|
07.05.2024., 20:55 | #3211 |
Premium
Datum registracije: Sep 2018
Lokacija: tu
Postovi: 1,961
|
Ma stvar je u tome što svako toliko imam potrebu za pripremiti neki environment. Kao npr relativno nedavno gap engine sa python2 gdje sam hrpetinu paketa ručno instalirao da to osposobim. Volio bit takve stvari imati u nekakvom containeru tako da kada instaliram hrpu sranja da to bude odvojeno od operativnog. Pa sam tako gledao neke distribucije koje dolaze sa distrobox i varijantama istog. Samo što takve kombinacije nisu standard i to održava neki lik koji ima 17 godina pa napravi kad stigne. Nije baš neki standard.
__________________
|
07.05.2024., 21:21 | #3212 |
Premium
Datum registracije: Nov 2004
Lokacija: HR
Postovi: 751
|
pa dignes doker |
07.05.2024., 21:40 | #3213 | |
Premium
Datum registracije: May 2006
Lokacija: München/Varaždin
Postovi: 3,373
|
Citiraj:
https://www.youtube.com/results?sear...+setup+ansible Evo ti par malo detaljnijh videa za pocetak: https://www.youtube.com/watch?v=3RiVKs8GHYQ&list=PLT98CRl2KxKEUHie1m24-wkyHpEsa4Y70 https://www.youtube.com/watch?v=SXwC9fSwct8 Zadnje izmijenjeno od: tomek@vz. 07.05.2024. u 22:03. |
|
Danas, 08:21 | #3216 |
PRO
Datum registracije: Apr 2010
Lokacija: Zagreb
Postovi: 4,191
|
__________________
"Who is your daddy and what does he do?" |
Danas, 08:43 | #3218 | ||
Premium
Datum registracije: May 2006
Lokacija: München/Varaždin
Postovi: 3,373
|
U tome i je poanta - postoje alternative ali za razliku od Ansible pristupa zahtjevaju vise pripreme i ucenja. A ako samo trebas pripremu OS-a bez da manualno sve uvijek isponova radis - Ansible je vrlo jednostavan i mocan alat. Ne moras za pocetak ni komlicirat si zivot za naprednim stavkama. Kreiraj svoj ansible.cfg, svoj inventory fajl i lupi sve taskove u jedan playbook - dovoljno da za pocetak skuzis sko kako funkcionira a baznoj razini. Kasnije vec mozes modularizirat sve skupa za vise primjena, OS-eva itd. Evo ti jednostavan primjer: ansible.cfg Code:
[defaults] ansible_port = 22 remote_user = tomek inventory = ./inventory roles_path = roles/ gathering = smart fact_caching = jsonfile fact_caching_connection = ./facts fact_caching_timeout = 600 log_path = ./ansible.log remote_tmp = /tmp # work around privilege escalation timeouts in ansible: timeout = 30 [inventory] # fail more helpfully when the inventory file does not parse (Ansible 2.4+) unparsed_is_failed=true [ssh_connection] pipelining = True ssh_args = -o ControlMaster=auto -o ControlPersist=600s # shorten the ControlPath which is often too long; when it is, # ssh connection reuse silently fails, making everything slower. control_path = %(directory)s/%%h-%%r [privilege_escalation] become = yes become_user = root become_method = sudo Citiraj:
- korisnik sa sudo NOPASSWD konfiguracijom na remote kanti - prijava sa tim korisnikom preko ssh kljuca Ansible skripte naravno mozes i lokalno izvoditi na stroju/virtualki samo onda zakomentiras u inventory prvu liniju o odkomentiras drugu. Plus u main.yaml na pocetku dodas ove dvije stavke: Citiraj:
Code:
--- #---------------------------------------------------------------------------------------- # version 1.0 # author # copyright # email # license Apache 2 ######################################################## # 1.0 stable release #--------------------------------------------------------------------------------------- - hosts: all become: yes vars: net_iface: eth0 linux_user: tomek tasks: - name: Modify Grub timeout lineinfile: path: /etc/default/grub regexp: '^GRUB_TIMEOUT=' line: 'GRUB_TIMEOUT=1' - name: Do App stuff include_tasks: tasks/Debian/apps.yaml when: ansible_distribution == 'Debian' - name: Install Virtualization stuff include_tasks: tasks/Debian/qemu.yaml when: ansible_distribution == 'Debian' - name: Harden Security include_tasks: tasks/Debian/security.yaml when: ansible_distribution == 'Debian' - name: Do App stuff include_tasks: tasks/RedHat/apps.yaml when: ansible_distribution == 'RedHat' - name: Install Virtualization stuff include_tasks: tasks/RedHat/qemu.yaml when: ansible_distribution == 'RedHat' - name: Setup Samba Share include_tasks: tasks/RedHat/samba.yaml when: ansible_distribution == 'RedHat' - name: Harden Security include_tasks: tasks/RedHat/security.yaml when: ansible_distribution == 'RedHat' - name: Install Virtualization stuff include_tasks: tasks/SuSe/qemu.yaml when: ansible_distribution == 'openSUSE Leap' - name: Setup Samba Share include_tasks: tasks/SuSe/samba.yaml when: ansible_distribution == 'openSUSE Leap' - name: Harden Security include_tasks: tasks/SuSe/security.yaml when: ansible_distribution == 'openSUSE Leap' - name: Sync config to skel profile synchronize: src: files/skel/ dest: /etc/skel/ delete: yes recursive: yes - name: get fresh git prompt command: git clone https://github.com/magicmonty/bash-git-prompt.git /etc/skel/.bash-git-prompt --depth=1 - name: Enable NTP Daemon systemd: service: chronyd state: started enabled: yes Code:
--- #---------------------------------------------------------------------------------------- # version 1.0 # author # copyright # email # license Apache 2 ####################################################### # 1.0 stable release #--------------------------------------------------------------------------------------- - name: Setup repos blockinfile: path: /etc/apt/sources.list block: | deb http://ftp.de.debian.org/debian bookworm main contrib non-free non-free-firmware deb-src http://ftp.de.debian.org/debian bookworm main contrib non-free non-free-firmware deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware - name: Update OS apt: name: '*' state: latest update_cache: yes - name: Remove apps apt: name: - nano state: absent autoremove: yes autoclean: yes - name: Install base apps apt: name: - acpid - apt-show-versions - apt-xapian-index - cifs-utils - chrony - debian-goodies - debsecan - debsums - dkms - apt-utils - firmware-linux - firmware-linux-nonfree - firmware-misc-nonfree - firmware-realtek - git - htop - libpam-tmpdir - libpam-pwquality - python3-cracklib - lm-sensors - needrestart - openssl - perl - rsync - smartmontools - tlp - tmux - vim state: present Ja sam si taskove za pojedine OS-eve na ovaj nacin odvojio jer mi lakse azurirat sve skupa no kao sto rekoh pogotovo u startu - ne moras. Jedino kad prckas po yaml fajlovima pazi na space i moja preporuka ti je u editoru koji koristis prebacit tab u 4x space. Ak te kaj zanima - pitaj. Zadnje izmijenjeno od: tomek@vz. Danas u 08:54. |
||
Danas, 08:47 | #3219 |
Premium
Datum registracije: May 2006
Lokacija: München/Varaždin
Postovi: 3,373
|
|
Danas, 09:18 | #3220 |
Premium
Datum registracije: Jan 2009
Lokacija: Donji Miholjac-Osijek
Postovi: 279
|
Nekada više o bazne konfiguracije servera ni ne moras raditi ali da, ansible tu sve gazi. Pogotovo mi veliku prednost imaju collection-i za tipa ovirt i vmware pa se može svašta nešto automatizirati. |
|
|