Tag Archives: ansible

Setup Ansible latest version

Download ansible from git:

1
2
3
cd /opt/
git clone https://github.com/ansible/ansible.git
cd ansible

Download all necessary modules:

1
2
3
4
git submodule update --init lib/ansible/modules/core
git submodule update --init lib/ansible/modules/extras
git submodule update --init v1/ansible/modules/core
git submodule update --init v1/ansible/modules/extras

add ansible's path to PATH (I use it from root):

1
2
echo 'export PATH=/opt/ansible/bin:$PATH' >> ~/.bashrc
echo 'export PYTHONPATH=/opt/ansible/lib' >> ~/.bashrc

reload .bashrc and after check ansible version command:

1
ansible --version

if you see that there is no some modules:

1
pip install <module name>

output should looks similar to:

1
2
3
4
5
6
7
ansible --version
ansible 2.0.0 (devel 2c9d1257ba) last updated 2015/07/06 12:42:09 (GMT +300)
  lib/ansible/modules/core: (detached HEAD ff69ce7912) last updated 2015/07/06 12:53:13 (GMT +300)
  lib/ansible/modules/extras: (detached HEAD 4e48ef9eca) last updated 2015/07/06 12:53:21 (GMT +300)
  v1/ansible/modules/core: (detached HEAD f8d8af17cd) last updated 2015/07/06 12:53:27 (GMT +300)
  v1/ansible/modules/extras: (detached HEAD 495ad450e5) last updated 2015/07/06 12:53:33 (GMT +300)
  configured module search path = /usr/share/ansible

Keepalived: vrrp

Install keepalived package to all necessary servers:
Place configs into the file /etc/keepalived/keepalived.conf on your servers:

eth0 — interface which will be used for virtual IP.
virtual_routed_id — group of server which should have the same IP.
priority — set the biggest for MASTER
auth_pass — password should be the same for virtual_routed_id group.
virtual_ipaddress — virtual address which we'd like to have on our servers, should be the same for virtual_routed_id group.
state — MASTER/BACKUP, initial state, it's works only on application launch, after it changes according to priority.

server1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
vrrp_instance VI_1 {
    state MASTER
    interface <strong>eth0</strong>
    virtual_router_id <strong>17</strong>
    priority <strong>100</strong>
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass <strong>$place_here_sha256_of_your_password</strong>
    }
    virtual_ipaddress {
        <strong>192.168.1.254</strong>
    }
}

server2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 17
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass $place_here_sha256_of_your_password
    }
    virtual_ipaddress {
        192.168.1.254
    }
}

server3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 17
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass $place_here_sha256_of_your_password
    }
    virtual_ipaddress {
        192.168.1.254
    }
}

Run serice on all servers with
service keepalived start
or if you use ansible:
ansible vrrp -m shell -a 'service keepalived start'

IPTABLES:

1
2
3
iptables -A INPUT -i vlan3016 -p vrrp -j ACCEPT
iptables -A OUTPUT -o vlan3016 -p vrrp -j ACCEPT
iptables -A INPUT -d 224.0.0.0/8 -i vlan3016 -j ACCEPT

Ansible: work with lines in file

hostname: gt
file /etc/resolv.conf
cat /etc/resolv.conf
options rotate
nameserver 192.168.1.21
nameserver 192.168.1.22
options timeout:1

Case 1

# remove line from file
ansible gt -m lineinfile -a 'dest=/etc/resolv.conf state=absent line="options timeout:1"'
gt | success >> {
«changed»: true,
«found»: 1,
«msg»: «1 line (s) removed»
}

cat /etc/resolv.conf
options rotate
nameserver 192.168.1.21
nameserver 192.168.1.22

Case 2

# add line to file
ansible gt -m lineinfile -a 'dest=/etc/resolv.conf state=present line="options timeout:10"'
gt | success >> {
«changed»: true,
«msg»: «line added»
}

cat /etc/resolv.conf
options rotate
nameserver 192.168.1.21
nameserver 192.168.1.22
options timeout:10

but if you run it again, you'll duplicate row:
options timeout:10
options timeout:10

See Case4 how to escape it.

Case 3

# replace line in file or add new line
ansible gt -m lineinfile -a 'dest=/etc/resolv.conf state=present regexp="timeout:10" line="options timeout:1"'
gt | success >> {
«changed»: true,
«msg»: «line replaced»
}

cat /etc/resolv.conf
options rotate
nameserver 192.168.1.21
nameserver 192.168.1.22
options timeout:1

Case 4

# replace line only if it exists
ansible gt -m lineinfile -a 'dest=/etc/resolv.conf state=present backrefs=yes regexp="timeout:1" line="options timeout:1"'
gt | success >> {
«changed»: false,
«msg»: ""
}

cat /etc/resolv.conf
options rotate
nameserver 192.168.1.21
nameserver 192.168.1.22
options timeout:1

ansible: playbooks howto

You could create 2 types of playbooks:
1 — just a simple yaml file, example (poweroff.yml):

1
2
3
4
5
6
- hosts: vbox
  sudo
: yes
  gather_facts
: no
  tasks
:
    - name
: poweroff
      command
: /sbin/poweroff

2 — project, example:
structure:

1
2
3
4
5
6
7
8
9
10
11
12
deploy/
deploy/roles
deploy/roles/preconf
deploy/roles/preconf/vars
deploy/roles/preconf/vars/main.yml
deploy/roles/preconf/files
deploy/roles/preconf/files/.vimrc
deploy/roles/preconf/handlers
deploy/roles/preconf/tasks
deploy/roles/preconf/tasks/main.yml
deploy/roles/preconf/templates
deploy/site.yml

site.yml — something like main file where will be included roles
content of site.yml:

1
2
3
4
5
- name: First deploy, install necessary packages and users
  hosts
: vbox

  roles
:
   - preconf

roles folder — subcategories for your project, different roles for different logical steps,
in this example only 1 role with name «preconf»,
role folder contains folders:
tasks — it's a main role folder which contains tasks description.
vars — variables which could be used in tasks
files — folder with files
templates — folder with templates (I don't use it here)

vars/main.yml:

1
2
3
4
5
6
7
8
admin_team:
  - { user
: 'alter', comment: 'Roman', key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYIX38J/i16iedtP0wUnTK13eh1eGkCL0sa2GMi/TPA6ANFdF/D1AbUXgp88SuQNXrMa8hs9E5+D+/LtCFy+jN+RHEZmVXtnW7WckYAynw5i66Le8MUeRpjBo1m5C865WY0qCoKwkQfZSX6yecw8Gt9sw26SrL3oeLEM4zoiI+NHhahQYanwA7i6LLE6A2UEz2ni/ZNZH3eVaOVknD8D9b6MjDRtMoBkdHu2g3Xx2fOGpIQXOp99H0oofDCTB7BBwelWOYmRHUAvbyNIdJlWFFdamSWAevoHarrypZiCKc0TUYzi6etzSyJkOJoOoyy1xt2UG6jaAzKs2iqFgcBJ0n alter@M1USER0061', shell: '/bin/zsh' }
  - { user
: 'n506', comment: 'Dmitriy', key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjjXrr6cZIDRRGih90P1WPjA2o5YXNG9Y2+Jhq18hBYJs6NKWaMyXsjvwBuHIJrbb9T9Rn9vVOr4fvMyGM0I+N9jr1bpGeq7BGZgqRtLoNrW/fvODKkKImDrwDKJG/B+EPRNLlOTvs2EsdVEJbJDi4ix0Ilj3D+SKe+AJ5gURY26DIKYEmMmyq2Ea8WmLam+rs8EfDkQw6NCkQvZSDzgs5pK+iwI4MVOKYisa0hakwfeS+qCiZr3nORy+TdwfJLJXovWFpQ24GacK3iK4FWdB3iafcFNc5BuHxpZeWcPUFoDf1ePlWD+sts44mzfaWyk95xV2NTUZmIsZ2L/Brucb1 n506@n506', shell: '/bin/bash' }
  - { user
: 'sticeberg', comment: 'Alexander', key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpFL+DrUxRsGOjC041AMx7SNwaxF7uUHGLtwq1/YkexpctkpJStYRv9mbvqRTDit5Mugy6Khk3Uux/S0r7g2ZxjgK+QU6iex9SKzm6/pRZkWEFVA0NQCBjrkRlRVCoRBpYhnO0OSwdE/QLIe9k2FwSGnMf6M5RbmlSViVDCrZ68CsArs7N6rrmAcMK0yy+BwrWSvVtvc92ao4K9li8rTg4VVy3E/F+NSNAJj90a+RAf6sb8M6qfbf0pTtxXU51kdRP2iS5QRj8KNkgdMFAD9+wYZpm9bs7vlWOaycVFlGsN9zevXaYrjkHLPYtCGGvCISfgEWAbUgdmuimUGnAMm7n sticeberg@gosts-MacBook-Air.local', shell: '/bin/bash' }

game_users
:
  - { user
: 'f1', shell: '/bin/bash', home: '/f1', uid: '6001' }
  - { user
: 'a1', shell: '/bin/bash', home: '/a1', uid: '6002' }

and tasks/main.yml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
- name: update system packages
  sudo
: yes
  apt
: upgrade=safe update_cache=yes

- name
: installing packages
  sudo
: yes
  apt
: pkg={{ item }}
  with_items
:
   - zsh
    - htop
    - vim
    - mc
    - wget
    - curl
    - tmux
    - facter
    - tcpdump
    - iptraf
    - pbzip2
    - pigz
    - tcptraceroute


- name
: add users for project
  sudo
: yes
  user
: name="{{ item.user }}" shell="{{ item.shell }}" home="{{ item.home }}" uid="{{ item.uid }}"
  with_items
:
   - "{{ game_users }}"

- name
: add admins
  sudo
: yes
  user
: name="{{ item.user }}" shell="{{ item.shell }}" groups='sudo' comment="{{ item.comment }}"
  with_items
:
   - "{{ admin_team }}"

- name
: add ssh keys for admins
  sudo
: yes
  authorized_key
: user="{{ item.user }}" key="{{ item.key }}"
  with_items
:
   - "{{ admin_team }}"

- name
: copy vimrc file
  sudo
: yes
  copy
: src=".vimrc" dest="/home/{{ item.user }}/.vimrc" owner="{{ item.user }}"
  with_items
:
   - "{{ admin_team }}"

playbooks run by comman ansible-playbook:
1 — ansible-playbook poweoff.yml
2 — ansible-playbook site.yml