Differences

This shows you the differences between two versions of the page.

--- сервис_ansible [2023/08/15 08:55]
val [Роль настроенного через ifupdown узла сети]
+++ сервис_ansible [2025/06/02 13:30] (current)
val [Провижининг IP телефонов]
@@ Line 1: / Line 1: @@
 ====== Сервис Ansible ======
+  * [[https://www.goncharov.xyz/it/make-cm-not-bash-ru.html|Вот рассмотрим банальный пример. выбрать все файлы в текущей директории и скопировать в другое место]]
   * Управление инфраструктурой на примере [[https://ru.wikipedia.org/wiki/Ansible|Аnsible - wikipedia]]
@@ Line 30: / Line 32: @@
 debian11/ubuntu20# apt install python python3-apt
+debian12# apt install python3 python3-apt
 </code>
@@ Line 38: / Line 42: @@
 <code>
-debian11# mkdir /etc/ansible/
+deb11_12_ub24# mkdir /etc/ansible/
 node1# cat /etc/ansible/hosts
@@ Line 58: / Line 62: @@
 [sws]
-switch[1:3] ansible_ssh_user=root ansible_ssh_pass=cisco
+switch[1:3] ansible_ssh_user=root ansible_ssh_pass=cisco ansible_network_os=ios
 [nodes]
@@ Line 68: / Line 72: @@
 ansible_ssh_user=vagrant
 ansible_ssh_pass=strongpassword
+#ansible_sudo_pass=strongpassword
 ansible_become=yes
 </code>
@@ Line 103: / Line 108: @@
 node1# ansible all -m ping
 node1# ansible all -m ping -i inv_file.ini
-node1# ansible all -m ping -i node2:2222, -e "ansible_python_interpreter=/usr/bin/python3"
+node1# ansible all -m ping -i node2:2222,
 node1# ansible corpX -m command -a 'uname -a'
-# ansible kubes -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab'
-# ansible kubes -a 'swapoff -a'
+(venv1) server# ansible all -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4,kube5
+(venv1) server# ansible all -a 'swapoff -a' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4
 node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true'
-node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true'
+node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true' #-e 'https_proxy=http://radio.specialist.ru:3128/' -e 'http_proxy=http://radio.specialist.ru:3128/'
 server# ansible nodes -f 3 -m apt -a 'pkg=openvpn state=present update_cache=true'
@@ Line 118: / Line 123: @@
-ubuntu20# apt install python3-paramiko
+ubu20_24_deb12# apt install python3-paramiko
 server# ansible sws -m ios_command -a "commands='show cdp nei'" -c local
-server# ansible sws -m ios_command -a "commands='show cdp nei'" -c network_cli -e "ansible_network_os=ios"
+ubuntu24# ansible sws -m ios_command -a "commands='show cdp nei'" -c network_cli #-e "ansible_network_os=ios"
 </code>
@@ Line 141: / Line 146: @@
 λ touch provision_docker.yml
+  или
+student@node1:~$ cat /vagrant/provision_docker.yml
 </code><code>
 - hosts: "{{ variable_host | default('all') }}"
@@ Line 163: / Line 172: @@
     - name: Add Docker's repository into sources list
       apt_repository:
-#        repo: deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable
+#        repo: deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable
-#        repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable
+#        repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu noble stable
         state: present
     - name: Install Docker
@@ Line 173: / Line 182: @@
           - containerd.io
           - docker-compose-plugin
+          - docker-buildx-plugin
         state: present
         update_cache: true
@@ Line 180: / Line 190: @@
 <code>
-server# ansible-playbook provision_docker.yml
+server# ansible-playbook provision_docker.yml --syntax-check
+server# ansible-playbook provision_docker.yml
 server# ansible-playbook provision_docker.yml --extra-vars "variable_host=nodes"
-server# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost"
+server# ansible-playbook provision_docker.yml -e "variable_host=localhost"
 server# ansible-playbook provision_docker.yml -i inv_file.ini
@@ Line 196: / Line 208: @@
 </code><code>
 - hosts: corpX
+  # - hosts: all
+  name: Add Users
   tasks:
     - name: Add user1
@@ Line 204: / Line 218: @@
         comment: "Ivan Ivanovitch Ivanov,RA1,401,499-239-45-23"
         password: $6$3Gz1ZuH3yHckA$wQNZbfU/9G6bYx08owpn7CoFP//2WbB4cmDDOgwDYBbwEyHxB0QQyCuMrOiPOLv3JF5RFtIv/r/kxoPPYFCsx1
     - name: Add user2
-      user:
+      ansible.builtin.user:
         name: user2
         uid: 10002
@@ Line 231: / Line 244: @@
 </code><code>
 - hosts: sws
-  connection: local
+#  connection: local
+  connection: network_cli
   gather_facts: no
   tasks:
@@ Line 238: / Line 252: @@
         lines:
           - snmp-server community write RW
 #          - ip host server 192.168.X.10
 #          - snmp-server host server writetrap
@@ Line 299: / Line 313: @@
 <code>
 node1# ansible -m setup corpX
+server# ansible all -m setup -i gate,
 node1# ansible -m setup corpX | grep ansible_fqdn
@@ Line 312: / Line 328: @@
 </html>
 </code><code>
-node1# cat inst_apache.yml
+node1# cat inst_http.yml
 </code><code>
 - hosts: corpX
+#- hosts: all
   tasks:
-    - name: Installs apache web server
+    - name: Install or remove web server
       apt: pkg=apache2 state=present update_cache=true
+#      apt: pkg=nginx state=absent update_cache=true
     - name: Create index.html file
       template: src=index.html.j2 dest=/var/www/html/index.html
 </code><code>
-node1# ansible-playbook inst_apache.yml
+node1# ansible-playbook inst_http.yml
-</code><code>
+server# ansible-playbook inst_http.yml -i gate,
+</code>
+==== Asterisk IAX конфигурация ====
+<code>
 # cat iax.conf.j2
 </code><code>
@@ Line 329: / Line 354: @@
 disallow=all
 allow=alaw
+{#
+Comment
+#}
 {% for Y in YS %}
@@ Line 357: / Line 386: @@
 </code><code>
 # ansible-playbook ast_iax_corps.yml --extra-vars '{"X":"{{ ansible_eth0.ipv4.address.split(\".\")[3] }}","YS":[1,2,3,4,5,6,7,8,9,10,11,12,13]}'
+</code>
+==== Провижининг IP телефонов ====
+<code>
+~/phone-prov# cat inventory.yml
+</code><code>
+all:
+  vars:
+    phones:
+      - [ '403', 'tpassword403', 'server.corp13.un', '000E08C190C2', 'spa' ]
+      - [ '404', 'tpassword404', 'server.corp13.un', 'BCC34221709A', 'kx-hdv' ]
+</code><code>
+~/phone-prov# cat kx-hdv.j2
+</code><code>
+# Panasonic SIP Phone Standard Format File #
+## SIP Settings
+PHONE_NUMBER_1="{{ pn }}"
+SIP_AUTHID_1="{{ pn }}"
+SIP_PASS_1="{{ secret }}"
+SIP_PRXY_ADDR_1="{{ sipproxy }}"
+SIP_RGSTR_ADDR_1="{{ sipproxy }}"
+DIAL_PLAN_1="*xx|[1-4]xx|0xxxxx|8xxxxxxxxxx"
+</code><code>
+~/phone-prov# cat spa.j2
+</code><code>
+<flat-profile>
+  <Proxy_1_>{{ sipproxy }}</Proxy_1_>
+  <User_ID_1_>{{ pn }}</User_ID_1_>
+  <Password_1_>{{ secret }}</Password_1_>
+  <Dial_Plan_1_>( xxx | 8xxxxxxxxxx | 0xxxxx | *xx )</Dial_Plan_1_>
+</flat-profile>
+</code><code>
+~/phone-prov# cat phone-prov.yml
+</code><code>
+- hosts: localhost
+  tasks:
+    - name: debug
+      debug:
+        msg: "{{ item.0 }} ... {{ item.4 }}"
+      loop: "{{ phones }}"
+    - name: Create phone conf
+      template:
+        src: "{{ model }}.j2"
+        dest: "/var/www/html/{{ model }}-{{ mac }}.cfg"
+      vars:
+        pn: "{{ item.0 }}"
+        secret: "{{ item.1 }}"
+        sipproxy: "{{ item.2 }}"
+        mac: "{{ item.3 }}"
+        model: "{{ item.4 }}"
+      loop: "{{ phones }}"
+</code><code>
+~/phone-prov# ansible-playbook phone-prov.yml -i inventory.yml
 </code>
 ===== Использование handlers =====
+==== Пример 4 ====
   * [[Сервис HTTP#Использование домашних каталогов]]
@@ Line 382: / Line 467: @@
 </code>
+==== Пример 5 ====
+  * [[Управление ПО в Linux#Список desktop приложений]]
+<code>
+server# cat za.conf
+</code><code>
+ListenIP=0.0.0.0
+StartAgents=0
+ServerActive=server
+UserParameter=listinstalledsoft,ls /usr/share/applications | awk -F '.desktop' ' { print $1}' -
+</code><code>
+server# cat za.yml
+</code><code>
+- hosts: lin_ws
+  tasks:
+    - name: Install zabbix agent
+      apt: pkg=zabbix-agent state=present update_cache=true
+    - name: Create conf file
+      copy: src=za.conf dest=/etc/zabbix/zabbix_agentd.conf.d/za.conf
+      notify:
+        - restart za
+  handlers:
+    - name: restart za
+      service: name=zabbix-agent state=restarted
+</code><code>
+server# ansible-playbook za.yml
+</code>
 ===== Использование ролей =====
@@ Line 391: / Line 506: @@
 <code>
-# ###cd conf/ansible/roles/
+# ###cd /root/conf/
+# ###git pull origin master
+# ###cd /root/conf/ansible/roles/
 # cat nodes.yml
@@ Line 398: / Line 515: @@
   hosts: addnodes
 #  hosts: kubes
+#  hosts: "{{ variable_host | default('addnodes') }}"
   roles:
     - node
@@ Line 452: / Line 570: @@
 </code><code>
 search corp{{ X }}.un
+{% if variable_host is defined %}
+nameserver 192.168.{{ X }}.10
+{% else %}
 nameserver 192.168.{{ X }}.1
 nameserver 192.168.{{ X }}.2
-#nameserver 192.168.{{ X }}.10
+{% endif %}
 </code><code>
 # cat node/templates/interfaces.j2
@@ Line 465: / Line 586: @@
         address {{ ansible_eth0.ipv4.address }}
         netmask 255.255.255.0
+{% if variable_host is defined %}
+        gateway 192.168.{{ X }}.1
+{% else %}
         gateway 192.168.{{ X }}.254
-#        gateway 192.168.{{ X }}.1
+{% endif %}
 </code><code>
 # ansible-playbook -f 5 nodes.yml
@@ Line 472: / Line 596: @@
   ИЛИ
-# ansible-playbook -f 5 conf/ansible/roles/nodes.yml
+# ansible-playbook -f 5 /root/conf/ansible/roles/nodes.yml
+  ИЛИ
+(venv1) server# ansible-playbook -f 5 /root/conf/ansible/roles/nodes.yml -i /root/kubespray/inventory/mycluster/hosts.yaml -e "variable_host=all name_prefix=kube" #--limit=kube4
 </code>
 ==== Роль OpenVPN сервера ====
+  * [[Пакет OpenVPN]]
 <code>
 server:~# mkdir openvpn1 && cd openvpn1
@@ Line 566: / Line 697: @@
   vars:
     X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}"
-    ansible_python_interpreter: "/usr/bin/python3"
     ansible_ssh_user: vagrant
     ansible_ssh_pass: strongpassword
@@ Line 593: / Line 723: @@
 </code><code>
 server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz && cd openvpn1
+server:~/openvpn1# ansible -m ping -i inventory.yaml all
 server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
-server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml    # можно через GitLab CI/CD
+server:~/openvpn1# ###ansible-playbook openvpn1.yaml -i inventory.yaml    # лучше через GitLab CI/CD
-server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all"
+server:~/openvpn1# ###ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all"
 </code>
@@ Line 642: / Line 774: @@
 === Вариант 1 ===
+  * [[https://habr.com/ru/articles/732736/|GPO для Linux из подручных материалов]] (help.desktop)
 <code>
@@ Line 668: / Line 802: @@
     - role: proxy
     - role: thunderbird
+</code><code>
+client1:~/ansible-pull-gpo# ansible-playbook local.yml
 </code>
@@ Line 673: / Line 809: @@
 <code>
-client3:~# ansible-pull -U http://gate.corp13.un/user1/ansible-pull-gpo.git
+client3:~# ###ansible-pull -U http://gate.corpX.un/user1/ansible-pull-gpo.git
 </code><code>
 client1:~/ansible-pull-gpo# cat start.sh
@@ Line 683: / Line 819: @@
 echo -e "0 */2 * * * \
-/usr/bin/ansible-pull -s 120 -U http://gate.corp13.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull\n\
+/usr/bin/ansible-pull -s 120 -U http://gate.corpX.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull\n\
-@reboot sleep 1m; /usr/bin/ansible-pull -U http://gate.corp13.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull" | crontab -
+@reboot sleep 1m; /usr/bin/ansible-pull -U http://gate.corpX.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull" | crontab -
+init 6
 </code>
@@ Line 743: / Line 881: @@
 ====== Дополнительные материалы ======
+===== Вместо ansible =====
 <code>
-выполнение команд на цисках через ансибл
+for i in 1 2 3; do ssh node$i "apt update && apt install apache2; done
+</code>
+===== выполнение команд на цисках через ансибл =====
+<code>
 . добавить в /etc/ansible/group_vars/all.yml строки
 ansible_connection: network_cli

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools