Linux/Ansible

Aus Wiki
Wechseln zu: Navigation, Suche

Install

sudo apt-get install -y software-properties-common
sudo add-apt-repository -y ppa:ansible/ansible
sudo apt-get update
sudo apt-get install -y ansible  


Commands

ansible --version
ansible-playbook pb-machinex.yml
ansible hostname -m setup    # variables for "hostname"

Config

/srv/ansible-config/pb-machinex.yml

---
- hosts: machinex
  become: true
  roles:
  - basic
  - bare-metal
  - exposed-machine
  - munin-node


/srv/ansible-config/hosts.yml

all:
    children:
        cloud:
            hosts:
                cloudmachine.domain.com
        home:
            hosts:
                homemachine:


/srv/ansible-config/roles/<role-name>/tasks/main.yml

  • apt:
- name: update apt
  apt:
    update_cache: yes
    cache_valid_time: 3600

- name: install apt packages
  apt:
    name: ["aptitude", "git", "mc", "nmap"]
  • systemd:
- name: reload systemd config
  systemd:
    daemon_reload: yes

- name: restart fail2ban
  systemd:
    name: fail2ban
    state: restarted
  • copy files:
- name: copy openvpn client config files
  copy:
    src: ../files/
    dest: /etc/openvpn

- name: enable fail2ban config
  copy:
    src: /etc/fail2ban/fail2ban.conf
    dest: /etc/fail2ban/fail2ban.local
    remote_src: yes
  • edit files:
- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"

- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"
    create: yes                   # create if file does not exist (default: no)
    backup: yes                   # create a backup file (default: no)
    state: absent                 # the line should not be there
    state: present                # the line should be there (default)
    mode: '644'
    owner: root
    group: root
    insertbefore: BOF
    insertafter: EOF

- name: change sudoers
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%ADMIN ALL='
    line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'
  • delete/symlink/...:
- name: create symbolic link for conf
  file:
    src: "/etc/nginx/sites-available/homeserver"
    dest: "/etc/nginx/sites-enabled/homeserver"
    state: link

- name: remove file
  file:
    path: "/etc/nginx/sites-enabled/default"
    state: absent

- name: create folder
  file:
    path: "/srv/test"
    state: directory


Links