ansible作mysql備份和安全加固

1. mysql備份

A patch adding name=all was added to the mysql_db module on May 12, 2015, so the recommended way to dump all databases is:

# Dumps all databases to hostname.sql
- mysql_db: state=dump name=all target=/tmp/{{ inventory_hostname }}.sql

每一個數據庫一個文件：

---
# This playbook backups all mysql databases into separate files.

- name: backup mysql
  vars:
    - exclude_db:
      - "Database"
      - "information_schema"
      - "performance_schema"
      - "mysql"
  tasks:
    - name: get db names
      shell: 'mysql -u root -p{{ vault_root_passwd }} -e "show databases;" '
      register: dblist
    - name: backup databases
      mysql_db:
        state: dump
        name: "{{ item }}"
        target: "/tmp/{{ item }}.sql"
        login_user: root
        login_password: "{{ vault_root_passwd }}"
      with_items: "{{ dblist.stdout_lines | difference(exclude_db) }}"

 

2. 安全加固

列一個提綱

• Change the password for the root account
• Create and configure a deploy user account
• Configure ssh public key authentication for the deploy account
• Add the deploy account to the sudoers list
• Run apt-get update
• Run apt-get upgrade
• Package Installation
• Configure automatic updates
• Configure a firewall
• Install and configure Logwatch
• Lockdown ssh access

 

 

 

 

參考：

http://www.linuxjournal.com/content/security-hardening-ansible?page=0,3

http://ryaneschinger.com/blog/securing-a-server-with-ansible/

http://docs.openstack.org/developer/openstack-ansible-security/

http://stackoverflow.com/questions/28597029/ansible-how-to-backup-all-mysql-databases