Differences

This shows you the differences between two versions of the page.

--- сервис_ansible [2022/09/28 06:58]
val [Сервис Ansible]
+++ сервис_ansible [2023/09/15 11:31] (current)
val [Пример 1]
@@ Line 5: / Line 5: @@
   * [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]]
   * [[https://habrahabr.ru/post/305400/|Пособие по Ansible]]
+  * [[https://habr.com/ru/post/508762/|Основы Ansible, без которых ваши плейбуки — комок слипшихся макарон]]
   * [[https://www.cisco.com/c/dam/m/ru_ru/training-events/2019/cisco-connect/pdf/introduction_automation_with_ansible_idrey.pdf|Введение в автоматизацию с помощью Ansible (Cisco)]]
@@ Line 78: / Line 79: @@
 </code><code>
 [defaults]
-...
+#...
 host_key_checking = False
-...
+#...
 </code>
@@ Line 105: / Line 106: @@
 node1# ansible corpX -m command -a 'uname -a'
-node1# ansible corpX -a 'uname -a'
+# ansible kubes -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab'
+# ansible kubes -a 'swapoff -a'
@@ Line 113: / Line 115: @@
 server# ansible nodes -f 3 -m apt -a 'pkg=openvpn state=present update_cache=true'
-server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=absent update_cache=true'
+server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=present update_cache=true'
@@ Line 139: / Line 141: @@
 λ touch provision_docker.yml
+  или
+student@node1:~$ cat /vagrant/provision_docker.yml
 </code><code>
 - hosts: "{{ variable_host | default('all') }}"
@@ Line 213: / Line 219: @@
 </code><code>
+node1# ansible-playbook addusers.yml --syntax-check
+node1# apt install ansible-lint
+node1# ansible-lint addusers.yml
 node1# ansible-playbook addusers.yml
 </code>
@@ Line 225: / Line 236: @@
 - hosts: sws
   connection: local
+  gather_facts: no
   tasks:
     - name: configure top level configuration
       ios_config:
         lines:
-          - ip host server 192.168.X.10
-          - snmp-server host server writetrap
           - snmp-server community write RW
+#          - ip host server 192.168.X.10
+#          - snmp-server host server writetrap
 #          - snmp-server enable traps config
@@ Line 252: / Line 264: @@
 #          - enable secret cisco
 #          - aaa authorization console
 #          - aaa authentication login default local
 #          - aaa authorization exec default local
@@ Line 376: / Line 389: @@
   * [[https://rtfm.co.ua/ansible-roli-roles-primer/|Ansible: роли (roles) – пример]]
+  * [[https://andreyex.ru/linux/ansible-roli-v-ansible/|Ansible. Роли в Ansible]]
   * [[Настройка стендов слушателей#Ansible конфигурация]]
@@ Line 381: / Line 395: @@
 <code>
+# ###cd conf/ansible/roles/
 # cat nodes.yml
 </code><code>
 - name: Network config for nodes
   hosts: addnodes
+#  hosts: kubes
   roles:
     - node
@@ Line 393: / Line 410: @@
 </code><code>
 name_prefix: node
+#name_prefix: kube
 X: "{{ ansible_eth0.ipv4.address.split('.')[2] }}"
-N: "{{ ansible_eth0.ipv4.address.split('.')[3] }}"
+N: "{{ ansible_eth0.ipv4.address.split('.')[3][-1] }}"
 </code><code>
 # cat node/tasks/main.yml
@@ Line 440: / Line 458: @@
 nameserver 192.168.{{ X }}.1
 nameserver 192.168.{{ X }}.2
+#nameserver 192.168.{{ X }}.10
 </code><code>
 # cat node/templates/interfaces.j2
@@ Line 451: / Line 470: @@
         netmask 255.255.255.0
         gateway 192.168.{{ X }}.254
+#        gateway 192.168.{{ X }}.1
 </code><code>
 # ansible-playbook -f 5 nodes.yml
@@ Line 461: / Line 481: @@
 ==== Роль OpenVPN сервера ====
 <code>
-server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz
-  ИЛИ
 server:~# mkdir openvpn1 && cd openvpn1
@@ Line 491: / Line 507: @@
 #push "dhcp-option DNS 192.168.{{X}}.10"
 #push "block-outside-dns"
+#push "dhcp-option DOMAIN corp{{X}}.un"
 dh /etc/openvpn/dh2048.pem
@@ Line 539: / Line 556: @@
     name: openvpn@openvpn1
     enabled: yes
-    state: started
+#    state: started
 </code><code>
 server:~/openvpn1# cat openvpn1/handlers/main.yml
@@ Line 579: / Line 596: @@
       when: node_nets[ansible_hostname] is defined
 </code><code>
+server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz && cd openvpn1
 server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
-server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml
+server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml    # можно через GitLab CI/CD
 server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all"
@@ Line 614: / Line 633: @@
   debug:
     msg: octet4 is {{ octet4 }}, X is {{ X }}, hostname is {{hostname}}
+#- meta: end_play
 ...
 </code>
+==== ansible-pull ====
+  * [[https://medium.com/splunkuserdeveloperadministrator/using-ansible-pull-in-ansible-projects-ac04466643e8|Using Ansible Pull In Ansible Projects]]
+  * [[Инсталяция системы в конфигурации Desktop]]
+  * [[Переменные окружения]]
+=== Вариант 1 ===
+<code>
+client1:~/ansible-pull-gpo# cat thunderbird/tasks/main.yml
+</code><code>
+- name: Install Thunderbird
+  apt: pkg=thunderbird state=present update_cache=true
+</code><code>
+client1:~/ansible-pull-gpo# cat proxy/files/etc/environment
+</code><code>
+#http_proxy=http://gate.corpX.un:3128
+https_proxy=http://gate.corpX.un:3128
+no_proxy=localhost,127.0.0.1,isp.un,corpX.un
+</code><code>
+client1:~/ansible-pull-gpo# cat proxy/tasks/main.yml
+</code><code>
+- name: Copy file environment
+  copy:
+    src: etc/environment
+    dest: /etc/environment
+</code><code>
+client1:~/ansible-pull-gpo# cat local.yml
+</code><code>
+- hosts: localhost
+  roles:
+    - role: proxy
+    - role: thunderbird
+</code>
+  * [[Инструмент GitLab]] (Создать публичный проект без readme и скопировать подсказки)
+<code>
+client3:~# ansible-pull -U http://gate.corp13.un/user1/ansible-pull-gpo.git
+</code><code>
+client1:~/ansible-pull-gpo# cat start.sh
+</code><code>
+#!/bin/bash
+apt update
+apt install -y git ansible
+echo -e "0 */2 * * * \
+/usr/bin/ansible-pull -s 120 -U http://gate.corp13.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull\n\
+@reboot sleep 1m; /usr/bin/ansible-pull -U http://gate.corp13.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull" | crontab -
+</code>
+  * Инструмент GitLab [[Инструмент GitLab#Подключение через API]]
+=== Вариант 2 ===
+  * [[Средства программирования shell#Использование диалоговых окон]]
+<code>
+$ cat ansible-pull-gpo\local.yml
+</code><code>
+- hosts: localhost
+  tasks:
+    - name: Set timezone to Europe/Moscow
+      timezone:
+        name: Europe/Moscow
+    - name: Russian Interface
+      shell: |
+        echo 'ru_RU.UTF-8 UTF-8' > /etc/locale.gen
+        locale-gen
+        echo LANG=ru_RU.UTF-8 > /etc/default/locale
+      when: CONF_RUS_INT is defined
+    - name: Install Firefox in Debian
+      apt: pkg=firefox-esr state=present update_cache=true
+#      debug: msg="Install Firefox in Debian"
+      when: ansible_distribution == 'Debian'
+    - name: Install Firefox in Ubuntu
+      apt: pkg=firefox state=present update_cache=true
+#      debug: msg="Install Firefox in Ubuntu"
+      when: ansible_distribution == 'Ubuntu'
+    - name: Install Thunderbird
+      apt: pkg=thunderbird state=present update_cache=true
+      when: PROG_THBIRD is defined
+  roles:
+    - role: zabbix_agent
+      when: ROLE_ZAB_AG is defined
+    - role: openvpn1_client
+      when: ROLE_OVPN1_CL is defined
+</code><code>
+client1:~# cat /usr/local/etc/gpo_options.yml
+</code><code>
+CONF_RUS_INT:
+PROG_THBIRD:
+ROLE_ZAB_AG:
+</code><code>
+client1:~# /usr/bin/ansible-pull -U http://server.corp13.un/student/ansible-pull-gpo.git -C test -e @/usr/local/etc/gpo_options.yml
+</code>
+  * [[Планирование выполнения заданий в Linux#Сервис cron]]
 ====== Дополнительные материалы ======

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools