DevOps Sesión 13 (2022-03-23) Ansible [miguel angel torres egea]

Aquesta pàgina és només de lectura. Podeu veure'n el codi font, però no podeu canviar-la. Consulteu el vostre administrador si penseu que això és degut a algun error.
= DevOps Sesión 13 (2022-03-23) Ansible
== Documentación relacionada
<callout type="info" icon="true">
  * ./4-Topic 704 Configuration Management
  * ./Material Curso Ansible/Curso Ansible 2020.pdf
</callout>
== variables
<callout type="info" icon="true">
  * ./Material Curso Ansible/Curso Ansible 2020.pdf pag 71
  * ./Material Curso Ansible/Clase Ansible variables basicas .txt
</callout>
<code yaml>
- name: ensure a list of packages installed
  yum:
    name: "{{ packages }}"
  vars:
    packages:
    - httpd
    - httpd-tools
	- php
</code>

== plantillas jinja2
<callout type="info" icon="true">
  * ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 82
</callout>
  * **/etc/ansible/playbook-resueltos/host.j2**:<code jinja2>
{{ miip }} {{ ansible_hostname }} {{ ansible_fqdn }}</code>
  * <code yaml ; playbook_sample_variables-ejemplo1.yml>---
- name : Crear un fichero con variables
  hosts: clientes
  remote_user: root
  vars:
    - miip: "1.2.3.4"
  tasks:
    - name: Crear fichero hosts
      template: src=hosts.j2 dest=/tmp/hosts
...
</code>
<code bash>ansible clientes -a "cat /tmp/hosts"</code>
<code bash>ansible-playbook -e miip=192.168.1.50 playbook_sample_variables-ejemplo1.yml</code>
=== ejemplo
<code jinja2 ; /etc/ansible/templates/index.html.j2>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Curso de DO407-AUTOMATION WITH ANSIBLE I</title>
    <style type="text/css" media="screen">
  * {
    margin: 0px 0px 0px 0px;
    padding: 0px 0px 0px 0px;
  }

  body, html {
    padding: 3px 3px 3px 3px;

    background-color: #D8DBE2;

    font-family: Verdana, sans-serif;
    font-size: 11pt;
    text-align: center;
  }

  div.main_page {
    position: relative;
    display: table;

    width: 800px;

    margin-bottom: 3px;
    margin-left: auto;
    margin-right: auto;
    padding: 0px 0px 0px 0px;

    border-width: 2px;
    border-color: #212738;
    border-style: solid;

    background-color: #FFFFFF;

    text-align: center;
  }

  div.page_header {
    height: 99px;
    width: 100%;

    background-color: #F5F6F7;
  }

  div.page_header span {
    margin: 15px 0px 0px 50px;

    font-size: 180%;
    font-weight: bold;
  }

  div.page_header img {
    margin: 3px 0px 0px 40px;

    border: 0px 0px 0px;
  }

  div.table_of_contents {
    clear: left;

    min-width: 200px;

    margin: 3px 3px 3px 3px;

    background-color: #FFFFFF;

    text-align: left;
  }

  div.table_of_contents_item {
    clear: left;

    width: 100%;

    margin: 4px 0px 0px 0px;

    background-color: #FFFFFF;

    color: #000000;
    text-align: left;
  }

  div.table_of_contents_item a {
    margin: 6px 0px 0px 6px;
  }

  div.content_section {
    margin: 3px 3px 3px 3px;

    background-color: #FFFFFF;

    text-align: left;
  }

  div.content_section_text {
    padding: 4px 8px 4px 8px;

    color: #000000;
    font-size: 100%;
  }

  div.content_section_text pre {
    margin: 8px 0px 8px 0px;
    padding: 8px 8px 8px 8px;

    border-width: 1px;
    border-style: dotted;
    border-color: #000000;

    background-color: #F5F6F7;

    font-style: italic;
  }

  div.content_section_text p {
    margin-bottom: 6px;
  }

  div.content_section_text ul, div.content_section_text li {
    padding: 4px 8px 4px 16px;
  }

  div.section_header {
    padding: 3px 6px 3px 6px;

    background-color: #8E9CB2;

    color: #FFFFFF;
    font-weight: bold;
    font-size: 112%;
    text-align: center;
  }

  div.section_header_red {
    background-color: #CD214F;
  }

  div.section_header_grey {
    background-color: #9F9386;
  }

  .floating_element {
    position: relative;
    float: left;
  }

  div.table_of_contents_item a,
  div.content_section_text a {
    text-decoration: none;
    font-weight: bold;
  }

  div.table_of_contents_item a:link,
  div.table_of_contents_item a:visited,
  div.table_of_contents_item a:active {
    color: #000000;
  }

  div.table_of_contents_item a:hover {
    background-color: #000000;

    color: #FFFFFF;
  }

  div.content_section_text a:link,
  div.content_section_text a:visited,
   div.content_section_text a:active {
    background-color: #DCDFE6;

    color: #000000;
  }

  div.content_section_text a:hover {
    background-color: #000000;

    color: #DCDFE6;
  }

  div.validator {
  }
    </style>
  </head>
  <body>
    <div class="main_page">
      <div class="page_header floating_element">

	<a href="https://imgbb.com/"><img src="https://image.ibb.co/gEuBcq/Imagen1.png" alt="Imagen1" border="1" /></a>
      </div>
      <div class="content_section floating_element">

        <div class="section_header section_header_red">
          <div id="about"></div>
          Curso de DO407-AUTOMATION WITH ANSIBLE I
        </div>
        <div class="content_section_text">
	{% if ansible_distribution == "CentOS" %}
	
          <p>
		Esta es la página de bienvenida predeterminada para probar el correcto funcionamiento del servidor Apache2 después de la instalación en los sistemas {{ ansible_distribution_version }}. Se basa en la página equivalente en centos. Si puede leer esta página, significa que el servidor HTTP Apache instalado en este sitio funciona correctamente. Debe reemplazar este archivo (ubicado en /var/www/html/index.html) antes de continuar operando su servidor HTTP.

El usuario de configuración de este sitio web es ansible. El servidor desde donde se muestra este contenido es {{ ansible_hostname }} con la ip  {{ ansible_default_ipv4.address }} por el puerto 80. You should <b>replace this file</b> (located at
                <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
          </p>
	{% endif %}

        </div>
        <div class="section_header">
          <div id="changes"></div>
                Datos del usuario {{ usuario }} 
        </div>
        <div class="content_section_text">
          <p>
		<ul> 
			<li> Hostname: {{ ansible_hostname }} </li> 
			<li> IP V4: {{ ansible_default_ipv4.address }} </li>
			<li> DNS Servers: {{ ansible_dns.nameservers }} </li>
			<li> Kernel version: {{ ansible_kernel }} </li>
			<li> Centos distribution: {{ ansible_distribution_version }} </li> 
			<li> Total de memoria: {{ ansible_memtotal_mb }} MBs </li>
			<li> The current free memory is: {{ ansible_memfree_mb }} MBs </li>
			<li> Today's date is: {{ ansible_date_time.date }}. </li>
		</ul> 
          </p>

          <pre>/etc/apache2/
|-- apache2.conf
|       `--  ports.conf
|-- mods-enabled
|       |-- *.load
|       `-- *.conf
|-- conf-enabled
|       `-- *.conf
|-- sites-enabled
|       `-- *.conf
          </pre>
          <ul>
                        <li>
                           <tt>apache2.conf</tt> is the main configuration
                           file. It puts the pieces together by including all remaining configuration
                           files when starting up the web server.
                        </li>

                        <li>
                           <tt>ports.conf</tt> is always included from the
                           main configuration file. It is used to determine the listening ports for
                           incoming connections, and this file can be customized anytime.
                        </li>

                        <li>
                           Configuration files in the <tt>mods-enabled/</tt>,
                           <tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain
                           particular configuration snippets which manage modules, global configuration
                           fragments, or virtual host configurations, respectively.
                        </li>

                        <li>
                           They are activated by symlinking available
                           configuration files from their respective
                           *-available/ counterparts. These should be managed
                           by using our helpers
                           <tt>
                                <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2enmod">a2enmod</a>,
                                <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2dismod">a2dismod</a>,
                           </tt>
                           <tt>
                                <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2ensite">a2ensite</a>,
                                <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2dissite">a2dissite</a>,
                            </tt>
                                and
                           <tt>
                                <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2enconf">a2enconf</a>,
                                <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2disconf">a2disconf</a>
                           </tt>. See their respective man pages for detailed information.
                        </li>

                        <li>
                           The binary is called apache2. Due to the use of
                           environment variables, in the default configuration, apache2 needs to be
                           started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>.
                           <b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the
                           default configuration.
                        </li>
          </ul>
        </div>

        <div class="section_header">
            <div id="docroot"></div>
                Document Roots
        </div>

        <div class="content_section_text">
            <p>
                By default, Ubuntu does not allow access through the web browser to
                <em>any</em> file apart of those located in <tt>/var/www</tt>,
                <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html">public_html</a>
                directories (when enabled) and <tt>/usr/share</tt> (for web
                applications). If your site is using a web document root
                located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your
                document root directory in <tt>/etc/apache2/apache2.conf</tt>.
            </p>
            <p>
                The default Ubuntu document root is <tt>/var/www/html</tt>. You
                can make your own virtual hosts under /var/www. This is different
                to previous releases which provides better security out of the box.
            </p>
        </div>

        <div class="section_header">
          <div id="bugs"></div>
                Reporting Problems
        </div>
        <div class="content_section_text">
          <p>
                Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
                Apache2 package with Ubuntu. However, check <a
                href="https://bugs.launchpad.net/ubuntu/+source/apache2">existing
                bug reports</a> before reporting a new bug.
          </p>
          <p>
                Please report bugs specific to modules (such as PHP and others)
                to respective packages, not to the web server itself.
          </p>
        </div>

      </div>
    </div>
    <div class="validator">
    <p>
      <a href="http://validator.w3.org/check?uri=referer"><img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" /></a>
    </p>
    </div>
  </body>
</html>
</code>
<code yaml>
- hosts: clientes
  remote_user: root
  vars:
    system_owner: usuario@example.com
    usuario: Usuario-Berto
  tasks:
    - template:
        src: /etc/ansible/templates/index.html.j2
        dest: /var/www/html/index.html
        owner: root
        group: root
        mode: 0644
    - name: httpd is running and enabled
      service:
        name: httpd
        state: restarted
</code>
  * listado de variables (ansible_facts):<code bash>ansible clientes -m setup | grep ansible_</code>
  * [[https://docs.ansible.com/ansible/latest/user_guide/playbooks_vars_facts.html]]

== roles
<callout type="info" icon="true">
  * ./Material Curso Ansible/Curso Ansible 2020.pdf pag 95
  * ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 117
  * ./Material Curso Ansible/
</callout>
Los roles permiten organizar los playbooks y separarlos en ficheros más pequeños. Los roles proporcionan a Ansible una forma de utilizar tareas, handlers y variables desde archivos externos. Los archivos estáticos y las plantillas también se pueden asociar y hacer referencia mediante un rol.

  * estructura
    * defaults
      * main.yml
    * files
    * handlers
      * main.yml
    * meta
      * main.yml
    * tasks
      * main.yml
    * templates
    * tests
      * inventory
      * test.yml
    * vars
      * main.yml
    * README.md

== ansible galaxy
<callout type="info" icon="true">
  * ./Material Curso Ansible/Curso Ansible 2020.pdf pag 207
  * ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 108
  * [[https://galaxy.ansible.com]]
</callout>
  * [[https://galaxy.ansible.com/zaxos/tomcat-ansible-role]]
<code bash>
ansible-galaxy role --help
ansible-galaxy install zaxos.tomcat-ansible-role
ansible-galaxy list
ansible-galaxy init
</code>
<code yaml ; playbook-tomcat.yml>
---
- hosts: clientes
  user: root
  become: true
  vars:
    tomcat_version: 8.5.23
    
    tomcat_permissions_production: True
    
    tomcat_users:
      - username: "tomcat"
        password: "t3mpp@ssw0rd"
        roles: "tomcat,admin,manager,manager-gui"
      - username: "exampleuser"
        password: "us3rp@ssw0rd"
        roles: "tomcat"        
  roles:
    - role: zaxos.tomcat-ansible-role
...
</code>
<callout type="info" icon="true">
  * ./Material Curso Ansible/roles ansible para laboratorios/docker-wp-jm-ansible
</callout>
  * usar ansible para personalizar un docker-compose.yml que se lanzará en los ndoos destino

<callout type="info" icon="true">
  * ./Material Curso Ansible/roles ansible para laboratorios/password-role
</callout>

== windows
<callout type="info" icon="true">
  * ./Material Curso Ansible/Ansible-Windows-winrm/
  * ./Material Curso Ansible/Ansible-Vmware-vSphere/
  * ./Material Curso Ansible/Curso Ansible 2020.pdf pag 
  * ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 
  * [[https://docs.ansible.com/ansible/2.9/modules/list_of_windows_modules.html]]
  * ./Material Curso Ansible/Ansible-Windows-winrm/Configure ansible-windows.txt
</callout>

  * WinRM (protocolo en máquinas Windows desde W2012)
    * https/5986, http/5985
    * .NET 4.0: <code>Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Select PSChildName, version</code>
    * script ejecutar máquina windows para permitir conexión: **https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1**
  * Dependencia master ansible:<code bash>yum install python2-winrm.noarch -y</code>
  * <code properties ; /etc/ansible/hosts>...
[win]
192.168.1.46

[win:vars]
ansible_user=Administrador
ansible_password=Password,013
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_become_method=runas
ansible_become_user=Administrador
...
</code>
=== chocolatey
  * "apt" para Windows
  * [[https://chocolatey.org/]]
  * [[https://boxstarter.org]]

== ansible vault
<callout type="info" icon="true">
  * ./Material Curso Ansible/Curso Ansible 2020.pdf pag  226
  * ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 127
  * ./Material Curso Ansible/Introduccion Ansible.txt línea 168
</callout>
  * Cifrar playbooks
  * ''ansible-vault''
    * encrypt
    * decrypt
    * edit
    * view
    * encrypt_string: solo encripta una cadena que se puede usar en una variable del .yaml
  * ''ansible-playbook''
    * ''%%--%%ask-vault-pass''
    * ''%%--vault-password-file%%'': contraseña en texto plano dentro de un fichero (en el master)
== Extra
  * [[https://image.ibb.co/]]
  * kubernetes: [[https://galaxy.ansible.com/kubernetes/core]]