> 文档中心 > Ansible-playbook常用脚本Linux系统优化

Ansible-playbook常用脚本Linux系统优化

写着写着就偷懒了,里面运行了很多shell脚本,后面我会把那些脚本全部符在后面。

别学我,初学者还是能用Ansible-playbook模块尽可能使用。

- hosts: test
  remote_user: root
  gather_facts: false
  tasks:
  - name: set disabled selinux
    lineinfile:
       dest: /etc/selinux/config
       regexp: '^SELINUX='
       line: 'SELINUX=disabled'
  - name: close selinux
    shell: setenforce 0
    failed_when: false
  - name: close firewalld service
    service: name=firewalld state=stopped enabled=no
  - name: yum install
    yum: name=tree,nmap,dos2unix,lrzsz,nc,lsof,wget,tcpdump,htop,iftop,iotop,sysstat,nethogs,psmisc,net-tools,bash-completion,vim-enhanced,yum-utils,ntpdate state=latest
  - name: run script module
    script: /etc/ansible/script/yumins.sh
  - name: run kernel optimize
    script: /etc/ansible/script/kernel.optimize.sh
  - name: run kernel update
    script: /etc/ansible/script/kernel.update.sh
  - name: cron ntpdate
    cron:
       name: sync time
       minute: "5"
       hour: "0"
       job: /sbin/ntpdate ntp3.aliyum.com >/dev/null 2>&1
       state: present
  - name: reboot server
    shell: "/sbin/shutdown -r +1 &"

 script: /etc/ansible/script/yumins.sh

#!/bin/bash
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
systemctl restart sshd.service
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache && echo "yum aliyun set ok"
yum update -y

script: /etc/ansible/script/kernel.optimize.sh

#!/bin/bash
echo '* - nofile 65535 ' >>/etc/security/limits.conf
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
EOF

script: /etc/ansible/script/kernel.update.sh

#!/bin/bash
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel -y install kernel-ml kernel-ml-devel
sed -i s/saved/0/g /etc/default/grub&&
grub2-mkconfig -o /boot/grub2/grub.cfg

字库吧