Ansible Tower
# Generated by iptables-save v1.4.7 on Tue Aug 23 04:58:34 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2048 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Tue Aug 23 04:58:34 2016
iptables
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1E3h6EO5zu28LaSQBqMhKRxJQQH+TwX/6m9VtAImW2uxkQ15GUa8CRmDGTQuG3y7OgnY5CUeBVZQgtLPJl3WY4bfz2LXT1ysRzEDPZCIMBFCFSktzeWoIcuaVg59S3ta5LZIp1TOM03vsipaU0zghVO6XbrJ74/YOZIE3ngWuC3ZCMiykRehPoIToLphoG1XKb001hA01cxppwqTKSPhs0YvAOhMy8On9woj2kvWYhbW7R6rPzwCVhBw1VSunYPmGHUEqcQKbfdrnENKYW0w9yM96BUkK4Y4GhikGgwngorsQh6feXDzVOeJ/UOoaa2bgE+Pv6e6OonGiiNeGz9+3w== root@iZ23k44penhZ
authorized_keys
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value. #Port 22
#ListenAddress 0.0.0.0
#ListenAddress :: # Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2 # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024 # Logging
# obsoletes QuietMode and FascistLogging
#LogLevel INFO # Authentication: #LoginGraceTime 2m
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10 #RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PermitEmptyPasswords no # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PAM authentication via ChallengeResponseAuthentication may bypass
# If you just want the PAM account and session checks to run without
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS #AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none # no default banner path
#Banner none # override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
UseDNS no
AddressFamily inet
PermitRootLogin yes
SyslogFacility AUTHPRIV
Port 2048
PasswordAuthentication no
sshd_config
#!/bin/bash
# BLOG: https://blog.linuxeye.com
# Project home page:
# https://oneinstack.com
# https://github.com/lj2007331/oneinstack export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
export LANG=en_US.UTF-8
clear
printf "
#######################################################################
# OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+ #
# Auto fdisk #
# For more information please visit http://oneinstack.com #
#######################################################################
" echo=echo
for cmd in echo /bin/echo; do
$cmd >/dev/null 2>&1 || continue
if ! $cmd -e "" | grep -qE '^-e'; then
echo=$cmd
break
fi
done
CSI=$($echo -e "\033[")
CEND="${CSI}0m"
CDGREEN="${CSI}32m"
CRED="${CSI}1;31m"
CGREEN="${CSI}1;32m"
CYELLOW="${CSI}1;33m"
CBLUE="${CSI}1;34m"
CMAGENTA="${CSI}1;35m"
CCYAN="${CSI}1;36m"
CSUCCESS="$CDGREEN"
CFAILURE="$CRED"
CQUESTION="$CMAGENTA"
CWARNING="$CYELLOW"
CMSG="$CCYAN" # Check if user is root
[ $(id -u) != "" ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; } MOUNT_DIR=/data
FSTAB_FILE=/etc/fstab count=0
TMP1=/tmp/.tmp1
TMP2=/tmp/.tmp2 > $TMP1
> $TMP2 # check lock file, one time only let the script run one time
LOCKfile=/tmp/.$(basename $0)
if [ -f "$LOCKfile" ];then
echo
echo "${CWARNING}The script is already exist, please next time to run this script${CEND}"
echo
exit
else
echo
echo "${CMSG}Step 1.No lock file, begin to create lock file and continue${CEND}"
echo
touch $LOCKfile
fi # check disk partition
check_disk() {
> $LOCKfile
for i in `fdisk -l | grep "Disk" | grep "/dev" | awk '{print $2}' | awk -F: '{print $1}' | grep "vd"`
do
if [ -z "$(blkid | grep -v 'PTTYPE="dos"' | grep -w "$i")" ];then
DEVICE_COUNT=$(fdisk -l $i | grep "$i" | awk '{print $2}' | awk -F: '{print $1}' | wc -l)
NEW_MOUNT=$(df -h)
if [ $DEVICE_COUNT -lt 2 ];then
if [ -n "$(echo $NEW_MOUNT | grep -w "$i")" -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $2}')" == '/' -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $3}')" == 'swap' ];then
echo "${CWARNING}The $i disk is mounted${CEND}"
else
echo $i >> $LOCKfile
echo "You have a free disk, Now will fdisk it and mount it"
fi
fi
fi
done
DISK_LIST=$(cat $LOCKfile)
if [ "X$DISK_LIST" == "X" ];then
echo
echo "${CWARNING}No free disk need to be fdisk. Exit script${CEND}"
echo
rm -rf $LOCKfile
exit 0
else
echo "${CMSG}This system have free disk :${CEND}"
for i in `echo $DISK_LIST`
do
echo "$i"
count=$((count+1))
done
[ $count -gt 1 ] && { echo "${CWARNING}This system has at least two free disk, You must manually mount it${CEND}"; exit 0; }
fi
} # check os
check_os() {
os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null)
os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ];then
if echo "$os_release" | grep "release 5" >/dev/null 2>&1;then
os_release=aliyun5
modify_env
fi
fi
} # install ext4
modify_env() {
modprobe ext4
yum -y install e4fsprogs
} # fdisk ,formating and create the file system
fdisk_fun() {
fdisk -S 56 $1 << EOF
n
p
1 wq
EOF sleep 5
mkfs.ext4 ${1}1
} # make directory
make_dir() {
echo "${CMSG}Step 4.Begin to make directory${CEND}"
[ -d "$MOUNT_DIR" ] && mv ${MOUNT_DIR}{,_bk}
mkdir -p $MOUNT_DIR
echo "$MOUNT_DIR" >> $TMP1
} # config /etc/fstab and mount device
main() {
for i in `echo $DISK_LIST`
do
echo
echo "${CMSG}Step 3.Begin to fdisk free disk${CEND}"
[ -n "`df -h | grep ${i}1`" ] && { echo "${CFAILURE}The ${i}1 already mount${CEND}"; echo; exit 0; }
fdisk_fun $i > /dev/null 2>&1
echo
echo "${i}1" >> $TMP2
done
make_dir
> $LOCKfile
paste $TMP2 $TMP1 > $LOCKfile
echo
echo "${CMSG}Step 5.Begin to write configuration to /etc/fstab and mount device${CEND}"
while read a b
do
[ -z "`grep ^${a} $FSTAB_FILE`" -a -z "`grep ${b} $FSTAB_FILE`" ] && echo "${a} $b ext4 defaults 0 0" >> $FSTAB_FILE
done < $LOCKfile
mount -a
echo
} # start script
echo "${CMSG}Step 2.Begin to check free disk${CEND}"
#service mysqld stop
#mv /data /root
check_os
check_disk
main
df -h
#mv /root/data/* /data
#service mysqld start
rm -rf $LOCKfile $TMP1 $TMP2
auto_disk.sh
# /etc/profile # System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc # It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates. pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
} if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`id -u`
UID=`id -ru`
fi
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi # Path manipulation
if [ "$EUID" = "" ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
pathmunge /sbin after
fi HOSTNAME=`/bin/hostname 2>/dev/null` HISTFILESIZE=200
HISTSIZE=100
HISTTIMEFORMAT="%Y%m%d-%H%M%S: " #or HISTTIMEFORMAT="%Y%m%d %T "
export HISTTIMEFORMA if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL # By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null 2>&1
fi
fi
done unset i
unset -f pathmunge
profile
options timeout:1 attempts:1 rotate
nameserver 10.143.22.116
nameserver 10.143.22.118
nameserver 8.8.8.8
nameserver 114.114.114.114
resolv.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 150000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 8192 4336600 873200
net.ipv4.tcp_rmem = 32768 4336600 873200
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
sysctl.conf
com2sec notConfigUser default 1public1 #default is all IP address
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser # name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1 access notConfigGroup "" any noauth exact all none none
view all included .1 80
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
snmpd.conf
- hosts: all
remote_user: root
tasks:
- name: ####System update ####
yum: name=* state=latest
- name: ####INSTALL LRZSX NETHOGS NLOAD####
yum: name={{item}} state=present
with_items:
- lrzsz
- nethogs
- nload - name: ####Install EPEL Yum Repo####
yum: name=http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm state=present
- name: ####Install NTP####
yum: name=ntp state=latest - name: ####Install Java 1.7 and some basic dependencies####
yum: name={{item}} state=present
with_items:
- java-1.7.0-openjdk
- libselinux-python
- libsemanage-python - name: ##### Configure iptables #####
- copy: src=iptables/iptables dest=/etc/sysconfig/iptables force=yes - name: ##### Create and Copy SSH #####
- file: path=/root/.ssh state=directory mode=0644
- copy: src=ssh/sshd_config dest=/etc/ssh/sshd_config force=yes
- copy: src=ssh/authorized_keys dest=/root/.ssh/authorized_keys force=yes
- file: path=/root/.ssh/authorized_keys mode=0600 - name: ##### Replace sysctl and profile #####
- copy: src=system/sysctl.conf dest=/etc/sysctl.conf force=yes
- copy: src=system/profile dest=/etc/profile force=yes - name: ##### Enable iptables to be started at boot #####
- service: name=iptables enabled=yes state=started - name: ##### Auto Disk to /data #####
- copy: src=fdisk/auto_disk.sh dest=/tmp/auto_disk.sh
- file: path=/tmp/auto_disk.sh mode=0700
- command: /tmp/auto_disk.sh - name: ##### INSTALL Snmpd #####
yum: name={{item}} state=present
with_items:
- net-snmp
- copy: src=snmp/snmpd.conf dest=/etc/snmp/snmpd.conf force=yes
- service: name=snmpd enabled=yes state=restarted - name: ##### Reboot #####
- command: shutdown -r now
Ansible Tower的更多相关文章
- Ansible Tower系列 四(使用tower执行一个命令)【转】
在主机清单页面中,选择一个主机清单,进入后,选择hosts里的主机 Paste_Image.png 点击 RUN COMMANDS MODULE 选择 commandARGUMENTS 填写 ifco ...
- Ansible Tower系列 三(使用tower执行一个任务)【转】
创建playbook Tower playbook 项目默认存在 /var/lib/awx/projects/ su - awx cd projects/ mkdir ansible-for-devo ...
- Ansible Tower系列 二(安装 Tower)【转】
文档:http://docs.ansible.com/ansible-tower/ 安装前检查 python版本为2.6 保持网络畅通 内存预留充足 安装用户为root 软件下载 下载地址:http: ...
- Ansible Tower 3.5.1 平台部署和破解
原创 Ansible Tower 3.5.1 平台部署和破解 Ansible Tower (以前叫’AWX’)是能够帮助任何IT团队更容易使用Ansible的解决方案.该方案基于web. Tower允 ...
- 自动运维:Ansible -ansible tower
文档主页:http://docs.ansible.com/参考文档:http://docs.ansible.com/ansible/参考文档:http://docs.ansible.com/ansib ...
- Ansible学习记录六:Tower安装
0.特别说明 1. 本文档没有特殊说明,均已root用户安装 2. 本文档中ftp传输文件的工具采用filezilla. 3. 本文档中的执行命令必须严格按照顺序而来. 4. 本文档中所用浏览器为Go ...
- Ansible Notes: Tower Credential的本质
Ansible AWX/Tower credential 的本质 Ansible Tower (社区版本叫AWX)用credential这个资源来对象来存储playbook运行过程中用到的机密信息.比 ...
- Ansible-Tower快速入门-6.查看tower的仪表板【翻译】
查看tower的仪表板 到这一步,我们已经可以在屏幕上看到tower的仪表板了,我们可以看到你目前"主机""资产清单"和"项目"的汇总信息, ...
- 【Ansible 文档】【译文】Playbooks 变量
Variables 变量 自动化的存在使得重复的做事情变得很容易,但是我们的系统不可能完全一样. 在某些系统中,你可能想要设置一些与其他系统不一样的行为和配置. 同样地,远程系统的行为和状态也可以影响 ...
随机推荐
- java 多线程
1.继承Thread类实现多线程继承Thread类的方法尽管被我列为一种多线程实现方式,但Thread本质上也是实现了Runnable接口的一个实例,它代表一个线程的实例,并且,启动线程的唯一方法就是 ...
- WebGL如何解决中文文字载入
关于WebGL载入中文字体问题,我在网上搜了一下,发现例子并不多,而且只能实现隶书的载入,不支持其他中文字体. 下面是实现的代码: <script src="../js/three.m ...
- xamarin for android 生成时“java.exe已退出 代码为1”
Xamarin Studio中创建了一个Android Application 运行时出现错误:C:\Program Files\MSBuild\Xamarin\Android\Xamarin.And ...
- Longest Increasing Path in a Matrix -- LeetCode 329
Given an integer matrix, find the length of the longest increasing path. From each cell, you can eit ...
- Container With Most Water -- LeetCode 11
Given n non-negative integers a1, a2, ..., an, where each represents a point at coordinate (i, ai). ...
- linux cron计划任务
说明:Crontab是Linux系统中在固定时间执行某一个程序的工具,类似于Windows系统中的任务计划程序 下面通过详细实例来说明在Linux系统中如何使用Crontab 操作系统:CentOS ...
- magento的url中 去掉多余的目录层级
有时我们需要仅仅显示一层目录的URL路径.而不要出现多个路径的现实,我们可以用以下方法修改: Edit /app/code/core/Mage/Catalog/Model/Url.php 找到632 ...
- Android 学习第12课,应用出错信息
应用在运行时,出现的错误信息都会在LogCat中显示 如果调出LogCat ? 菜单:窗口 -> 显示视图 -> 其他 -> LogCat
- REDIS fdatasync技术问题和BIO技术的引入
http://oldblog.antirez.com/post/fsync-different-thread-useless.html 这是原文作者的博客 把他翻译下 带上自己的一些理解 看看作者引入 ...
- Node调用C++(dll)
最近开始搞毕设了,打算用自己拿手的js来搞,但是仿佛入坑了,Node还不是很熟.总之,兵来将挡,水来土掩嘛,带着问题学习才是最高效的. 折腾1:Node 调用 C++ 刚开始,虽然我老师把dll文件给 ...