Ansible - тотальная настройка


Ansible - это мега-инструмент для автоматической массовой настройки узлов (5+)

# https://docs.ansible.com/


/etc/ansible/hosts

root@192.168.1.32
root@192.168.1.33

[farfrom]
root@192.168.1.32

$ ansible [pattern] -m [module] -a "[module options]"
$ ansible all -m ping
$ ansible all -a "/bin/echo hello"

task.yml

- name: My task
  hosts: all
  tasks:
     - name: Leaving a mark
       command: "touch /tmp/ansible_was_here"

$ ansible-playbook mytask.yaml

# Общий формат команды

$ ansible [pattern] -m [module] -a "[module options]"

# Работа по группам

$ ansible farfrom -a "/bin/touch /tmp/zzz"
$ ansible farfrom -a "/sbin/reboot" -f 10 -u root

# Просмотр доступного окружения

$ ansible all -m ansible.builtin.setup

# Дополнительные модули

$ ansible farfrom -m shell -a 'grep DISTRIB_RELEASE /etc/lsb-release'
$ ansible farfrom -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts"
$ ansible farfrom -m ansible.builtin.file -a "dest=/srv/foo/a.txt mode=600"
$ ansible farfrom -m ansible.builtin.file -a "dest=/path/to/c state=absent"
$ ansible farfrom -m ansible.builtin.command -a "/bin/true"

# Пользователи

$ ansible all -m ansible.builtin.user -a "name=foo password=<crypted password>"
$ ansible all -m ansible.builtin.user -a "name=foo state=absent"

# Службы

$ ansible webservers -m ansible.builtin.service -a "name=httpd state=started"
$ ansible webservers -m ansible.builtin.service -a "name=httpd state=restarted"
$ ansible webservers -m ansible.builtin.service -a "name=httpd state=stopped"

playbook.yml

- name: Update web servers
  hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
    motd_value: "{{ lookup('file', '/etc/motd') }}"
  remote_user: root

  tasks:
  - name: Ensure apache is at the latest version
    ansible.builtin.yum:
      name: httpd
      state: latest
  - name: Write the apache config file
    ansible.builtin.template:
      src: /srv/httpd.cnf
      dest: /etc/httpd.conf

- name: Update db servers
  hosts: databases
  remote_user: root

  tasks:
  - name: Ensure postgresql is at the latest version
    ansible.builtin.yum:
      name: postgresql
      state: latest
  - name: Ensure that postgresql is started
    ansible.builtin.service:
      name: postgresql
      state: starte

$ ansible-playbook playbook.yml -f 10


# Циклы

- name: test
  hosts: all
  tasks:
  - name: Register loop output as a variable
    ansible.builtin.shell: "echo {{ item }}"
    check_mode: no
    loop:
      - "one"
      - "two"

# Копирование файлов с помощью циклов get.yml

- hosts: all
  tasks:
  - name: get /etc/{passwd,master.passwd} and /root/.ssh/authorized_keys
    fetch:
      src: "{{ item }}"
      dest: /tmp
    with_items:
       - /etc/passwd
       - /etc/master.passwd
       - /root/.ssh/authorized_keys

$ ansible-playbook get.yml -u root --ask-pass


# Работа с шаблонами (подстановка в шаблоны)

test.j2
// bof of ini

server: {{ vars['server'] }}

// eof of ini


task.yml

- name: test
  hosts: all
  check_mode: no
  vars:
    server: 127.0.0.1
  tasks:
  - name: Template a file to /tmp/file.conf
    ansible.builtin.template:
      src: test.j2
      dest: /tmp/file.conf


# Структура каталогов проекта

production                # inventory file for production servers
staging                   # inventory file for staging environment

group_vars/
   group1.yml             # here we assign variables to particular groups
   group2.yml
host_vars/
   hostname1.yml          # here we assign variables to particular systems
   hostname2.yml

library/                  # if any custom modules, put them here (optional)
module_utils/             # if any custom module_utils to support modules, put them here (optional)
filter_plugins/           # if any custom filter plugins, put them here (optional)

site.yml                  # main playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier
tasks/                    # task files included from playbooks
    webservers-extra.yml  # <-- avoids confusing playbook with task files

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case

    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/               # ""