hosts
[centos-root]
192.168.174.129 ansible_ssh_port=22
192.168.174.130 ansible_ssh_port=22
192.168.174.131 ansible_ssh_port=22
Ansible Vault 檔案
建立 Ansible Vault 檔案
# ansible-vault create passwords.yml
New Vault password: # 12345678
Confirm New Vault password:
編輯 Ansible Vault 檔案
# ansible-vault edit passwords.yml
Vault password:
passwords.yml
hosts_passwords:
192.168.174.129:
currently_yunwei_password: yunwei*_129
192.168.174.130:
currently_yunwei_password: yunwei*_130
192.168.174.131:
currently_yunwei_password: yunwei*_131
playbook
ssh_login_stats.yaml
- hosts: centos
remote_user: yunwei
gather_facts: no # 禁用 Ansible 在執行任務之前從目標主機中收集資訊
become: yes
become_method: sudo
become_user: root
vars_files:
- passwords.yml
vars:
ansible_ssh_pass: "{{ hosts_passwords[inventory_hostname].currently_yunwei_password }}"
ansible_become_pass: "{{ ansible_ssh_pass }}"
tasks:
- name: Count SSH logins on April 12
shell: "grep 'Apr 12' /var/log/secure | grep 'sshd'"
register: ssh_log_content
ignore_errors: yes
# 統計成功和失敗的 SSH 登入次數
- set_fact:
success_count: "{{ ssh_log_content.stdout | regex_findall('Accepted password') | length }}"
failure_count: "{{ ssh_log_content.stdout | regex_findall('Failed password') | length }}"
# 格式化要寫入檔案的內容,去掉換行符
- set_fact:
log_content: "{{ inventory_hostname }} login success count is: {{ success_count }}, login failure count is: {{ failure_count }}"
# 將 SSH 登入次數儲存到本地檔案
- name: Append SSH login counts on April 12 to file
delegate_to: localhost # 在本地執行任務,結果寫入本地檔案。而不會分散在不同的遠端主機檔案中。
lineinfile:
path: /root/ssh_login_counts_centos_apr12.txt
line: "{{ log_content | regex_replace('(\n|\r)', '') }}"
insertafter: EOF
create: yes
測試 playbook
# ansible-playbook -i hosts ssh_login_stats.yaml --ask-vault-pass
Vault password:
PLAY [centos] *****************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [192.168.174.131]
ok: [192.168.174.130]
ok: [192.168.174.129]
TASK [Count SSH logins on April 12] *******************************************************************************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
TASK [set_fact] ***************************************************************************************************************************************************************
ok: [192.168.174.129]
ok: [192.168.174.130]
ok: [192.168.174.131]
TASK [set_fact] ***************************************************************************************************************************************************************
ok: [192.168.174.129]
ok: [192.168.174.130]
ok: [192.168.174.131]
TASK [Append SSH login counts on April 12 to file] ****************************************************************************************************************************
ok: [192.168.174.131 -> localhost]
ok: [192.168.174.130 -> localhost]
ok: [192.168.174.129 -> localhost]
PLAY RECAP ********************************************************************************************************************************************************************
192.168.174.129 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.130 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.131 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
確認結果
192.168.174.131 login success count is: 87, login failure count is: 14
192.168.174.130 login success count is: 84, login failure count is: 4
192.168.174.129 login success count is: 29, login failure count is: 2