Differences

This shows you the differences between two versions of the page.

--- сервис_ansible [2022/08/16 13:42]
val [Роль OpenVPN сервера]
+++ сервис_ansible [2024/03/25 06:40]
val [Роль настроенного через ifupdown узла сети]
@@ Line 1: / Line 1: @@
 ====== Сервис Ansible ======
+  * Управление инфраструктурой на примере [[https://ru.wikipedia.org/wiki/Ansible|Аnsible - wikipedia]]
   * [[https://habrahabr.ru/company/express42/blog/254959/|Ansible — давайте попробуем]]
-  * [[https://habrahabr.ru/post/195048/|Ansible]]
   * [[https://habrahabr.ru/post/305400/|Пособие по Ansible]]
+  * [[https://habr.com/ru/post/508762/|Основы Ansible, без которых ваши плейбуки — комок слипшихся макарон]]
   * [[https://www.cisco.com/c/dam/m/ru_ru/training-events/2019/cisco-connect/pdf/introduction_automation_with_ansible_idrey.pdf|Введение в автоматизацию с помощью Ansible (Cisco)]]
@@ Line 66: / Line 68: @@
 ansible_ssh_user=vagrant
 ansible_ssh_pass=strongpassword
+#ansible_sudo_pass=strongpassword
 ansible_become=yes
 </code>
@@ Line 77: / Line 80: @@
 </code><code>
 [defaults]
-...
+#...
 host_key_checking = False
-...
+#...
 </code>
@@ Line 104: / Line 107: @@
 node1# ansible corpX -m command -a 'uname -a'
-node1# ansible corpX -a 'uname -a'
+kube1# ansible kubes -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab'
+kube1# ansible kubes -a 'swapoff -a'
+  ИЛИ
+(venv1) server# ansible all -a 'sed -i"" -e "/swap/s/^/#/" /etc/fstab' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4
+(venv1) server# ansible all -a 'swapoff -a' -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4
 node1# ansible corpX -f 2 -m apt -a 'pkg=apache2 state=present update_cache=true'
 node1# ansible addnodes -vv -f 5 -m apt -a 'pkg=ceph,tgt-rbd state=present update_cache=true'
+server# ansible nodes -f 3 -m apt -a 'pkg=openvpn state=present update_cache=true'
+server# ansible nodes -f 3 -m apt -a 'pkg=docker.io state=present update_cache=true'
 ubuntu20# apt install python3-paramiko
@@ Line 124: / Line 136: @@
 ==== Пример 1 ====
+  * [[Технология Docker]]
 <code>
-# cat provision_docker.yml
+server# cat provision_docker.yml
+  или
+λ touch provision_docker.yml
   или
-λ npp provision_docker.yml &
+student@node1:~$ cat /vagrant/provision_docker.yml
 </code><code>
 - hosts: "{{ variable_host | default('all') }}"
@@ Line 164: / Line 183: @@
         state: present
         update_cache: true
-</code><code>
+</code>
-gate# ansible-playbook provision_docker.yml
+  * Технология Vagrant: [[Технология Vagrant#Provision с использованием ansible]]
+<code>
+server# ansible-playbook provision_docker.yml
-gate# ansible-playbook provision_docker.yml -i inv_file.ini
+server# ansible-playbook provision_docker.yml --extra-vars "variable_host=nodes"
-gate# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222,
+server# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost"
-gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=corp"
+server# ansible-playbook provision_docker.yml -i inv_file.ini
-gate# ansible-playbook provision_docker.yml --extra-vars "variable_host=localhost"
+server# ansible-playbook provision_docker.yml -e "ansible_python_interpreter=/usr/bin/python3" -i 192.168.X.1:2222,
 </code>
 ==== Пример 2 ====
@@ Line 200: / Line 223: @@
 </code><code>
+node1# ansible-playbook addusers.yml --syntax-check
+node1# apt install ansible-lint
+node1# ansible-lint addusers.yml
 node1# ansible-playbook addusers.yml
 </code>
@@ Line 212: / Line 240: @@
 - hosts: sws
   connection: local
+  gather_facts: no
   tasks:
     - name: configure top level configuration
       ios_config:
         lines:
-          - ip host server 192.168.X.10
-          - snmp-server host server writetrap
           - snmp-server community write RW
+#          - ip host server 192.168.X.10
+#          - snmp-server host server writetrap
 #          - snmp-server enable traps config
@@ Line 239: / Line 268: @@
 #          - enable secret cisco
 #          - aaa authorization console
 #          - aaa authentication login default local
 #          - aaa authorization exec default local
@@ Line 337: / Line 367: @@
 </code>
 ===== Использование handlers =====
+==== Пример 1 ====
   * [[Сервис HTTP#Использование домашних каталогов]]
@@ Line 360: / Line 392: @@
 </code>
+==== Пример 2 ====
+<code>
+server# cat za.conf
+</code><code>
+ListenIP=0.0.0.0
+StartAgents=0
+ServerActive=server
+UserParameter=listinstalledsoft,ls /usr/share/applications | awk -F '.desktop' ' { print $1}' -
+</code><code>
+node1# cat za.yml
+</code><code>
+- hosts: lin_ws
+  tasks:
+    - name: Install zabbix agent
+      apt: pkg=zabbix-agent state=present update_cache=true
+    - name: Create conf file
+      copy: src=za.conf dest=/etc/zabbix/zabbix_agentd.conf.d/za.conf
+      notify:
+        - restart za
+  handlers:
+    - name: restart za
+      service: name=zabbix-agent state=restarted
+</code><code>
+server# ansible-playbook za.yml
+</code>
 ===== Использование ролей =====
   * [[https://rtfm.co.ua/ansible-roli-roles-primer/|Ansible: роли (roles) – пример]]
+  * [[https://andreyex.ru/linux/ansible-roli-v-ansible/|Ansible. Роли в Ansible]]
   * [[Настройка стендов слушателей#Ansible конфигурация]]
@@ Line 368: / Line 429: @@
 <code>
+# ###cd /root/conf/
+# ###git pull origin master
+# ###cd /root/conf/ansible/roles/
 # cat nodes.yml
 </code><code>
 - name: Network config for nodes
   hosts: addnodes
+#  hosts: kubes
+#  hosts: all
   roles:
     - node
@@ Line 380: / Line 447: @@
 </code><code>
 name_prefix: node
+#name_prefix: kube
 X: "{{ ansible_eth0.ipv4.address.split('.')[2] }}"
-N: "{{ ansible_eth0.ipv4.address.split('.')[3] }}"
+N: "{{ ansible_eth0.ipv4.address.split('.')[3][-1] }}"
 </code><code>
 # cat node/tasks/main.yml
@@ Line 427: / Line 495: @@
 nameserver 192.168.{{ X }}.1
 nameserver 192.168.{{ X }}.2
+#nameserver 192.168.{{ X }}.10
 </code><code>
 # cat node/templates/interfaces.j2
@@ Line 438: / Line 507: @@
         netmask 255.255.255.0
         gateway 192.168.{{ X }}.254
+#        gateway 192.168.{{ X }}.1
 </code><code>
 # ansible-playbook -f 5 nodes.yml
@@ Line 443: / Line 513: @@
   ИЛИ
-# ansible-playbook -f 5 conf/ansible/roles/nodes.yml
+# ansible-playbook -f 5 /root/conf/ansible/roles/nodes.yml
+  ИЛИ
+(venv1) server# ansible-playbook -f 5 /root/conf/ansible/roles/nodes.yml -i /root/kubespray/inventory/mycluster/hosts.yaml #--limit=kube4
 </code>
@@ Line 462: / Line 536: @@
 dh2048.pem  server.crt  server.key
 </code><code>
-server:~/openvpn1/openvpn1/files# cd -
+server:~/openvpn1/openvpn1/files# cd ../../
 server:~/openvpn1# cat openvpn1/templates/openvpn1.conf.j2
@@ Line 471: / Line 545: @@
 server {{node_nets[ansible_hostname]}} 255.255.255.0
-push "route 192.168.X.0 255.255.255.0"
+push "route 192.168.{{X}}.0 255.255.255.0"
-#push "dhcp-option DNS 192.168.X.10"
+#push "dhcp-option DNS 192.168.{{X}}.10"
 #push "block-outside-dns"
+#push "dhcp-option DOMAIN corp{{X}}.un"
 dh /etc/openvpn/dh2048.pem
@@ Line 522: / Line 597: @@
     name: openvpn@openvpn1
     enabled: yes
-    state: started
+#    state: started
 </code><code>
 server:~/openvpn1# cat openvpn1/handlers/main.yml
@@ Line 535: / Line 610: @@
 all:
   vars:
+    X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}"
     ansible_python_interpreter: "/usr/bin/python3"
     ansible_ssh_user: vagrant
@@ Line 561: / Line 637: @@
       when: node_nets[ansible_hostname] is defined
 </code><code>
+server:~# wget https://val.bmstu.ru/unix/conf.git/conf/ansible/roles/openvpn1.tgz && tar -xvzf openvpn1.tgz && cd openvpn1
 server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
-server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml
+server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml    # можно через GitLab CI/CD
 server:~/openvpn1# ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=all"
 </code>
+  * [[Сервисы Gateway и routing#Управление таблицей маршрутизации]]
 ==== Фрагмент роли с условиями и отладкой ====
@@ Line 594: / Line 674: @@
   debug:
     msg: octet4 is {{ octet4 }}, X is {{ X }}, hostname is {{hostname}}
+#- meta: end_play
 ...
 </code>
+==== ansible-pull ====
+  * [[https://medium.com/splunkuserdeveloperadministrator/using-ansible-pull-in-ansible-projects-ac04466643e8|Using Ansible Pull In Ansible Projects]]
+  * [[Инсталяция системы в конфигурации Desktop]]
+  * [[Переменные окружения]]
+=== Вариант 1 ===
+<code>
+client1:~/ansible-pull-gpo# cat thunderbird/tasks/main.yml
+</code><code>
+- name: Install Thunderbird
+  apt: pkg=thunderbird state=present update_cache=true
+</code><code>
+client1:~/ansible-pull-gpo# cat proxy/files/etc/environment
+</code><code>
+#http_proxy=http://gate.corpX.un:3128
+https_proxy=http://gate.corpX.un:3128
+no_proxy=localhost,127.0.0.1,isp.un,corpX.un
+</code><code>
+client1:~/ansible-pull-gpo# cat proxy/tasks/main.yml
+</code><code>
+- name: Copy file environment
+  copy:
+    src: etc/environment
+    dest: /etc/environment
+</code><code>
+client1:~/ansible-pull-gpo# cat local.yml
+</code><code>
+- hosts: localhost
+  roles:
+    - role: proxy
+    - role: thunderbird
+</code><code>
+client1:~/ansible-pull-gpo# ansible-playbook local.yml
+</code>
+  * [[Инструмент GitLab]] (Создать публичный проект без readme и скопировать подсказки)
+<code>
+client3:~# ###ansible-pull -U http://gate.corpX.un/user1/ansible-pull-gpo.git
+</code><code>
+client1:~/ansible-pull-gpo# cat start.sh
+</code><code>
+#!/bin/bash
+apt update
+apt install -y git ansible
+echo -e "0 */2 * * * \
+/usr/bin/ansible-pull -s 120 -U http://gate.corpX.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull\n\
+@reboot sleep 1m; /usr/bin/ansible-pull -U http://gate.corpX.un/user1/ansible-pull-gpo.git -C $BR 2>&1 | /usr/bin/logger -t ansible-pull" | crontab -
+init 6
+</code>
+  * Инструмент GitLab [[Инструмент GitLab#Подключение через API]]
+=== Вариант 2 ===
+  * [[Средства программирования shell#Использование диалоговых окон]]
+<code>
+$ cat ansible-pull-gpo\local.yml
+</code><code>
+- hosts: localhost
+  tasks:
+    - name: Set timezone to Europe/Moscow
+      timezone:
+        name: Europe/Moscow
+    - name: Russian Interface
+      shell: |
+        echo 'ru_RU.UTF-8 UTF-8' > /etc/locale.gen
+        locale-gen
+        echo LANG=ru_RU.UTF-8 > /etc/default/locale
+      when: CONF_RUS_INT is defined
+    - name: Install Firefox in Debian
+      apt: pkg=firefox-esr state=present update_cache=true
+#      debug: msg="Install Firefox in Debian"
+      when: ansible_distribution == 'Debian'
+    - name: Install Firefox in Ubuntu
+      apt: pkg=firefox state=present update_cache=true
+#      debug: msg="Install Firefox in Ubuntu"
+      when: ansible_distribution == 'Ubuntu'
+    - name: Install Thunderbird
+      apt: pkg=thunderbird state=present update_cache=true
+      when: PROG_THBIRD is defined
+  roles:
+    - role: zabbix_agent
+      when: ROLE_ZAB_AG is defined
+    - role: openvpn1_client
+      when: ROLE_OVPN1_CL is defined
+</code><code>
+client1:~# cat /usr/local/etc/gpo_options.yml
+</code><code>
+CONF_RUS_INT:
+PROG_THBIRD:
+ROLE_ZAB_AG:
+</code><code>
+client1:~# /usr/bin/ansible-pull -U http://server.corp13.un/student/ansible-pull-gpo.git -C test -e @/usr/local/etc/gpo_options.yml
+</code>
+  * [[Планирование выполнения заданий в Linux#Сервис cron]]
 ====== Дополнительные материалы ======

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools