Difference between revisions of "Ansible"
Jump to navigation
Jump to search
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | https://docs.ansible.com/ansible/latest/reference_appendices/config.html | ||
| + | |||
| + | https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html | ||
| + | |||
| + | |||
| + | |||
# Install and Use | # Install and Use | ||
| Line 13: | Line 19: | ||
``` | ``` | ||
| − | inventory. | + | inventory.yaml |
``` | ``` | ||
| − | + | all: | |
| − | winhost.example.com | + | vars: |
| + | ansible_user: <myusername> | ||
| + | ansible_password: <mypass> | ||
| + | windows: | ||
| + | hosts: | ||
| + | winhost.example.com: | ||
| + | vars: | ||
| + | ansible_connection: winrm | ||
| + | ansible_port: 5985 | ||
| + | ansible_winrm_scheme: http # Recommend https if possible | ||
| + | ansible_winrm_transport: ntlm | ||
| + | ansible_winrm_server_cert_validation: ignore # Not recommended | ||
| + | linux: | ||
| + | hosts: | ||
| + | linuxhost.example.com: | ||
| + | vars: | ||
| + | ansible_connection: ssh | ||
| + | ``` | ||
| + | https://www.vgemba.net/ansible/Ansible-WinRM-Workgroup/ | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
``` | ``` | ||
| − | + | ansible 'Windows' -m win_shell -i inventory.yaml -a 'pwd' | |
| + | ansible 'Linux' -i inventory.yaml -a 'pwd' | ||
| + | ``` | ||
| + | Run local script on remotes | ||
``` | ``` | ||
| − | ansible 'Windows' -m | + | ansible 'Windows' -m "script ./a.ps1" -i inventory.yaml |
| − | |||
``` | ``` | ||
| Line 48: | Line 55: | ||
ansible myhost.example.com -a "pwd" --ask-pass | ansible myhost.example.com -a "pwd" --ask-pass | ||
``` | ``` | ||
| + | |||
| + | |||
| + | <br> | ||
| + | <br> | ||
| + | <br> | ||
| + | |||
| Line 87: | Line 100: | ||
``` | ``` | ||
| + | |||
| + | inventory.toml | ||
| + | ``` | ||
| + | [Windows] | ||
| + | winhost.example.com | ||
| + | |||
| + | [Windows:vars] | ||
| + | ansible_user=<myuser> | ||
| + | ansible_password=<mypass> | ||
| + | ansible_connection=winrm | ||
| + | # ansible_port=5985 | ||
| + | # ansible_winrm_scheme=http | ||
| + | ansible_port=5986 | ||
| + | ansible_winrm_scheme=https | ||
| + | ansible_winrm_server_cert_validation: ignore | ||
| + | |||
| + | |||
| + | [Linux] | ||
| + | linuxhost.example.com | ||
| + | |||
| + | |||
| + | [Linux:vars] | ||
| + | ansible_user=<my user> | ||
| + | ansible_password=<my pass> | ||
| + | ansible_connection=ssh | ||
| + | ``` | ||
| Line 96: | Line 135: | ||
https://www.vgemba.net/ansible/Ansible-WinRM-Workgroup/ | https://www.vgemba.net/ansible/Ansible-WinRM-Workgroup/ | ||
| + | |||
| + | |||
| + | # No inventory file to run script on remote | ||
| + | .env | ||
| + | ``` | ||
| + | export ANSIBLE_USER="MYDOMAIN\\myuser" | ||
| + | export ANSIBLE_PASSWORD='mypass' | ||
| + | export ANSIBLE_HOST_KEY_CHECKING=False # Not recommended | ||
| + | ``` | ||
| + | |||
| + | rcmd.sh | ||
| + | ``` | ||
| + | #!/usr/bin/env bash | ||
| + | set -e | ||
| + | # Create .env file with ANSIBLE_USER/PASSWORD using export then . .env | ||
| + | # .env | ||
| + | # export ANSIBLE_USER="EXAMPLE\\myuser" | ||
| + | # export ANSIBLE_PASSWORD='mypass' | ||
| + | # export ANSIBLE_HOST_KEY_CHECKING=False # not recommended if possible | ||
| + | # . .env | ||
| + | |||
| + | if [ "$#" -ne 2 ]; then | ||
| + | echo "Usage $0 <hostname> <script>" | ||
| + | echo "Example $0 host.example.com ./test.ps1" | ||
| + | exit | ||
| + | fi | ||
| + | host=$1 | ||
| + | script=$2 | ||
| + | inventory=$(mktemp tmp.inventory.XXXXX.yaml) | ||
| + | ansible_user=${ANSIBLE_USER} | ||
| + | ansible_password=${ANSIBLE_PASSWORD} | ||
| + | winrm_port=5985 | ||
| + | ssh_port=22 | ||
| + | os="" | ||
| + | |||
| + | # ping_status=$(ping -c 1 $host > /dev/null 2>&1; echo $?) | ||
| + | winrm_status=$(nc -z $host $winrm_port; echo $?) | ||
| + | |||
| + | if [[ $winrm_status -eq 0 ]]; then | ||
| + | os=windows | ||
| + | windowshost="$host:" | ||
| + | else | ||
| + | ssh_status=$(nc -z $host $ssh_port) | ||
| + | if [[ $ssh_status -eq 0 ]]; then | ||
| + | os=linux | ||
| + | linuxhost="$host:" | ||
| + | else | ||
| + | echo E: winrm port $winrm_port or ssh port $ssh_port are not available on $host. | ||
| + | exit | ||
| + | fi | ||
| + | fi | ||
| + | |||
| + | |||
| + | text=" | ||
| + | all: | ||
| + | vars: | ||
| + | ansible_user: ${ansible_user} | ||
| + | ansible_password: ${ansible_password} | ||
| + | windows: | ||
| + | hosts: | ||
| + | ${windowshost} | ||
| + | vars: | ||
| + | ansible_connection: winrm | ||
| + | ansible_port: 5985 | ||
| + | ansible_winrm_scheme: http | ||
| + | ansible_winrm_transport: ntlm | ||
| + | ansible_winrm_server_cert_validation: ignore | ||
| + | linux: | ||
| + | hosts: | ||
| + | $linuxhost | ||
| + | vars: | ||
| + | ansible_connection: ssh | ||
| + | " | ||
| + | echo "$text" > $inventory | ||
| + | ansible "$host" -m "script $script" -i $inventory | ||
| + | rm $inventory | ||
| + | ``` | ||
Latest revision as of 16:26, 11 June 2022
https://docs.ansible.com/ansible/latest/reference_appendices/config.html
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html
Install and Use
Using apt and older version
sudo apt install ansible sshpass
python3 -m venv venv source ansible/bin/activate # pip install -U pip pip install ansible pywinrm
inventory.yaml
all:
vars:
ansible_user: <myusername>
ansible_password: <mypass>
windows:
hosts:
winhost.example.com:
vars:
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_scheme: http # Recommend https if possible
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore # Not recommended
linux:
hosts:
linuxhost.example.com:
vars:
ansible_connection: ssh
https://www.vgemba.net/ansible/Ansible-WinRM-Workgroup/
ansible 'Windows' -m win_shell -i inventory.yaml -a 'pwd' ansible 'Linux' -i inventory.yaml -a 'pwd'
Run local script on remotes
ansible 'Windows' -m "script ./a.ps1" -i inventory.yaml
ansible myhost.example.com -a "pwd" --ask-pass
Use latest Python and Pip source
Or lets just use Python Source of latest, pip
#!/usr/bin/env bash
set -e pipefail
version='3.9.6'
get() {
sudo apt install -y build-essential checkinstall
sudo apt install -y libreadline-gplv2-dev libncursesw5-dev libssl-dev \
libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev
curl -LO https://www.python.org/ftp/python/$version/Python-$version.tgz
tar xzf Python-$version.tgz
}
install() {
cd Python-$version
./configure --prefix=/usr/local
#./configure --prefix=/usr/local --enable-optimizations
sudo make altinstall
}
get
install
Install ansible in virtual env
python3.9 -m venv venv source ansible/bin/activate # pip install -U pip pip install ansible pywinrm
inventory.toml
[Windows] winhost.example.com [Windows:vars] ansible_user=<myuser> ansible_password=<mypass> ansible_connection=winrm # ansible_port=5985 # ansible_winrm_scheme=http ansible_port=5986 ansible_winrm_scheme=https ansible_winrm_server_cert_validation: ignore [Linux] linuxhost.example.com [Linux:vars] ansible_user=<my user> ansible_password=<my pass> ansible_connection=ssh
Presentations
https://www.vgemba.net/ansible/Ansible-WinRM-Workgroup/
No inventory file to run script on remote
.env
export ANSIBLE_USER="MYDOMAIN\\myuser" export ANSIBLE_PASSWORD='mypass' export ANSIBLE_HOST_KEY_CHECKING=False # Not recommended
rcmd.sh
#!/usr/bin/env bash
set -e
# Create .env file with ANSIBLE_USER/PASSWORD using export then . .env
# .env
# export ANSIBLE_USER="EXAMPLE\\myuser"
# export ANSIBLE_PASSWORD='mypass'
# export ANSIBLE_HOST_KEY_CHECKING=False # not recommended if possible
# . .env
if [ "$#" -ne 2 ]; then
echo "Usage $0 <hostname> <script>"
echo "Example $0 host.example.com ./test.ps1"
exit
fi
host=$1
script=$2
inventory=$(mktemp tmp.inventory.XXXXX.yaml)
ansible_user=${ANSIBLE_USER}
ansible_password=${ANSIBLE_PASSWORD}
winrm_port=5985
ssh_port=22
os=""
# ping_status=$(ping -c 1 $host > /dev/null 2>&1; echo $?)
winrm_status=$(nc -z $host $winrm_port; echo $?)
if [[ $winrm_status -eq 0 ]]; then
os=windows
windowshost="$host:"
else
ssh_status=$(nc -z $host $ssh_port)
if [[ $ssh_status -eq 0 ]]; then
os=linux
linuxhost="$host:"
else
echo E: winrm port $winrm_port or ssh port $ssh_port are not available on $host.
exit
fi
fi
text="
all:
vars:
ansible_user: ${ansible_user}
ansible_password: ${ansible_password}
windows:
hosts:
${windowshost}
vars:
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_scheme: http
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
linux:
hosts:
$linuxhost
vars:
ansible_connection: ssh
"
echo "$text" > $inventory
ansible "$host" -m "script $script" -i $inventory
rm $inventory