ansible all -m ping - опросить всех хостов которые имеются в зоне доступа ansible
ansible all -m ping -u USER - опросить всех хостов, но от пользователя USER (иначе текущий пользователь системы запуска ansible)
ansible-playbook playbook.yml -u USER - запустить плейбук от пользователя USER
ansible all -m ping --private-key=~/.ssh/mykey.priv - выполнить пинг с использованием конкретного ключа
ansible-playbook myplaybook.yml --private-key=~/.ssh/mykey.priv - выполнить плейбук с использованием конкретного ключа
ansible all -m ping --ask-become-pass - запросить пароль sudo
ansible-playbook -l SRV-TEST myplaybook.yml - выполнить плейбук на определенном хосте
Примеры файлов ansible:
ansible.cfg:
[defaults]
inventory = ./hosts
host_key_checking = false
hosts:
[test]
10.10.10.40
#client01
[clients]
client02 ansible_host=10.10.10.41 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/sshkey
client03 ansible_host=10.10.10.42 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/sshkey
[all_groups:children]
test
#clients
test:
ansible_host: 10.10.10.40
ansible_user: root
ansible_ssh_private_key_file: /root/.ssh/sshkey
dev: taxonein
Примеры файлов опроса:
ping.yml
- name: Ping Servers
hosts: all_groups
become: yes
vars:
packages:
- nano
- mc
- htop
tasks:
- name: Task ping
ping:
- name: Upgrade system
apt:
upgrade: yes
# - name: Install pkgs
# apt:
# pkg: "{{packages}}"
# state: present
- debug:
msg: "{{ansible_distribution}} Version: {{ansible_distribution_version}}"
docker-install.yml
- name: Install Docker
hosts: nodocker
become: yes
vars:
packages_stage1:
- wget
- curl
- ca-certificates
packages_stage2:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
tasks:
- name: Update packages
ansible.builtin.apt:
name: "*"
state: latest
- name: Install packages
apt:
pkg: "{{packages_stage1}}"
state: present
- name: Add Keyrings
shell: |
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
- name: Add repository
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable"
state: present
- name: Update packages
ansible.builtin.apt:
name: "*"
state: latest
- name: Install docker packages
apt:
pkg: "{{packages_stage2}}"
state: present
user-change.yml
- name: User manage
hosts: nodocker
become: yes
vars:
users:
- taxonein
tasks:
- name: Install sudo
apt:
pkg: sudo
state: present
- name: Add user
ansible.builtin.user:
name: "{{item}}"
group: sudo
shell: /bin/bash
password: "YOUR-PASSWORD-HASH" #mkpasswd --method=sha-512
loop: "{{users}}"
# - name: Remove user
# ansible.builtin.user:
# name: "{{item}}"
# state: absent
# remove: yes
# loop: "{{users}}"
diskresize.yml
- name: Resize disk on host
hosts: init
become: yes
vars:
swap_size: 2 #GB
packages:
- cloud-guest-utils
- python3-pexpect
tasks:
- name: Update packages
ansible.builtin.apt:
name: "*"
state: latest
- name: Install growpart utils
apt:
pkg: "{{packages}}"
state: present
- name: Disable swap
shell: swapoff /dev/sda5
- name: Get disk size in sectors
shell: fdisk -l | grep Disk | awk '{print $7; exit}'
register: disk_sectors
- name: Calc swap sector location
set_fact:
swap_sector_begin: "{{ (disk_sectors.stdout | int) - ((swap_size * 1024 * 1024 * 1024 / 512)) }}"
delegate_to: localhost
- name: Delete old partitions
ansible.builtin.expect:
command: fdisk /dev/sda
responses:
"(.*)Command(.*)":
- "d\n"
- "d\n"
- "w\n"
"(.*)Partition number(.*)":
- "\n"
- "\n"
- name: Making new partitions
ansible.builtin.expect:
command: fdisk /dev/sda
responses:
"(.*)Command(.*)":
- "n\n"
- "n\n"
- "t\n"
- "w\n"
"(.*)Partition type(.*)":
- "e\n"
- "l\n"
"(.*)Partition number(.*)":
- "2\n"
- "5\n"
"(.*)First sector(.*)":
- "{{ swap_sector_begin | int }}\n"
- "\n"
"(.*)Last sector(.*)":
- "\n"
- "\n"
"(.*)Select(.*)":
- "l\n"
"(.*)Hex code or alias(.*)":
- "82\n"
- name: Make swap
shell: mkswap /dev/sda5
- name: Get swap UUID
shell: blkid /dev/sda5 | grep UUID | awk '{print $2}' | cut -d '"' -f 2
register: swap_uuid
- name: Write swap UUID to initramfs
shell: echo "RESUME=UUID={{ swap_uuid.stdout }}" > /etc/initramfs-tools/conf.d/resume
- name: Get swap line from fstab
shell: sed 's/UUID=[^ ]* //' /etc/fstab | grep -E 'none\s*swap'
register: swap_line
- name: Write swap UUID to fstab
shell: |
sed '/swap/d' /etc/fstab > /etc/fstab.new
mv /etc/fstab.new /etc/fstab
echo "UUID={{ swap_uuid.stdout }} {{ swap_line.stdout }}" >> /etc/fstab
- name: Resize sda1 to full
shell: growpart /dev/sda 1
- name: Updating initramfs and Grub
shell: update-initramfs -u && update-grub
- name: Applying resize2fs
shell: resize2fs /dev/sda1
keys.yml
- name: Add SSH Keys
hosts: init
become: yes
tasks:
- name: Pinging hosts
ping:
- name: Set Public Key
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/keys')}}"
setup.yml
- name: Setup host for production
become: yes
hosts: init
vars:
packages_stage1:
- wget
- curl
- net-tools
- ca-certificates
- cloud-guest-utils
packages_stage2:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
tasks:
- name: Set Public Keys
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/keys')}}"
- name: Update packages
ansible.builtin.apt:
name: "*"
state: latest
update_cache: yes
- name: Install system packages
apt:
pkg: "{{packages_stage1}}"
state: present
- name: Add Keyrings
shell: |
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
- name: Add repository
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable"
state: present
- name: Update packages
ansible.builtin.apt:
name: "*"
state: latest
- name: Install docker packages
apt:
pkg: "{{packages_stage2}}"
state: present