求差集
matlab判断2个数组中不同元素--setdiff c = setdiff(A, B) 返回在A中有,而B中没有的值,结果向量将以升序排序返回.在集合论中,c = A - B.A和B也可以是字符串细 ...
- RS232,RS422串口标准小结
RS232和RS422都是广泛使用的异步串行接口标准.由于它们实现简单且占用IO口资源少,在低速传输下是不错的方案. RS232是单端走线,最高波特率为115200,传输最远距离不超过150米,它的逻 ...
- ios创建自定义控件必须具备的三个方法
1.当用代码创建控件时调用 -(instancetype)initWithFrame:(CGRect)frame { if (self = [super initWithFrame:frame]) { ...
- PyCharm 3.4.1注册码
PyCharm 3.4下载地址:http://www.jetbrains.com/pycharm/download/index.html PyCharm 3.0 注册码 PyCharm3 序列号 Li ...
- 查出重复的数据---------oracle
select chcod, count(1) from a group by chcod having count(1) > 1
- MySQL命令行导出数据库
MySQL命令行导出数据库:1,进入MySQL目录下的bin文件夹:cd MySQL中到bin文件夹的目录如我输入的命令行:cd C:\Program Files\MySQL\MySQL Server ...
- 如何在MATLAB R2010a 中使用Visual C++ 2010编译器
安装补丁VS2012MEXSupport.zip http://www.mathworks.com/matlabcentral/answers/93013-how-can-i-use-microsof ...
- Maven项目pom.xml文件详解
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/20 ...
- DeepLearning入门笔记(一),准备工作与注意事项
本文记录了安装theano.keras.tensorflow以及运行tutorial程序时遇到的一些问题,供后人参考. 实验机器:联想笔记本,i7-6700HQ,GTX960M,16G内存,SSD硬盘 ...