$FHHOME/fabfile/set.py
$ fab -l |grep set $ fab -H $H set.centos7_init $ fab -H $H set.centos6_init
$ H=test-server-1 $ fab -H $H -- hostname # LANG $ fab -H $H -- localectl status #Check locale CentOS7 $ fab -H $H -- 'localectl list-locales |egrep -i "ja|jp"' # Check available locale list
$FHHOME/fabfile/set.py
import sys, os
from fabric.api import *
from fabric.contrib import files
from fabric.contrib.files import sed, append, contains
from datetime import datetime
FHHOME=os.environ["FHHOME"]
#-------------------------------------------------------------------------------
#set.centos7_init
#-------------------------------------------------------------------------------
@task
def centos7_init():
etc_sysctlconf()
etc_security_limitsconf()
# CentOS7
lang_jajputf8()
etc_selinux_config()
#-------------------------------------------------------------------------------
#set.centos6_init
#-------------------------------------------------------------------------------
@task
def centos6_init():
etc_sysctlconf()
etc_security_limitsconf()
# CentOS6
etc_sysconfig_selinux()
#-------------------------------------------------------------------------------
#set.ubuntu16_init
#-------------------------------------------------------------------------------
@task
def ubuntu16_init():
etc_sysctlconf()
etc_security_limitsconf()
#===============================================================================
# /etc
#===============================================================================
# set.etc_sysctlconf
@task
def etc_sysctlconf():
'''/etc/sysctl.conf'''
date = datetime.now().strftime('%Y%m%d_%H%M')
sudo("cp -f /etc/sysctl.conf /etc/sysctl.conf.`date -d '1day ago' +%Y%m%d`")
put("%s/conf/os/sysctl.conf" % FHHOME, "/tmp/sysctl.conf.%s" % date)
sudo("mv /tmp/sysctl.conf.%s /etc/sysctl.conf" % date)
# set.etc_security_limitsconf
@task
def etc_security_limitsconf():
'''/etc/security/limits.conf'''
date = datetime.now().strftime('%Y%m%d_%H%M')
sudo("cp -f /etc/security/limits.conf /etc/security/limits.conf.`date -d '1day ago' +%Y%m%d`")
put("%s/conf/os/limits.conf" % FHHOME, "/tmp/limits.conf.%s" % date)
sudo("mv /tmp/limits.conf.%s /etc/security/limits.conf" % date)
#
sudo("rm -f /etc/security/limits.d/*-nproc.conf")
# set.etc_selinux_config CentOS7
@task
def etc_selinux_config():
'''/etc/selinux/config CentOS7'''
date = datetime.now().strftime('%Y%m%d_%H%M')
sudo("cp -f /etc/selinux/config /etc/selinux/config.`date -d '1day ago' +%Y%m%d`")
put("%s/conf/os/selinux_config.conf" % FHHOME, "/tmp/config.%s" % date)
sudo("mv /tmp/config.%s /etc/selinux/config" % date)
# etc_sysconfig_selinux CentOS6
@task
def etc_sysconfig_selinux():
'''/etc/sysconfig/selinux CentOS6'''
date = datetime.now().strftime('%Y%m%d_%H%M')
sudo("cp -f /etc/sysconfig/selinux /etc/sysconfig/selinux.`date -d '1day ago' +%Y%m%d`")
put("%s/conf/os/selinux_config.conf" % FHHOME, "/tmp/selinux.%s" % date)
sudo("mv /tmp/selinux.%s /etc/sysconfig/selinux" % date)
#===============================================================================
# Command Configuration
#===============================================================================
#--------------------------------------------------
# LANG
#--------------------------------------------------
# set.lang_ja_jputf8 #CentOS7
@task
def lang_jajputf8():
'''LANG=ja_JP.utf8 #CentOS7'''
sudo("localectl set-locale LANG=ja_JP.utf8")
#/etc/profile
sudo("cp -f /etc/profile /etc/profile.`date -d '1day ago' +%Y%m%d`")
if not contains('/etc/profile', 'locale.conf'):
append('/etc/profile', '\n#LANG\ntest -f /etc/locale.conf && . /etc/locale.conf\nexport LANG', use_sudo=True)
#===============================================================================
#Service Enable/Disable
#===============================================================================
#-------------------------------------------------------------------------------
# CentOS7
#-------------------------------------------------------------------------------
# set.service_systemctl
@task
def service_systemctl():
#enable
sudo("systemctl enable sysstat.service")
sudo("systemctl enable snmpd.service")
#disable
sudo("systemctl disable firewalld.service")
sudo("systemctl disable NetworkManager.service")
#-------------------------------------------------------------------------------
# CentOS6
#-------------------------------------------------------------------------------
| /etc/pam.d/su | # the only “wheel” group use 'su -'. the every users use 'su - user'.auth required pam_wheel.so use_uid root_only |
| /etc/pam.d/system-auth | |
| /etc/sudoers | Defaults requiretty |
| /etc/login.defs | |
| /etc/nsswitch.conf |
| /etc/ssh/sshd_config | PermitRootLogin no PasswordAuthentication yes UseDNS no |
| /etc/chrony.conf (CentOS) /etc/chrony/chrony.conf (Ubuntu) | |
| /etc/default/grub | crashkernel=128M |
| /etc/systemd/journald.conf | RateLimitInterval=30s RateLimitBurst=10000 |
| /etc/sysctl.conf | Kernel Parameter Configuration vm.swappiness = 0 |
| /etc/security/limits.conf | User Resource Configuration Example #open files * soft nofile 32768 * hard nofile 32768 |
| /etc/profile.d/history.sh | command history configuration Add time to command history HISTTIMEFORMAT='%Y-%m-%dT%T%z ' |
| /etc/cron.d/sysstat | # Run system activity accounting tool every 1 minutes */1 * * * * root /usr/lib64/sa/sa1 1 1 |
| /etc/sysconfig/sysstat | |
| /etc/cron.d/performance Important | Performance survey of seconds interval on Cron |
| /etc/selinux/config (RHEL7/CentOS7) /etc/sysconfig/selinux (RHEL6/CentOS6) | No SELinux policy is loaded. SELINUX=disabled |
| /etc/fstab | |
| /etc/snmp/snmpd.conf | |
| /etc/sysconfig/static-routes | |
| /etc/hosts | |
| /etc/yum.conf |