Ansible kasutamine
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Sissejuhatus
TODO
Tööpõhimõte
Väited
- ansible on kirjutatud python keeles, st sellest see suur pip/pipx/venv kontakt
Paigaldamine
Süsteemis peab olema python v. 3.8 või uuem ning pip, paigadamine toimub nt
# apt-get install python3 pip
Seejärel paigaldatakse tavakasutajana ansible tarkvara
# su - imre $ python3 -m pip install --user ansible
Tulemusena on ansible ise ja hulka tema teeke kasutatavad, nt
$ /home/imre/.local/bin/ansible --version ansible [core 2.12.1] config file = None configured module search path = ['/home/imre/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/imre/.local/lib/python3.8/site-packages/ansible ansible collection location = /home/imre/.ansible/collections:/usr/share/ansible/collections executable location = .local/bin/ansible python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0] jinja version = 3.0.3 libyaml = True
Kasutamine
Üle võrgu arvutite käsundamine
Üle võrgu arvutite käsundamiseks peab olema ansible arvuti ja kontrollitavate arvutite vahel usaldus nt ssh võtmete abil
$ ssh imre@192.168.110.213 uptime 12:13:05 up 27 days, 9:09, 1 user, load average: 0.00, 0.00, 0.00
Seejärel sobib kasutada arvutite nimede (või ip aadresside) sisustatud tekstifaili (nn inventory fail)
$ cat inventory [target] 192.168.110.213
ja nt sellist playbook yml faili
$ cat playbook.yml
---
- hosts: all
tasks:
- name: Hello World!
command: "df -t ext4 -h -T"
register: kasuvaljund
- debug: msg="{{ kasuvaljund.stdout_lines }}"
Ansible töötamine näeb välja nii
$ /home/imre/.local/bin/ansible-playbook -i inventory playbook.yml
PLAY [all] **********************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************
ok: [192.168.110.213]
TASK [Hello World!] *************************************************************************************************
changed: [192.168.110.213]
TASK [debug] ********************************************************************************************************
ok: [192.168.110.213] => {
"msg": [
"Filesystem Type Size Used Avail Use% Mounted on",
"/dev/mapper/system-root ext4 5.5G 1.2G 4.1G 23% /",
"/dev/vda1 ext4 464M 63M 373M 15% /boot"
]
}
PLAY RECAP **********************************************************************************************************
192.168.110.213 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
TODO
$ cat moraal.yml www-1a.moraal.ee www-1b.moraal.ee
$ ansible all -i moraal.yml --list-hosts
hosts (2):
www-1a.moraal.ee
www-1b.moraal.ee
Fortigate tulemüüri seadistamine
Osutub, et ansible jaoks on olemas fortigate tulemüüri seadistamiseks vajalikud teegid. Nt sellise inventory faili
$ cat hosts [fortigates] fortigate01 ansible_host=192.168.10.76 ansible_user="admin" ansible_password="parool" [fortigates:vars] ansible_network_os=fortinet.fortios.fortios
Ja sellise playbook abil saab muuta seadme nimi
$ cat playbook-fortigate.yml
- hosts: fortigate01
connection: httpapi
collections:
- fortinet.fortios
vars:
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global attributes.
fortios_system_global:
system_global:
hostname: 'CustomHostName'
Muudatuse tegemiseks sobib öelda
$ /home/imre/.local/bin/ansible-playbook -i hosts playbook-forti-change-name.yml
Aadress objektide moodustamiseks
$ cat playbook-fortigate.yml
- hosts: fortigate01
connection: httpapi
collections:
- fortinet.fortios
vars:
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global attributes.
fortios_system_global:
system_global:
hostname: 'CustomHostName'
- name: fortios_firewall_address_11
fortios_firewall_address:
state: present
firewall_address:
name: dst_imre_11
subnet: 11.11.11.0 255.255.255.0
type: ipmask
- name: fortios_firewall_address_12
fortios_firewall_address:
state: present
firewall_address:
name: dst_imre_12
subnet: 11.11.12.12 255.255.255.255
type: ipmask
Policy objektide moodustamiseks
$ cat playbook-fortigate.yml
- hosts: fortigate01
connection: httpapi
collections:
- fortinet.fortios
vars:
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: fortios_firewall_address_11
fortios_firewall_address:
state: present
firewall_address:
name: dst_imre_11
subnet: 11.11.11.0 255.255.255.0
type: ipmask
- name: fortios_firewall_address_12
fortios_firewall_address:
state: present
firewall_address:
name: dst_imre_12
subnet: 11.11.12.12 255.255.255.255
type: ipmask
- name: fortios_firewall_policy_11
fortios_firewall_policy:
state: present
firewall_policy:
action: accept
dstaddr:
- name: "dst_imre_11"
dstintf:
- name: "lan"
name: dst_imre_policy_11
schedule: always
service:
- name: "HTTP"
srcaddr:
- name: "all"
srcintf:
- name: "lan5"
status: enable
policyid: 1
- name: fortios_firewall_policy_12
fortios_firewall_policy:
state: present
firewall_policy:
action: accept
dstaddr:
- name: "dst_imre_12"
dstintf:
- name: "lan"
name: dst_imre_policy_12
schedule: always
service:
- name: "PING"
srcaddr:
- name: "all"
srcintf:
- name: "lan5"
status: enable
policyid: 2
Policy reeglite järjekorra muutmiseks
$ cat playbook-fortigate.yml
- hosts: fortigate01
connection: httpapi
collections:
- fortinet.fortios
vars:
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: fortios_firewall_policy_move
fortios_firewall_policy:
action: move
self: "2"
before: "1"
TODO
Kasulikud lisamaterjalid
- https://docs.ansible.com/ansible/latest/collections/fortinet/index.html
- https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/
Ansible Galaxy
TODO
Kasulikud lisamaterjalid
2026 aasta kevade tähelepanekud
Paigaldamise viisid
- pip install süsteemselt või kasutaja kataloogi
- venv abil
- pipx abil
ansible paigaldamine venv abil
Globaalsed vajalikud python vahendid
# apt install python3-venv python3-pip
venv keskkonna tekitamine
# su - imre imre@dh-jenkins-01:~$ python3 -m venv py_venv imre@dh-jenkins-01:~$ source ~/py_venv/bin/activate (py_venv) imre@dh-jenkins-01:~$
Ansible python rakenduse paigaldamine
(py_venv) imre@dh-jenkins-01:~$ pip install ansible (py_venv) imre@dh-jenkins-01:~$ ansible --version ansible [core 2.20.4] config file = None configured module search path = ['/home/imre/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/imre/py_venv/lib/python3.12/site-packages/ansible ansible collection location = /home/imre/.ansible/collections:/usr/share/ansible/collections executable location = /home/imre/py_venv/bin/ansible python version = 3.12.3 (main, Mar 3 2026, 12:15:18) [GCC 13.3.0] (/home/imre/py_venv/bin/python3) jinja version = 3.1.6 pyyaml version = 6.0.3 (with libyaml v0.2.5)
venv keskkonnast väljumine
(py_venv) imre@dh-jenkins-01:~$ deactivate imre@dh-jenkins-01:~$
Git ligipääsu kirjeldamine
git config --global user.name "Imre Oolberg" git config --global user.email "imre@auul.pri.ee" git config --global color.ui auto # Bonus: Set your default branch name to 'main' to match modern GitHub git config --global init.defaultBranch main
repository kasutamine
(py_venv) imre@dh-jenkins-01:~$ mkdir -p ~/projects && cd ~/projects (py_venv) imre@dh-jenkins-01:~/projects$ git clone git@github.com:imreoolberg/ansible-playbook-demo.git Cloning into 'ansible-playbook-demo'... remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Compressing objects: 100% (2/2), done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0) Receiving objects: 100% (3/3), done. (py_venv) imre@dh-jenkins-01:~/projects/ansible-playbook-demo$ git status On branch main Your branch is up to date with 'origin/main'. nothing to commit, working tree clean
Muudatuse tegemiseks
(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git pull Already up to date. (py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ vi main.tf (py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git status On branch main Your branch is up to date with 'origin/main'. Changes not staged for commit: (use "git add <file>..." to update what will be committed) (use "git restore <file>..." to discard changes in working directory) modified: main.tf no changes added to commit (use "git add" and/or "git commit -a") (py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git add . (py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git status On branch main Your branch is up to date with 'origin/main'. Changes to be committed: (use "git restore --staged <file>..." to unstage) modified: main.tf (py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git commit -m "yks tyhi rida" [main e8f8800] yks tyhi rida 1 file changed, 1 insertion(+) (py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git status On branch main Your branch is ahead of 'origin/main' by 1 commit. (use "git push" to publish your local commits) nothing to commit, working tree clean (py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git push Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Delta compression using up to 2 threads Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 295 bytes | 295.00 KiB/s, done. Total 3 (delta 2), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (2/2), completed with 2 local objects. To github.com:imreoolberg/jenkins-pipeline-demo.git 6ed8486..e8f8800 main -> main
Kasulikud lisavahendid
ansible paigaldamine pipx abil
TODO
