Describe 首頁/2022-07-07 here.
在所有物理服务器,虚拟机上执行 ip addr 禁止直接配置公网地址
ansible H3C_TEST -m shell -a 'ip addr | grep "inet " | grep -v 127.0.0.1' | awk '{ print $1","$2 }' | sed '1iHost IP, Current Addresses' | tee /tmp/02安全要求.csv
系统版本
* for CentOS7
ansible H3C_TEST -m shell -a 'cat /etc/redhat-release' --one-line | awk -F'|' '{ print $1","$4 }' | sed '1iIP Address, Release Version' | tee /tmp/03系统版本.csv
* for ctyunos2
ansible H3C_TEST -m shell -a 'cat /etc/system-release' --one-line | awk -F'|' '{ print $1","$4 }' | sed '1iIP Address, Release Version' | tee /tmp/03系统版本.csv
内核版本
ansible H3C_TEST -m shell -a 'uname -r' --one-line | awk -F'|' '{ print $1","$4 }' | sed '1iIP Address, Kernel Version' | tee /tmp/04内核版本.csv
系统盘分区
ansible H3C_TEST -m shell -a 'lsblk' | awk '{ print $1","$4,$7 }' | sed '1iIP Address, OS_Partition' | tee /tmp/05系统盘分区.csv
虚拟化
ansible H3C_TEST -m shell -a "lsmod | grep -w '^kvm' | grep -w 'kvm_intel'" | awk -F"|" '{ print $1","$3 }' | sed '1iIP Address, KVM Check Result' | tee /tmp/06虚拟化.csv
服务器网卡子接口
ansible H3C_TEST -m shell -a 'ip addr | grep bond' | awk '{ print $1","$2","$11 }' | sed '1iIP Address, Ethernet_Name, Bonding_Status' | tee /tmp/07服务器网卡子接口.csv
管理服务器kvm网桥
ansible H3C_TEST -m shell -a 'brctl show | grep -i bond' | awk '{ print $1","$4 }' | sed '1iIP&bridge_name,interfaces' | tee /tmp/08管理服务器kvm网桥.csv
管理服务器虚拟机要求 & 跳板机要求
ansible H3C_TEST -m shell -a 'virsh list --all' | awk -F'|' '{ print $1","$3 }' | sed '1iIP&vm_name,Check Code' | tee /tmp/09管理服务器虚拟机要求.csv
YUM服务端同步要求
ansible H3C_TEST -m shell --one-line -a 'ls -l /data | wc -l' | awk -F'|' '{ print $1","$3","$4 }' | sed '1iIP&vm_name,Check Code,Check Result' | tee /tmp/10YUM服务端同步要求.csv
YUM客户端同步要求
ansible H3C_TEST -m shell -a 'yum repolist | egrep -i "MJQ|ctyunos|openstack"' | awk -F'|' '{ print $1","$3 }' | sed '1iIP&vm_name,Check Code' | tee /tmp/11YUM客户端配置要求.csv
13跳板机安全要求_检查网卡&路由
ansible H3C_TEST -m shell -a 'ip addr | grep -i "inet " | grep -v " lo"' | awk -F'|' '{ print $1","$3 }' | sed '1iIP&Ethernet,Check Code' | tee /tmp/13跳板机安全要求_检查网卡.csv
ansible H3C_TEST -m shell -a 'ip route' | awk -F'|' '{ print $1","$3 }' | sed '1iIP&route,Check Code' | tee /tmp/13跳板机安全要求_检查路由.csv
青藤agent安装检查
ansible H3C_TEST -m shell -a 'ps -ef | grep -i titan' | awk -F'|' '{ print $1","$3 }' | sed '1iIP&route,Check Code' | tee /tmp/14青藤agent安装.csv
CPU检查表
ansible H3C_TEST -m shell -a "cpupower frequency-info | egrep -i -B 2 -A 1 'current policy' && lscpu | grep -i 'model name' && lscpu | egrep -i 'CPU max MHz|CPU min MHz' && cat /proc/cpuinfo | grep MHz | sort -n | uniq && cat /proc/cpuinfo | grep 'physical id' | sort | uniq -c && cat /proc/cpuinfo | grep 'cpu cores' | sort | uniq -c && lscpu | grep NUMA" | awk -F'|' '{ print $1","$3 }' | sed '1iCPU info,Check Code' | tee /tmp/23-27_CPU检查.csv
MEM检查表
ansible 192.168.96.200 -m shell -a "free -h | grep -i mem && dmidecode -t memory| grep -i 'Size' | grep -v 'No Module' && dmidecode -t memory | grep 'Part Number'| grep -v 'NO DIMM' && dmidecode -t memory| grep -i 'Size' | grep -v 'No Module' | wc -l" | awk -F"|" '{ print $1","$3 }' | sed '1iMEMORY info,Check Code' | tee /tmp/28-31_内存检查.csv