Ansible - 12/23/2020
Roles:
Auto -> Plabook ->
1. Role
2. Galaxy
3. Priviledge Escalation (P.E.)
Code
-> Properly manage, rather keeping all content in one file -> They break down into multiple files
say. for mamagement purpuse ... program is break down into multiple files...
File1
File2
File3
File4 .....
Once all code are completed, put all code into one place and run the program..
This is just a high level overview.
The small individuals file can be of modules if we are talking about python..
We have control node
inventory
[web]
host1
host2
On control Node -> Write playbook
setup.yaml
- host: web # runnig play on web servers
includes all the tasks
-----
-----
------
define vars
-------
-----
-----
handlers
-----
-----
-----
Out goal is to deploy on managed nodes
we can have a seperate file
one file for tasks or
one file for handlers...
We bundle all files together which we call it a role.
- You can create a role, that is only use to configure web server.
- Create another role which is used for security realated tasks.
Roles
--------
WebServs
-web
-sec
DBservers
-db
-sec
Some community members are already created roles and shared.
These are pre-created roles. We can download and use.
We can write a file and instruct to apply to all web servers or
db servers.
The name of the community is ansible Galaxy.
google for ansible galaxy
ame ways, docker images are also shared in the community
hub.docker.com -> Docker Hub
Ansible Galaxy is the public place for ansible Roles...
- We create role inside control node and assign this role to managed node.
Plan
1. Check your inventory file
2. Configure apache web server..
3.
Configure web server
[root@master wk20-Roles]# cat web.yaml
# cat web.yaml
- hosts: myweb
vars:
- p: "httpd"
- s: "httpd"
tasks:
- package:
name: "{{ p }}"
state: present
- service:
name: "{{ s }}"
state: started
[root@master wk20-Roles]#
Rather than writing this way, we can write in a better managed way.
# ansible-galary rile list
# ansible-galaxy -role -h
Lets create a role
ansible-galary role init myapache
[root@master wk20-Roles]# ansible-galaxy role init myapache
- Role myapache was created successfully
role is just a directory/folder. here my apache is just s directory
List the roles available on the system
# ansible-galaxy role list
# /usr/share/ansible/roles
[WARNING]: - the configured path /root/.ansible/roles does not exist.
Note: You have to specify the location
[root@master wk20-Roles]# ansible-galaxy role list --roles-path /root/wk20-Roles
# /root/wk20-Roles
- myapache, (unknown version)
# /usr/share/ansible/roles
# /etc/ansible/roles
[WARNING]: - the configured path /root/.ansible/roles does not exist.
[root@master wk20-Roles]#
Lets go ahead a write some code, that is going to be a playbook
Role -> myapache ->
[root@master my-wk20]# pwd
/root/my-wk20
[root@master my-wk20]# ls
setup.yaml
[root@master my-wk20]# cat setup.yaml
# configure apache
- hosts: myweb
roles:
- role: "myapache"
#- role: "sec" # another role. Role is a list, thats why you have -
[root@master my-wk20]#
# ansible-playbook setup.yaml --roles-path /root/wk20-Roles/
Got error
[root@master my-wk20]# ansible-playbook -h | grep role
# Check your config file
# vi /etc/ansible/ansible.cfg
[defaults]
# some basic default values...
inventory = /root/myhosts
host_key_checking=false
#ansible-playbook setup.yaml --roles-path /root/wk20-Roles/
roles_path = /root/wk20-Roles/
[root@master my-wk20]# ansible-playbook setup.yaml
This time, you will see diffrent output.
# ap setup.yaml
# ansible roles list
Another play
# cat setup.yaml
# configure apache
- hosts: myweb
roles:
- role: "myapache"
- hosts: mylb
roles:
- role: "mynewrole"
Wednesday, December 23, 2020
Ansible - Roles
Subscribe to:
Post Comments (Atom)
Git branch show detached HEAD
Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03) 00 2. Run re-set hard $ git reset --hard 3. ...
-
snmpconfig command allow you to managge snmpv1/v3 agent configuration on SAN switch. Event trap level is mapped with event severity level....
-
Firmware upgrade on HPE SuperDom Flex 280 - prerequisites tasks a. Set up repo b. Upload firmware to your webserver 1. For foundation so...
-
Disabling the Telnet protocol on Brocade SAN switches By default, telnet is enabled on Brocade SAN switches. As part of security hardening o...
No comments:
Post a Comment