User Tools
сервис_ansible
This is an old revision of the document!
Table of Contents
Сервис Ansible
Установка на управляющей системе
Из репозитория дистрибутива
node1# apt install ansible node1# ansible --version
Из репозитория производителя
Установка на управляемых системах
nodeN# apt install python python-apt debian11/ubuntu20# apt install python python3-apt
Настройка групп управляемых систем
debian11# mkdir /etc/ansible/ node1# cat /etc/ansible/hosts
[all:vars] #ansible_python_interpreter="/usr/bin/python3" #[corp] #server.corp13.un #server.corp[1:12].un ansible_ssh_user=root ansible_ssh_pass=123 #mail.corp[1:12].un ansible_ssh_user=root ansible_ssh_pass=123 #192.168.[1:25].10 [corpX] node[1:2] [addnodes] 192.168.X.[3:9] ansible_ssh_user=root ansible_ssh_pass=123 [sws] switch[1:3] ansible_ssh_user=root ansible_ssh_pass=cisco [nodes] node[1:3] [nodes:vars] ansible_ssh_user=vagrant ansible_ssh_pass=123 ansible_become=yes
Настройка транспорта ssh
- Для автоматизации подключения к новым системам может потребоваться отключение проверки их публичного ключа и Парольная аутентификация в ssh
# cat /etc/ansible/ansible.cfg
[defaults] ... host_key_checking = False ...
- Аутентификация с использованием ключей ssh (!!! не забыть подключение ansible узла к себе !!!)
node1# ssh-keygen node1# ssh-copy-id node1 node1# ssh-copy-id node2
Использование модулей
$ ansible-doc -l $ ansible-doc ping node1# ansible corpX -m ping node1# ansible all -m ping node1# ansible all -m ping -i inv_file.ini node1# ansible all -m ping -i node2:2222, -e "ansible_python_interpreter=/usr/bin/python3" node1# ansible corpX -m command -a 'uname -a' node1# ansible corpX -a 'uname -a' node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true' node1# ansible addnodes -f 5 -m apt -a 'pkg=ceph state=present update_cache=true' node1# ansible addnodes -m community.general.shutdown !!!Зависает Vbox, попробовать в один поток node3# ansible addnodes -m copy -a 'src=/etc/ceph/ceph.conf dest=/etc/ceph/ceph.conf' server# ansible sws -m ios_command -a "commands='show cdp nei'" -c local # apt install python3-paramiko # ansible sws -m ios_command -a "commands='show cdp nei'" -c network_cli -e "ansible_network_os=ios" -e "ansible_python_interpreter=/usr/bin/python3"
Использование playbook
Пример 1
λ cat provision_docker.yml
- hosts: "{{ variable_host | default('all') }}"
become: yes
user: vagrant
tasks:
- name: Install Docker's prequirement
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- gnupg2
- software-properties-common
state: present
update_cache: true
- name: Add Docker's official GPG key
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add Docker's repository into sources list
apt_repository:
# repo: deb [arch=amd64] https://download.docker.com/linux/debian buster stable
repo: deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable
state: present
- name: Install Docker
apt: pkg=docker-ce state=present update_cache=true
gate# ansible-playbook provision_docker.yml gate# ansible-playbook provision_docker.yml -i inv_file.ini gate# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222, gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=corp" gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost"
Пример 2
- Ansible module user - Manage user accounts
node1# cat addusers.yml
- hosts: corpX tasks: - name: Add user1 user: name: user1 uid: 10001 shell: /bin/bash comment: "Ivan Ivanovitch Ivanov,RA1,401,499-239-45-23" password: $6$3Gz1ZuH3yHckA$wQNZbfU/9G6bYx08owpn7CoFP//2WbB4cmDDOgwDYBbwEyHxB0QQyCuMrOiPOLv3JF5RFtIv/r/kxoPPYFCsx1 - name: Add user2 user: name: user2 uid: 10002 shell: /bin/bash comment: "Petr Petrovitch Petrov,RA7,402,499-323-55-53" password: $6$x/AU/p9Dgi/ZiNF$6Xb8J4fsGuTi5IR0LaZe5pSgRX8vp54sfQGWJZZwKX.KFVpUL9m2PJNDh/d/l0rocueIvVjdQTzEAYPMmTm991node1# ansible-playbook addusers.yml
Пример 3
server# cat cisco_change_conf.yml
- hosts: sws
connection: local
tasks:
- name: configure top level configuration
ios_config:
lines:
- logging facility local0
- logging host server
- logging host server transport udp port 8514
- ip scp server enable
# - snmp-server host server writetrap
# - snmp-server community write RW
# - snmp-server enable traps config
# - snmp-server enable traps config-copy
# - snmp-server enable traps snmp linkdown linkup
# - ntp server server
# - clock timezone MSK 3
# - service timestamps log datetime localtime year
# - aaa new-model
# - aaa authentication login CONSOLE none
# - aaa authorization exec CONSOLE none
# - enable secret cisco
# - aaa authorization console
# - aaa authentication login default local
# - aaa authorization exec default local
# - radius-server host server auth-port 1812 acct-port 1813
# - radius-server key testing123
# - aaa authentication login default group radius enable
# - aaa authorization exec default group radius none
# - tacacs-server host server
# - tacacs-server key tackey123
# - aaa authentication login default group tacacs+ enable
# - aaa authorization exec default group tacacs+ none
# - aaa accounting commands 15 default start-stop group tacacs+
# - aaa authentication dot1x default group radius
## - aaa accounting dot1x default start-stop group radius
# - name: configure line con 0
# ios_config:
# lines:
# - login authentication CONSOLE
# - authorization exec CONSOLE
# - privilege level 15
# parents: line con 0
server# ansible-playbook cisco_change_conf.yml server# ansible-playbook cisco_change_conf.yml --limit @/root/cisco_change_conf.retry
Использование шаблонов
node1# ansible -m setup corpX node1# ansible -m setup corpX | grep ansible_fqdn node1# cat index.html.j2
<html>
<body>
<h1>
{{ ansible_fqdn }}
</h1>
</body>
</html>
node1# cat inst_apache.yml
- hosts: corpX
tasks:
- name: Installs apache web server
apt: pkg=apache2 state=present update_cache=true
- name: Create index.html file
template: src=index.html.j2 dest=/var/www/html/index.html
node1# ansible-playbook inst_apache.yml
# cat iax.conf.j2
[general]
disallow=all
allow=alaw
{% for Y in YS %}
[corp{{Y}}]
type=user
host=dynamic
secret=apassword{{Y}}
auth=md5
[corp{{Y}}]
type=peer
host=server.corp{{Y}}.un
username=corp{{X}}
secret=apassword{{X}}
auth=md5
{% endfor %}
# cat ast_iax_corps.yml
- hosts: corp
tasks:
- name: Create iax.conf file
template: src=iax.conf.j2 dest=/etc/asterisk/iax.conf
- name: Reload asterisk confs
service: name=asterisk state=reloaded
# ansible-playbook ast_iax_corps.yml --extra-vars '{"X":"{{ ansible_eth0.ipv4.address.split(\".\")[3] }}","YS":[1,2,3,4,5,6,7,8,9,10,11,12,13]}'
Использование handlers
node1# cat conf_apache.yml
- hosts: corpX
tasks:
- name: Add userdir to apache
apache2_module:
state: present
# state: absent
name: userdir
notify:
- restart apache
handlers:
- name: restart apache
service: name=apache2 state=restarted
node1# ansible-playbook conf_apache.yml
Использование ролей
# cat nodes.yml
- name: Network config for nodes
hosts: addnodes
roles:
- node
# ansible-galaxy init node # не обязательно # cat node/vars/main.yml
name_prefix: node
X: "{{ ansible_eth0.ipv4.address.split('.')[2] }}"
N: "{{ ansible_eth0.ipv4.address.split('.')[3] }}"
# cat node/tasks/main.yml
- name: Create hosts file
template: src=hosts.j2 dest=/etc/hosts
- name: Create resolv.conf file
template: src=resolv.conf.j2 dest=/etc/resolv.conf
- name: Create hostname file
template: src=hostname.j2 dest=/etc/hostname
notify:
- restart system
- name: Create interfaces file
template: src=interfaces.j2 dest=/etc/network/interfaces
notify:
- restart system
- name: Set timezone to Europe/Moscow
timezone:
name: Europe/Moscow
# cat node/handlers/main.yml
- name: restart system reboot:
debian11# mkdir node/templates # cat node/templates/hostname.j2
{{ name_prefix }}{{ N }}.corp{{ X }}.un
# cat node/templates/hosts.j2
127.0.0.1 localhost
{{ ansible_eth0.ipv4.address }} {{ name_prefix }}{{ N }}.corp{{ X }}.un {{ name_prefix }}{{ N }}
# cat node/templates/resolv.conf.j2
search corp{{ X }}.un
nameserver 192.168.{{ X }}.1
nameserver 192.168.{{ X }}.2
# cat node/templates/interfaces.j2
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address {{ ansible_eth0.ipv4.address }}
netmask 255.255.255.0
gateway 192.168.{{ X }}.254
# ansible-playbook -f 5 nodes.yml
сервис_ansible.1646809277.txt.gz · Last modified: 2022/03/09 10:01 by val
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
