运维
Tcpdump抓包工具
tshark抓包工具
Ansible
Ansible配置
Ansible-远程命令模块( command / script / shell )
Ansible-常用模块
PlayBook
PlayBook-变量
PlayBook-条件/循环
PlayBook-Tags
PlayBook-常用脚本
Ansible-Vault(数据安全)
Ansible-API
Ansible实践
JMeter测试软件
JMeter性能指标
Curl
综合分析工具
磁盘/IO工具
网络分析工具
JAVA分析工具
更换硬盘
Linux启动流程
安装问题
GURB加密
修改默认启动项
Root密码忘记
重装内核、GRUB
Too many open files错误
误删文件,内存恢复
Read-only file system错误
本文档使用MrDoc发布
返回首页
-
+
PlayBook-常用脚本
2021年6月16日 10:34
admin
#批量修改密码 - hosts: TestLinux gather_facts: false tasks: - name: change_user_passwd user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }} update_password=always with_items: - { name: 'root', chpass: '1111111' } #- { name: 'test', chpass: 'yjun@123' } --- #ZabbixAgent安装 ####变量配置文件 vim zabbix_vars.yml --------------------------------------------- LOCAL_ZABBIX_IP: 10.188.100.11 IMS_ZABBIX_IP: 116.31.71.155 TIMEOUT: 30 PARAMETERS: 1 ####playbook.yaml文件: vim zabbix_install.yml --------------------------------------------- - hosts: ZabbixHost vars_files: - vars/zabbix_vars.yml tasks: - name: send zabbix-agent-7 copy: src=files/zabbix-agent-4.4.7-1.el7.x86_64.rpm dest=/tmp/ owner=root group=root mode=755 when: ansible_distribution_major_version == "7" - name: send zabbix-agent-6 copy: src=files/zabbix-agent-4.4.7-1.el6.x86_64.rpm desc=/tmp/ owner=root group=root mode=755 when: ansible_distribution_major_version == "6" - name: install zabbix-agent-7 shell: rpm -iU /tmp/zabbix-agent-4.4.7-1.el7.x86_64.rpm when: ansible_distribution_major_version == "7" - name: install zabbix-agent-6 shell: rpm -iU /tmp/zabbix-agent-4.4.7-1.el6.x86_64.rpm when: ansible_distribution_major_version == "6" - name: changed conf_file template: src: templates/zabbix_agentd.conf.j2 dest: /etc/zabbix/zabbix_agentd.conf when: ansible_default_ipv4.network == "10.188.100.0" or ansible_default_ipv4.network == "172.16.10.0" | ternary({{ LOCAL_ZABBIX_IP }},{{ IMS_ZABBIX_IP }}) - name: start zabbix-agent service: name=zabbix-agent state=restarted ####zabbix_agentd.conf.j2文件: --------------------------------------------- Server={{ ZABBIX_SERVER_IP }} ServerActive={{ ZABBIX_SERVER_IP }} Hostname={{ AGENT_IP }} Timeout={{ TIMEOUT }} UnsafeUserParameters={{ PARAMETERS }} --- #Fail2Ban安装 ####F2B_ssh.yml文件: vim F2B_ssh.yml --------------------------------------------- - hosts: Ali #gather_facts: false tasks: - name: install_fail2ban_service7 yum: name=fail2ban state=latest when: ansible_distribution_major_version == "7" - name: send_fail2ban_service6 copy: src=/opt/AnsibleTools/F2B_ssh/f2b_server6 dest=/root/ owner=root group=root mode=755 when: ansible_distribution_major_version == "6" - name: install_fail2ban_service6 shell: yum -y localinstall /root/f2b_server6/* when: ansible_distribution_major_version == "6" - name: template_f2b_ssh template: src=/opt/AnsibleTools/F2B_ssh/jail.conf dest=/etc/fail2ban/jail.conf - name: start_fail2ban7 systemd: name=fail2ban enabled=yes state=started when: ansible_distribution_major_version == "7" - name: start_fail2ban6 service: name=fail2ban enabled=yes state=started when: ansible_distribution_major_version == "6" - name: reload_fail2ban_rule shell: fail2ban-client reload - name: check_fail2ban_ssh_rule shell: fail2ban-client status ssh-iptables ####jail.conf文件: #添加以下内容: #ssh防暴力破解 [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port={{ ansible_ssh_port }}, protocol=tcp] logpath = /var/log/secure ignoreip = 120.196.123.122 maxretry = 3 findtime = 300 bantime = 86400
分享到: