This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_ansible [2022/09/22 10:52] val [Использование модулей] |
сервис_ansible [2023/01/19 08:53] val [ansible-pull] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис Ansible ====== | ====== Сервис Ansible ====== | ||
+ | |||
+ | * Управление инфраструктурой на примере [[https://ru.wikipedia.org/wiki/Ansible|Аnsible - wikipedia]] | ||
* [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]] | * [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]] | ||
- | * [[https://habrahabr.ru/post/195048/|Ansible]] | ||
* [[https://habrahabr.ru/post/305400/|Пособие по Ansible]] | * [[https://habrahabr.ru/post/305400/|Пособие по Ansible]] | ||
Line 111: | Line 112: | ||
node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true' | node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true' | ||
- | server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=present update_cache=true' | + | server# ansible nodes -f 3 -m apt -a 'pkg=openvpn state=present update_cache=true' |
- | server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=present update_cache=true' | + | server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=absent update_cache=true' |
Line 133: | Line 134: | ||
<code> | <code> | ||
- | # cat provision_docker.yml | + | server# cat provision_docker.yml |
или | или | ||
- | λ npp provision_docker.yml & | + | λ touch provision_docker.yml |
</code><code> | </code><code> | ||
- hosts: "{{ variable_host | default('all') }}" | - hosts: "{{ variable_host | default('all') }}" | ||
Line 177: | Line 178: | ||
<code> | <code> | ||
- | gate# ansible-playbook provision_docker.yml | + | server# ansible-playbook provision_docker.yml |
- | gate# ansible-playbook provision_docker.yml -i inv_file.ini | + | server# ansible-playbook provision_docker.yml --extra-vars "variable_host=nodes" |
- | gate# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222, | + | server# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost" |
- | gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=corp" | + | server# ansible-playbook provision_docker.yml -i inv_file.ini |
- | gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost" | + | server# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222, |
</code> | </code> | ||
==== Пример 2 ==== | ==== Пример 2 ==== | ||
Line 228: | Line 229: | ||
ios_config: | ios_config: | ||
lines: | lines: | ||
+ | - snmp-server community write RW | ||
+ | | ||
- ip host server 192.168.X.10 | - ip host server 192.168.X.10 | ||
- snmp-server host server writetrap | - snmp-server host server writetrap | ||
- | - snmp-server community write RW | ||
# - snmp-server enable traps config | # - snmp-server enable traps config | ||
Line 251: | Line 253: | ||
# - enable secret cisco | # - enable secret cisco | ||
# - aaa authorization console | # - aaa authorization console | ||
+ | |||
# - aaa authentication login default local | # - aaa authentication login default local | ||
# - aaa authorization exec default local | # - aaa authorization exec default local | ||
Line 375: | Line 378: | ||
* [[https://rtfm.co.ua/ansible-roli-roles-primer/|Ansible: роли (roles) – пример]] | * [[https://rtfm.co.ua/ansible-roli-roles-primer/|Ansible: роли (roles) – пример]] | ||
+ | * [[https://andreyex.ru/linux/ansible-roli-v-ansible/|Ansible. Роли в Ansible]] | ||
* [[Настройка стендов слушателей#Ansible конфигурация]] | * [[Настройка стендов слушателей#Ansible конфигурация]] | ||
Line 460: | Line 464: | ||
==== Роль OpenVPN сервера ==== | ==== Роль OpenVPN сервера ==== | ||
<code> | <code> | ||
+ | server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz | ||
+ | |||
+ | ИЛИ | ||
+ | |||
server:~# mkdir openvpn1 && cd openvpn1 | server:~# mkdir openvpn1 && cd openvpn1 | ||
Line 474: | Line 482: | ||
dh2048.pem server.crt server.key | dh2048.pem server.crt server.key | ||
</code><code> | </code><code> | ||
- | server:~/openvpn1/openvpn1/files# cd - | + | server:~/openvpn1/openvpn1/files# cd ../../ |
server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2 | server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2 | ||
Line 483: | Line 491: | ||
server {{node_nets[ansible_hostname]}} 255.255.255.0 | server {{node_nets[ansible_hostname]}} 255.255.255.0 | ||
- | push "route 192.168.X.0 255.255.255.0" | + | push "route 192.168.{{X}}.0 255.255.255.0" |
- | #push "dhcp-option DNS 192.168.X.10" | + | #push "dhcp-option DNS 192.168.{{X}}.10" |
#push "block-outside-dns" | #push "block-outside-dns" | ||
Line 547: | Line 555: | ||
all: | all: | ||
vars: | vars: | ||
+ | X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}" | ||
ansible_python_interpreter: "/usr/bin/python3" | ansible_python_interpreter: "/usr/bin/python3" | ||
ansible_ssh_user: vagrant | ansible_ssh_user: vagrant | ||
Line 579: | Line 588: | ||
server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all" | server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all" | ||
</code> | </code> | ||
+ | |||
+ | * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | ||
==== Фрагмент роли с условиями и отладкой ==== | ==== Фрагмент роли с условиями и отладкой ==== | ||
Line 607: | Line 618: | ||
msg: octet4 is {{ octet4 }}, X is {{ X }}, hostname is {{hostname}} | msg: octet4 is {{ octet4 }}, X is {{ X }}, hostname is {{hostname}} | ||
... | ... | ||
+ | </code> | ||
+ | |||
+ | ==== ansible-pull ==== | ||
+ | |||
+ | * [[https://medium.com/splunkuserdeveloperadministrator/using-ansible-pull-in-ansible-projects-ac04466643e8|Using Ansible Pull In Ansible Projects]] | ||
+ | * [[https://stackoverflow.com/questions/9049460/cron-jobs-and-random-times-within-given-hours|Cron jobs and random times, within given hours]] | ||
+ | |||
+ | <code> | ||
+ | $ cat ansible-pull-example\local.yml | ||
+ | </code><code> | ||
+ | - hosts: localhost | ||
+ | # tasks: | ||
+ | # roles: | ||
+ | ... | ||
+ | </code><code> | ||
+ | clientN:~# crontab -l | ||
+ | </code><code> | ||
+ | 0 */2 * * * sleep ${RANDOM:0:2}m; /usr/bin/ansible-pull -U http://server.corpX.un/student/ansible-pull-example.git -C main | ||
+ | @reboot sleep 3m; /usr/bin/ansible-pull -U http://server.corpX.un/student/ansible-pull-example.git -C main | ||
+ | </code><code> | ||
+ | client-test:~# /usr/bin/ansible-pull -U http://server.corpX.un/student/ansible-pull-example.git -C test | ||
</code> | </code> | ||