一、描述

拿到一批机器,需要做首先是修改ssh端口,防火墙配置,以及limits.conf控制文件描述符,进程数,栈大小等。

二、剧本如下:

----hosts:"{{host}}"remote_user:"{{user}}"gather_facts:falsetasks:-name:Modifysshport69410lineinfile:dest:/etc/ssh/{{item}}regexp:'^Port69410'insertafter:'#Port22'line:'Port69410'with_items:-sshd_config-ssh_configtags:-sshport-name:Setsysctlfilelimiits#pam_limits:domain='*'limit_type=`item`.`limit_type`limit_item=`item`.`limit_item`value=`item`.`value`pam_limits:dest:"{{item.dest}}"domain:'*'limit_type:"{{item.limit_type}}"limit_item:"{{item.limit_item}}"value:"{{item.value}}"with_items:-{dest:'/etc/security/limits.conf',limit_type:'soft',limit_item:'nofile',value:'655350'}-{dest:'/etc/security/limits.conf',limit_type:'hard',limit_item:'nofile',value:'655350'}-{dest:'/etc/security/limits.conf',limit_type:'soft',limit_item:'nproc',value:'102400'}-{dest:'/etc/security/limits.conf',limit_type:'hard',limit_item:'nproc',value:'102400'}-{dest:'/etc/security/limits.conf',limit_type:'soft',limit_item:'sigpending',value:'255377'}-{dest:'/etc/security/limits.conf',limit_type:'hard',limit_item:'sigpending',value:'255377'}-{dest:'/etc/security/limits.d/90-nproc.conf',limit_type:'soft',limit_item:'nproc',value:'262144'}-{dest:'/etc/security/limits.d/90-nproc.conf',limit_type:'hard',limit_item:'nproc',value:'262144'}tags:-setlimits