Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung | Nächste ÜberarbeitungBeide Seiten der Revision | ||
centos:ansible:playbooks1 [14.09.2022 14:00. ] – django | centos:ansible:playbooks1 [14.09.2022 14:12. ] – django | ||
---|---|---|---|
Zeile 8: | Zeile 8: | ||
- | |||
- | ==== 04: Bedingtes Kopieren ==== | ||
- | Im vierten Beispiel wollen wir die Konfigurationsdatei **'' | ||
- | |||
- | === Script anlegen === | ||
- | Das Script legen wir wie auch schon bei den anderen Beispielen zuvor im Verzeichnis **'' | ||
- | $ vim 04_repro.yml | ||
- | |||
- | <file bash 04_repro.yml> | ||
- | - hosts: all | ||
- | become: true | ||
- | vars: | ||
- | sudoers: ansible | ||
- | |||
- | tasks: | ||
- | - name: Place repo-file mailserver.guru for CentOS 8 right in place | ||
- | copy: | ||
- | src: / | ||
- | dest: / | ||
- | when: | ||
- | - ansible_facts[' | ||
- | - ansible_facts[' | ||
- | |||
- | - name: Place repo-file mailserver.guru for CentOS 7 right in place | ||
- | copy: | ||
- | src: files/ | ||
- | dest: / | ||
- | when: | ||
- | - ansible_facts[' | ||
- | - ansible_facts[' | ||
- | ... | ||
- | </ | ||
- | |||
- | Im Arbeitsverzeichnis für unsere Ansible hatten wir **[[# | ||
- | $ mkdir ~/ | ||
- | $ mkdir ~/ | ||
- | |||
- | \\ | ||
- | Die **CentOS 7** spezifische Repo-Datei **'' | ||
- | $ vim ~/ | ||
- | |||
- | <file bash ~/ | ||
- | [mailserver.guru-os] | ||
- | name=Extra (Mailserver-)Packages for Enterprise Linux 7 - $basearch | ||
- | baseurl=http:// | ||
- | priority=5 | ||
- | enabled=1 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:/// | ||
- | |||
- | |||
- | [mailserver.guru-testing] | ||
- | name=Testing (Mailserver-)Packages for Enterprise Linux 7 - $basearch | ||
- | baseurl=http:// | ||
- | #priority=5 | ||
- | enabled=0 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:/// | ||
- | |||
- | Die **CentOS 8** spezifische Repo-Datei **'' | ||
- | $ vim ~/ | ||
- | |||
- | <file bash ~/ | ||
- | [mailserver.guru-os] | ||
- | name=Extra (Mailserver-)Packages for Enterprise Linux 8 - $basearch | ||
- | baseurl=http:// | ||
- | priority=5 | ||
- | enabled=1 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:/// | ||
- | |||
- | |||
- | [mailserver.guru-testing] | ||
- | name=Testing (Mailserver-)Packages for Enterprise Linux 8 - $basearch | ||
- | baseurl=http:// | ||
- | #priority=5 | ||
- | enabled=0 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:/// | ||
- | |||
- | === Script Beschreibung === | ||
- | Unser Playbook, welches alle Hosts anspricht besteht im Wesentlichen aus zwei Tasks/ | ||
- | |||
- | Zum Kopieren wird dann das Ansible Modul **[[https:// | ||
- | $ ansible-doc copy | ||
- | |||
- | < | ||
- | |||
- | The `copy' module copies a file from the local or remote machine to a location on the remote | ||
- | machine. Use the [fetch] module to copy files from remote locations to the local box. If you need | ||
- | variable interpolation in copied files, use the [template] module. For Windows targets, use the | ||
- | [win_copy] module instead. | ||
- | |||
- | * note: This module has a corresponding action plugin. | ||
- | |||
- | OPTIONS (= is mandatory): | ||
- | |||
- | - attributes | ||
- | Attributes the file or directory should have. To get supported flags look at the man page for | ||
- | `chattr' | ||
- | one displayed by `lsattr' | ||
- | (Aliases: attr)[Default: | ||
- | version_added: | ||
- | |||
- | - backup | ||
- | Create a backup file including the timestamp information so you can get the original file back if | ||
- | you somehow clobbered it incorrectly. | ||
- | [Default: no] | ||
- | type: bool | ||
- | version_added: | ||
- | |||
- | - content | ||
- | When used instead of `src', sets the contents of a file directly to the specified value. For | ||
- | anything advanced or with formatting also look at the template module. | ||
- | [Default: (null)] | ||
- | version_added: | ||
- | |||
- | - decrypt | ||
- | This option controls the autodecryption of source files using vault. | ||
- | [Default: Yes] | ||
- | type: bool | ||
- | version_added: | ||
- | |||
- | = dest | ||
- | Remote absolute path where the file should be copied to. If `src' is a directory, this must be a | ||
- | directory too. If `dest' is a nonexistent path and if either `dest' ends with "/" | ||
- | directory, `dest' is created. If `src' and `dest' are files, the parent directory of `dest' isn't | ||
- | created: the task fails if it doesn' | ||
- | |||
- | |||
- | - directory_mode | ||
- | When doing a recursive copy set the mode for the directories. If this is not set we will use the | ||
- | system defaults. The mode is only set on directories which are newly created, and will not affect | ||
- | those that already existed. | ||
- | [Default: (null)] | ||
- | version_added: | ||
- | |||
- | - follow | ||
- | This flag indicates that filesystem links in the destination, | ||
- | [Default: no] | ||
- | type: bool | ||
- | version_added: | ||
- | |||
- | - force | ||
- | the default is `yes', which will replace the remote file when contents are different than the | ||
- | source. If `no', the file will only be transferred if the destination does not exist. | ||
- | (Aliases: thirsty)[Default: | ||
- | type: bool | ||
- | version_added: | ||
- | |||
- | - group | ||
- | Name of the group that should own the file/ | ||
- | [Default: None] | ||
- | |||
- | - local_follow | ||
- | This flag indicates that filesystem links in the source tree, if they exist, should be followed. | ||
- | [Default: yes] | ||
- | type: bool | ||
- | version_added: | ||
- | |||
- | - mode | ||
- | Mode the file or directory should be. For those used to `/ | ||
- | actually octal numbers (like 0644). Leaving off the leading zero will likely have unexpected | ||
- | results. As of version 1.8, the mode may be specified as a symbolic mode (for example, `u+rwx' | ||
- | `u=rw, | ||
- | [Default: None] | ||
- | |||
- | - owner | ||
- | Name of the user that should own the file/ | ||
- | [Default: None] | ||
- | |||
- | - remote_src | ||
- | If `no', it will search for `src' at originating/ | ||
- | If `yes' it will go to the remote/ | ||
- | Currently `remote_src' | ||
- | [Default: no] | ||
- | type: bool | ||
- | version_added: | ||
- | |||
- | - selevel | ||
- | Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the | ||
- | `range' | ||
- | [Default: s0] | ||
- | |||
- | - serole | ||
- | Role part of SELinux file context, `_default' | ||
- | [Default: None] | ||
- | |||
- | - setype | ||
- | Type part of SELinux file context, `_default' | ||
- | [Default: None] | ||
- | |||
- | - seuser | ||
- | User part of SELinux file context. Will default to system policy, if applicable. If set to | ||
- | `_default', | ||
- | [Default: None] | ||
- | |||
- | - src | ||
- | Local path to a file to copy to the remote server; can be absolute or relative. If path is a | ||
- | directory, it is copied recursively. In this case, if path ends with "/", | ||
- | that directory are copied to destination. Otherwise, if it does not end with "/", | ||
- | itself with all contents is copied. This behavior is similar to Rsync. | ||
- | [Default: (null)] | ||
- | |||
- | - unsafe_writes | ||
- | Normally this module uses atomic operations to prevent data corruption or inconsistent reads from | ||
- | the target files, sometimes systems are configured or just broken in ways that prevent this. One | ||
- | example are docker mounted files, they cannot be updated atomically and can only be done in an | ||
- | unsafe manner. | ||
- | This boolean option allows ansible to fall back to unsafe methods of updating files for those | ||
- | cases in which you do not have any other choice. Be aware that this is subject to race conditions | ||
- | and can lead to data corruption. | ||
- | [Default: False] | ||
- | type: bool | ||
- | version_added: | ||
- | |||
- | - validate | ||
- | The validation command to run before copying into place. The path to the file to validate is | ||
- | passed in via ' | ||
- | so shell features like expansion and pipes won't work. | ||
- | [Default: None] | ||
- | |||
- | |||
- | NOTES: | ||
- | * The [copy] module recursively copy facility does not scale to lots (> | ||
- | For alternative, | ||
- | * For Windows targets, use the [win_copy] module instead. | ||
- | |||
- | AUTHOR: Ansible Core Team, Michael DeHaan | ||
- | EXTENDS_DOCUMENTATION_FRAGMENT: | ||
- | METADATA: | ||
- | status: | ||
- | - stableinterface | ||
- | supported_by: | ||
- | | ||
- | |||
- | EXAMPLES: | ||
- | # Example from Ansible Playbooks | ||
- | - copy: | ||
- | src: / | ||
- | dest: / | ||
- | owner: foo | ||
- | group: foo | ||
- | mode: 0644 | ||
- | |||
- | # The same example as above, but using a symbolic mode equivalent to 0644 | ||
- | - copy: | ||
- | src: / | ||
- | dest: / | ||
- | owner: foo | ||
- | group: foo | ||
- | mode: u=rw, | ||
- | |||
- | # Another symbolic mode example, adding some permissions and removing others | ||
- | - copy: | ||
- | src: / | ||
- | dest: / | ||
- | owner: foo | ||
- | group: foo | ||
- | mode: u+rw, | ||
- | |||
- | # Copy a new " | ||
- | - copy: | ||
- | src: / | ||
- | dest: / | ||
- | owner: root | ||
- | group: root | ||
- | mode: 0644 | ||
- | backup: yes | ||
- | |||
- | # Copy a new " | ||
- | - copy: | ||
- | src: / | ||
- | dest: / | ||
- | validate: / | ||
- | |||
- | # Copy a " | ||
- | - copy: | ||
- | src: / | ||
- | dest: / | ||
- | remote_src: yes | ||
- | validate: / | ||
- | |||
- | # Create a CSV file from your complete inventory using an inline template | ||
- | - hosts: all | ||
- | tasks: | ||
- | - copy: | ||
- | content: | | ||
- | HOSTNAME; | ||
- | {% for host in hostvars %} | ||
- | {% set vars = hostvars[host|string] %} | ||
- | {{ vars.ansible_hostname }};{{ vars.remote_host }};{{ vars.ansible_fqdn }};{{ vars.ansible_distribution }};{{ vars.ansible_d | ||
- | {% endfor %} | ||
- | dest: / | ||
- | backup: yes | ||
- | run_once: yes | ||
- | delegate_to: | ||
- | |||
- | RETURN VALUES: | ||
- | |||
- | |||
- | dest: | ||
- | description: | ||
- | returned: success | ||
- | type: string | ||
- | sample: / | ||
- | src: | ||
- | description: | ||
- | returned: changed | ||
- | type: string | ||
- | sample: / | ||
- | md5sum: | ||
- | description: | ||
- | returned: when supported | ||
- | type: string | ||
- | sample: 2a5aeecc61dc98c4d780b14b330e3282 | ||
- | checksum: | ||
- | description: | ||
- | returned: success | ||
- | type: string | ||
- | sample: 6e642bb8dd5c2e027bf21dd923337cbb4214f827 | ||
- | backup_file: | ||
- | description: | ||
- | returned: changed and if backup=yes | ||
- | type: string | ||
- | sample: / | ||
- | gid: | ||
- | description: | ||
- | returned: success | ||
- | type: int | ||
- | sample: 100 | ||
- | group: | ||
- | description: | ||
- | returned: success | ||
- | type: string | ||
- | sample: httpd | ||
- | owner: | ||
- | description: | ||
- | returned: success | ||
- | type: string | ||
- | sample: httpd | ||
- | uid: | ||
- | description: | ||
- | returned: success | ||
- | type: int | ||
- | sample: 100 | ||
- | mode: | ||
- | description: | ||
- | returned: success | ||
- | type: string | ||
- | sample: 0644 | ||
- | size: | ||
- | description: | ||
- | returned: success | ||
- | type: int | ||
- | sample: 1220 | ||
- | state: | ||
- | description: | ||
- | returned: success | ||
- | type: string | ||
- | sample: file | ||
- | |||
- | </ | ||
- | Wollen wir direkt ein **snippet** für unser Playbook zum Kopieren haben, geben wir bei dem Befehl **'' | ||
- | $ ansible-doc copy -s | ||
- | < | ||
- | copy: | ||
- | attributes: | ||
- | | ||
- | | ||
- | backup: | ||
- | you somehow clobbered it incorrectly. | ||
- | content: | ||
- | | ||
- | | ||
- | decrypt: | ||
- | dest: # (required) Remote absolute path where the file should be copied to. If `src' is a directory, this | ||
- | must be a directory too. If `dest' is a nonexistent path and if | ||
- | | ||
- | | ||
- | | ||
- | directory_mode: | ||
- | | ||
- | | ||
- | follow: | ||
- | force: | ||
- | | ||
- | does not exist. | ||
- | group: | ||
- | local_follow: | ||
- | mode: # Mode the file or directory should be. For those used to `/ | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | owner: | ||
- | remote_src: | ||
- | | ||
- | | ||
- | selevel: | ||
- | | ||
- | serole: | ||
- | setype: | ||
- | seuser: | ||
- | | ||
- | | ||
- | src: # Local path to a file to copy to the remote server; can be absolute or relative. If path is a | ||
- | | ||
- | "/", | ||
- | | ||
- | | ||
- | | ||
- | unsafe_writes: | ||
- | the target files, sometimes systems are configured or just broken in | ||
- | ways that prevent this. One example are docker mounted files, they | ||
- | | ||
- | | ||
- | | ||
- | any other choice. Be aware that this is subject to race conditions | ||
- | and can lead to data corruption. | ||
- | validate: | ||
- | in via ' | ||
- | | ||
- | | ||
- | </ | ||
- | |||
- | === Script ausführen === | ||
- | Zum Kopieren der unterschiedlichen Dateien rufen wir nun unser Playbook wie folgt auf: | ||
- | $ ansible-playbook -v 04_repro.yml | ||
- | |||
- | < | ||
- | <font style=" | ||
- | <font style=" | ||
- | |||
- | PLAY [all] ***************************************************************************************************************************** | ||
- | |||
- | TASK [Gathering Facts] *****************************************************************************************************************</ | ||
- | <font style=" | ||
- | ok: [www8.dmz.nausch.org]</ | ||
- | <font style=" | ||
- | <font style=" | ||
- | <font style=" | ||
- | <font style=" | ||
- | <font style=" | ||
- | <font style=" | ||
- | <font style=" | ||
- | <font style=" | ||
- | <font style=" | ||
- | </ | ||
- | |||
- | \\ | ||
- | Die < | ||
- | Die Ursache hierzu ist einfach erklärt: Da wir die Prüfung auf die CentOS-Version **7** und **8** auf beiden Hosts ausführen, führt natürlich immer nur zu einem Treffer, der jeweils " | ||
- | |||
- | === Ergebnis === | ||
- | Auf dem Zielhost findet sich nun unsere gewünschte Datei mit dem zugehörigen Inhalt an Ort und Stelle. | ||
- | # ll / | ||
- | |||
- | < | ||
==== 05: NTP-Daemon chrony installieren und konfigurieren ==== | ==== 05: NTP-Daemon chrony installieren und konfigurieren ==== |