# Generated by iptables-save v1.4.7 on Tue Aug 23 04:58:34 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2048 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Tue Aug 23 04:58:34 2016

iptables

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1E3h6EO5zu28LaSQBqMhKRxJQQH+TwX/6m9VtAImW2uxkQ15GUa8CRmDGTQuG3y7OgnY5CUeBVZQgtLPJl3WY4bfz2LXT1ysRzEDPZCIMBFCFSktzeWoIcuaVg59S3ta5LZIp1TOM03vsipaU0zghVO6XbrJ74/YOZIE3ngWuC3ZCMiykRehPoIToLphoG1XKb001hA01cxppwqTKSPhs0YvAOhMy8On9woj2kvWYhbW7R6rPzwCVhBw1VSunYPmGHUEqcQKbfdrnENKYW0w9yM96BUkK4Y4GhikGgwngorsQh6feXDzVOeJ/UOoaa2bgE+Pv6e6OonGiiNeGz9+3w== root@iZ23k44penhZ

authorized_keys

#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PAM authentication via ChallengeResponseAuthentication may bypass
# If you just want the PAM account and session checks to run without
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server
UseDNS no
AddressFamily inet
PermitRootLogin yes
SyslogFacility AUTHPRIV
Port 2048
PasswordAuthentication no

sshd_config

#!/bin/bash
# BLOG:  https://blog.linuxeye.com
# Project home page:
#       https://oneinstack.com
#       https://github.com/lj2007331/oneinstack

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
export LANG=en_US.UTF-8
clear
printf "
#######################################################################
#       OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+      #
#                             Auto fdisk                              #
#       For more information please visit http://oneinstack.com       #
#######################################################################
"

echo=echo
for cmd in echo /bin/echo; do
        $cmd >/dev/null 2>&1 || continue
        if ! $cmd -e "" | grep -qE '^-e'; then
                echo=$cmd
                break
        fi
done
CSI=$($echo -e "\033[")
CEND="${CSI}0m"
CDGREEN="${CSI}32m"
CRED="${CSI}1;31m"
CGREEN="${CSI}1;32m"
CYELLOW="${CSI}1;33m"
CBLUE="${CSI}1;34m"
CMAGENTA="${CSI}1;35m"
CCYAN="${CSI}1;36m"
CSUCCESS="$CDGREEN"
CFAILURE="$CRED"
CQUESTION="$CMAGENTA"
CWARNING="$CYELLOW"
CMSG="$CCYAN"

# Check if user is root
[ $(id -u) != " ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; } 

MOUNT_DIR=/data
FSTAB_FILE=/etc/fstab

count=0
TMP1=/tmp/.tmp1
TMP2=/tmp/.tmp2

> $TMP1
> $TMP2

# check lock file, one time only let the script run one time
LOCKfile=/tmp/.$(basename $0)
if [ -f "$LOCKfile" ];then
    echo
    echo "${CWARNING}The script is already exist, please next time to run this script${CEND}"
    echo
    exit
else
    echo
    echo "${CMSG}Step 1.No lock file, begin to create lock file and continue${CEND}"
    echo
    touch $LOCKfile
fi

# check disk partition
check_disk() {
    > $LOCKfile
    for i in `fdisk -l | grep "Disk" | grep "/dev" | awk '{print $2}' | awk -F: '{print $1}' | grep "vd"`
    do
        if [ -z "$(blkid | grep -v 'PTTYPE="dos"' | grep -w "$i")" ];then
            DEVICE_COUNT=$(fdisk -l $i | grep "$i" | awk '{print $2}' | awk -F: '{print $1}' | wc -l)
            NEW_MOUNT=$(df -h)
            if [ $DEVICE_COUNT -lt 2 ];then
                if [ -n "$(echo $NEW_MOUNT | grep -w "$i")" -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $2}')" == '/' -o "$(grep -v '^#' $FSTAB_FILE | grep -v ^$ | awk '{print $1,$2,$3}' | grep -w "$i" | awk '{print $3}')" == 'swap' ];then
                    echo "${CWARNING}The $i disk is mounted${CEND}"
                else
                    echo $i >> $LOCKfile
                    echo "You have a free disk, Now will fdisk it and mount it"
                fi
            fi
        fi
    done
    DISK_LIST=$(cat $LOCKfile)
    if [ "X$DISK_LIST" == "X" ];then
        echo
        echo "${CWARNING}No free disk need to be fdisk. Exit script${CEND}"
        echo
        rm -rf $LOCKfile
        exit 0
    else
        echo "${CMSG}This system have free disk :${CEND}"
        for i in `echo $DISK_LIST`
        do
            echo "$i"
            count=$((count+1))
        done
        [ $count -gt 1 ] && { echo "${CWARNING}This system has at least two free disk, You must manually mount it${CEND}"; exit 0; }
    fi
}

# check os
check_os() {
    os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null)
    os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null)
    if [ "$os_release" ] && [ "$os_release_2" ];then
        if echo "$os_release" | grep "release 5" >/dev/null 2>&1;then
            os_release=aliyun5
            modify_env
        fi
    fi
}

# install ext4
modify_env() {
    modprobe ext4
    yum -y install e4fsprogs
}

# fdisk ,formating and create the file system
fdisk_fun() {
fdisk -S 56 $1 << EOF
n
p
1

wq
EOF

sleep 5
mkfs.ext4 ${1}1
}

# make directory
make_dir() {
    echo "${CMSG}Step 4.Begin to make directory${CEND}"
    [ -d "$MOUNT_DIR" ] && mv ${MOUNT_DIR}{,_bk}
    mkdir -p $MOUNT_DIR
    echo "$MOUNT_DIR" >> $TMP1
}

# config /etc/fstab and mount device
main() {
    for i in `echo $DISK_LIST`
    do
        echo
        echo "${CMSG}Step 3.Begin to fdisk free disk${CEND}"
        [ -n "`df -h | grep ${i}1`" ] && { echo "${CFAILURE}The ${i}1 already mount${CEND}"; echo; exit 0; }
        fdisk_fun $i > /dev/null 2>&1
        echo
        echo "${i}1" >> $TMP2
    done
    make_dir
    > $LOCKfile
    paste $TMP2 $TMP1 > $LOCKfile
    echo
    echo "${CMSG}Step 5.Begin to write configuration to /etc/fstab and mount device${CEND}"
    while read a b
    do
        [ -z "`grep ^${a} $FSTAB_FILE`" -a -z "`grep ${b} $FSTAB_FILE`" ] && echo "${a} $b      ext4    defaults    0 0" >> $FSTAB_FILE
    done < $LOCKfile
    mount -a
    echo
}

# start script
echo "${CMSG}Step 2.Begin to check free disk${CEND}"
#service mysqld stop
#mv /data /root
check_os
check_disk
main
df -h
#mv /root/data/* /data
#service mysqld start
rm -rf $LOCKfile $TMP1 $TMP2

auto_disk.sh

# /etc/profile

# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.

pathmunge () {
    case ":${PATH}:" in
        *:"$1":*)
            ;;
        *)
            if [ "$2" = "after" ] ; then
                PATH=$PATH:$1
            else
                PATH=$1:$PATH
            fi
    esac
}

if [ -x /usr/bin/id ]; then
    if [ -z "$EUID" ]; then
        # ksh workaround
        EUID=`id -u`
        UID=`id -ru`
    fi
    USER="`id -un`"
    LOGNAME=$USER
    MAIL="/var/spool/mail/$USER"
fi

# Path manipulation
" ]; then
    pathmunge /sbin
    pathmunge /usr/sbin
    pathmunge /usr/local/sbin
else
    pathmunge /usr/local/sbin after
    pathmunge /usr/sbin after
    pathmunge /sbin after
fi

HOSTNAME=`/bin/hostname 2>/dev/null`

HISTFILESIZE=200
HISTSIZE=100
HISTTIMEFORMAT="%Y%m%d-%H%M%S: " #or HISTTIMEFORMAT="%Y%m%d %T "
export HISTTIMEFORMA

if [ "$HISTCONTROL" = "ignorespace" ] ; then
    export HISTCONTROL=ignoreboth
else
    export HISTCONTROL=ignoredups
fi

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi

for i in /etc/profile.d/*.sh ; do
    if [ -r "$i" ]; then
        if [ "${-#*i}" != "$-" ]; then
            . "$i"
        else
            . "$i" >/dev/null 2>&1
        fi
    fi
done

unset i
unset -f pathmunge

profile

options timeout:1 attempts:1 rotate
nameserver 10.143.22.116
nameserver 10.143.22.118
nameserver 8.8.8.8
nameserver 114.114.114.114

resolv.conf

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 150000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 8192 4336600 873200
net.ipv4.tcp_rmem = 32768 4336600 873200
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000

sysctl.conf

com2sec notConfigUser default 1public1 #default is all IP address
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser

# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1

access notConfigGroup "" any noauth exact all none none
view all included .1 80
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc

snmpd.conf

- hosts: all
  remote_user: root
  tasks:
  - name: ####System update ####
    yum: name=* state=latest
  - name: ####INSTALL LRZSX NETHOGS NLOAD####
    yum: name={{item}} state=present
    with_items:
    - lrzsz
    - nethogs
    - nload

  - name: ####Install EPEL Yum Repo####
    yum: name=http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm state=present
  - name: ####Install NTP####
    yum: name=ntp state=latest

  - name: ####Install Java 1.7 and some basic dependencies####
    yum: name={{item}} state=present
    with_items:
    - java-1.7.0-openjdk
    - libselinux-python
    - libsemanage-python

  - name: ##### Configure iptables  #####
  - copy: src=iptables/iptables dest=/etc/sysconfig/iptables force=yes

  - name: ##### Create and Copy SSH  #####
  - file: path=/root/.ssh state=directory  mode=0644
  - copy: src=ssh/sshd_config dest=/etc/ssh/sshd_config force=yes
  - copy: src=ssh/authorized_keys dest=/root/.ssh/authorized_keys force=yes
  - file: path=/root/.ssh/authorized_keys  mode=0600

  - name: ##### Replace sysctl and profile  #####
  - copy: src=system/sysctl.conf dest=/etc/sysctl.conf force=yes
  - copy: src=system/profile dest=/etc/profile force=yes

  - name: ##### Enable iptables to be started at boot #####
  - service: name=iptables enabled=yes state=started

  - name: ##### Auto Disk to /data #####
  - copy: src=fdisk/auto_disk.sh dest=/tmp/auto_disk.sh
  - file: path=/tmp/auto_disk.sh  mode=0700
  - command: /tmp/auto_disk.sh

  - name: ##### INSTALL Snmpd #####
    yum: name={{item}} state=present
    with_items:
    - net-snmp
  - copy: src=snmp/snmpd.conf dest=/etc/snmp/snmpd.conf force=yes
  - service: name=snmpd enabled=yes state=restarted

  - name: ##### Reboot  #####
  - command: shutdown -r now

Ansible Tower的更多相关文章

  1. 自动运维:Ansible -ansible tower

    文档主页:http://docs.ansible.com/参考文档:http://docs.ansible.com/ansible/参考文档:http://docs.ansible.com/ansib ...

  2. Ansible-Tower快速入门-6.查看tower的仪表板【翻译】

    查看tower的仪表板 到这一步,我们已经可以在屏幕上看到tower的仪表板了,我们可以看到你目前"主机""资产清单"和"项目"的汇总信息, ...

  3. 【DevOps】DevOps成功的八大炫酷工具

    为自动化和分析所设计的软件及服务正加速devops改革的步伐,本文为你盘点了Devops成功的八大炫酷工具 Devops凭借其连接弥合开发与运营团队的能力正在各个行业呈现席卷之势.开发人员和运营人员历 ...

  4. Ansible-Tower快速入门-8.创建组织【翻译】

    创建组织 首行,点击组织标签,组织中将包括有:用户,团队,项目,和清单等项,在tower的对象层级中,组织是最高级对象. 然后,点击增加按钮,如: 为所创建的组织键入一个简单的名称和描述,这些信息你在 ...

  5. Ansible-Tower快速入门-7.配置实时事件【翻译】

    配置实时事件 在tower的菜单中,在接近用户菜单处有一个带有颜色的小点,这个带颜色的小点显示tower的实时事件功能的状态 如果这个小点是绿色的,表示运行正常,如果这个小点是红色或橙色,表示实时事件 ...

  6. Ansible-Tower快速入门-5.导入许可【翻译】

    导入许可 Tower需要一个有效的许可才可以正常运行,当你输入你的相关信息得以下载tower时,你应该有接收到一封包含许可的email邮件,你也可以直接从ansible获取许可. 如果你不能获取许可或 ...

  7. Ansible-Tower快速入门-4.以超级用户帐号登录【翻译】

    以超级用户帐号登录 首先,登录tower需要使用tower服务器所在的URL,格式如下:https://<tower server name>/ 注意:tower安装了一个自签名证书用于H ...

  8. Ansible-Tower快速入门-3.快速开始【翻译】

    快速开始 当你完成安装tower后,我们应该完成接下来的一些任务,并通过使用tower,快速设置和启动我们的第一个ansible playbooks.这第一个playbooks的启动会执行简单的ans ...

  9. Ansible-Tower快速入门-2.准备开始【翻译】

    准备开始 欢迎来到ansible tower! 首先,您可以按照下面的快速安装说明进行安装,详细的安装说明可以查看章节标题“安装和设置指南”,然后,你可以通过快速启动来快速开启和运行tower,或者设 ...

随机推荐

  1. 分布式搜索引擎Elasticsearch的查询与过滤

    一.写入 先来一个简单的官方例子,插入的参数为-XPUT,插入一条记录. curl -XPUT 'http://localhost:9200/test/users/1' -d '{ "use ...

  2. 影响前端的Chrome浏览器36

    新发现,在我开发过的组件中表格组件是采用Table生成的,而在Webkit内核浏览器中,Table的列顺序是倒着生成的,所以在组件中要做兼容. 现在Chrome浏览器版本已经升级到36了.发现Tabl ...

  3. Java学习之Iterator(迭代器)的一般用法 (转)

    迭代器(Iterator) 迭代器是一种设计模式,它是一个对象,它可以遍历并选择序列中的对象,而开发人员不需要了解该序列的底层结构.迭代器通常被称为"轻量级"对象,因为创建它的代价 ...

  4. 用DropDownList实现的省市级三级联动

    这是一个用DropDownList 实现的省市级三级联动,记录一下········ <asp:ScriptManager ID="ScriptManager1" runat= ...

  5. asp.net mvc SelectList 的selected 失效及解决方案

    ViewData 名 不能和 绑定的 DropdownListFor的字段名 重复  

  6. [Leetcode] Palindrome Partitioning

    Given a string s, partition s such that every substring of the partition is a palindrome. Return all ...

  7. 浮动框控制及切换、banner随机数js

    1.浮动置控制及切换 <div class="banner1"></div><div class="bot_banner"> ...

  8. apache认证、授权、访问控制

    认证对象:某一个网站目录. 启用认证 1.即用AllowOverride指令指定哪些指令在针对单个目录的配置文件中有效:AllowOverride AuthConfig 2.设置密码登录访问某个站点或 ...

  9. 解决R速度太慢问题

    R的速度慢一直被人诟病,最近做一个比较大的dataset的分析,跑得实在太慢,发现症结是R的data frame的index太慢: 以下为测试: gene_list = 1:100000 eQTL_m ...

  10. 校验日期函数的js

    /判断输入内容是否为空 function IsNull(){ var str = document.getElementById('str').value.trim(); if(str.length= ...