Differences

This shows you the differences between two versions of the page.

--- сервис_ansible [2020/05/23 20:17]
val [Использование шаблонов]
+++ сервис_ansible [2024/03/25 06:40]
val [Роль настроенного через ifupdown узла сети]
@@ Line 1: / Line 1: @@
 ====== Сервис Ansible ======
+  * Управление инфраструктурой на примере [[https://ru.wikipedia.org/wiki/Ansible|Аnsible - wikipedia]]
   * [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]]
-  * [[https://habrahabr.ru/post/195048/|Ansible]]
   * [[https://habrahabr.ru/post/305400/|Пособие по Ansible]]
+  * [[https://habr.com/ru/post/508762/|Основы Ansible, без которых ваши плейбуки — комок слипшихся макарон]]
   * [[https://www.cisco.com/c/dam/m/ru_ru/training-events/2019/cisco-connect/pdf/introduction_automation_with_ansible_idrey.pdf|Введение в автоматизацию с помощью Ansible (Cisco)]]
+  * [[https://nwmichl.net/2020/02/24/first-simple-ansible-playbooks/|First simple Ansible playbooks Cisco IOS]]
-  * [[https://www.opennet.ru/base/dev/yaml.txt.html|Знакомимся с YAML (yaml config lib perl python ruby)]]
-  * [[https://www.jeffgeerling.com/blog/yaml-best-practices-ansible-playbooks-tasks|YAML best practices for Ansible playbooks - tasks]]
-  * [[https://stackoverflow.com/questions/50788277/why-3-dashes-hyphen-in-yaml-file|why — (3 dashes/hyphen) in yaml file?]]
 ===== Установка на управляющей системе =====
+==== Из репозитория дистрибутива ====
 <code>
 node1# apt install ansible
+node1# ansible --version
 </code>
+==== Из репозитория производителя ====
+  * [[https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian|Installing Ansible on Debian]]
 ===== Установка на управляемых системах ====
 <code>
 nodeN# apt install python python-apt
+debian11/ubuntu20# apt install python python3-apt
 </code>
@@ Line 24: / Line 35: @@
 ===== Настройка групп управляемых систем =====
-  * Определение групп управляемых систем
+  * [[https://nklya.medium.com/%D0%B4%D0%B8%D0%BD%D0%B0%D0%BC%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%BE%D0%B5-%D0%B8%D0%BD%D0%B2%D0%B5%D0%BD%D1%82%D0%BE%D1%80%D0%B8-%D0%B2-ansible-9ee880d540d6|Динамическое инвентори в Ansible]]
 <code>
+debian11# mkdir /etc/ansible/
 node1# cat /etc/ansible/hosts
 </code><code>
+[all:vars]
+#ansible_python_interpreter="/usr/bin/python3"
 #[corp]
-#server.corp[1:12].un
+#server.corp13.un
-#server.corp13.un ansible_ssh_user=root ansible_ssh_pass=123
+#server.corp[1:12].un ansible_ssh_user=root ansible_ssh_pass=strongpassword
+#mail.corp[1:12].un ansible_ssh_user=root ansible_ssh_pass=strongpassword
+#192.168.[1:25].10
 [corpX]
@@ Line 37: / Line 55: @@
 [addnodes]
-.168.16.3
+.168.X.[3:9] ansible_ssh_user=root ansible_ssh_pass=strongpassword
-.168.16.4
 [sws]
 switch[1:3] ansible_ssh_user=root ansible_ssh_pass=cisco
+[nodes]
+##192.168.X.[210:230:10]
+##192.168.X.[201:203]
+node[1:3]
+[nodes:vars]
+ansible_ssh_user=vagrant
+ansible_ssh_pass=strongpassword
+#ansible_sudo_pass=strongpassword
+ansible_become=yes
 </code>
@@ Line 51: / Line 79: @@
 # cat /etc/ansible/ansible.cfg
 </code><code>
-...
+[defaults]
+#...
 host_key_checking = False
-...
+#...
 </code>
@@ Line 68: / Line 97: @@
 <code>
+$ ansible-doc -l
+$ ansible-doc ping
 node1# ansible corpX -m ping
+node1# ansible localhost -m ping
 node1# ansible all -m ping
+node1# ansible all -m ping -i inv_file.ini
+node1# ansible all -m ping -i node2:2222, -e "ansible_python_interpreter=/usr/bin/python3"
 node1# ansible corpX -m command -a 'uname -a'
-node1# ansible corpX -a 'uname -a'
-node1# ansible corpX -m apt -a 'pkg=apache2 state=present update_cache=true'
+kube1# ansible kubes -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab'
+kube1# ansible kubes -a 'swapoff -a'
+  ИЛИ
+(venv1) server# ansible all -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4
+(venv1) server# ansible all -a 'swapoff -a' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4
+node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true'
+node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true'
+server# ansible nodes -f 3 -m apt -a 'pkg=openvpn state=present update_cache=true'
+server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=present update_cache=true'
+ubuntu20# apt install python3-paramiko
 server# ansible sws -m ios_command -a "commands='show cdp nei'" -c local
+server# ansible sws -m ios_command -a "commands='show cdp nei'" -c network_cli -e "ansible_network_os=ios"
 </code>
 ===== Использование playbook =====
-  * [[Управление учетными записями в Linux#Назначение пароля]]
+  * [[Формат YAML]]
-  * [[https://docs.ansible.com/ansible/2.5/modules/user_module.html|Ansible module user - Manage user accounts]]
+  * [[https://stackoverflow.com/questions/17188147/how-to-run-ansible-without-specifying-the-inventory-but-the-host-directly|How to run Ansible without specifying the inventory but the host directly?]]
-  * [[https://coderlessons.com/tutorials/raznoe/vyuchi-yaml/uchebnik-po-yaml|Учебник по YAML]]
+  * [[https://stackoverflow.com/questions/33222641/override-hosts-variable-of-ansible-playbook-from-the-command-line|Override hosts variable of Ansible playbook from the command line]]
+==== Пример 1 ====
+  * [[Технология Docker]]
 <code>
+server# cat provision_docker.yml
+  или
+λ touch provision_docker.yml
+  или
+student@node1:~$ cat /vagrant/provision_docker.yml
+</code><code>
+- hosts: "{{ variable_host | default('all') }}"
+  become: yes
+  user: vagrant
+  tasks:
+    - name: Install Docker's prequirement
+      apt:
+        pkg:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - gnupg2
+          - software-properties-common
+        state: present
+        update_cache: true
+    - name: Add Docker's official GPG key
+      apt_key:
+#        url: https://download.docker.com/linux/debian/gpg
+#        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+    - name: Add Docker's repository into sources list
+      apt_repository:
+#        repo: deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable
+#        repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable
+        state: present
+    - name: Install Docker
+      apt:
+        pkg:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-compose-plugin
+        state: present
+        update_cache: true
+</code>
+  * Технология Vagrant: [[Технология Vagrant#Provision с использованием ansible]]
+<code>
+server# ansible-playbook provision_docker.yml
+server# ansible-playbook provision_docker.yml --extra-vars "variable_host=nodes"
+server# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost"
+server# ansible-playbook provision_docker.yml -i inv_file.ini
+server# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222,
+</code>
+==== Пример 2 ====
+  * [[Управление учетными записями в Linux#Назначение пароля]]
+  * [[https://docs.ansible.com/ansible/2.5/modules/user_module.html|Ansible module user - Manage user accounts]]<code>
 node1# cat addusers.yml
 </code><code>
@@ Line 95: / Line 210: @@
         uid: 10001
         shell: /bin/bash
-        comment: "Ivanov Ivan Ivanovitch,RA7,401,499-239-45-23"
+        comment: "Ivan Ivanovitch Ivanov,RA1,401,499-239-45-23"
         password: $6$3Gz1ZuH3yHckA$wQNZbfU/9G6bYx08owpn7CoFP//2WbB4cmDDOgwDYBbwEyHxB0QQyCuMrOiPOLv3JF5RFtIv/r/kxoPPYFCsx1
@@ Line 103: / Line 218: @@
         uid: 10002
         shell: /bin/bash
-        comment: "Petrov Petr Petrov,RA7,402,499-239-45-24"
+        comment: "Petr Petrovitch Petrov,RA7,402,499-323-55-53"
         password: $6$x/AU/p9Dgi/ZiNF$6Xb8J4fsGuTi5IR0LaZe5pSgRX8vp54sfQGWJZZwKX.KFVpUL9m2PJNDh/d/l0rocueIvVjdQTzEAYPMmTm991
 </code><code>
+node1# ansible-playbook addusers.yml --syntax-check
+node1# apt install ansible-lint
+node1# ansible-lint addusers.yml
 node1# ansible-playbook addusers.yml
-</code><code>
+</code>
+==== Пример 3 ====
+  * [[https://docs.ansible.com/ansible/2.3/ios_config_module.html|ios_config - Manage Cisco IOS configuration sections]]
+<code>
 server# cat cisco_change_conf.yml
 </code><code>
 - hosts: sws
   connection: local
+  gather_facts: no
   tasks:
-    - name: Change config on cisco device
+    - name: configure top level configuration
       ios_config:
         lines:
-          - logging facility local0
+          - snmp-server community write RW
-          - logging host server
-          - ip scp server enable
+#          - ip host server 192.168.X.10
+#          - snmp-server host server writetrap
+#          - snmp-server enable traps config
+#          - snmp-server enable traps config-copy
+#          - snmp-server enable traps snmp linkdown linkup
+#          - ip scp server enable
+#          - logging facility local0
+##          - logging host server
+#          - logging host server transport udp port 8514
+#          - ntp server server
+#          - clock timezone MSK 3
+#          - service timestamps log datetime localtime year
+#          - aaa new-model
+#          - aaa authentication login CONSOLE none
+#          - aaa authorization exec CONSOLE none
+#          - enable secret cisco
+#          - aaa authorization console
+#          - aaa authentication login default local
+#          - aaa authorization exec default local
+#          - username root privilege 15 secret cisco
+#          - radius-server host server auth-port 1812 acct-port 1813
+#          - radius-server key testing123
+#          - aaa authentication login default group radius enable
+#          - aaa authorization exec default group radius none
+#          - tacacs-server host server
+#          - tacacs-server key tackey123
+#          - aaa authentication login default group tacacs+ enable
+#          - aaa authorization exec default group tacacs+ none
+#          - aaa accounting commands 15 default start-stop group tacacs+
+#          - aaa authentication dot1x default group radius
+##          - aaa accounting dot1x default start-stop group radius
+#    - name: configure line con 0
+#      ios_config:
+#        lines:
+#          - login authentication CONSOLE
+#          - authorization exec CONSOLE
+#          - privilege level 15
+#        parents: line con 0
 </code><code>
 server# ansible-playbook cisco_change_conf.yml
@@ Line 127: / Line 303: @@
   * [[https://ru.wikipedia.org/wiki/%D0%98%D0%B4%D0%B5%D0%BC%D0%BF%D0%BE%D1%82%D0%B5%D0%BD%D1%82%D0%BD%D0%BE%D1%81%D1%82%D1%8C|Идемпотентность]]
+  * [[https://cryptic-cliffs-32040.herokuapp.com/|How can I test jinja2 templates in ansible?]]
 <code>
@@ Line 138: / Line 315: @@
 <body>
 <h1>
-{{ ansible_fqdn }}
+Hello from {{ ansible_fqdn }}
 </h1>
 </body>
@@ Line 154: / Line 331: @@
 </code><code>
 node1# ansible-playbook inst_apache.yml
+</code><code>
+# cat iax.conf.j2
+</code><code>
+[general]
+disallow=all
+allow=alaw
+{% for Y in YS %}
+[corp{{Y}}]
+type=user
+host=dynamic
+secret=apassword{{Y}}
+auth=md5
+[corp{{Y}}]
+type=peer
+host=server.corp{{Y}}.un
+username=corp{{X}}
+secret=apassword{{X}}
+auth=md5
+{% endfor %}
 </code><code>
 # cat ast_iax_corps.yml
@@ Line 168: / Line 367: @@
 </code>
 ===== Использование handlers =====
+==== Пример 1 ====
+  * [[Сервис HTTP#Использование домашних каталогов]]
 <code>
@@ Line 189: / Line 392: @@
 </code>
+==== Пример 2 ====
+<code>
+server# cat za.conf
+</code><code>
+ListenIP=0.0.0.0
+StartAgents=0
+ServerActive=server
+UserParameter=listinstalledsoft,ls /usr/share/applications | awk -F '.desktop' ' { print $1}' -
+</code><code>
+node1# cat za.yml
+</code><code>
+- hosts: lin_ws
+  tasks:
+    - name: Install zabbix agent
+      apt: pkg=zabbix-agent state=present update_cache=true
+    - name: Create conf file
+      copy: src=za.conf dest=/etc/zabbix/zabbix_agentd.conf.d/za.conf
+      notify:
+        - restart za
+  handlers:
+    - name: restart za
+      service: name=zabbix-agent state=restarted
+</code><code>
+server# ansible-playbook za.yml
+</code>
 ===== Использование ролей =====
   * [[https://rtfm.co.ua/ansible-roli-roles-primer/|Ansible: роли (roles) – пример]]
+  * [[https://andreyex.ru/linux/ansible-roli-v-ansible/|Ansible. Роли в Ansible]]
   * [[Настройка стендов слушателей#Ansible конфигурация]]
+==== Роль настроенного через ifupdown узла сети ====
 <code>
-# cat host.yml
+# ###cd /root/conf/
+# ###git pull origin master
+# ###cd /root/conf/ansible/roles/
+# cat nodes.yml
 </code><code>
-- name: Network config for hosts
+- name: Network config for nodes
   hosts: addnodes
+#  hosts: kubes
+#  hosts: all
   roles:
-    - host
+    - node
 </code><code>
-# cat host/vars/main.yml
+# ansible-galaxy init node  # не обязательно
+# cat node/vars/main.yml
 </code><code>
 name_prefix: node
+#name_prefix: kube
 X: "{{ ansible_eth0.ipv4.address.split('.')[2] }}"
-N: "{{ ansible_eth0.ipv4.address.split('.')[3] }}"
+N: "{{ ansible_eth0.ipv4.address.split('.')[3][-1] }}"
 </code><code>
-# cat host/tasks/main.yml
+# cat node/tasks/main.yml
 </code><code>
 - name: Create hosts file
@@ Line 218: / Line 461: @@
 - name: Create hostname file
   template: src=hostname.j2 dest=/etc/hostname
+  notify:
+    - restart system
 - name: Create interfaces file
   template: src=interfaces.j2 dest=/etc/network/interfaces
+  notify:
+    - restart system
-- name: Restart system
+- name: Set timezone to Europe/Moscow
-  command: shutdown -r +1
+  timezone:
+    name: Europe/Moscow
 </code><code>
-# cat host/templates/hostname.j2
+# cat node/handlers/main.yml
+</code><code>
+- name: restart system
+  reboot:
+</code><code>
+debian11# mkdir node/templates
+# cat node/templates/hostname.j2
 </code><code>
 {{ name_prefix }}{{ N }}.corp{{ X }}.un
 </code><code>
-# cat host/templates/hosts.j2
+# cat node/templates/hosts.j2
 </code><code>
 .0.0.1 localhost
@@ Line 235: / Line 490: @@
 {{ ansible_eth0.ipv4.address }} {{ name_prefix }}{{ N }}.corp{{ X }}.un {{ name_prefix }}{{ N }}
 </code><code>
-# cat host/templates/resolv.conf.j2
+# cat node/templates/resolv.conf.j2
 </code><code>
 search corp{{ X }}.un
 nameserver 192.168.{{ X }}.1
 nameserver 192.168.{{ X }}.2
+#nameserver 192.168.{{ X }}.10
 </code><code>
-# cat host/templates/interfaces.j2
+# cat node/templates/interfaces.j2
 </code><code>
 auto lo
@@ Line 251: / Line 507: @@
         netmask 255.255.255.0
         gateway 192.168.{{ X }}.254
+#        gateway 192.168.{{ X }}.1
 </code><code>
-# ansible-playbook host.yml
+# ansible-playbook -f 5 nodes.yml
+  ИЛИ
+# ansible-playbook -f 5 /root/conf/ansible/roles/nodes.yml
+  ИЛИ
+(venv1) server# ansible-playbook -f 5 /root/conf/ansible/roles/nodes.yml -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4
+</code>
+==== Роль OpenVPN сервера ====
+<code>
+server:~# mkdir openvpn1 && cd openvpn1
+server:~/openvpn1# ansible-galaxy init openvpn1
+server:~/openvpn1# cd openvpn1/files/
+server:~/openvpn1/openvpn1/files#
+</code>
+  * В текущем каталоге выполняем и сохраняем файлы из тем [[Пакет OpenSSL#Создание параметра DH]] и [[Пакет OpenSSL#Создание самоподписанного сертификата]] (не указываем AltName, Common Name: server - достаточно)
+<code>
+server:~/openvpn1/openvpn1/files# ls
+</code><code>
+dh2048.pem  server.crt  server.key
+</code><code>
+server:~/openvpn1/openvpn1/files# cd ../../
+server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2
+</code><code>
+dev tun
+keepalive 10 120
+server {{node_nets[ansible_hostname]}} 255.255.255.0
+push "route 192.168.{{X}}.0 255.255.255.0"
+#push "dhcp-option DNS 192.168.{{X}}.10"
+#push "block-outside-dns"
+#push "dhcp-option DOMAIN corp{{X}}.un"
+dh /etc/openvpn/dh2048.pem
+key /etc/ssl/private/server.key
+ca /etc/ssl/certs/server.crt
+cert /etc/ssl/certs/server.crt
+verify-client-cert none
+plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
+username-as-common-name
+#duplicate-cn
+status /var/log/openvpn1-status.log
+management 0.0.0.0 7505
+</code><code>
+server:~/openvpn1# cat openvpn1/tasks/main.yml
+</code><code>
+- name: Install OpenVPN
+  apt: pkg=openvpn state=present update_cache=true
+#  when: node_nets[ansible_hostname] is defined
+- name: Create openvpn1.conf file
+  template: src=openvpn1.conf.j2 dest=/etc/openvpn/openvpn1.conf
+  notify:
+    - restart openvpn1
+- name: Copy file server.key
+  copy:
+    src: server.key
+    dest: /etc/ssl/private/server.key
+    mode: '0600'
+  notify:
+    - restart openvpn1
+- name: Copy many files
+  copy:
+    src: '{{item.0}}'
+    dest: '{{item.1}}'
+  loop:
+    - [ 'dh2048.pem', '/etc/openvpn/dh2048.pem' ]
+    - [ 'server.crt', '/etc/ssl/certs/server.crt' ]
+  notify:
+    - restart openvpn1
+- name: Enable service OpenVPN
+  service:
+    name: openvpn@openvpn1
+    enabled: yes
+#    state: started
+</code><code>
+server:~/openvpn1# cat openvpn1/handlers/main.yml
+</code><code>
+- name: restart openvpn1
+  service:
+    name: openvpn@openvpn1
+    state: restarted
+</code><code>
+server:~/openvpn1# cat inventory.yaml
+</code><code>
+all:
+  vars:
+    X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}"
+    ansible_python_interpreter: "/usr/bin/python3"
+    ansible_ssh_user: vagrant
+    ansible_ssh_pass: strongpassword
+    ansible_become: yes
+    node_nets:
+      node1: 192.168.110.0
+      node2: 192.168.120.0
+      node3: 192.168.130.0
+prod_nodes:
+  hosts:
+    node1:
+    node2:
+test_nodes:
+  hosts:
+    node3:
+</code><code>
+server:~/openvpn1# cat openvpn1.yaml
+</code><code>
+- name: Run openvpn1 on nodes
+  hosts: "{{ variable_host | default('prod_nodes') }}"
+  roles:
+    - role: openvpn1
+      when: node_nets[ansible_hostname] is defined
+</code><code>
+server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz && cd openvpn1
+server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
+server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml    # можно через GitLab CI/CD
+server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all"
+</code>
+  * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]]
+==== Фрагмент роли с условиями и отладкой ====
+<code>
+# cat conf/ansible/roles/host/vars/main.yml
+</code><code>
+...
+octet4: "{{ ansible_eth0.ipv4.address.split('.')[3] }}"
+...
+</code><code>
+# cat conf/ansible/roles/host/tasks/main.yml
+</code><code>
+- name: set vars for server
+  set_fact:
+    hostname: "mail"
+    X: "{{ octet4 | int - 100 }}"
+  when: octet4 | int >= 100
+- name: set vars for mail
+  set_fact:
+    hostname: "server"
+    X: "{{ octet4 }}"
+  when: octet4 | int < 100
+- name: echo variables
+  debug:
+    msg: octet4 is {{ octet4 }}, X is {{ X }}, hostname is {{hostname}}
+#- meta: end_play
+...
+</code>
+==== ansible-pull ====
+  * [[https://medium.com/splunkuserdeveloperadministrator/using-ansible-pull-in-ansible-projects-ac04466643e8|Using Ansible Pull In Ansible Projects]]
+  * [[Инсталяция системы в конфигурации Desktop]]
+  * [[Переменные окружения]]
+=== Вариант 1 ===
+<code>
+client1:~/ansible-pull-gpo# cat thunderbird/tasks/main.yml
+</code><code>
+- name: Install Thunderbird
+  apt: pkg=thunderbird state=present update_cache=true
+</code><code>
+client1:~/ansible-pull-gpo# cat proxy/files/etc/environment
+</code><code>
+#http_proxy=http://gate.corpX.un:3128
+https_proxy=http://gate.corpX.un:3128
+no_proxy=localhost,127.0.0.1,isp.un,corpX.un
+</code><code>
+client1:~/ansible-pull-gpo# cat proxy/tasks/main.yml
+</code><code>
+- name: Copy file environment
+  copy:
+    src: etc/environment
+    dest: /etc/environment
+</code><code>
+client1:~/ansible-pull-gpo# cat local.yml
+</code><code>
+- hosts: localhost
+  roles:
+    - role: proxy
+    - role: thunderbird
+</code><code>
+client1:~/ansible-pull-gpo# ansible-playbook local.yml
+</code>
+  * [[Инструмент GitLab]] (Создать публичный проект без readme и скопировать подсказки)
+<code>
+client3:~# ###ansible-pull -U http://gate.corpX.un/user1/ansible-pull-gpo.git
+</code><code>
+client1:~/ansible-pull-gpo# cat start.sh
+</code><code>
+#!/bin/bash
+apt update
+apt install -y git ansible
+echo -e "0 */2 * * * \
+/usr/bin/ansible-pull -s 120 -U http://gate.corpX.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull\n\
+@reboot sleep 1m; /usr/bin/ansible-pull -U http://gate.corpX.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull" | crontab -
+init 6
+</code>
+  * Инструмент GitLab [[Инструмент GitLab#Подключение через API]]
+=== Вариант 2 ===
+  * [[Средства программирования shell#Использование диалоговых окон]]
+<code>
+$ cat ansible-pull-gpo\local.yml
+</code><code>
+- hosts: localhost
+  tasks:
+    - name: Set timezone to Europe/Moscow
+      timezone:
+        name: Europe/Moscow
+    - name: Russian Interface
+      shell: |
+        echo 'ru_RU.UTF-8 UTF-8' > /etc/locale.gen
+        locale-gen
+        echo LANG=ru_RU.UTF-8 > /etc/default/locale
+      when: CONF_RUS_INT is defined
+    - name: Install Firefox in Debian
+      apt: pkg=firefox-esr state=present update_cache=true
+#      debug: msg="Install Firefox in Debian"
+      when: ansible_distribution == 'Debian'
+    - name: Install Firefox in Ubuntu
+      apt: pkg=firefox state=present update_cache=true
+#      debug: msg="Install Firefox in Ubuntu"
+      when: ansible_distribution == 'Ubuntu'
+    - name: Install Thunderbird
+      apt: pkg=thunderbird state=present update_cache=true
+      when: PROG_THBIRD is defined
+  roles:
+    - role: zabbix_agent
+      when: ROLE_ZAB_AG is defined
+    - role: openvpn1_client
+      when: ROLE_OVPN1_CL is defined
+</code><code>
+client1:~# cat /usr/local/etc/gpo_options.yml
+</code><code>
+CONF_RUS_INT:
+PROG_THBIRD:
+ROLE_ZAB_AG:
+</code><code>
+client1:~# /usr/bin/ansible-pull -U http://server.corp13.un/student/ansible-pull-gpo.git -C test -e @/usr/local/etc/gpo_options.yml
+</code>
+  * [[Планирование выполнения заданий в Linux#Сервис cron]]
+====== Дополнительные материалы ======
+<code>
+выполнение команд на цисках через ансибл
+. добавить в /etc/ansible/group_vars/all.yml строки
+ansible_connection: network_cli
+ansible_network_os: ios
+. создать файл playbook формата
+- name: Run show commands on routers
+  hosts: cisco-routers
+  tasks:
+    - name: run show commands
+      ios_command:
+        commands: # перечисление команд
+          - show ip int br
+          - sh ip route
+      register: show_result
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools