Ansible kasutamine: erinevus redaktsioonide vahel

Sissejuhatus

TODO

Tööpõhimõte

Väited

• ansible on kirjutatud python keeles, st sellest see suur pip/pipx/venv kontakt

Paigaldamine

Süsteemis peab olema python v. 3.8 või uuem ning pip, paigadamine toimub nt

# apt-get install python3 pip

Seejärel paigaldatakse tavakasutajana ansible tarkvara

# su - imre
$ python3 -m pip install --user ansible

Tulemusena on ansible ise ja hulka tema teeke kasutatavad, nt

$ /home/imre/.local/bin/ansible --version
ansible [core 2.12.1]
  config file = None
  configured module search path = ['/home/imre/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/imre/.local/lib/python3.8/site-packages/ansible
  ansible collection location = /home/imre/.ansible/collections:/usr/share/ansible/collections
  executable location = .local/bin/ansible
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True

Kasutamine

Üle võrgu arvutite käsundamine

Üle võrgu arvutite käsundamiseks peab olema ansible arvuti ja kontrollitavate arvutite vahel usaldus nt ssh võtmete abil

$ ssh imre@192.168.110.213 uptime
 12:13:05 up 27 days,  9:09,  1 user,  load average: 0.00, 0.00, 0.00

Seejärel sobib kasutada arvutite nimede (või ip aadresside) sisustatud tekstifaili (nn inventory fail)

$ cat inventory 
[target]
192.168.110.213

ja nt sellist playbook yml faili

$ cat playbook.yml 
---
- hosts: all
  tasks:
    - name: Hello World!
      command: "df -t ext4 -h -T"
      register: kasuvaljund
      
    - debug: msg="{{ kasuvaljund.stdout_lines }}"

Ansible töötamine näeb välja nii

$ /home/imre/.local/bin/ansible-playbook -i inventory playbook.yml 
PLAY [all] **********************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [192.168.110.213]

TASK [Hello World!] *************************************************************************************************
changed: [192.168.110.213]

TASK [debug] ********************************************************************************************************
ok: [192.168.110.213] => {
    "msg": [
        "Filesystem              Type  Size  Used Avail Use% Mounted on",
        "/dev/mapper/system-root ext4  5.5G  1.2G  4.1G  23% /",
        "/dev/vda1               ext4  464M   63M  373M  15% /boot"
    ]
}

PLAY RECAP **********************************************************************************************************
192.168.110.213            : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

TODO

$ cat moraal.yml 
www-1a.moraal.ee
www-1b.moraal.ee

$ ansible all -i moraal.yml --list-hosts
  hosts (2):
    www-1a.moraal.ee
    www-1b.moraal.ee

Fortigate tulemüüri seadistamine

Osutub, et ansible jaoks on olemas fortigate tulemüüri seadistamiseks vajalikud teegid. Nt sellise inventory faili

$ cat hosts 
[fortigates]
fortigate01 ansible_host=192.168.10.76 ansible_user="admin" ansible_password="parool"

[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios

Ja sellise playbook abil saab muuta seadme nimi

$ cat playbook-fortigate.yml
- hosts: fortigate01
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
   - name: Configure global attributes.
     fortios_system_global:
        system_global:
            hostname: 'CustomHostName'

Muudatuse tegemiseks sobib öelda

$ /home/imre/.local/bin/ansible-playbook -i hosts playbook-forti-change-name.yml

Aadress objektide moodustamiseks

$ cat playbook-fortigate.yml
- hosts: fortigate01
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
   - name: Configure global attributes.
     fortios_system_global:
        system_global:
            hostname: 'CustomHostName'

   - name: fortios_firewall_address_11
     fortios_firewall_address:
       state: present
       firewall_address:
         name: dst_imre_11
         subnet: 11.11.11.0 255.255.255.0
         type: ipmask            

   - name: fortios_firewall_address_12
     fortios_firewall_address:
       state: present
       firewall_address:
         name: dst_imre_12
         subnet: 11.11.12.12 255.255.255.255
         type: ipmask         

Policy objektide moodustamiseks

$ cat playbook-fortigate.yml
- hosts: fortigate01
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
   - name: fortios_firewall_address_11
     fortios_firewall_address:
       state: present
       firewall_address:
         name: dst_imre_11
         subnet: 11.11.11.0 255.255.255.0
         type: ipmask            

   - name: fortios_firewall_address_12
     fortios_firewall_address:
       state: present
       firewall_address:
         name: dst_imre_12
         subnet: 11.11.12.12 255.255.255.255
         type: ipmask  

   - name: fortios_firewall_policy_11
     fortios_firewall_policy:
       state: present
       firewall_policy:
         action: accept
         dstaddr:
           - name: "dst_imre_11"
         dstintf:
           - name: "lan"
         name: dst_imre_policy_11
         schedule: always
         service:
           - name: "HTTP"
         srcaddr:
           - name: "all"
         srcintf:
           - name: "lan5"
         status: enable
         policyid: 1

   - name: fortios_firewall_policy_12
     fortios_firewall_policy:
       state: present
       firewall_policy:
         action: accept
         dstaddr:
           - name: "dst_imre_12"
         dstintf:
           - name: "lan"
         name: dst_imre_policy_12
         schedule: always
         service:
           - name: "PING"
         srcaddr:
           - name: "all"
         srcintf:
           - name: "lan5"
         status: enable
         policyid: 2

Policy reeglite järjekorra muutmiseks

$ cat playbook-fortigate.yml
- hosts: fortigate01
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443

  tasks:
   - name: fortios_firewall_policy_move
     fortios_firewall_policy:
       action: move
       self: "2"
       before: "1"

TODO

Kasulikud lisamaterjalid

• https://docs.ansible.com/ansible/latest/collections/fortinet/index.html
• https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/

Ansible Galaxy

TODO

Kasulikud lisamaterjalid

• https://linuxhint.com/using_ansible_galaxy/

2026 aasta kevade tähelepanekud

Paigaldamise viisid

• pip install süsteemselt või kasutaja kataloogi
• venv abil
• pipx abil

ansible paigaldamine venv abil

Globaalsed vajalikud python vahendid

# apt install python3-venv python3-pip

venv keskkonna tekitamine

# su - imre
imre@dh-jenkins-01:~$ python3 -m venv py_venv

imre@dh-jenkins-01:~$ source ~/py_venv/bin/activate
(py_venv) imre@dh-jenkins-01:~$

Ansible python rakenduse paigaldamine

(py_venv) imre@dh-jenkins-01:~$ pip install ansible

(py_venv) imre@dh-jenkins-01:~$ ansible --version
ansible [core 2.20.4]
  config file = None
  configured module search path = ['/home/imre/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/imre/py_venv/lib/python3.12/site-packages/ansible
  ansible collection location = /home/imre/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/imre/py_venv/bin/ansible
  python version = 3.12.3 (main, Mar  3 2026, 12:15:18) [GCC 13.3.0] (/home/imre/py_venv/bin/python3)
  jinja version = 3.1.6
  pyyaml version = 6.0.3 (with libyaml v0.2.5)

venv keskkonnast väljumine

(py_venv) imre@dh-jenkins-01:~$ deactivate
imre@dh-jenkins-01:~$

Git ligipääsu kirjeldamine

git config --global user.name "Imre Oolberg"
git config --global user.email "imre@auul.pri.ee"
git config --global color.ui auto
# Bonus: Set your default branch name to 'main' to match modern GitHub
git config --global init.defaultBranch main

repository kasutamine

(py_venv) imre@dh-jenkins-01:~$ mkdir -p ~/projects && cd ~/projects

(py_venv) imre@dh-jenkins-01:~/projects$ git clone git@github.com:imreoolberg/ansible-playbook-demo.git
Cloning into 'ansible-playbook-demo'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (3/3), done.

(py_venv) imre@dh-jenkins-01:~/projects/ansible-playbook-demo$ git status
On branch main
Your branch is up to date with 'origin/main'.

nothing to commit, working tree clean

Muudatuse tegemiseks

(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git pull
Already up to date.

(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ vi main.tf

(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git status
On branch main
Your branch is up to date with 'origin/main'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   main.tf

no changes added to commit (use "git add" and/or "git commit -a")
(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git add .
(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git status
On branch main
Your branch is up to date with 'origin/main'.

Changes to be committed:
  (use "git restore --staged <file>..." to unstage)
	modified:   main.tf

(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git commit -m "yks tyhi rida"
[main e8f8800] yks tyhi rida
 1 file changed, 1 insertion(+)

(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git status
On branch main
Your branch is ahead of 'origin/main' by 1 commit.
  (use "git push" to publish your local commits)

nothing to commit, working tree clean

(py_venv) imre@dh-jenkins-01:~/projects/jenkins-pipeline-demo$ git push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 295 bytes | 295.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
To github.com:imreoolberg/jenkins-pipeline-demo.git
   6ed8486..e8f8800  main -> main

Kasulikud lisavahendid

• https://oneuptime.com/blog/post/2026-02-21-install-ansible-pip-python-virtual-environment/view

ansible paigaldamine pipx abil

TODO

Kasulikud lisamaterjalid

• https://www.redpill-linpro.com/sysadvent/2017/12/24/ansible-system-updates.html