User Tools
сервис_ansible
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
сервис_ansible [2022/08/15 16:28] val [Роль OpenVPN сервера] |
сервис_ansible [2022/09/28 06:58] val [Сервис Ansible] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Сервис Ansible ====== | ====== Сервис Ansible ====== | ||
| + | |||
| + | * Управление инфраструктурой на примере [[https://ru.wikipedia.org/wiki/Ansible|Аnsible - wikipedia]] | ||
| * [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]] | * [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]] | ||
| - | * [[https://habrahabr.ru/post/195048/|Ansible]] | ||
| * [[https://habrahabr.ru/post/305400/|Пособие по Ansible]] | * [[https://habrahabr.ru/post/305400/|Пособие по Ansible]] | ||
| Line 105: | Line 106: | ||
| node1# ansible corpX -m command -a 'uname -a' | node1# ansible corpX -m command -a 'uname -a' | ||
| node1# ansible corpX -a 'uname -a' | node1# ansible corpX -a 'uname -a' | ||
| + | |||
| node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true' | node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true' | ||
| node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true' | node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true' | ||
| + | |||
| + | server# ansible nodes -f 3 -m apt -a 'pkg=openvpn state=present update_cache=true' | ||
| + | server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=absent update_cache=true' | ||
| + | |||
| ubuntu20# apt install python3-paramiko | ubuntu20# apt install python3-paramiko | ||
| Line 124: | Line 130: | ||
| ==== Пример 1 ==== | ==== Пример 1 ==== | ||
| + | |||
| + | * [[Технология Docker]] | ||
| + | |||
| <code> | <code> | ||
| - | # cat provision_docker.yml | + | server# cat provision_docker.yml |
| или | или | ||
| - | λ npp provision_docker.yml & | + | λ touch provision_docker.yml |
| </code><code> | </code><code> | ||
| - hosts: "{{ variable_host | default('all') }}" | - hosts: "{{ variable_host | default('all') }}" | ||
| Line 164: | Line 173: | ||
| state: present | state: present | ||
| update_cache: true | update_cache: true | ||
| - | </code><code> | + | </code> |
| - | gate# ansible-playbook provision_docker.yml | + | |
| + | * Технология Vagrant: [[Технология Vagrant#Provision с использованием ansible]] | ||
| + | |||
| + | <code> | ||
| + | server# ansible-playbook provision_docker.yml | ||
| - | gate# ansible-playbook provision_docker.yml -i inv_file.ini | + | server# ansible-playbook provision_docker.yml --extra-vars "variable_host=nodes" |
| - | gate# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222, | + | server# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost" |
| - | gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=corp" | + | server# ansible-playbook provision_docker.yml -i inv_file.ini |
| - | gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost" | + | server# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222, |
| </code> | </code> | ||
| ==== Пример 2 ==== | ==== Пример 2 ==== | ||
| Line 448: | Line 461: | ||
| ==== Роль OpenVPN сервера ==== | ==== Роль OpenVPN сервера ==== | ||
| <code> | <code> | ||
| + | server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz | ||
| + | |||
| + | ИЛИ | ||
| + | |||
| server:~# mkdir openvpn1 && cd openvpn1 | server:~# mkdir openvpn1 && cd openvpn1 | ||
| Line 456: | Line 473: | ||
| server:~/openvpn1/openvpn1/files# | server:~/openvpn1/openvpn1/files# | ||
| </code> | </code> | ||
| - | * В текущем каталоге выполняем и сохраняем файлы из тем [[Пакет OpenSSL#Создание параметра DH]] и [[Пакет OpenSSL#Создание самоподписанного сертификата]] (не указываем AltName и Common Name) | + | * В текущем каталоге выполняем и сохраняем файлы из тем [[Пакет OpenSSL#Создание параметра DH]] и [[Пакет OpenSSL#Создание самоподписанного сертификата]] (не указываем AltName, Common Name: server - достаточно) |
| <code> | <code> | ||
| server:~/openvpn1/openvpn1/files# ls | server:~/openvpn1/openvpn1/files# ls | ||
| Line 462: | Line 479: | ||
| dh2048.pem server.crt server.key | dh2048.pem server.crt server.key | ||
| </code><code> | </code><code> | ||
| - | server:~/openvpn1/openvpn1/files# cd - | + | server:~/openvpn1/openvpn1/files# cd ../../ |
| server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2 | server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2 | ||
| Line 471: | Line 488: | ||
| server {{node_nets[ansible_hostname]}} 255.255.255.0 | server {{node_nets[ansible_hostname]}} 255.255.255.0 | ||
| - | push "route 192.168.X.0 255.255.255.0" | + | push "route 192.168.{{X}}.0 255.255.255.0" |
| - | status /var/log/openvpn1-status.log | + | #push "dhcp-option DNS 192.168.{{X}}.10" |
| + | #push "block-outside-dns" | ||
| dh /etc/openvpn/dh2048.pem | dh /etc/openvpn/dh2048.pem | ||
| key /etc/ssl/private/server.key | key /etc/ssl/private/server.key | ||
| ca /etc/ssl/certs/server.crt | ca /etc/ssl/certs/server.crt | ||
| cert /etc/ssl/certs/server.crt | cert /etc/ssl/certs/server.crt | ||
| - | plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login | + | |
| verify-client-cert none | verify-client-cert none | ||
| + | plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login | ||
| username-as-common-name | username-as-common-name | ||
| + | #duplicate-cn | ||
| + | |||
| + | status /var/log/openvpn1-status.log | ||
| - | #management 0.0.0.0 7505 | + | management 0.0.0.0 7505 |
| </code><code> | </code><code> | ||
| server:~/openvpn1# cat openvpn1/tasks/main.yml | server:~/openvpn1# cat openvpn1/tasks/main.yml | ||
| Line 529: | Line 552: | ||
| all: | all: | ||
| vars: | vars: | ||
| + | X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}" | ||
| ansible_python_interpreter: "/usr/bin/python3" | ansible_python_interpreter: "/usr/bin/python3" | ||
| ansible_ssh_user: vagrant | ansible_ssh_user: vagrant | ||
| Line 548: | Line 572: | ||
| </code><code> | </code><code> | ||
| server:~/openvpn1# cat openvpn1.yaml | server:~/openvpn1# cat openvpn1.yaml | ||
| + | </code><code> | ||
| - name: Run openvpn1 on nodes | - name: Run openvpn1 on nodes | ||
| hosts: "{{ variable_host | default('prod_nodes') }}" | hosts: "{{ variable_host | default('prod_nodes') }}" | ||
| Line 557: | Line 582: | ||
| server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml | server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml | ||
| + | |||
| + | server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all" | ||
| </code> | </code> | ||
| + | |||
| + | * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | ||
| ==== Фрагмент роли с условиями и отладкой ==== | ==== Фрагмент роли с условиями и отладкой ==== | ||
сервис_ansible.txt · Last modified: 2024/05/08 06:47 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
