User Tools

Site Tools


сервис_ansible

This is an old revision of the document!


Сервис Ansible

Установка на управляющем узле

node1# apt install ansible

Установка на управляемых узлах

nodeN# apt install python python-apt

Настройка списков управляемых машин

  • Определение групп управляемых систем
node1# cat /etc/ansible/hosts
#[corp]
#server.corp[1:12].un
#server.corp13.un ansible_ssh_user=root ansible_ssh_pass=123

[corpX]
node[1:2]

[sws]
switch[1:3] ansible_ssh_user=root ansible_ssh_pass=cisco

Настройка транспорта ssh

  • Для автоматизации подключения к новым системам может потребоваться отключение проверки их публичного ключа и Парольная аутентификация в ssh
# cat /etc/ansible/ansible.cfg
...
host_key_checking = False
...
node1# ssh-keygen

node1# ssh-copy-id node1
node1# ssh-copy-id node2

Использование модулей

node1# ansible corpX -m ping
node1# ansible all -m ping

node1# ansible corpX -m command -a 'uname -a'
node1# ansible corpX -a 'uname -a'

node1# ansible corpX -m apt -a 'pkg=apache2 state=present update_cache=true'

server# ansible sws -m ios_command -a "commands='show cdp nei'" -c local

Использование playbook

node1# cat addusers.yml
- hosts: corpX
  tasks:
    - name: Add user1
      user:
        name: user1
        uid: 10001
        shell: /bin/bash
        comment: "Ivanov Ivan Ivanovitch,RA7,401,499-239-45-23"
        password: $6$3Gz1ZuH3yHckA$wQNZbfU/9G6bYx08owpn7CoFP//2WbB4cmDDOgwDYBbwEyHxB0QQyCuMrOiPOLv3JF5RFtIv/r/kxoPPYFCsx1

    - name: Add user2
      user:
        name: user2
        uid: 10002
        shell: /bin/bash
        comment: "Petrov Petr Petrov,RA7,402,499-239-45-24"
        password: $6$x/AU/p9Dgi/ZiNF$6Xb8J4fsGuTi5IR0LaZe5pSgRX8vp54sfQGWJZZwKX.KFVpUL9m2PJNDh/d/l0rocueIvVjdQTzEAYPMmTm991
node1# ansible-playbook addusers.yml
server# cat cisco_change_conf.yml
- hosts: sws
  connection: local
  tasks:
    - name: Change config on cisco device
      ios_config:
        lines:
          - logging facility local0
          - logging host server
          - ip scp server enable
server# ansible-playbook cisco_change_conf.yml

server# ansible-playbook cisco_change_conf.yml --limit @/root/cisco_change_conf.retry

Использование шаблонов

node1# ansible -m setup corpX

node1# ansible -m setup corpX | grep ansible_fqdn

node1# cat index.html.j2
<html>
<body>
<h1>
{{ ansible_fqdn }}
</h1>
</body>
</html>
node1# cat inst_apache.yml
- hosts: corpX
  tasks:
    - name: Installs apache web server
      apt: pkg=apache2 state=present update_cache=true

    - name: Create index.html file
      template: src=index.html.j2 dest=/var/www/html/index.html
node1# ansible-playbook inst_apache.yml

Использование handlers

node1# cat conf_apache.yml
- hosts: corpX
  tasks:
    - name: Add userdir to apache
      apache2_module:
        state: present
#        state: absent
        name: userdir
      notify:
        - restart apache

  handlers:
    - name: restart apache
      service: name=apache2 state=restarted
node1# ansible-playbook conf_apache.yml

Использование ролей

server.isp.un:~/ansible/roles# cat host.yml
- name: Network config for hosts
  hosts: corp
  strategy: free
  roles:
    - host
server.isp.un:~/ansible/roles# cat host/tasks/main.yml
- name: Create hosts file
  template: src=hosts.j2 dest=/etc/hosts

- name: Create resolv.conf file
  template: src=resolv.conf.j2 dest=/etc/resolv.conf

- name: Create hostname file
  template: src=hostname.j2 dest=/etc/hostname

- name: Create interfaces file
  template: src=interfaces.j2 dest=/etc/network/interfaces

#- name: Restart system
#  command: shutdown -r +1
server.isp.un:~/ansible/roles# cat host/vars/main.yml
hostname: server
#hostname: mail
base_domain_prefix: corp
base_domain_suffix: un
base_net: 172.16.1
gateway_octet: 254
dns_ip: 172.16.1.254
X: "{{ ansible_eth0.ipv4.address.split('.')[3] }}"
#X: "{{ ansible_eth0.ipv4.address.split('.')[3] | int - 100 }}"
server.isp.un:~/ansible/roles# cat host/templates/hosts.j2
127.0.0.1 localhost

{{ ansible_eth0.ipv4.address }} {{ hostname }}.{{ base_domain_prefix }}{{ X }}.{{ base_domain_suffix }} {{ hostname }}

{{ base_net }}.254 rep
server.isp.un:~/ansible/roles# cat host/templates/resolv.conf.j2
search {{ base_domain_prefix }}{{ X }}.{{ base_domain_suffix }}
nameserver {{ dns_ip }}
server.isp.un:~/ansible/roles# cat host/templates/hostname.j2
{{ hostname }}.{{ base_domain_prefix }}{{ X }}.{{ base_domain_suffix }}
server.isp.un:~/ansible/roles# cat host/templates/interfaces.j2
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address {{ ansible_eth0.ipv4.address }}
        netmask 255.255.255.0
        gateway {{ base_net }}.{{ gateway_octet }}
root@server:~/ansible/roles# ansible-playbook host.yml

или

root@server:~# ansible-playbook ansible/roles/host.yml
сервис_ansible.1586763666.txt.gz · Last modified: 2020/04/13 10:41 by val