ansible做mysql备份和安全加固

1. mysql备份

A patch adding name=all was added to the mysql_db module on May 12, 2015, so the recommended way to dump all databases is:

# Dumps all databases to hostname.sql
- mysql_db: state=dump name=all target=/tmp/{{ inventory_hostname }}.sql

每个数据库一个文件：

---
# This playbook backups all mysql databases into separate files.

- name: backup mysql
vars:
- exclude_db:
- "Database"
- "information_schema"
- "performance_schema"
- "mysql"
tasks:
- name: get db names
shell: 'mysql -u root -p{{ vault_root_passwd }} -e "show databases;" '
register: dblist
- name: backup databases
mysql_db:
state: dump
name: "{{ item }}"
target: "/tmp/{{ item }}.sql"
login_user: root
login_password: "{{ vault_root_passwd }}"
with_items: "{{ dblist.stdout_lines | difference(exclude_db) }}"

2. 安全加固

列一个提纲

Change the password for the root account

Create and configure a deploy user account

Configure ssh public key authentication for the deploy account

Add the deploy account to the sudoers list

Run apt-get update

Run apt-get upgrade

Package Installation

Configure automatic updates

Configure a firewall

Install and configure Logwatch

Lockdown ssh access

参考：

http://www.linuxjournal.com/content/security-hardening-ansible?page=0,3

http://ryaneschinger.com/blog/securing-a-server-with-ansible/

http://docs.openstack.org/developer/openstack-ansible-security/

http://stackoverflow.com/questions/28597029/ansible-how-to-backup-all-mysql-databases