Linux/Ansible: Difference between revisions

From Wiki
No edit summary
mNo edit summary
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
{| class="wikitable" style="float:right; margin-left: 10px;" width="400px"
| Other articles
|-
|
<DynamicPageList>
category = Linux/Ansible
ordermethod = sortkey
</DynamicPageList>
|}
= Install =
= Install =
<pre>
<pre>
sudo apt-get install -y software-properties-common
sudo apt update
sudo add-apt-repository -y ppa:ansible/ansible
sudo apt install ansible 
sudo apt-get update
</pre>
sudo apt-get install -y ansible
or newer version:
<pre>
sudo apt-add-repository ppa:ansible/ansible
sudo apt install ansible
</pre>
</pre>


* Install plugins
<pre>
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.general
</pre>


= Commands =
= Commands =
Line 17: Line 36:
</pre></blockquote>
</pre></blockquote>


= Config =
== /srv/ansible-config/pb-machinex.yml ==
<blockquote><pre>
---
- hosts: machinex
  become: true
  roles:
  - basic
  - bare-metal
  - exposed-machine
  - munin-node
</pre></blockquote>
== /srv/ansible-config/hosts.yml ==
<blockquote><pre>
all:
    children:
        cloud:
            hosts:
                cloudmachine.domain.com
        home:
            hosts:
                homemachine:
</pre></blockquote>
== /srv/ansible-config/roles/<role-name>/tasks/main.yml ==
* apt:
<blockquote><pre>
- name: update apt
  apt:
    update_cache: yes
    cache_valid_time: 3600
- name: install apt packages
  apt:
    name: ["aptitude", "git", "mc", "nmap"]
</pre></blockquote>
* systemd:
<blockquote><pre>
- name: reload systemd config
  systemd:
    daemon_reload: yes
- name: restart fail2ban
  systemd:
    name: fail2ban
    state: restarted
</pre></blockquote>
* copy files:
<blockquote><pre>
<blockquote><pre>
- name: copy openvpn client config files
ansible hostname -m setup    # variables for "hostname"
  copy:
    src: ../files/
    dest: /etc/openvpn
 
- name: enable fail2ban config
  copy:
    src: /etc/fail2ban/fail2ban.conf
    dest: /etc/fail2ban/fail2ban.local
    remote_src: yes
</pre></blockquote>
</pre></blockquote>
* edit files:
<blockquote><pre>
- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"


- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"
    create: yes                  # create if file does not exist (default: no)
    backup: yes                  # create a backup file (default: no)
    state: absent                # the line should not be there
    state: present                # the line should be there (default)
    mode: '644'
    owner: root
    group: root
    insertbefore: BOF
    insertafter: EOF
- name: change sudoers
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%ADMIN ALL='
    line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'
</pre></blockquote>
* delete/symlink/...:
<blockquote><pre>
- name: create symbolic link for conf
  file:
    src: "/etc/nginx/sites-available/homeserver"
    dest: "/etc/nginx/sites-enabled/homeserver"
    state: link
- name: remove file
  file:
    path: "/etc/nginx/sites-enabled/default"
    state: absent
- name: create folder
  file:
    path: "/srv/test"
    state: directory
</pre></blockquote>


== Step-by-step ==
# Setup file structure
# When using ssh key access
#: <pre>ssh-copy-id -i ~/.ssh/id_rsa user@server</pre>
# When using ssh password
#: <pre>apt install sshpass</pre>
#: <pre>ansible-galaxy collection install ansible.posix    # when using ansible to set ssh key</pre>
# Run ansible playbook
#:<pre>ansible-playbook pb-hostname.yml</pre>
#:options:
#::-k (ssh pass)
#::-K (password for sudo)


= Links =
= Links =
* https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html
* https://medium.com/@tedchength/installing-docker-using-ansible-script-c182787f2fa1
* https://medium.com/@tedchength/installing-docker-using-ansible-script-c182787f2fa1




[[Category:Linux/System]]
[[Category:Linux/Deployment]]
[[Category:Linux]]
[[Category:Linux]]

Latest revision as of 20:16, 26 November 2023

Other articles

Install

sudo apt update
sudo apt install ansible  

or newer version:

sudo apt-add-repository ppa:ansible/ansible
sudo apt install ansible


  • Install plugins
ansible-galaxy collection install ansible.posix 
ansible-galaxy collection install community.general

Commands

ansible --version
ansible-playbook pb-machinex.yml
ansible hostname -m setup    # variables for "hostname"


Step-by-step

  1. Setup file structure
  2. When using ssh key access
    ssh-copy-id -i ~/.ssh/id_rsa user@server
  3. When using ssh password
    apt install sshpass
    ansible-galaxy collection install ansible.posix    # when using ansible to set ssh key
  4. Run ansible playbook
    ansible-playbook pb-hostname.yml
    options:
    -k (ssh pass)
    -K (password for sudo)

Links