笔记一: ansible 安装配置
- hosts: testremote_user: root
tasks:
- name: copy authorized_keys
template: src=~/.ssh/id_rsa.pub
dest=/root/.ssh/authorized_keys
# - name: iptables ##将iptables11行对应内容替换
# shell: sed -i '11s/REJECT/ACCEPT/' /etc/sysconfig/iptables
- name: backup
shell: cd /etc/yum.repos.d/ && mkdir bak && mv epel.repo yum.repo bak/
- name: Download epel
get_url: url=https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm dest=/etc/yum.repos.d/salt-repo-latest-1.el6.noarch.rpm
- name: Install epel
shell: rpm -ivh /etc/yum.repos.d/salt-repo-latest-1.el6.noarch.rpm creates=/etc/yum.repos.d/salt.repo
- name: Clean cache
shell: yum clean all
- name:
shell: yum makecache
- name: Install salt-minion
yum: name=salt-minion state=latest
- name: copy salt conf file(##拷贝的文件在本机创建好,并改好配置)
copy: src=/etc/ansible/files/minion dest=/etc/salt/minion
## ALLOW> - iptables: chain=INPUT ctstate=RELATED,ESTABLISHED jump=ACCEPT
## ALLOW IP
- iptables: chain=INPUT in_interface=eth0 protocol=tcp match=tcp source=192.168.233.124 destination_port=22 jump=ACCEPT
## REJECT icmp
- iptables: chain=INPUT in_interface=eth0 protocol=icmp jump=REJECT
- iptables: chain=FORWARD in_interface=eth0 protocol=icmp jump=REJECT
## REJECT lo
- iptables: chain=INPUT in_interface=lo jump=ACCEPT
- name: save iptables
command: service iptables save
- name: iptables restart
shell: /etc/init.d/iptables restart
页:
[1]