请注意,本文编写于 136 天前,最后修改于 116 天前,其中某些信息可能已经过时。
目录
ansible脚本
检查 s-course-server 和 s-gateway 的句柄数,并保存日志
hosts
[root@ecs-564e ~/cron/ansible_jubing]$ cat hosts [servers] 192.168.xx.xx
playbook.yml 第一版随便优化
--- - name: 检查 s-course-server 和 s-gateway 的句柄数,并保存日志 hosts: servers # 替换为目标主机的组名或 IP 地址 gather_facts: yes tasks: - name: 获取 s-course-server 进程的 PID shell: "pgrep -f 's-course-server'" register: course_pid failed_when: false changed_when: false - name: 输出 s-course-server PID debug: msg: "s-course-server PID: {{ course_pid.stdout }}" - name: 获取 s-course-server 进程的句柄数 shell: "lsof -p {{ course_pid.stdout }} | wc -l" register: course_handles when: course_pid.stdout != "" failed_when: false changed_when: false - name: 确保 s-course-server 日志目录存在 file: path: "/home/mydata/s-course-server" state: directory mode: '0755' - name: 查看 s-course-server 的 lsof 输出 shell: "lsof -p {{ course_pid.stdout }}" register: lsof_output_course failed_when: false changed_when: false - name: 输出 s-course-server lsof 输出 debug: msg: "{{ lsof_output_course.stdout }}" - name: 保存 s-course-server 进程的 lsof 输出到日志文件 shell: "lsof -p {{ course_pid.stdout }} > /home/mydata/s-course-server/s-course-server-{{ ansible_date_time.iso8601 | regex_replace('[:\\-]', '') }}.log" when: course_pid.stdout != "" failed_when: false changed_when: false - name: 获取 s-gateway 进程的 PID shell: "pgrep -f 's-gateway'" register: gateway_pid failed_when: false changed_when: false - name: 输出 s-gateway PID debug: msg: "s-gateway PID: {{ gateway_pid.stdout }}" - name: 获取 s-gateway 进程的句柄数 shell: "lsof -p {{ gateway_pid.stdout }} | wc -l" register: gateway_handles when: gateway_pid.stdout != "" failed_when: false changed_when: false - name: 确保 s-gateway 日志目录存在 file: path: "/home/mydata/s-gateway" state: directory mode: '0755' - name: 查看 s-gateway 的 lsof 输出 shell: "lsof -p {{ gateway_pid.stdout }}" register: lsof_output_gateway failed_when: false changed_when: false - name: 输出 s-gateway lsof 输出 debug: msg: "{{ lsof_output_gateway.stdout }}" - name: 保存 s-gateway 进程的 lsof 输出到日志文件 shell: "lsof -p {{ gateway_pid.stdout }} > /home/mydata/s-gateway/s-gateway-{{ ansible_date_time.iso8601 | regex_replace('[:\\-]', '') }}.log" when: gateway_pid.stdout != "" failed_when: false changed_when: false - name: 检查并发送钉钉通知 - s-course-server when: course_handles.stdout | int >= 300 uri: url: "https://oapi.dingtalk.com/robot/send?access_token=xx" method: POST headers: Content-Type: "application/json" body: | { "msgtype": "text", "text": { "content": "警告:s-course-server 进程的句柄数已达到 {{ course_handles.stdout }},请注意!机器 IP 地址:{{ inventory_hostname }},日志目录:/home/mydata/s-course-server" } } body_format: json status_code: 200 - name: 检查并发送钉钉通知 - s-gateway when: gateway_handles.stdout | int >= 300 uri: url: "https://oapi.dingtalk.com/robot/send?access_token=xxx" method: POST headers: Content-Type: "application/json" body: | { "msgtype": "text", "text": { "content": "警告:s-gateway 进程的句柄数已达到 {{ gateway_handles.stdout }},请注意!机器 IP 地址:{{ inventory_hostname }},日志目录:/home/mydata/s-gateway" } } body_format: json status_code: 200
执行命令
ansible-playbook -i hosts playbook.yml
22 端口ping
--- - name: 用ping测试连通性 hosts: servers gather_facts: no tasks: - name: Ping test ping:
add hosts
[root@ecs-564e ~/cron/ansible_allsshd]$ cat allsshd.yml --- - name: 管理 hosts.allow 文件 hosts: all become: yes gather_facts: no # 禁用收集事实 vars: action: "add" tasks: - name: "使用 shell 命令添加 ALL: ALL" shell: echo 'ALL:ALL' >> /etc/hosts.allow when: action == "add"
edr脚本
[root@ecs-564e ~/ansbile]$ cat edr.yaml - name: 下载并执行 agent_setup.sh 并检查进程 hosts: all gather_facts: no tasks: - name: 检查主机的 22 端口 ansible.builtin.wait_for: port: 22 timeout: 5 register: port_check ignore_errors: yes - name: 下载并执行 agent_setup.sh ansible.builtin.shell: > wget --no-check-certificate http://192.168.1.245:10571/download/linux/KFDX2023/192.168.1.245_10571/1/agent_setup.sh -O agent_setup.sh && chmod +x agent_setup.sh && ./agent_setup.sh when: port_check is succeeded register: setup_result ignore_errors: yes - name: 输出下载和执行的日志 debug: var: setup_result.stdout - name: 检查 edr 进程 ansible.builtin.shell: ps -ef | grep edr register: edr_process ignore_errors: yes - name: 输出 edr 进程状态 debug: var: edr_process.stdout [root@ecs-564e ~/ansbile]$
日志
[root@ecs-564e ~/ansbile]$ cat rizhi.yaml - name: 修改 rsyslog 配置并重启服务 hosts: all gather_facts: no tasks: - name: 检查主机的 22 端口 ansible.builtin.wait_for: port: 22 timeout: 5 register: port_check ignore_errors: yes - name: 检查 /etc/rsyslog.conf 是否包含指定内容 ansible.builtin.command: cat /etc/rsyslog.conf register: check_result ignore_errors: yes - name: 修改 /etc/rsyslog.conf 配置文件 ansible.builtin.shell: | echo '*.* @192.168.1.105' >> /etc/rsyslog.conf when: port_check is succeeded and "'*.* @192.168.1.105' not in check_result.stdout" register: modify_result ignore_errors: yes - name: 重启 rsyslog 服务 ansible.builtin.systemd: name: rsyslog state: restarted when: modify_result is succeeded - name: 输出修改结果 debug: var: modify_result.stdout - name: 输出检查结果 debug: var: check_result.stdout [root@ecs-564e ~/ansbile]$
批量ssh认证
[root@localhost ansible]# cat hosts_renzheng.ini [centos] 10.100.23.121 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.122 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.123 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.124 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.125 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.126 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.127 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.128 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.129 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.130 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.131 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.132 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.133 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.134 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10.100.23.136 ansible_ssh_user=root ansible_ssh_pass=密码 ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[root@localhost ansible]# cat ssh_copy_id.yml --- - name: 批量通过 ssh-copy-id 实现密钥认证 hosts: centos become: yes tasks: - name: 将控制节点的公钥复制到目标主机 authorized_key: user: "{{ ansible_ssh_user }}" state: present key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
执行
ansible-playbook -i hosts_renzheng.ini ssh_copy_id.yml
如果对你有用的话,可以打赏哦
打赏
目录