DevOps Sesión 13 (2022-03-23) Ansible
Documentación relacionada
- ./4-Topic 704 Configuration Management
- ./Material Curso Ansible/Curso Ansible 2020.pdf
variables
- ./Material Curso Ansible/Curso Ansible 2020.pdf pag 71
- ./Material Curso Ansible/Clase Ansible variables basicas .txt
- name: ensure a list of packages installed yum: name: "{{ packages }}" vars: packages: - httpd - httpd-tools - php
plantillas jinja2
- ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 82
- /etc/ansible/playbook-resueltos/host.j2:
{{ miip }} {{ ansible_hostname }} {{ ansible_fqdn }} - ; playbook_sample_variables-ejemplo1.yml
--- - name : Crear un fichero con variables hosts: clientes remote_user: root vars: - miip: "1.2.3.4" tasks: - name: Crear fichero hosts template: src=hosts.j2 dest=/tmp/hosts ...
ansible clientes -a "cat /tmp/hosts"
ansible-playbook -e miip=192.168.1.50 playbook_sample_variables-ejemplo1.yml
ejemplo
- ; /etc/ansible/templates/index.html.j2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Curso de DO407-AUTOMATION WITH ANSIBLE I</title> <style type="text/css" media="screen"> * { margin: 0px 0px 0px 0px; padding: 0px 0px 0px 0px; } body, html { padding: 3px 3px 3px 3px; background-color: #D8DBE2; font-family: Verdana, sans-serif; font-size: 11pt; text-align: center; } div.main_page { position: relative; display: table; width: 800px; margin-bottom: 3px; margin-left: auto; margin-right: auto; padding: 0px 0px 0px 0px; border-width: 2px; border-color: #212738; border-style: solid; background-color: #FFFFFF; text-align: center; } div.page_header { height: 99px; width: 100%; background-color: #F5F6F7; } div.page_header span { margin: 15px 0px 0px 50px; font-size: 180%; font-weight: bold; } div.page_header img { margin: 3px 0px 0px 40px; border: 0px 0px 0px; } div.table_of_contents { clear: left; min-width: 200px; margin: 3px 3px 3px 3px; background-color: #FFFFFF; text-align: left; } div.table_of_contents_item { clear: left; width: 100%; margin: 4px 0px 0px 0px; background-color: #FFFFFF; color: #000000; text-align: left; } div.table_of_contents_item a { margin: 6px 0px 0px 6px; } div.content_section { margin: 3px 3px 3px 3px; background-color: #FFFFFF; text-align: left; } div.content_section_text { padding: 4px 8px 4px 8px; color: #000000; font-size: 100%; } div.content_section_text pre { margin: 8px 0px 8px 0px; padding: 8px 8px 8px 8px; border-width: 1px; border-style: dotted; border-color: #000000; background-color: #F5F6F7; font-style: italic; } div.content_section_text p { margin-bottom: 6px; } div.content_section_text ul, div.content_section_text li { padding: 4px 8px 4px 16px; } div.section_header { padding: 3px 6px 3px 6px; background-color: #8E9CB2; color: #FFFFFF; font-weight: bold; font-size: 112%; text-align: center; } div.section_header_red { background-color: #CD214F; } div.section_header_grey { background-color: #9F9386; } .floating_element { position: relative; float: left; } div.table_of_contents_item a, div.content_section_text a { text-decoration: none; font-weight: bold; } div.table_of_contents_item a:link, div.table_of_contents_item a:visited, div.table_of_contents_item a:active { color: #000000; } div.table_of_contents_item a:hover { background-color: #000000; color: #FFFFFF; } div.content_section_text a:link, div.content_section_text a:visited, div.content_section_text a:active { background-color: #DCDFE6; color: #000000; } div.content_section_text a:hover { background-color: #000000; color: #DCDFE6; } div.validator { } </style> </head> <body> <div class="main_page"> <div class="page_header floating_element"> <a href="https://imgbb.com/"><img src="https://image.ibb.co/gEuBcq/Imagen1.png" alt="Imagen1" border="1" /></a> </div> <div class="content_section floating_element"> <div class="section_header section_header_red"> <div id="about"></div> Curso de DO407-AUTOMATION WITH ANSIBLE I </div> <div class="content_section_text"> {% if ansible_distribution == "CentOS" %} <p> Esta es la página de bienvenida predeterminada para probar el correcto funcionamiento del servidor Apache2 después de la instalación en los sistemas {{ ansible_distribution_version }}. Se basa en la página equivalente en centos. Si puede leer esta página, significa que el servidor HTTP Apache instalado en este sitio funciona correctamente. Debe reemplazar este archivo (ubicado en /var/www/html/index.html) antes de continuar operando su servidor HTTP. El usuario de configuración de este sitio web es ansible. El servidor desde donde se muestra este contenido es {{ ansible_hostname }} con la ip {{ ansible_default_ipv4.address }} por el puerto 80. You should <b>replace this file</b> (located at <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server. </p> {% endif %} </div> <div class="section_header"> <div id="changes"></div> Datos del usuario {{ usuario }} </div> <div class="content_section_text"> <p> <ul> <li> Hostname: {{ ansible_hostname }} </li> <li> IP V4: {{ ansible_default_ipv4.address }} </li> <li> DNS Servers: {{ ansible_dns.nameservers }} </li> <li> Kernel version: {{ ansible_kernel }} </li> <li> Centos distribution: {{ ansible_distribution_version }} </li> <li> Total de memoria: {{ ansible_memtotal_mb }} MBs </li> <li> The current free memory is: {{ ansible_memfree_mb }} MBs </li> <li> Today's date is: {{ ansible_date_time.date }}. </li> </ul> </p> <pre>/etc/apache2/ |-- apache2.conf | `-- ports.conf |-- mods-enabled | |-- *.load | `-- *.conf |-- conf-enabled | `-- *.conf |-- sites-enabled | `-- *.conf </pre> <ul> <li> <tt>apache2.conf</tt> is the main configuration file. It puts the pieces together by including all remaining configuration files when starting up the web server. </li> <li> <tt>ports.conf</tt> is always included from the main configuration file. It is used to determine the listening ports for incoming connections, and this file can be customized anytime. </li> <li> Configuration files in the <tt>mods-enabled/</tt>, <tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain particular configuration snippets which manage modules, global configuration fragments, or virtual host configurations, respectively. </li> <li> They are activated by symlinking available configuration files from their respective *-available/ counterparts. These should be managed by using our helpers <tt> <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2enmod">a2enmod</a>, <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2dismod">a2dismod</a>, </tt> <tt> <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2ensite">a2ensite</a>, <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2dissite">a2dissite</a>, </tt> and <tt> <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2enconf">a2enconf</a>, <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2disconf">a2disconf</a> </tt>. See their respective man pages for detailed information. </li> <li> The binary is called apache2. Due to the use of environment variables, in the default configuration, apache2 needs to be started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>. <b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the default configuration. </li> </ul> </div> <div class="section_header"> <div id="docroot"></div> Document Roots </div> <div class="content_section_text"> <p> By default, Ubuntu does not allow access through the web browser to <em>any</em> file apart of those located in <tt>/var/www</tt>, <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html">public_html</a> directories (when enabled) and <tt>/usr/share</tt> (for web applications). If your site is using a web document root located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your document root directory in <tt>/etc/apache2/apache2.conf</tt>. </p> <p> The default Ubuntu document root is <tt>/var/www/html</tt>. You can make your own virtual hosts under /var/www. This is different to previous releases which provides better security out of the box. </p> </div> <div class="section_header"> <div id="bugs"></div> Reporting Problems </div> <div class="content_section_text"> <p> Please use the <tt>ubuntu-bug</tt> tool to report bugs in the Apache2 package with Ubuntu. However, check <a href="https://bugs.launchpad.net/ubuntu/+source/apache2">existing bug reports</a> before reporting a new bug. </p> <p> Please report bugs specific to modules (such as PHP and others) to respective packages, not to the web server itself. </p> </div> </div> </div> <div class="validator"> <p> <a href="http://validator.w3.org/check?uri=referer"><img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" /></a> </p> </div> </body> </html>
- hosts: clientes remote_user: root vars: system_owner: usuario@example.com usuario: Usuario-Berto tasks: - template: src: /etc/ansible/templates/index.html.j2 dest: /var/www/html/index.html owner: root group: root mode: 0644 - name: httpd is running and enabled service: name: httpd state: restarted
- listado de variables (ansible_facts):
ansible clientes -m setup | grep ansible_
roles
- ./Material Curso Ansible/Curso Ansible 2020.pdf pag 95
- ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 117
- ./Material Curso Ansible/
Los roles permiten organizar los playbooks y separarlos en ficheros más pequeños. Los roles proporcionan a Ansible una forma de utilizar tareas, handlers y variables desde archivos externos. Los archivos estáticos y las plantillas también se pueden asociar y hacer referencia mediante un rol.
- estructura
- defaults
- main.yml
- files
- handlers
- main.yml
- meta
- main.yml
- tasks
- main.yml
- templates
- tests
- inventory
- test.yml
- vars
- main.yml
- README.md
ansible galaxy
- ./Material Curso Ansible/Curso Ansible 2020.pdf pag 207
- ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 108
ansible-galaxy role --help ansible-galaxy install zaxos.tomcat-ansible-role ansible-galaxy list ansible-galaxy init
- ; playbook-tomcat.yml
--- - hosts: clientes user: root become: true vars: tomcat_version: 8.5.23 tomcat_permissions_production: True tomcat_users: - username: "tomcat" password: "t3mpp@ssw0rd" roles: "tomcat,admin,manager,manager-gui" - username: "exampleuser" password: "us3rp@ssw0rd" roles: "tomcat" roles: - role: zaxos.tomcat-ansible-role ...
- ./Material Curso Ansible/roles ansible para laboratorios/docker-wp-jm-ansible
- usar ansible para personalizar un docker-compose.yml que se lanzará en los ndoos destino
- ./Material Curso Ansible/roles ansible para laboratorios/password-role
windows
- ./Material Curso Ansible/Ansible-Windows-winrm/
- ./Material Curso Ansible/Ansible-Vmware-vSphere/
- ./Material Curso Ansible/Curso Ansible 2020.pdf pag
- ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag
- ./Material Curso Ansible/Ansible-Windows-winrm/Configure ansible-windows.txt
- WinRM (protocolo en máquinas Windows desde W2012)
- https/5986, http/5985
- .NET 4.0:
Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Select PSChildName, version - script ejecutar máquina windows para permitir conexión: https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
- Dependencia master ansible:
yum install python2-winrm.noarch -y
- ; /etc/ansible/hosts
... [win] 192.168.1.46 [win:vars] ansible_user=Administrador ansible_password=Password,013 ansible_connection=winrm ansible_winrm_server_cert_validation=ignore ansible_become_method=runas ansible_become_user=Administrador ...
chocolatey
- «apt» para Windows
ansible vault
- ./Material Curso Ansible/Curso Ansible 2020.pdf pag 226
- ./Material Curso Ansible/DO407-AUTOMATION WITH ANSIBLE I.pdf pag 127
- ./Material Curso Ansible/Introduccion Ansible.txt línea 168
- Cifrar playbooks
ansible-vault- encrypt
- decrypt
- edit
- view
- encrypt_string: solo encripta una cadena que se puede usar en una variable del .yaml
ansible-playbook--ask-vault-pass--vault-password-file: contraseña en texto plano dentro de un fichero (en el master)