= gestionar el sistema
== 3:37 Gestionar Sistema (I)
* alternatives : gestionar alternativas (versiones) para comandos
* ''/etc/alternatives/java''
* at : programar ejecución de comandos
* authorized_keys : gestión ficheros claves
* cron : gestión de cron
* crypttab : cifrado de dispositivos
* filesystem : sistema de ficheros
* firewald : equivalente en CentOS/RedHat de **iptables**
* gluster-volume : gestión de volumenes GlusterFS
* group : gestión de grupos
* hostname : gestión nombre servidor
* iptables : gestión reglas firewall
* known_hosts : gestsionar claves de otros servidores
* lvg : LVM
* lvol : LVM
*
* mount : montaje de FS
* open_iscsi : gestión dispositivos icsci
* openwrt_init : gestionar servicios OpenWRT
* pam_limits : gestión límites PAM
* pamd : gestión módulos PAM
* ping : comprobar conexión
* seboolean
* selcontext
* selinux
* selinux_permisive
* seport : soporte SELinux
* service : gestión servicios
* setup : información del sistema
* gather_facts: false
* sysctl : configurar /etc/sysctl/conf
* systemd : gestión de servicios
* timezone : zonas horarias
* user: gestión usuarios
=== alternatives
gestión de **/etc/alternatives**\\
[[https://docs.ansible.com/ansible/latest/modules/alternatives_module.html#alternatives-module]]
* requerido
* name = nombre
* path = /ruta/al/fichero
* opcional
* link = /ruta/al/fichero
* priority = 50
- name: fijar la versión de Java a 8
alternatives:
name: java
path: /usr/lib/jvm/java-8-openjdk-amd64/bin/java
''/usr/bin/java'' -> ''/etc/alternatives/java'' -> ''/usr/lib/jvm/java-8-openjdk-amd64/bin/java''
=== authorized_keys
[[https://docs.ansible.com/ansible/latest/modules/authorized_key_module.html#authorized-key-module]]
* requerido
* user =
* key =
* opcional
* state = { present | absent }
* path = ~/.ssh/authorized_keys
* manage_dir = yes / no <- crea carpeta / fichero y ajusta permisos
* key_options = opciones
* exclusive = no / yes <- si ya existe no se añade
- name: autorizar clave pública
authorized_keys:
user:
key: "..."
=== cron
[[https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module]]
* name = nombre
* job = comando
* state = { present | absent }
* minute = [0 - 59]
* hour = [0 - 23]
* weekday = [0-6]
* month = [1-12]
* day = [1-31]
* special_time = { reboot | yearly | annualy | monthly | weekly | daily | hourly }
* cron_file = nombre <- crea el fichero en **/etc/cron.d/**
* backup = yes / no
== 3:38 Gestionar Sistema (II)
=== filesystem
[[https://docs.ansible.com/ansible/latest/modules/filesystem_module.html#filesystem-module]]
* requerido
* dev = dispositivo
* fstype = sistema de ficheros
* opcionales
* force = no / yes
* opts = opciones
* resicefs = no /yes
- name: crear FS xfs
filesystem:
dev: /dev/sdX1
fstype: xfs
=== firewalld
control del firewall en sistemas CentOS/RH\\
[[https://docs.ansible.com/ansible/latest/modules/firewalld_module.html#firewalld-module]]
* requerido
* state = { enabled | disabled }
* permanent = true / false <- hace falta **+reload** (handler)
* opcional
* servicio
* zone
* port
* source
* rol_rule
* immediate = false / true
- name: permitir acceso http/https
firewalld:
state: present
service: "{{ item }}"
permanent: true
with_items:
- "http"
- "https"
- name: permitir acceso http/https
firewalld:
state: present
service: "{{ item }}"
permanent: true
with_items:
- "http"
- "https"
=== group
[[https://docs.ansible.com/ansible/latest/modules/group_module.html#group-module]]
* requerido
* name = nombre
* opcional
* state = { present | absent }
* gid = idgrupo
* system = yes / no
- name: crear grupo para aplicación
group:
name: jboss
state: present
gid: 185
=== hostname
[[https://docs.ansible.com/ansible/latest/modules/hostname_module.html#hostname-module]]
* name = nombre
- name: cambiar el nombre del servidor
hostname:
name: servidor.dominio.com
=== ping ?
[[https://docs.ansible.com/ansible/latest/modules/ping_module.html#ping-module]]
- name: comprobar conexión
ping:
=== timezone
[[https://docs.ansible.com/ansible/latest/modules/timezone_module.html#timezone-module]]
* hwclock = true / false
* name = Area/Ciudad
- name definir huso horario
timezone:
name: Europe/Barcelona
== 3:39 Gestionar Sistema (III)
=== iptables
[[https://docs.ansible.com/ansible/latest/modules/iptables_module.html#iptables-module]]
* state = { present | absent }
* chain = { INPUT | FORWARD | OUTPUT | PREROUTING | POSTROUTING | SECMARK | CONNSEMARK }
* source = dirección
* jump = { ACCEPT | DROP | ... }
* in_interface
* out_interface
* protocol = { tcp | udp | icmp }
* destination_port = puerto
* to_ports = puerto
* cstate = { INVALID | NEW | ESTABLISHED | RELATED | UNTRACKED | SNAT | DNAT }
- name: permitir acceso puerto 80
iptables:
chain: INPUT
source: 0.0.0.0
destination_port: 80
jump: ACCEPT
protocol: tcp
=== lvg
[[https://docs.ansible.com/ansible/latest/modules/lvg_module.html#lvg-module]]
* requerido
* vg = grupo de volumen
* opcional
* state = { present | absent }
* pvs = /dev/vbX
* pesize = 4 (Mb)
* vg_options = opciones vgcreate
* force = yes / no
- name: crear grupo de volúmenes
lvg:
vg: datavg
pvs: /dev/vda1
state: present
''vgs'' ''vgdisplay'' ''pvdisplay''
=== lvol
[[https://docs.ansible.com/ansible/latest/modules/lvol_module.html#lvol-module]]
* requerido
* vg = nombre VG existente
* lv = nombre volumen lógico
* opcional
* state = { present | absent }
* size = tamaño
* pvs = /dev/vg1
* opts = opciones
* active = yes / no
* force = yes / no
- name: creación volumen lógico
lvol: vg=datavg lv=web size=2G state=present
''lvscan''
=== mount
[[https://docs.ansible.com/ansible/latest/modules/mount_module.html#mount-module]]
* requerido
* name =
* state = { present | absent | mounted |unmounted }
* opcional
* pstype = tipo FS
* opts = opciones
* src = dispositivo
* dump = 0
* passno = 0
- name: montar partición WWW
- filesystem: dev=/dev/datavg/web fstype=xfs # formatea
- mount: src=/dev/datavg/web name=/var/www fstype=xfs # monta
== 3:40 Gestionar Sistema (IV)
=== service
[[https://docs.ansible.com/ansible/latest/modules/service_module.html#service-module]]
* requerido
* name
* opcional
* state = { started | stopped | restarted | reloaded }
* enabled = yes / no
* arguments = argumentos
* sleep = segundos
- name: iniciar y habilitar servicio
service:
name: apache2
state: started
enabled: true
=== setup
[[https://docs.ansible.com/ansible/latest/modules/setup_module.html#setup-module]]
* fact_path = /etc/ansible/fact.d <- información propia que almacenamos en ese path
* filter = *
* gather_subset = { all | hardware | network | virtual }
* gather_timeout = 10
- name: obtiene facts
setup
gather_subset: all
=== sysctl
cambios en el kernel\\
[[https://docs.ansible.com/ansible/latest/modules/sysctl_module.html#sysctl-module]]
* requerido
* name
* opcional
* value = valor
* state { PRESENT | absent }
* reload = yes / no <- ''sysctl -p''
* systcl_file = /etc/sysctl.conf
* sysctl_set = yes / no <- establecer valores
* ignoreerrors = no / yes
- name: permitir redirigir el tráfico
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
state: present
reload: yes
''sysctl -a | grep ip_forward''
=== systemd
[[https://docs.ansible.com/ansible/latest/modules/systemd_module.html#systemd-module]]
* name = nombre
* state = {started | stopped | restarted | reloaded }
* enabled = yes / no
* daemon_reload = no /yes
* masked = yes / no
- name: habilitar servicio y recargar systemd
systemd:
name: apache2
enabled: yes
state: started
daemon_reload: yes
=== user
[[https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module]]
* requerido
* name = nombre
* opcional
* state = { PRESENT | absent }
* group = grupo
* groups = grupo1,grupo2
* append = yes / no <- añadir a los grupos existentes
* createhome = yes / no
* uid = id_usuario
* home = directorio
* shell = /bin/sh
* password = clave
* remove = yes / no <- eliminar direcotorio al hacer un **absent**
* system = yes / no
- name: crear usuario
user:
name: pepito
id: 1001
home: /home/pepito
shell: /bin/false
state: present