Ansible Tower
# Generated by iptables-save v1.4.7 on Tue Aug 23 04:58:34 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2048 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Tue Aug 23 04:58:34 2016
iptables
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1E3h6EO5zu28LaSQBqMhKRxJQQH+TwX/6m9VtAImW2uxkQ15GUa8CRmDGTQuG3y7OgnY5CUeBVZQgtLPJl3WY4bfz2LXT1ysRzEDPZCIMBFCFSktzeWoIcuaVg59S3ta5LZIp1TOM03vsipaU0zghVO6XbrJ74/YOZIE3ngWuC3ZCMiykRehPoIToLphoG1XKb001hA01cxppwqTKSPhs0YvAOhMy8On9woj2kvWYhbW7R6rPzwCVhBw1VSunYPmGHUEqcQKbfdrnENKYW0w9yM96BUkK4Y4GhikGgwngorsQh6feXDzVOeJ/UOoaa2bgE+Pv6e6OonGiiNeGz9+3w== root@iZ23k44penhZ
authorized_keys
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value. #Port 22
#ListenAddress 0.0.0.0
#ListenAddress :: # Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2 # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024 # Logging
# obsoletes QuietMode and FascistLogging
#LogLevel INFO # Authentication: #LoginGraceTime 2m
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10 #RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PermitEmptyPasswords no # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PAM authentication via ChallengeResponseAuthentication may bypass
# If you just want the PAM account and session checks to run without
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS #AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none # no default banner path
#Banner none # override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
UseDNS no
AddressFamily inet
PermitRootLogin yes
SyslogFacility AUTHPRIV
Port 2048
PasswordAuthentication no
sshd_config
#!/bin/bash
# BLOG: https://blog.linuxeye.com
# Project home page:
# https://oneinstack.com
# https://github.com/lj2007331/oneinstack export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
export LANG=en_US.UTF-8
clear
printf "
#######################################################################
# OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+ #
# Auto fdisk #
# For more information please visit http://oneinstack.com #
#######################################################################
" echo=echo
for cmd in echo /bin/echo; do
$cmd >/dev/null 2>&1 || continue
if ! $cmd -e "" | grep -qE '^-e'; then
echo=$cmd
break
fi
done
CSI=$($echo -e "\033[")
CEND="${CSI}0m"
CDGREEN="${CSI}32m"
CRED="${CSI}1;31m"
CGREEN="${CSI}1;32m"
CYELLOW="${CSI}1;33m"
CBLUE="${CSI}1;34m"
CMAGENTA="${CSI}1;35m"
CCYAN="${CSI}1;36m"
CSUCCESS="$CDGREEN"
CFAILURE="$CRED"
CQUESTION="$CMAGENTA"
CWARNING="$CYELLOW"
CMSG="$CCYAN" # Check if user is root
[ $(id -u) != "" ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; } MOUNT_DIR=/data
FSTAB_FILE=/etc/fstab count=0
TMP1=/tmp/.tmp1
TMP2=/tmp/.tmp2 > $TMP1
> $TMP2 # check lock file, one time only let the script run one time
LOCKfile=/tmp/.$(basename $0)
if [ -f "$LOCKfile" ];then
echo
echo "${CWARNING}The script is already exist, please next time to run this script${CEND}"
echo
exit
else
echo
echo "${CMSG}Step 1.No lock file, begin to create lock file and continue${CEND}"
echo
touch $LOCKfile
fi # check disk partition
check_disk() {
> $LOCKfile
for i in `fdisk -l | grep "Disk" | grep "/dev" | awk '{print $2}' | awk -F: '{print $1}' | grep "vd"`
do
if [ -z "$(blkid | grep -v 'PTTYPE="dos"' | grep -w "$i")" ];then
DEVICE_COUNT=$(fdisk -l $i | grep "$i" | awk '{print $2}' | awk -F: '{print $1}' | wc -l)
NEW_MOUNT=$(df -h)
if [ $DEVICE_COUNT -lt 2 ];then
if [ -n "$(echo $NEW_MOUNT | grep -w "$i")" -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $2}')" == '/' -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $3}')" == 'swap' ];then
echo "${CWARNING}The $i disk is mounted${CEND}"
else
echo $i >> $LOCKfile
echo "You have a free disk, Now will fdisk it and mount it"
fi
fi
fi
done
DISK_LIST=$(cat $LOCKfile)
if [ "X$DISK_LIST" == "X" ];then
echo
echo "${CWARNING}No free disk need to be fdisk. Exit script${CEND}"
echo
rm -rf $LOCKfile
exit 0
else
echo "${CMSG}This system have free disk :${CEND}"
for i in `echo $DISK_LIST`
do
echo "$i"
count=$((count+1))
done
[ $count -gt 1 ] && { echo "${CWARNING}This system has at least two free disk, You must manually mount it${CEND}"; exit 0; }
fi
} # check os
check_os() {
os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null)
os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ];then
if echo "$os_release" | grep "release 5" >/dev/null 2>&1;then
os_release=aliyun5
modify_env
fi
fi
} # install ext4
modify_env() {
modprobe ext4
yum -y install e4fsprogs
} # fdisk ,formating and create the file system
fdisk_fun() {
fdisk -S 56 $1 << EOF
n
p
1 wq
EOF sleep 5
mkfs.ext4 ${1}1
} # make directory
make_dir() {
echo "${CMSG}Step 4.Begin to make directory${CEND}"
[ -d "$MOUNT_DIR" ] && mv ${MOUNT_DIR}{,_bk}
mkdir -p $MOUNT_DIR
echo "$MOUNT_DIR" >> $TMP1
} # config /etc/fstab and mount device
main() {
for i in `echo $DISK_LIST`
do
echo
echo "${CMSG}Step 3.Begin to fdisk free disk${CEND}"
[ -n "`df -h | grep ${i}1`" ] && { echo "${CFAILURE}The ${i}1 already mount${CEND}"; echo; exit 0; }
fdisk_fun $i > /dev/null 2>&1
echo
echo "${i}1" >> $TMP2
done
make_dir
> $LOCKfile
paste $TMP2 $TMP1 > $LOCKfile
echo
echo "${CMSG}Step 5.Begin to write configuration to /etc/fstab and mount device${CEND}"
while read a b
do
[ -z "`grep ^${a} $FSTAB_FILE`" -a -z "`grep ${b} $FSTAB_FILE`" ] && echo "${a} $b ext4 defaults 0 0" >> $FSTAB_FILE
done < $LOCKfile
mount -a
echo
} # start script
echo "${CMSG}Step 2.Begin to check free disk${CEND}"
#service mysqld stop
#mv /data /root
check_os
check_disk
main
df -h
#mv /root/data/* /data
#service mysqld start
rm -rf $LOCKfile $TMP1 $TMP2
auto_disk.sh
# /etc/profile # System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc # It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates. pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
} if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`id -u`
UID=`id -ru`
fi
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi # Path manipulation
if [ "$EUID" = "" ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
pathmunge /sbin after
fi HOSTNAME=`/bin/hostname 2>/dev/null` HISTFILESIZE=200
HISTSIZE=100
HISTTIMEFORMAT="%Y%m%d-%H%M%S: " #or HISTTIMEFORMAT="%Y%m%d %T "
export HISTTIMEFORMA if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL # By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null 2>&1
fi
fi
done unset i
unset -f pathmunge
profile
options timeout:1 attempts:1 rotate
nameserver 10.143.22.116
nameserver 10.143.22.118
nameserver 8.8.8.8
nameserver 114.114.114.114
resolv.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 150000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 8192 4336600 873200
net.ipv4.tcp_rmem = 32768 4336600 873200
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
sysctl.conf
com2sec notConfigUser default 1public1 #default is all IP address
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser # name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1 access notConfigGroup "" any noauth exact all none none
view all included .1 80
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
snmpd.conf
- hosts: all
remote_user: root
tasks:
- name: ####System update ####
yum: name=* state=latest
- name: ####INSTALL LRZSX NETHOGS NLOAD####
yum: name={{item}} state=present
with_items:
- lrzsz
- nethogs
- nload - name: ####Install EPEL Yum Repo####
yum: name=http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm state=present
- name: ####Install NTP####
yum: name=ntp state=latest - name: ####Install Java 1.7 and some basic dependencies####
yum: name={{item}} state=present
with_items:
- java-1.7.0-openjdk
- libselinux-python
- libsemanage-python - name: ##### Configure iptables #####
- copy: src=iptables/iptables dest=/etc/sysconfig/iptables force=yes - name: ##### Create and Copy SSH #####
- file: path=/root/.ssh state=directory mode=0644
- copy: src=ssh/sshd_config dest=/etc/ssh/sshd_config force=yes
- copy: src=ssh/authorized_keys dest=/root/.ssh/authorized_keys force=yes
- file: path=/root/.ssh/authorized_keys mode=0600 - name: ##### Replace sysctl and profile #####
- copy: src=system/sysctl.conf dest=/etc/sysctl.conf force=yes
- copy: src=system/profile dest=/etc/profile force=yes - name: ##### Enable iptables to be started at boot #####
- service: name=iptables enabled=yes state=started - name: ##### Auto Disk to /data #####
- copy: src=fdisk/auto_disk.sh dest=/tmp/auto_disk.sh
- file: path=/tmp/auto_disk.sh mode=0700
- command: /tmp/auto_disk.sh - name: ##### INSTALL Snmpd #####
yum: name={{item}} state=present
with_items:
- net-snmp
- copy: src=snmp/snmpd.conf dest=/etc/snmp/snmpd.conf force=yes
- service: name=snmpd enabled=yes state=restarted - name: ##### Reboot #####
- command: shutdown -r now
Ansible Tower的更多相关文章
- Ansible Tower系列 四(使用tower执行一个命令)【转】
在主机清单页面中,选择一个主机清单,进入后,选择hosts里的主机 Paste_Image.png 点击 RUN COMMANDS MODULE 选择 commandARGUMENTS 填写 ifco ...
- Ansible Tower系列 三(使用tower执行一个任务)【转】
创建playbook Tower playbook 项目默认存在 /var/lib/awx/projects/ su - awx cd projects/ mkdir ansible-for-devo ...
- Ansible Tower系列 二(安装 Tower)【转】
文档:http://docs.ansible.com/ansible-tower/ 安装前检查 python版本为2.6 保持网络畅通 内存预留充足 安装用户为root 软件下载 下载地址:http: ...
- Ansible Tower 3.5.1 平台部署和破解
原创 Ansible Tower 3.5.1 平台部署和破解 Ansible Tower (以前叫’AWX’)是能够帮助任何IT团队更容易使用Ansible的解决方案.该方案基于web. Tower允 ...
- 自动运维:Ansible -ansible tower
文档主页:http://docs.ansible.com/参考文档:http://docs.ansible.com/ansible/参考文档:http://docs.ansible.com/ansib ...
- Ansible学习记录六:Tower安装
0.特别说明 1. 本文档没有特殊说明,均已root用户安装 2. 本文档中ftp传输文件的工具采用filezilla. 3. 本文档中的执行命令必须严格按照顺序而来. 4. 本文档中所用浏览器为Go ...
- Ansible Notes: Tower Credential的本质
Ansible AWX/Tower credential 的本质 Ansible Tower (社区版本叫AWX)用credential这个资源来对象来存储playbook运行过程中用到的机密信息.比 ...
- Ansible-Tower快速入门-6.查看tower的仪表板【翻译】
查看tower的仪表板 到这一步,我们已经可以在屏幕上看到tower的仪表板了,我们可以看到你目前"主机""资产清单"和"项目"的汇总信息, ...
- 【Ansible 文档】【译文】Playbooks 变量
Variables 变量 自动化的存在使得重复的做事情变得很容易,但是我们的系统不可能完全一样. 在某些系统中,你可能想要设置一些与其他系统不一样的行为和配置. 同样地,远程系统的行为和状态也可以影响 ...
随机推荐
- 通过a++来理解闭包改变作用域的问题
纯属个人理解,如果有误请指出! 让我们先看一段代码 function dog(){ var a=100; a++; return a; } alert(dog()); alert(dog()); 我们 ...
- 写简单游戏,学编程语言-python篇
好吧, 首先得承认这个题目写的夸大了,人才菜鸟一枚,游戏相关编程也是知道点概念.但是本人对游戏开发比较感兴趣,相信大多数喜欢玩玩游戏,因为它给人确实带来很多乐趣,而编程语言的学习最少对于我来说比较乏味 ...
- CUDA ---共享存储器
原文地址:http://www.cnblogs.com/1024incn/p/4605502.html shared memory在之前的博文有些介绍,这部分会专门讲解其内容.在global Memo ...
- 软件测试第三次作业——7.使用下面方法printPrimes()完成后面的问题(a)~(f)
(a)控制流图如下: (b)令MAXPRIMES=4,会出现越界错误. (c)令n=1,不会经过while循环体. (d)节点覆盖:{1,2,3,4,5,6,7,8,9,10,11,12,13,14, ...
- 【.net部署】Server Error in '/' Application.错误解决方案
报错: Server Error in '/' Application.---------------------------------------------------------------- ...
- 解决 WPF AllowsTransparency = true 和 Webbrowser 等控件显示冲突
代码: public class FormsWebBrowser { Window _owner; FrameworkElement _placementTarget; Form _form; AxA ...
- LVM逻辑卷的创建及使用
在上一篇随笔里面 LVM逻辑卷基本概念及LVM的工作原理,详细的讲解了Linux的动态磁盘管理LVM逻辑卷的基本概念以及LVM的工作原理,包括LVM中最重要的四个基本点(PE.PV.VG以及LV),这 ...
- cocos2dx 之 android java 与 c++ 互相调用 代码(以百度定位为例子)
在作cocosdx项目移植到android上时,预见各种头痛问题,今天首先就说说如何在 java 中调用c++ 代码. 这里就用百度定位为例吧,也是我项目中的一小块内容.首先,先百度一下 “百度定位s ...
- CSS元素定位6-10课
<精通CSS.DIV网页样式与布局>视频6-10课总结图: 元素定位 (1)float:left/right; 左浮动:脱离普通文档流向左浮动(即向左对齐):float属性必须应用在块级元 ...
- button标签和input button
一.定义和用法 <button> 标签定义的是一个按钮. 在 button 元素内部,可以放置文本或图像.这是<button>与使用 input 元素创建的按钮的不同之处. 二 ...