2019独角兽企业重金招聘Python工程师标准>>>
1. mysql备份
A patch adding name=all was added to the mysql_db module on May 12, 2015, so the recommended way to dump all databases is:
# Dumps all databases to hostname.sql
- mysql_db: state=dump name=all target=/tmp/{{ inventory_hostname }}.sql
每个数据库一个文件:
---
# This playbook backups all mysql databases into separate files.
- name: backup mysql
vars:
- exclude_db:
- "Database"
- "information_schema"
- "performance_schema"
- "mysql"
tasks:
- name: get db names
shell: 'mysql -u root -p{{ vault_root_passwd }} -e "show databases;" '
register: dblist
- name: backup databases
mysql_db:
state: dump
name: "{{ item }}"
target: "/tmp/{{ item }}.sql"
login_user: root
login_password: "{{ vault_root_passwd }}"
with_items: "{{ dblist.stdout_lines | difference(exclude_db) }}"
2. 安全加固
列一个提纲
Change the password for the root account
Create and configure a deploy user account
Configure ssh public key authentication for the deploy account
Add the deploy account to the sudoers list
Run apt-get update
Run apt-get upgrade
Package Installation
Configure automatic updates
Configure a firewall
Install and configure Logwatch
Lockdown ssh access
参考:
http://www.linuxjournal.com/content/security-hardening-ansible?page=0,3
http://ryaneschinger.com/blog/securing-a-server-with-ansible/
http://docs.openstack.org/developer/openstack-ansible-security/
http://stackoverflow.com/questions/28597029/ansible-how-to-backup-all-mysql-databases