^-^
centos7基础优化
  1. 概览
  2. 文件
    1. tasks
    2. handlers
    3. files

对初始状态的服务器进行基础系统优化,包括分发hosts文件、关闭selinux、调整yum源、分发yum配置文件、更新系统工具、下载必备工具、调整时区,设置时间同步,关闭无用服务,优化SSH。

概览

入口文件

1
2
3
4
5
6
7
8
9
10
|root@m01 ansible|$ cat basic_optimization.yml 

---

- hosts: all
  remote_user: dengpangpang
  become: true
  become_method: sudo
  roles: 
    - basic_optimization

角色目录结构

1
2
3
4
5
6
7
8
9
10
|root@m01 roles|$ tree -F
.
└── basic_optimization/
    ├── files/
    │   ├── hosts
    │   └── yum.conf
    ├── handlers/
    │   └── main.yml
    └── tasks/
        └── main.yml

文件

tasks

main.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
---

- name: Distribute hosts file
  copy: 
    src: hosts
    dest: /etc/hosts

- name: Disable selinux
  selinux:
    state: disabled

- name: Back up yum Base repo
  copy: src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/CentOS-Base.repo.backup remote_src=true

- name: Update yum repo
  get_url: url={{ item.url }} dest={{ item.dest }}
  with_items:
    - { url: 'http://mirrors.aliyun.com/repo/Centos-7.repo', dest: '/etc/yum.repos.d/CentOS-Base.repo' }
    - { url: 'http://mirrors.aliyun.com/repo/epel-7.repo', dest: '/etc/yum.repos.d/epel.repo' }

- name: Distribute yum conf
  copy: src=yum.conf dest=/etc/yum.conf

- name: Update yum packages
  yum: 
    name: '*'
    state: latest

- name: Install essential packages
  yum: 
    name: ['tree', 'nmap', 'sysstat', 'lrzsz', 'telnet', 'bash-completion', 'bash-completion-extras', 'vim', 'lsof', 'net-tools', 'ntpdate',  'wget'] 
    state: present

- name: Set timezone to Asia/Shanghai
  timezone:
    name: Asia/Shanghai
 

- name: Disable unused services
  service: name={{ item }} enabled=false state=stopped
  with_items:
    - firewalld.service
    - postfix.service
    - NetworkManager.service

- name: Cron for sync time
  cron:
    name: sync time
    hour: '*/1'
    job: "/usr/sbin/ntpdate ntp.aliyun.com &> /dev/null"
    state: present

- name: Configure SSH
  lineinfile: path=/etc/ssh/sshd_config regexp={{ item.regexp }} line={{ item.line }}
  with_items:
    - { regexp: '^PermitRootLogin', line: 'PermitRootLogin yes' }
    - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication yes' }
    - { regexp: '^UseDNS', line: 'UseDNS no' }
    - { regexp: '^GSSAPIAuthentication', line: 'GSSAPIAuthentication no' }
    - { regexp: '^PermitEmptyPasswords', line: 'PermitEmptyPasswords no' }
  notify: restart sshd

handlers

main.yml

1
2
3
4
5
---

- name: restart sshd
  service: name=sshd state=restarted

files

hosts

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.110.144 lb401
192.168.110.145 lb402
192.168.110.135 lb01    
192.168.110.136 lb02
192.168.110.137 web01
192.168.110.138 web02
192.168.110.139 sweb01
192.168.110.140 sweb02
192.168.110.141 nfs
192.168.110.142 backup
192.168.110.143 db01
192.168.110.128 m01

yum.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[main]
keepcache=1
installonlypkgs=*
cachedir=/var/cache/yum/$basearch/$releasever
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

2023-12-05 该篇文章被 邓胖胖 打上标签: Ansible剧本 归为分类: 工作笔记