Ansible kasutamine: erinevus redaktsioonide vahel

Sissejuhatus

TODO

Tööpõhimõte

TODO

Paigaldamine

Süsteemis peab olema python v. 3.8 või uuem ning pip, paigadamine toimub nt

# apt-get install python3 pip

Seejärel paigaldatakse tavakasutajana ansible tarkvara

# su - imre
$ python3 -m pip install --user ansible

Tulemusena on ansible ise ja hulka tema teeke kasutatavad, nt

$ /home/imre/.local/bin/ansible --version
ansible [core 2.12.1]
  config file = None
  configured module search path = ['/home/imre/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/imre/.local/lib/python3.8/site-packages/ansible
  ansible collection location = /home/imre/.ansible/collections:/usr/share/ansible/collections
  executable location = .local/bin/ansible
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True

Kasutamine

Üle võrgu arvutite käsundamine

Üle võrgu arvutite käsundamiseks peab olema ansible arvuti ja kontrollitavate arvutite vahel usaldus nt ssh võtmete abil

$ ssh imre@192.168.110.213 uptime
 12:13:05 up 27 days,  9:09,  1 user,  load average: 0.00, 0.00, 0.00

Seejärel sobib kasutada arvutite nimede (või ip aadresside) sisustatud tekstifaili (nn inventory fail)

$ cat inventory 
[target]
192.168.110.213

ja nt sellist playbook yml faili

$ cat playbook.yml 
---
- hosts: all
  tasks:
    - name: Hello World!
      command: "df -t ext4 -h -T"
      register: kasuvaljund
      
    - debug: msg="{{ kasuvaljund.stdout_lines }}"

Ansible töötamine näeb välja nii

$ /home/imre/.local/bin/ansible-playbook -i inventory playbook.yml 
PLAY [all] **********************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [192.168.110.213]

TASK [Hello World!] *************************************************************************************************
changed: [192.168.110.213]

TASK [debug] ********************************************************************************************************
ok: [192.168.110.213] => {
    "msg": [
        "Filesystem              Type  Size  Used Avail Use% Mounted on",
        "/dev/mapper/system-root ext4  5.5G  1.2G  4.1G  23% /",
        "/dev/vda1               ext4  464M   63M  373M  15% /boot"
    ]
}

PLAY RECAP **********************************************************************************************************
192.168.110.213            : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

TODO

$ cat moraal.yml 
www-1a.moraal.ee
www-1b.moraal.ee

$ ansible all -i moraal.yml --list-hosts
  hosts (2):
    www-1a.moraal.ee
    www-1b.moraal.ee

Fortigate tulemüüri seadistamine

Osutub, et ansible jaoks on olemas fortigate tulemüüri seadistamiseks vajalikud teegid. Nt sellise inventory faili

$ cat hosts 
[fortigates]
fortigate01 ansible_host=192.168.10.76 ansible_user="admin" ansible_password="parool"

[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios

Ja sellise playbook abil saab muuta seadme nimi

$ cat test.yml 
- hosts: fortigate01
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
   - name: Configure global attributes.
     fortios_system_global:
        system_global:
            hostname: 'CustomHostName'

Muudatuse tegemiseks sobib öelda

$ /home/imre/.local/bin/ansible-playbook -i hosts playbook-forti-change-name.yml

Aadress objektide moodustamiseks

TODO

Policy objektide moodustamiseks

TODO

TODO

Kasulikud lisamaterjalid

• https://www.redpill-linpro.com/sysadvent/2017/12/24/ansible-system-updates.html