1. mysql备份 A patch adding name=all was added to the mysql_db module on May 12, 2015, so the recommen
1. mysql备份
A patch adding name=all was added to the mysql_db module on May 12, 2015, so the recommended way to dump all databases is:# Dumps all databases to hostname.sql- mysql_db: state=dump name=all target=/tmp/{{ inventory_hostname }}.sql每个数据库一个文件:
---# This playbook backups all mysql databases into separate files.- name: backup mysql vars: - exclude_db: - "Database" - "information_schema" - "performance_schema" - "mysql" tasks: - name: get db names shell: 'mysql -u root -p{{ vault_root_passwd }} -e "show databases;" ' register: dblist - name: backup databases mysql_db: state: dump name: "{{ item }}" target: "/tmp/{{ item }}.sql" login_user: root login_password: "{{ vault_root_passwd }}" with_items: "{{ dblist.stdout_lines | difference(exclude_db) }}"
2. 安全加固
列一个提纲
- Change the password for the root account
- Create and configure a deploy user account
- Configure ssh public key authentication for the deploy account
- Add the deploy account to the sudoers list
- Run apt-get update
- Run apt-get upgrade
- Package Installation
- Configure automatic updates
- Configure a firewall
- Install and configure Logwatch
- Lockdown ssh access
参考:
http://www.linuxjournal.com/content/security-hardening-ansible?page=0,3
http://ryaneschinger.com/blog/securing-a-server-with-ansible/
http://docs.openstack.org/developer/openstack-ansible-security/
http://stackoverflow.com/questions/28597029/ansible-how-to-backup-all-mysql-databases
