Ansible Управление файлами
Передём в папку и создать папку files
cd ~/ansible_turorial
mkdir files
Создаём файл htmlnano files/default_site.html
<html>
<title>Web-site test</title>
<body>
<p>Ansible is awersome!</p>
</body>
</html>
Правим файл
Копируем файл default_site.html из папки files
на сервера по пути /var/www/html/index.html
назначаем права доступа владельца и группу
nano site2.yml
- name: copy default html file for site
tags: apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.htm
owner: root
group: root
mode: 0644Запускаем сценарий playbook
ansible-playbook --ask-become-pass site2.ymlПо результатам
TASK [copy default html file for site]подключаемся и проверяем содержимое файла index.html
ssh andrey@192.168.122.152
cat /var/www/html/index.htmlПравим файл site2.yml
добавим хосты рабочие станции
добавим новое задани устновить unzip
установка terraform используя распаковку архива дистрибутива
hosts: workstations
become: true
tasks:
- name: install unzip
package:
name: unzip
-name: install terraform
unarchive:
src: https://releases.hashicorp.com/terraform/1.14.5/terraform_1.14.5_linux_amd64.zip
dest: /usr/local/bin/
remote_src: yes
mode: 0755
owner: root
group: root
Создадим раздел, для рабочих станций в файле inventory
nano inventory
[workstations]
192.168.122.92При необходимости копируем ключ файл ansible.pub
ssh-copy-id -i ~/.ssh/ansible.pub 192.168.122.92
ansible-playbook --syntax-check site2.ymlПроверим наличие установленного terraform
which terraformУправление службами — внесение изменение в файле
Редактируем файл сценария
добавим автозапуск и включение сервиса web server apache httpd
для ОС Centos,redos
nano site3.yml
- name: start httpd (CentOS,RED)
tags: apache,centos,httpd,redos
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution == "RED"Проверка статуса web server apache httpd
и последующая остановка службы
ssh andrey@192.168.122.59
systemctl status httpd
sudo systemctl stop httpd
systemctl disable httpd
Редактируем файл сценария, меняем текстовую конфигурацию
поле ServerAdmin начало строки в файле /etc/httpd/conf/httpd.conf
Добавим переменную register:httpd
nano site3.yml
- name: start httpd (CentOS,RED)
tags: apache,centos,httpd,redos
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution in ["CentOS","RED"]
- name: change e-mail address for admin
tags: apache,centos,httpd,redos
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin 5house@5house.wxyz
when: ansible_distribution in ["CentOS","RED"]
register: httpd
- name: restart httpd (CentOS,RedOS)
tags: apache,centos,httpd,redos
service:
name: httpd
state: restarted
when: httpd.changed
- name: copy default html file for site
tags: apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
просмотр текущего содержимого переменной
ServerAdmin начало строки в файле /etc/httpd/conf/httpd.conf
ssh andrey@192.168.122.59
cat /etc/httpd/conf/httpd.conf |grep ServerAdmin
ansible-playbook --syntax-check site3.yml
ansible-playbook --ask-become-pass site3.yml
Управление пользователями
Создадим пользователя rufus на всех серверах
добавим ползователя rufus в группу root
nano site4.yml
- hosts: all
become: true
tasks:
- name: create rufus user
tags: always
user:
name: rufus
groups: root
ansible-playbook --syntax-check site4.ymlПеред запуском сценария проверим на удаленном сервере файл
ssh andrey@192.168.122.59
cat /etc/passwd
ansible-playbook --ask-become-pass site4.yml
cat /etc/passwd
rufus:x:1001:1001::/home/rufus:/bin/bashДобавим ключ сертификат ssh на сервер
и права sudoers
- hosts: all
become: true
tasks:
- name: create rufus user
tags: always
user:
name: rufus
groups: root
- name: add ssh key for rufus
tags: always
authorized_key:
user: rufus
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILr8Fpxic8UgrUJ8n21WjU2aSZYdSFW9XQSmtQa8HMOU ansible"
- name: add sudoers files for rufus
tags: always
copy:
src: sudoer_rufus
dest: /etc/sudoers.d/rufus
owner: root
group: root
mode: 0440проверка содержимого папки
ssh andrey@192.168.122.59
sudo ls -l /etc/sudoers.dпроверка подключение к серверу без пароля,
просмотр файл авторизованных ключей
ssh -i ~/.ssh/ansible rufus@192.168.122.218
whoami
sudo apt update
cat .ssh/authorized_keysУпрощение запуска playbook
цель убрать пароль Добавляем пользователя, как пароль в файл конфигурации ansible.cfg
cd files
nano ansible.cfg
[defaults]
inventory = inventory
private_key_file = ~/.ssh/ansible
remote_user = rufusзапуск сценария без пароля
ansible-playbook site4.ymlПервичный загрузочный playbook — создание пользователя на сервере
cp site4.yml bootstrap.yml
ansible-playbook --syntax-check site5.yml
ansible-playbook --ask-become-pass site5.yml---
- hosts: all
become: true
tasks:
- name: install updates (RedOS,Centos)
tags: always
dnf:
update_cache: yes
change_whem: false
when: ansible_distribution in ["Centos","RED"]
- name: install updates (Astra Linux)
tags: always
apt:
update_cache: yes
change_when: false
when: ansible_distribution == "Astra Linux"
- hosts: all
become: true
tasks:
- name: add ssh key for rufus
tags: always
authorized_key:
user: rufus
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILr8Fpxic8UgrUJ8n21WjU2aSZYdSFW9XQSmtQa8HMOU ansible"
- hosts: web_servers
become: true
tasks:
- name: install apache2 and php packages for Astra Linux,Debian
tags: apache,apache2,astra,debian
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Astra Linux"
- name: install apache2 and php packages Centos,RED
tags: apache,centos,httpd.redos
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution in ["Centos","RED"]
- name: start httpd (CentOS,RED)
tags: apache,centos,httpd,redos
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution in ["CentOS","RED"]
- name: change e-mail address for admin
tags: apache,centos,httpd,redos
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin 5house@5house.wxyz
when: ansible_distribution in ["CentOS","RED"]
register: httpd
- name: restart httpd (CentOS,RedOS)
tags: apache,centos,httpd,redos
service:
name: httpd
state: restarted
when: httpd.changed
- name: copy default html file for site
tags: apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- hosts: db_servers
become: true
tasks:
- name: install mariadb package (RedOS,Centos)
tags: centos,redos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution in ["Centos","RED"]
- name: install mariadb package (Astra linux)
tags: db,mariadb,debian,astra
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Astra Linux"
- hosts: file_servers
become: true
tasks:
- name: install samba package
tags: samba
package:
name: samba
state: latest
nano bootstrap.yml
---
- hosts: all
become: true
pre_tasks:
- name: update repo cache (RedOS,Centos)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution in ["Centos","RED"]
- name: update repo cache (Astra Linux)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Astra Linux"
- hosts: all
become: true
tasks:
- name: create rufus user
tags: always
user:
name: rufus
groups: root
- name: add ssh key for simone
tags: always
authorized_key:
user: rufus
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILr8Fpxic8UgrUJ8n21WjU2aSZYdSFW9XQSmtQa8HMOU ansible"
- name: add sudoers files for rufus
tags: always
copy:
src: sudoer_rufus
dest: /etc/sudoers.d/rufus
owner: root
group: root
mode: 0440 Роли Разделение задач
копируем файл playbook
cp site5.yml site_before_roles.ymlСоздаём каталог под роли
mkdir roles
cd roles
mkdir base
mkdir db_servers
mkdir file_servers
mkdir web_servers
mkdir workstations
clear
ls -lСоздадим подкаталоги — задачи в ней создадим playbook
mkdir base/tasks
mkdir db_servers/tasks
mkdir file_servers/tasks
mkdir web_servers/tasks
mkdir workstations/tasks
ls base
cd /home/andrey/ansible_tutorial/roles/base/tasks/
nano main.yml
- name: add ssh key for rufus
tags: always
authorized_key:
user: rufus
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILr8Fpxic8UgrUJ8n21WjU2aSZYdSFW9XQSmtQa8HMOU ansible"
cd ..
cd ..
cd db_servers
cd tasks
nano main.yml
- name: install mariadb package (RedOS,Centos)
tags: centos,redos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution in ["Centos","RED"]
- name: install mariadb package (Astra linux)
tags: db,mariadb,debian,astra
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Astra Linux"
cd /home/andrey/ansible_tutorial/roles/file_servers/tasks
nano main.yml
- name: install samba package
tags: samba
package:
name: samba
state: latest
cd /home/andrey/ansible_tutorial/roles/web_servers/tasks
nano main.yml
- name: install apache2 and php packages for Astra Linux,Debian
tags: apache,apache2,astra,debian
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Astra Linux"
- name: install apache2 and php packages Centos,RED
tags: apache,centos,httpd.redos
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution in ["Centos","RED"]
- name: start httpd (CentOS,RED)
tags: apache,centos,httpd,redos
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution in ["CentOS","RED"]
- name: change e-mail address for admin
tags: apache,centos,httpd,redos
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin 5house@5house.wxyz
when: ansible_distribution in ["CentOS","RED"]
register: httpd
- name: change e-mail address for admin
tags: apache,centos,httpd,redos
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin 5house@5house.wxyz
when: ansible_distribution in ["CentOS","RED"]
register: httpd
cd /home/andrey/ansible_tutorial/roles/workstations/tasks
nano main.yml
- name: install unzip
package:
name: unzip
state: present
- name: install terraform
unarchive:
src: https://hashicorp-releases.yandexcloud.net/terraform/1.14.5/terraform_1.14.5_linux_amd64.zip
dest: /usr/local/bin
remote_src: yes
mode: '0755'
owner: root
group: root
создадим папки
cd /home/andrey/ansible_tutorial/roles/web_servers
mkdir files
cp ../../files/default_site.html files/
nano site5.yml
---
- hosts: all
become: true
pre_tasks:
- name: install updates (RedOS,Centos)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution in ["Centos","RED"]
- name: install updates (Astra Linux)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Astra Linux"
- hosts: all
become: true
roles:
- base
- hosts: workstations
become: true
roles:
- workstations
- hosts: web_servers
become: true
roles:
- web_servers
- hosts: db_servers
become: true
roles:
- db_servers
- hosts: file_servers
become: true
roles:
- file_servers
ansible-playbook site5.yml