Linux/Ansible: Difference between revisions

From Wiki
No edit summary
No edit summary
Line 21: Line 21:
</pre></blockquote>
</pre></blockquote>


= Config =


== /srv/ansible-config/pb-machinex.yml ==
<blockquote><pre>
---
- hosts: machinex
  become: true
  roles:
  - basic
  - bare-metal
  - exposed-machine
  - munin-node
</pre></blockquote>
== /srv/ansible-config/hosts.yml ==
<blockquote><pre>
all:
    children:
        cloud:
            hosts:
                cloudmachine.domain.com
        home:
            hosts:
                homemachine:
</pre></blockquote>
== /srv/ansible-config/roles/<role-name>/tasks/main.yml ==
* apt:
<blockquote><pre>
- name: update apt
  apt:
    update_cache: yes
    cache_valid_time: 3600
- name: install apt packages
  apt:
    name: ["aptitude", "git", "mc", "nmap"]
</pre></blockquote>
* systemd:
<blockquote><pre>
- name: reload systemd config
  systemd:
    daemon_reload: yes
- name: restart fail2ban
  systemd:
    name: fail2ban
    state: restarted
</pre></blockquote>
* copy files:
<blockquote><pre>
- name: copy openvpn client config files
  copy:
    src: ../files/
    dest: /etc/openvpn
- name: enable fail2ban config
  copy:
    src: /etc/fail2ban/fail2ban.conf
    dest: /etc/fail2ban/fail2ban.local
    remote_src: yes
</pre></blockquote>
* edit files:
<blockquote><pre>
- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"
- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"
    create: yes                  # create if file does not exist (default: no)
    backup: yes                  # create a backup file (default: no)
    state: absent                # the line should not be there
    state: present                # the line should be there (default)
    mode: '644'
    owner: root
    group: root
    insertbefore: BOF
    insertafter: EOF
- name: change sudoers
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%ADMIN ALL='
    line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'
</pre></blockquote>
* delete/symlink/...:
<blockquote><pre>
- name: create symbolic link for conf
  file:
    src: "/etc/nginx/sites-available/homeserver"
    dest: "/etc/nginx/sites-enabled/homeserver"
    state: link
- name: remove file
  file:
    path: "/etc/nginx/sites-enabled/default"
    state: absent
- name: create folder
  file:
    path: "/srv/test"
    state: directory
</pre></blockquote>




Revision as of 12:40, 17 May 2019

Install

sudo apt-get install -y software-properties-common
sudo add-apt-repository -y ppa:ansible/ansible
sudo apt-get update
sudo apt-get install -y ansible


Commands

ansible --version

ansible-playbook pb-machinex.yml

ansible hostname -m setup    # variables for "hostname"



Links

Retrieved from "https://wiki.marcluerssen.de/index.php?title=Linux/Ansible&oldid=2177"