Ansible-playbook常用脚本Linux系统优化
写着写着就偷懒了,里面运行了很多shell脚本,后面我会把那些脚本全部符在后面。
别学我,初学者还是能用Ansible-playbook模块尽可能使用。
- hosts: test
remote_user: root
gather_facts: false
tasks:
- name: set disabled selinux
lineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
- name: close selinux
shell: setenforce 0
failed_when: false
- name: close firewalld service
service: name=firewalld state=stopped enabled=no
- name: yum install
yum: name=tree,nmap,dos2unix,lrzsz,nc,lsof,wget,tcpdump,htop,iftop,iotop,sysstat,nethogs,psmisc,net-tools,bash-completion,vim-enhanced,yum-utils,ntpdate state=latest
- name: run script module
script: /etc/ansible/script/yumins.sh
- name: run kernel optimize
script: /etc/ansible/script/kernel.optimize.sh
- name: run kernel update
script: /etc/ansible/script/kernel.update.sh
- name: cron ntpdate
cron:
name: sync time
minute: "5"
hour: "0"
job: /sbin/ntpdate ntp3.aliyum.com >/dev/null 2>&1
state: present
- name: reboot server
shell: "/sbin/shutdown -r +1 &"
script: /etc/ansible/script/yumins.sh
#!/bin/bash
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
systemctl restart sshd.service
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache && echo "yum aliyun set ok"
yum update -y
script: /etc/ansible/script/kernel.optimize.sh
#!/bin/bash
echo '* - nofile 65535 ' >>/etc/security/limits.conf
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
EOF
script: /etc/ansible/script/kernel.update.sh
#!/bin/bash
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel -y install kernel-ml kernel-ml-devel
sed -i s/saved/0/g /etc/default/grub&&
grub2-mkconfig -o /boot/grub2/grub.cfg