系統環境:centos7
ansible playbook 編寫
[root@control ansible]# cat 1-openFirewall.yml
---
- hosts: dlinux
remote_user: root
tasks:
- name: create new dir
file: path=/root/shell state=directory mode=0755
- name: copy shell script
copy: src=/root/shell/openFirewalld.sh dest=/root/shell/openFirewalld.sh mode=0711
- name: execute script
script: /root/shell/openFirewalld.sh
防火牆腳本編寫
[root@control shell]# pwd
/root/shell
[root@control shell]# cat openFirewalld.sh
i#!/bin/bash
#用於centos7
#用於開啟防火牆,打開防火牆中系統打開的端口
#備注:有些需要打開的端口,並沒有監聽,需要另行打開,如:ftp發送端口,可通過--add-service=ftp解決
#獲取系統開啟的端口號
getPort(){
portArray=()
num=0
for port in `ss -ntl|awk 'NR>1{print $4}'` #通過ss命令獲取系統所有打開的端口
do
# echo ${port##*:}
portArray[$num]=${port##*:}
let num++
done
portArray=($(echo ${portArray[@]} |sed 's/ /\n/g'|sort|uniq)) #對獲取的端口進行去重
echo ${portArray[@]}
}
#輸出系統開啟的端口號
showOpenPort(){
portArray=($(getPort))
echo ${portArray[@]}
}
#開啟防火牆,打開防火牆中系統打開的端口
openFirewalld(){
systemctl start firewalld
for port in `getPort`
do
firewall-cmd --permanent --add-port=${port}/tcp
done
firewall-cmd --reload
firewall-cmd --list-all
}
openFirewalld
執行ansible-playbook
ansible-playbook 1-openFirewall.yml