|
@@ -3,7 +3,7 @@ format: markdown
|
|
title: Ansible ff@home aufsetzen
|
|
title: Ansible ff@home aufsetzen
|
|
toc: yes
|
|
toc: yes
|
|
...
|
|
...
|
|
-# Description
|
|
|
|
|
|
+
|
|
# Software
|
|
# Software
|
|
- Debian 12 (bookworm) oder Ubuntu 22.04
|
|
- Debian 12 (bookworm) oder Ubuntu 22.04
|
|
- python3 und ansible
|
|
- python3 und ansible
|
|
@@ -18,7 +18,8 @@ Dazu in das Basisverzeichnis gehen (bei mir /datadisk), dann die virtuelle Umgeb
|
|
python3 -m venv ffhome
|
|
python3 -m venv ffhome
|
|
In das Verzeichnis ffhome wechseln und die Umgebung aktivieren
|
|
In das Verzeichnis ffhome wechseln und die Umgebung aktivieren
|
|
source (oder.) bin/activate
|
|
source (oder.) bin/activate
|
|
-
|
|
|
|
|
|
+
|
|
|
|
+ cd /datadisk/ffhome
|
|
source bin/activate
|
|
source bin/activate
|
|
|
|
|
|
Dadurch ändert sich der prompt:
|
|
Dadurch ändert sich der prompt:
|
|
@@ -27,17 +28,19 @@ Dadurch ändert sich der prompt:
|
|
Zum Verlassen der Umgebung:
|
|
Zum Verlassen der Umgebung:
|
|
deactivate oder Terminal Fenster schliessen
|
|
deactivate oder Terminal Fenster schliessen
|
|
|
|
|
|
-Jetzt kann ansible in der ffhome Umgebung installiert werden:
|
|
|
|
-pip3 install ansible
|
|
|
|
|
|
+Jetzt kann ansible in der ffhome Umgebung installiert werden:
|
|
|
|
+
|
|
|
|
+ pip3 install ansible
|
|
|
|
+
|
|
|
|
|
|
|
|
+18:11:20[frankb@berglap /datadisk/ffhome 0]
|
|
|
|
|
|
-18:11:20[frankb@berglap /datadisk/ffhome 0]
|
|
|
|
Die Verzeichnistruktur der Testumgebung
|
|
Die Verzeichnistruktur der Testumgebung
|
|
tree -L 4
|
|
tree -L 4
|
|
.
|
|
.
|
|
├── ansible.cfg
|
|
├── ansible.cfg
|
|
├── bin
|
|
├── bin
|
|
- │ ├── activate
|
|
|
|
|
|
+ │ ├── activate
|
|
│ ├── activate.csh
|
|
│ ├── activate.csh
|
|
│ ├── activate.fish
|
|
│ ├── activate.fish
|
|
│ ├── Activate.ps1
|
|
│ ├── Activate.ps1
|
|
@@ -122,12 +125,14 @@ Die Gruppen apus und desktops enthalten die testhosts, die Gruppen altlast und s
|
|
|
|
|
|
Im Verzeichnis inventory/host_vars sind Variablen für die einzelnen hosts, also hier die passwords, in vars unverschlüsselt, in vault aes256 geschützt. Beispielhaft mal für bergdesk
|
|
Im Verzeichnis inventory/host_vars sind Variablen für die einzelnen hosts, also hier die passwords, in vars unverschlüsselt, in vault aes256 geschützt. Beispielhaft mal für bergdesk
|
|
|
|
|
|
-bergdesk/vars
|
|
|
|
- ---
|
|
|
|
|
|
+bergdesk/vars
|
|
|
|
+
|
|
|
|
+ ---
|
|
bergdesk_password: "{{ vault_bergdesk_password }}"
|
|
bergdesk_password: "{{ vault_bergdesk_password }}"
|
|
|
|
|
|
-bergdesk/vault
|
|
|
|
- $ANSIBLE_VAULT;1.2;AES256;xx
|
|
|
|
|
|
+bergdesk/vault
|
|
|
|
+
|
|
|
|
+ $ANSIBLE_VAULT;1.2;AES256;xx
|
|
35656536383233636434636533613830303439316263636436363932333636626462616461636537
|
|
35656536383233636434636533613830303439316263636436363932333636626462616461636537
|
|
3838626266396332363236643361626134393238636133640a646333333866643161356333626564
|
|
3838626266396332363236643361626134393238636133640a646333333866643161356333626564
|
|
32373735343033633666353763376230646137663639373438393537663031643562376365396337
|
|
32373735343033633666353763376230646137663639373438393537663031643562376365396337
|
|
@@ -135,18 +140,28 @@ bergdesk/vault
|
|
30613139313661643932373239333865616338653132613530393161656466326561633537383535
|
|
30613139313661643932373239333865616338653132613530393161656466326561633537383535
|
|
3631356664643139383037636565346630643036353364333866
|
|
3631356664643139383037636565346630643036353364333866
|
|
|
|
|
|
-Zur Erzeugung der Verschlüsselung in der vault Datei
|
|
|
|
|
|
+Zur Erzeugung der Verschlüsselung in der vault Datei
|
|
|
|
+
|
|
---
|
|
---
|
|
- vault_bergdesk_password: hier das echte PW eintragen
|
|
|
|
-dann mit
|
|
|
|
-ansible-vault encrypt vault --vault-id xxxxx@prompt
|
|
|
|
-die verschlüsselte vault datei erzeugen
|
|
|
|
-anzeigen kann man die Datei mit ansible-vault view vault
|
|
|
|
-und entschlüsseln mit ansible-vault decrypt vault
|
|
|
|
|
|
+ vault_bergdesk_password: hier das echte PW eintragen
|
|
|
|
|
|
|
|
+dann mit
|
|
|
|
+
|
|
|
|
+ ansible-vault encrypt vault --vault-id xx@prompt
|
|
|
|
|
|
|
|
+die verschlüsselte vault datei erzeugen.
|
|
|
|
+Anzeigen kann man die Datei mit
|
|
|
|
+
|
|
|
|
+ ansible-vault view vault
|
|
|
|
+
|
|
|
|
+und entschlüsseln mit
|
|
|
|
+
|
|
|
|
+ ansible-vault decrypt vault
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+playbooks/update.yaml
|
|
|
|
|
|
-playbooks/update.yaml
|
|
|
|
---
|
|
---
|
|
# name: update yaml
|
|
# name: update yaml
|
|
- hosts: [desktops,apus,altlast]
|
|
- hosts: [desktops,apus,altlast]
|
|
@@ -192,80 +207,78 @@ Ausgabe von playbook update.yaml (die letzten beiden tasks stat und reboot sind
|
|
|
|
|
|
luna ist ausgeschaltet und nicht erreichbar.
|
|
luna ist ausgeschaltet und nicht erreichbar.
|
|
|
|
|
|
-(ffhome) 20:55:59[frankb@berglap /datadisk/ffhome 4] ansible-playbook -b playbooks/update.yaml -i inventory/hosts.yaml --ask-vault-pass
|
|
|
|
-Vault password:
|
|
|
|
|
|
+(ffhome) 20:55:59[frankb@berglap /datadisk/ffhome 0]
|
|
|
|
+ ansible-playbook -b playbooks/update.yaml -i inventory/hosts.yaml --ask-vault-pass
|
|
|
|
+ Vault password:
|
|
|
|
|
|
-PLAY [desktops,apus,altlast] ***************************************************************
|
|
|
|
|
|
+PLAY [desktops,apus,altlast] ***************************************************************
|
|
|
|
|
|
-TASK [Gathering Facts] *********************************************************************
|
|
|
|
|
|
+TASK [Gathering Facts] *********************************************************************
|
|
[WARNING]: Platform linux on host berglap is using the discovered Python interpreter at
|
|
[WARNING]: Platform linux on host berglap is using the discovered Python interpreter at
|
|
/usr/bin/python3.10, but future installation of another Python interpreter could change the
|
|
/usr/bin/python3.10, but future installation of another Python interpreter could change the
|
|
meaning of that path. See https://docs.ansible.com/ansible-
|
|
meaning of that path. See https://docs.ansible.com/ansible-
|
|
-core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
-ok: [berglap]
|
|
|
|
-[WARNING]: Platform linux on host bergdesk is using the discovered Python interpreter at
|
|
|
|
|
|
+core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
+ok: [berglap]
|
|
|
|
+\n[WARNING]: Platform linux on host bergdesk is using the discovered Python interpreter at
|
|
/usr/bin/python3.11, but future installation of another Python interpreter could change the
|
|
/usr/bin/python3.11, but future installation of another Python interpreter could change the
|
|
meaning of that path. See https://docs.ansible.com/ansible-
|
|
meaning of that path. See https://docs.ansible.com/ansible-
|
|
-core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
-ok: [bergdesk]
|
|
|
|
-fatal: [luna]: UNREACHABLE! => changed=false
|
|
|
|
- msg: 'Failed to connect to the host via ssh: ssh: connect to host 192.168.178.224 port 24: No route to host'
|
|
|
|
- unreachable: true
|
|
|
|
|
|
+core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
+ok: [bergdesk]
|
|
|
|
+fatal: [luna]: UNREACHABLE! => changed=false
|
|
|
|
+ msg: 'Failed to connect to the host via ssh: ssh: connect to host 192.168.178.224 port 24: No route to host'
|
|
|
|
+ \n unreachable: true
|
|
[WARNING]: Platform linux on host berghofen is using the discovered Python interpreter at
|
|
[WARNING]: Platform linux on host berghofen is using the discovered Python interpreter at
|
|
/usr/bin/python3.11, but future installation of another Python interpreter could change the
|
|
/usr/bin/python3.11, but future installation of another Python interpreter could change the
|
|
meaning of that path. See https://docs.ansible.com/ansible-
|
|
meaning of that path. See https://docs.ansible.com/ansible-
|
|
-core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
-ok: [berghofen]
|
|
|
|
-[WARNING]: Platform freebsd on host hoerde is using the discovered Python interpreter at
|
|
|
|
|
|
+core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
+ok: [berghofen]
|
|
|
|
+\n[WARNING]: Platform freebsd on host hoerde is using the discovered Python interpreter at
|
|
/usr/local/bin/python3.9, but future installation of another Python interpreter could
|
|
/usr/local/bin/python3.9, but future installation of another Python interpreter could
|
|
change the meaning of that path. See https://docs.ansible.com/ansible-
|
|
change the meaning of that path. See https://docs.ansible.com/ansible-
|
|
-core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
-ok: [hoerde]
|
|
|
|
-
|
|
|
|
-TASK [Testausgabe] *************************************************************************
|
|
|
|
-ok: [bergdesk] =>
|
|
|
|
- msg: Hallo von bergdesk Ansible managed!
|
|
|
|
-ok: [berglap] =>
|
|
|
|
- msg: Hallo von berglap Ansible managed!
|
|
|
|
-ok: [berghofen] =>
|
|
|
|
- msg: Hallo von berghofen Ansible managed!
|
|
|
|
-ok: [hoerde] =>
|
|
|
|
- msg: Hallo von hoerde Ansible managed!
|
|
|
|
-
|
|
|
|
-TASK [df -h Aufruf] ************************************************************************
|
|
|
|
-ok: [berglap]
|
|
|
|
-ok: [bergdesk]
|
|
|
|
-ok: [berghofen]
|
|
|
|
-ok: [hoerde]
|
|
|
|
-
|
|
|
|
-TASK [debug] *******************************************************************************
|
|
|
|
-ok: [bergdesk] =>
|
|
|
|
- msg: '[''Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf'', ''/dev/sdb1 439G 98G 319G 24% /''] Debian'
|
|
|
|
-ok: [berglap] =>
|
|
|
|
- msg: '[''Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf'', ''/dev/mapper/system-root 444G 298G 124G 71% /''] Ubuntu'
|
|
|
|
-ok: [berghofen] =>
|
|
|
|
- msg: '[''Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf'', ''/dev/sda6 18G 5,1G 12G 30% /''] Debian'
|
|
|
|
-ok: [hoerde] =>
|
|
|
|
- msg: '[''Filesystem Size Used Avail Capacity Mounted on'', ''s3pool25/jail/hoerde.ffdo.net 3.9G 891M 3.0G 22% /''] FreeBSD'
|
|
|
|
-
|
|
|
|
-TASK [ping meine hosts] ********************************************************************
|
|
|
|
-ok: [berglap]
|
|
|
|
-ok: [bergdesk]
|
|
|
|
-ok: [berghofen]
|
|
|
|
-ok: [hoerde]
|
|
|
|
-
|
|
|
|
-TASK [apt update mit upgrade und autoremove] ***********************************************
|
|
|
|
-skipping: [hoerde]
|
|
|
|
-ok: [bergdesk]
|
|
|
|
-ok: [berglap]
|
|
|
|
-ok: [berghofen]
|
|
|
|
-
|
|
|
|
-PLAY RECAP *********************************************************************************
|
|
|
|
-bergdesk : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
|
|
|
-berghofen : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
|
|
|
-berglap : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
|
|
|
|
|
+core/2.17/reference_appendices/interpreter_discovery.html for more information.
|
|
|
|
+ok: [hoerde]
|
|
|
|
+
|
|
|
|
+TASK [Testausgabe] *************************************************************************
|
|
|
|
+ok: [bergdesk] =>
|
|
|
|
+ msg: Hallo von bergdesk Ansible managed!
|
|
|
|
+ok: [berglap] =>
|
|
|
|
+ msg: Hallo von berglap Ansible managed!
|
|
|
|
+ok: [berghofen] =>
|
|
|
|
+ msg: Hallo von berghofen Ansible managed!
|
|
|
|
+ok: [hoerde] =>
|
|
|
|
+ msg: Hallo von hoerde Ansible managed!
|
|
|
|
+
|
|
|
|
+TASK [df -h Aufruf] ************************************************************************
|
|
|
|
+ok: [berglap]
|
|
|
|
+ok: [bergdesk]
|
|
|
|
+ok: [berghofen]
|
|
|
|
+ok: [hoerde]
|
|
|
|
+
|
|
|
|
+TASK [debug] *******************************************************************************
|
|
|
|
+ok: [bergdesk] =>
|
|
|
|
+ msg: '[''Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf'', ''/dev/sdb1 439G 98G 319G 24% /''] Debian'
|
|
|
|
+ok: [berglap] =>
|
|
|
|
+ msg: '[''Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf'', ''/dev/mapper/system-root 444G 298G 124G 71% /''] Ubuntu'
|
|
|
|
+ok: [berghofen] =>
|
|
|
|
+ msg: '[''Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf'', ''/dev/sda6 18G 5,1G 12G 30% /''] Debian'
|
|
|
|
+ok: [hoerde] =>
|
|
|
|
+ msg: '[''Filesystem Size Used Avail Capacity Mounted on'', ''s3pool25/jail/hoerde.ffdo.net 3.9G 891M 3.0G 22% /''] FreeBSD'
|
|
|
|
+
|
|
|
|
+TASK [ping meine hosts] ********************************************************************
|
|
|
|
+ok: [berglap]
|
|
|
|
+ok: [bergdesk]
|
|
|
|
+ok: [berghofen]
|
|
|
|
+ok: [hoerde]
|
|
|
|
+
|
|
|
|
+TASK [apt update mit upgrade und autoremove] ***********************************************
|
|
|
|
+skipping: [hoerde]
|
|
|
|
+ok: [bergdesk]
|
|
|
|
+ok: [berglap]
|
|
|
|
+ok: [berghofen]
|
|
|
|
+
|
|
|
|
+PLAY RECAP *********************************************************************************
|
|
|
|
+bergdesk : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
|
|
|
+berghofen : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
|
|
|
+berglap : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
|
hoerde : ok=5 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
|
|
hoerde : ok=5 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
|
|
-luna : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
|
|
+luna : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
|