User Tools
сервис_ansible
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_ansible [2025/06/02 13:30] val [Провижининг IP телефонов] |
сервис_ansible [2026/02/08 09:43] (current) val [Роль OpenVPN сервера] |
||
|---|---|---|---|
| Line 11: | Line 11: | ||
| * [[https://www.cisco.com/c/dam/m/ru_ru/training-events/2019/cisco-connect/pdf/introduction_automation_with_ansible_idrey.pdf|Введение в автоматизацию с помощью Ansible (Cisco)]] | * [[https://www.cisco.com/c/dam/m/ru_ru/training-events/2019/cisco-connect/pdf/introduction_automation_with_ansible_idrey.pdf|Введение в автоматизацию с помощью Ansible (Cisco)]] | ||
| * [[https://nwmichl.net/2020/02/24/first-simple-ansible-playbooks/|First simple Ansible playbooks Cisco IOS]] | * [[https://nwmichl.net/2020/02/24/first-simple-ansible-playbooks/|First simple Ansible playbooks Cisco IOS]] | ||
| + | |||
| + | * [[https://r4ven.me/it-razdel/instrukcii/ansible-cmdb-strukturizacziya-i-vizualizacziya-ansible-facts/|ansible-cmdb — программа на Python, которая структуризирует собранные Ansible facts и визуализирует их с помощью HTML с красивым форматированием]] | ||
| Line 664: | Line 666: | ||
| copy: | copy: | ||
| src: server.key | src: server.key | ||
| + | #content: "{{ lookup('community.sops.sops', 'server.key') }}" | ||
| dest: /etc/ssl/private/server.key | dest: /etc/ssl/private/server.key | ||
| mode: '0600' | mode: '0600' | ||
| Line 697: | Line 700: | ||
| vars: | vars: | ||
| X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}" | X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}" | ||
| + | #ansible_ssh_common_args: '-o StrictHostKeyChecking=no' | ||
| ansible_ssh_user: vagrant | ansible_ssh_user: vagrant | ||
| ansible_ssh_pass: strongpassword | ansible_ssh_pass: strongpassword | ||
| Line 735: | Line 739: | ||
| * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | ||
| + | ==== ansible-vault ==== | ||
| + | |||
| + | <code> | ||
| + | ~/openvpn1# less openvpn1/files/server.key | ||
| + | |||
| + | ~/openvpn1# ansible-vault encrypt openvpn1/files/server.key | ||
| + | </code><code> | ||
| + | New Vault password: 12345678 | ||
| + | Confirm New Vault password: 12345678 | ||
| + | Encryption successful | ||
| + | </code><code> | ||
| + | ~/openvpn1# less openvpn1/files/server.key | ||
| + | |||
| + | ~/openvpn1# ansible-vault view openvpn1/files/server.key | ||
| + | |||
| + | ~/openvpn1# ansible-vault encrypt_string strongpassword | ||
| + | </code><code> | ||
| + | New vault password (default): 12345678 | ||
| + | ... | ||
| + | </code><code> | ||
| + | Encryption successful | ||
| + | !vault | | ||
| + | $ANSIBLE_VAULT;1.1;AES256 | ||
| + | ... | ||
| + | 6234 | ||
| + | </code><code> | ||
| + | ~/openvpn1# cp inventory.yaml inventory2.yaml | ||
| + | |||
| + | ~/openvpn1# cat inventory2.yaml | ||
| + | </code> | ||
| + | !!! Никаких лишних пробелов в конце строк !!! | ||
| + | <code> | ||
| + | ... | ||
| + | ansible_ssh_pass: !vault | | ||
| + | $ANSIBLE_VAULT;1.1;AES256 | ||
| + | ... | ||
| + | 6234 | ||
| + | ... | ||
| + | </code><code> | ||
| + | ~/openvpn1# ANS_V_SEC=12345678 | ||
| + | |||
| + | ~/openvpn1# echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml -e "variable_host=test_nodes" --vault-password-file=/bin/cat | ||
| + | </code> | ||
| + | |||
| + | ==== Ansible и Hashicorp Vault ==== | ||
| + | |||
| + | * [[https://www.dmosk.ru/miniinstruktions.php?mini=vault-hashicorp-ansible|Хранение секретов в Hashicorp Vault для Ansible]] | ||
| + | * [[https://docs.ansible.com/projects/ansible/latest/collections/community/hashi_vault/hashi_vault_lookup.html|community.hashi_vault.hashi_vault lookup – Retrieve secrets from HashiCorp’s Vault]] | ||
| + | |||
| + | * [[Hashicorp Vault]] | ||
| + | <code> | ||
| + | # apt install python3-hvac | ||
| + | |||
| + | ~/openvpn1# cp inventory.yaml inventory3.yaml | ||
| + | |||
| + | ~/openvpn1# cat inventory3.yaml | ||
| + | </code><code> | ||
| + | ... | ||
| + | vault_url: http://server.corp13.un:8200 | ||
| + | vault_token: hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU | ||
| + | vault_secret: kv/ansible/openvpn1 | ||
| + | openvpn1_arr: "{{ lookup('community.hashi_vault.hashi_vault', 'secret={{ vault_secret }} token={{ vault_token }} url={{ vault_url }} validate_certs=False') }}" | ||
| + | ansible_ssh_user: "{{ openvpn1_arr.username }}" | ||
| + | ansible_ssh_pass: "{{ openvpn1_arr.password }}" | ||
| + | ... | ||
| + | </code><code> | ||
| + | ~/openvpn1# ansible-playbook openvpn1.yaml -i inventory3.yaml -e "variable_host=test_nodes" | ||
| + | </code> | ||
| + | |||
| + | ==== Ansible и SOPS ==== | ||
| + | |||
| + | * [[https://galaxy.ansible.com/ui/repo/published/community/sops/|galaxy.ansible community.sops]] | ||
| + | |||
| + | * [[Mozilla Sops]] | ||
| + | |||
| + | <code> | ||
| + | # ansible-galaxy collection list | grep sops | ||
| + | community.sops 1.6.2 | ||
| + | |||
| + | ~/openvpn1# sops encrypt openvpn1/files/server.key -i | ||
| + | |||
| + | ~/openvpn1# cat openvpn1/tasks/main.yml | ||
| + | ... | ||
| + | - name: Copy file server.key | ||
| + | copy: | ||
| + | #src: server.key | ||
| + | content: "{{ lookup('community.sops.sops', 'server.key') }}" | ||
| + | ... | ||
| + | |||
| + | ~/openvpn1# sops exec-file --no-fifo inventory.yaml 'ansible-playbook openvpn1.yaml -i {}' | ||
| + | </code> | ||
| ==== Фрагмент роли с условиями и отладкой ==== | ==== Фрагмент роли с условиями и отладкой ==== | ||
сервис_ansible.1748860205.txt.gz · Last modified: 2025/06/02 13:30 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
