User Tools
сервис_ansible
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_ansible [2025/02/11 14:00] val [Роль OpenVPN сервера] |
сервис_ansible [2025/09/21 05:59] (current) val [ansible-vault] |
||
|---|---|---|---|
| Line 11: | Line 11: | ||
| * [[https://www.cisco.com/c/dam/m/ru_ru/training-events/2019/cisco-connect/pdf/introduction_automation_with_ansible_idrey.pdf|Введение в автоматизацию с помощью Ansible (Cisco)]] | * [[https://www.cisco.com/c/dam/m/ru_ru/training-events/2019/cisco-connect/pdf/introduction_automation_with_ansible_idrey.pdf|Введение в автоматизацию с помощью Ansible (Cisco)]] | ||
| * [[https://nwmichl.net/2020/02/24/first-simple-ansible-playbooks/|First simple Ansible playbooks Cisco IOS]] | * [[https://nwmichl.net/2020/02/24/first-simple-ansible-playbooks/|First simple Ansible playbooks Cisco IOS]] | ||
| + | |||
| + | * [[https://r4ven.me/it-razdel/instrukcii/ansible-cmdb-strukturizacziya-i-vizualizacziya-ansible-facts/|ansible-cmdb — программа на Python, которая структуризирует собранные Ansible facts и визуализирует их с помощью HTML с красивым форматированием]] | ||
| Line 108: | Line 110: | ||
| node1# ansible all -m ping | node1# ansible all -m ping | ||
| node1# ansible all -m ping -i inv_file.ini | node1# ansible all -m ping -i inv_file.ini | ||
| - | node1# ansible all -m ping -i node2:2222, -e "ansible_python_interpreter=/usr/bin/python3" | + | node1# ansible all -m ping -i node2:2222, |
| node1# ansible corpX -m command -a 'uname -a' | node1# ansible corpX -m command -a 'uname -a' | ||
| - | kube1# ansible kubes -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab' | ||
| - | kube1# ansible kubes -a 'swapoff -a' | ||
| - | ИЛИ | ||
| (venv1) server# ansible all -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4,kube5 | (venv1) server# ansible all -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4,kube5 | ||
| (venv1) server# ansible all -a 'swapoff -a' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4 | (venv1) server# ansible all -a 'swapoff -a' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4 | ||
| Line 347: | Line 346: | ||
| server# ansible-playbook inst_http.yml -i gate, | server# ansible-playbook inst_http.yml -i gate, | ||
| - | </code><code> | + | </code> |
| + | |||
| + | ==== Asterisk IAX конфигурация ==== | ||
| + | |||
| + | <code> | ||
| # cat iax.conf.j2 | # cat iax.conf.j2 | ||
| </code><code> | </code><code> | ||
| Line 385: | Line 388: | ||
| </code><code> | </code><code> | ||
| # ansible-playbook ast_iax_corps.yml --extra-vars '{"X":"{{ ansible_eth0.ipv4.address.split(\".\")[3] }}","YS":[1,2,3,4,5,6,7,8,9,10,11,12,13]}' | # ansible-playbook ast_iax_corps.yml --extra-vars '{"X":"{{ ansible_eth0.ipv4.address.split(\".\")[3] }}","YS":[1,2,3,4,5,6,7,8,9,10,11,12,13]}' | ||
| + | </code> | ||
| + | |||
| + | ==== Провижининг IP телефонов ==== | ||
| + | <code> | ||
| + | ~/phone-prov# cat inventory.yml | ||
| + | </code><code> | ||
| + | all: | ||
| + | vars: | ||
| + | phones: | ||
| + | - [ '403', 'tpassword403', 'server.corp13.un', '000E08C190C2', 'spa' ] | ||
| + | - [ '404', 'tpassword404', 'server.corp13.un', 'BCC34221709A', 'kx-hdv' ] | ||
| + | </code><code> | ||
| + | ~/phone-prov# cat kx-hdv.j2 | ||
| + | </code><code> | ||
| + | # Panasonic SIP Phone Standard Format File # | ||
| + | |||
| + | ## SIP Settings | ||
| + | PHONE_NUMBER_1="{{ pn }}" | ||
| + | SIP_AUTHID_1="{{ pn }}" | ||
| + | SIP_PASS_1="{{ secret }}" | ||
| + | SIP_PRXY_ADDR_1="{{ sipproxy }}" | ||
| + | SIP_RGSTR_ADDR_1="{{ sipproxy }}" | ||
| + | DIAL_PLAN_1="*xx|[1-4]xx|0xxxxx|8xxxxxxxxxx" | ||
| + | </code><code> | ||
| + | ~/phone-prov# cat spa.j2 | ||
| + | </code><code> | ||
| + | <flat-profile> | ||
| + | <Proxy_1_>{{ sipproxy }}</Proxy_1_> | ||
| + | <User_ID_1_>{{ pn }}</User_ID_1_> | ||
| + | <Password_1_>{{ secret }}</Password_1_> | ||
| + | <Dial_Plan_1_>( xxx | 8xxxxxxxxxx | 0xxxxx | *xx )</Dial_Plan_1_> | ||
| + | </flat-profile> | ||
| + | </code><code> | ||
| + | ~/phone-prov# cat phone-prov.yml | ||
| + | </code><code> | ||
| + | - hosts: localhost | ||
| + | tasks: | ||
| + | - name: debug | ||
| + | debug: | ||
| + | msg: "{{ item.0 }} ... {{ item.4 }}" | ||
| + | loop: "{{ phones }}" | ||
| + | - name: Create phone conf | ||
| + | template: | ||
| + | src: "{{ model }}.j2" | ||
| + | dest: "/var/www/html/{{ model }}-{{ mac }}.cfg" | ||
| + | vars: | ||
| + | pn: "{{ item.0 }}" | ||
| + | secret: "{{ item.1 }}" | ||
| + | sipproxy: "{{ item.2 }}" | ||
| + | mac: "{{ item.3 }}" | ||
| + | model: "{{ item.4 }}" | ||
| + | loop: "{{ phones }}" | ||
| + | </code><code> | ||
| + | ~/phone-prov# ansible-playbook phone-prov.yml -i inventory.yml | ||
| </code> | </code> | ||
| ===== Использование handlers ===== | ===== Использование handlers ===== | ||
| - | ==== Пример 1 ==== | + | ==== Пример 4 ==== |
| * [[Сервис HTTP#Использование домашних каталогов]] | * [[Сервис HTTP#Использование домашних каталогов]] | ||
| Line 412: | Line 469: | ||
| </code> | </code> | ||
| - | ==== Пример 2 ==== | + | ==== Пример 5 ==== |
| + | |||
| + | * [[Управление ПО в Linux#Список desktop приложений]] | ||
| <code> | <code> | ||
| Line 422: | Line 481: | ||
| UserParameter=listinstalledsoft,ls /usr/share/applications | awk -F '.desktop' ' { print $1}' - | UserParameter=listinstalledsoft,ls /usr/share/applications | awk -F '.desktop' ' { print $1}' - | ||
| </code><code> | </code><code> | ||
| - | node1# cat za.yml | + | server# cat za.yml |
| </code><code> | </code><code> | ||
| - hosts: lin_ws | - hosts: lin_ws | ||
| Line 678: | Line 737: | ||
| * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | ||
| + | ==== ansible-vault ==== | ||
| + | <code> | ||
| + | ~/openvpn1# less openvpn1/files/server.key | ||
| + | |||
| + | ~/openvpn1# ansible-vault encrypt openvpn1/files/server.key | ||
| + | </code><code> | ||
| + | New Vault password: 12345678 | ||
| + | Confirm New Vault password: 12345678 | ||
| + | Encryption successful | ||
| + | </code><code> | ||
| + | ~/openvpn1# less openvpn1/files/server.key | ||
| + | |||
| + | ~/openvpn1# ansible-vault view openvpn1/files/server.key | ||
| + | |||
| + | ~/openvpn1# ansible-vault encrypt_string strongpassword | ||
| + | </code><code> | ||
| + | New vault password (default): 12345678 | ||
| + | ... | ||
| + | </code><code> | ||
| + | Encryption successful | ||
| + | !vault | | ||
| + | $ANSIBLE_VAULT;1.1;AES256 | ||
| + | ... | ||
| + | 6234 | ||
| + | </code><code> | ||
| + | ~/openvpn1# cp inventory.yaml inventory2.yaml | ||
| + | |||
| + | ~/openvpn1# cat inventory2.yaml | ||
| + | </code> | ||
| + | !!! Никаких лишних пробелов в конце строк !!! | ||
| + | <code> | ||
| + | ... | ||
| + | ansible_ssh_pass: !vault | | ||
| + | $ANSIBLE_VAULT;1.1;AES256 | ||
| + | ... | ||
| + | 6234 | ||
| + | ... | ||
| + | </code><code> | ||
| + | ~/openvpn1# ANS_V_SEC=12345678 | ||
| + | |||
| + | ~/openvpn1# echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml -e "variable_host=test_nodes" --vault-password-file=/bin/cat | ||
| + | </code> | ||
| ==== Фрагмент роли с условиями и отладкой ==== | ==== Фрагмент роли с условиями и отладкой ==== | ||
сервис_ansible.1739271606.txt.gz · Last modified: 2025/02/11 14:00 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
