This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_ansible [2022/08/15 13:38] val [Настройка групп управляемых систем] |
сервис_ansible [2022/09/28 06:58] val [Сервис Ansible] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис Ansible ====== | ====== Сервис Ansible ====== | ||
+ | |||
+ | * Управление инфраструктурой на примере [[https://ru.wikipedia.org/wiki/Ansible|Аnsible - wikipedia]] | ||
* [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]] | * [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]] | ||
- | * [[https://habrahabr.ru/post/195048/|Ansible]] | ||
* [[https://habrahabr.ru/post/305400/|Пособие по Ansible]] | * [[https://habrahabr.ru/post/305400/|Пособие по Ansible]] | ||
Line 105: | Line 106: | ||
node1# ansible corpX -m command -a 'uname -a' | node1# ansible corpX -m command -a 'uname -a' | ||
node1# ansible corpX -a 'uname -a' | node1# ansible corpX -a 'uname -a' | ||
+ | |||
node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true' | node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true' | ||
node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true' | node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true' | ||
+ | |||
+ | server# ansible nodes -f 3 -m apt -a 'pkg=openvpn state=present update_cache=true' | ||
+ | server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=absent update_cache=true' | ||
+ | |||
ubuntu20# apt install python3-paramiko | ubuntu20# apt install python3-paramiko | ||
Line 124: | Line 130: | ||
==== Пример 1 ==== | ==== Пример 1 ==== | ||
+ | |||
+ | * [[Технология Docker]] | ||
+ | |||
<code> | <code> | ||
- | # cat provision_docker.yml | + | server# cat provision_docker.yml |
или | или | ||
- | λ npp provision_docker.yml & | + | λ touch provision_docker.yml |
</code><code> | </code><code> | ||
- hosts: "{{ variable_host | default('all') }}" | - hosts: "{{ variable_host | default('all') }}" | ||
Line 164: | Line 173: | ||
state: present | state: present | ||
update_cache: true | update_cache: true | ||
- | </code><code> | + | </code> |
- | gate# ansible-playbook provision_docker.yml | + | |
+ | * Технология Vagrant: [[Технология Vagrant#Provision с использованием ansible]] | ||
+ | |||
+ | <code> | ||
+ | server# ansible-playbook provision_docker.yml | ||
- | gate# ansible-playbook provision_docker.yml -i inv_file.ini | + | server# ansible-playbook provision_docker.yml --extra-vars "variable_host=nodes" |
- | gate# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222, | + | server# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost" |
- | gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=corp" | + | server# ansible-playbook provision_docker.yml -i inv_file.ini |
- | gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost" | + | server# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222, |
</code> | </code> | ||
==== Пример 2 ==== | ==== Пример 2 ==== | ||
Line 448: | Line 461: | ||
==== Роль OpenVPN сервера ==== | ==== Роль OpenVPN сервера ==== | ||
<code> | <code> | ||
+ | server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz | ||
+ | |||
+ | ИЛИ | ||
+ | |||
server:~# mkdir openvpn1 && cd openvpn1 | server:~# mkdir openvpn1 && cd openvpn1 | ||
Line 456: | Line 473: | ||
server:~/openvpn1/openvpn1/files# | server:~/openvpn1/openvpn1/files# | ||
</code> | </code> | ||
- | * В текущем каталоге выполняем [[Пакет OpenSSL#Создание параметра DH]] и [[Пакет OpenSSL#Создание самоподписанного сертификата]] | + | * В текущем каталоге выполняем и сохраняем файлы из тем [[Пакет OpenSSL#Создание параметра DH]] и [[Пакет OpenSSL#Создание самоподписанного сертификата]] (не указываем AltName, Common Name: server - достаточно) |
<code> | <code> | ||
server:~/openvpn1/openvpn1/files# ls | server:~/openvpn1/openvpn1/files# ls | ||
Line 462: | Line 479: | ||
dh2048.pem server.crt server.key | dh2048.pem server.crt server.key | ||
</code><code> | </code><code> | ||
+ | server:~/openvpn1/openvpn1/files# cd ../../ | ||
+ | |||
server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2 | server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2 | ||
</code><code> | </code><code> | ||
Line 469: | Line 488: | ||
server {{node_nets[ansible_hostname]}} 255.255.255.0 | server {{node_nets[ansible_hostname]}} 255.255.255.0 | ||
- | push "route 192.168.X.0 255.255.255.0" | + | push "route 192.168.{{X}}.0 255.255.255.0" |
- | status /var/log/openvpn1-status.log | + | #push "dhcp-option DNS 192.168.{{X}}.10" |
+ | #push "block-outside-dns" | ||
dh /etc/openvpn/dh2048.pem | dh /etc/openvpn/dh2048.pem | ||
key /etc/ssl/private/server.key | key /etc/ssl/private/server.key | ||
ca /etc/ssl/certs/server.crt | ca /etc/ssl/certs/server.crt | ||
cert /etc/ssl/certs/server.crt | cert /etc/ssl/certs/server.crt | ||
- | plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login | + | |
verify-client-cert none | verify-client-cert none | ||
+ | plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login | ||
username-as-common-name | username-as-common-name | ||
+ | #duplicate-cn | ||
+ | |||
+ | status /var/log/openvpn1-status.log | ||
- | #management 0.0.0.0 7505 | + | management 0.0.0.0 7505 |
</code><code> | </code><code> | ||
server:~/openvpn1# cat openvpn1/tasks/main.yml | server:~/openvpn1# cat openvpn1/tasks/main.yml | ||
Line 527: | Line 552: | ||
all: | all: | ||
vars: | vars: | ||
+ | X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}" | ||
ansible_python_interpreter: "/usr/bin/python3" | ansible_python_interpreter: "/usr/bin/python3" | ||
ansible_ssh_user: vagrant | ansible_ssh_user: vagrant | ||
- | ansible_ssh_pass: vagrant | + | ansible_ssh_pass: strongpassword |
ansible_become: yes | ansible_become: yes | ||
node_nets: | node_nets: | ||
Line 546: | Line 572: | ||
</code><code> | </code><code> | ||
server:~/openvpn1# cat openvpn1.yaml | server:~/openvpn1# cat openvpn1.yaml | ||
+ | </code><code> | ||
- name: Run openvpn1 on nodes | - name: Run openvpn1 on nodes | ||
hosts: "{{ variable_host | default('prod_nodes') }}" | hosts: "{{ variable_host | default('prod_nodes') }}" | ||
Line 555: | Line 582: | ||
server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml | server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml | ||
+ | |||
+ | server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all" | ||
</code> | </code> | ||
+ | |||
+ | * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | ||
==== Фрагмент роли с условиями и отладкой ==== | ==== Фрагмент роли с условиями и отладкой ==== |