U tome i je poanta - postoje alternative ali za razliku od Ansible pristupa zahtjevaju vise pripreme i ucenja. A ako samo trebas pripremu OS-a bez da manualno sve uvijek isponova radis - Ansible je vrlo jednostavan i mocan alat. Ne moras za pocetak ni komlicirat si zivot za naprednim stavkama. Kreiraj svoj ansible.cfg, svoj inventory fajl i lupi sve taskove u jedan playbook - dovoljno da za pocetak skuzis sko kako funkcionira a baznoj razini. Kasnije vec mozes modularizirat sve skupa za vise primjena, OS-eva itd.
Evo ti jednostavan primjer:
ansible.cfg
Code:
[defaults]
ansible_port = 22
remote_user = tomek
inventory = ./inventory
roles_path = roles/
gathering = smart
fact_caching = jsonfile
fact_caching_connection = ./facts
fact_caching_timeout = 600
log_path = ./ansible.log
remote_tmp = /tmp
# work around privilege escalation timeouts in ansible:
timeout = 30
[inventory]
# fail more helpfully when the inventory file does not parse (Ansible 2.4+)
unparsed_is_failed=true
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=600s
# shorten the ControlPath which is often too long; when it is,
# ssh connection reuse silently fails, making everything slower.
control_path = %(directory)s/%%h-%%r
[privilege_escalation]
become = yes
become_user = root
become_method = sudo
inventory fajl:
Citiraj:
[host]
192.168.1.103 ansible_python_interpreter=/usr/bin/python3
#localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3
|
Jedine predispozicije za remote izvedbu su ti:
- korisnik sa sudo NOPASSWD konfiguracijom na remote kanti
- prijava sa tim korisnikom preko ssh kljuca
Ansible skripte naravno mozes i lokalno izvoditi na stroju/virtualki samo onda zakomentiras u inventory prvu liniju o odkomentiras drugu. Plus u main.yaml na pocetku dodas ove dvije stavke:
Citiraj:
- hosts: 127.0.0.1
connection: local
|
Evo ti primjer jednog jednostavnog yaml playbooka za baznu konfiguraciju vise OS-eva:
Code:
---
#----------------------------------------------------------------------------------------
# version 1.0
# author
# copyright
# email
# license Apache 2
########################################################
# 1.0 stable release
#---------------------------------------------------------------------------------------
- hosts: all
become: yes
vars:
net_iface: eth0
linux_user: tomek
tasks:
- name: Modify Grub timeout
lineinfile:
path: /etc/default/grub
regexp: '^GRUB_TIMEOUT='
line: 'GRUB_TIMEOUT=1'
- name: Do App stuff
include_tasks: tasks/Debian/apps.yaml
when: ansible_distribution == 'Debian'
- name: Install Virtualization stuff
include_tasks: tasks/Debian/qemu.yaml
when: ansible_distribution == 'Debian'
- name: Harden Security
include_tasks: tasks/Debian/security.yaml
when: ansible_distribution == 'Debian'
- name: Do App stuff
include_tasks: tasks/RedHat/apps.yaml
when: ansible_distribution == 'RedHat'
- name: Install Virtualization stuff
include_tasks: tasks/RedHat/qemu.yaml
when: ansible_distribution == 'RedHat'
- name: Setup Samba Share
include_tasks: tasks/RedHat/samba.yaml
when: ansible_distribution == 'RedHat'
- name: Harden Security
include_tasks: tasks/RedHat/security.yaml
when: ansible_distribution == 'RedHat'
- name: Install Virtualization stuff
include_tasks: tasks/SuSe/qemu.yaml
when: ansible_distribution == 'openSUSE Leap'
- name: Setup Samba Share
include_tasks: tasks/SuSe/samba.yaml
when: ansible_distribution == 'openSUSE Leap'
- name: Harden Security
include_tasks: tasks/SuSe/security.yaml
when: ansible_distribution == 'openSUSE Leap'
- name: Sync config to skel profile
synchronize:
src: files/skel/
dest: /etc/skel/
delete: yes
recursive: yes
- name: get fresh git prompt
command: git clone https://github.com/magicmonty/bash-git-prompt.git /etc/skel/.bash-git-prompt --depth=1
- name: Enable NTP Daemon
systemd:
service: chronyd
state: started
enabled: yes
Ovo je recimo Debianov apps task:
Code:
---
#----------------------------------------------------------------------------------------
# version 1.0
# author
# copyright
# email
# license Apache 2
#######################################################
# 1.0 stable release
#---------------------------------------------------------------------------------------
- name: Setup repos
blockinfile:
path: /etc/apt/sources.list
block: |
deb http://ftp.de.debian.org/debian bookworm main contrib non-free non-free-firmware
deb-src http://ftp.de.debian.org/debian bookworm main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
- name: Update OS
apt:
name: '*'
state: latest
update_cache: yes
- name: Remove apps
apt:
name:
- nano
state: absent
autoremove: yes
autoclean: yes
- name: Install base apps
apt:
name:
- acpid
- apt-show-versions
- apt-xapian-index
- cifs-utils
- chrony
- debian-goodies
- debsecan
- debsums
- dkms
- apt-utils
- firmware-linux
- firmware-linux-nonfree
- firmware-misc-nonfree
- firmware-realtek
- git
- htop
- libpam-tmpdir
- libpam-pwquality
- python3-cracklib
- lm-sensors
- needrestart
- openssl
- perl
- rsync
- smartmontools
- tlp
- tmux
- vim
state: present
A ovako izgleda tree:
Ja sam si taskove za pojedine OS-eve na ovaj nacin odvojio jer mi lakse azurirat sve skupa no kao sto rekoh pogotovo u startu - ne moras. Jedino kad prckas po yaml fajlovima pazi na space i moja preporuka ti je u editoru koji koristis prebacit tab u 4x space. Ak te kaj zanima - pitaj.