Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:ansible:pxe [21.06.2020 08:28. ] – [Voraussetzungen] django
+++ centos:ansible:pxe [21.06.2020 10:35. ] – [Installation eines Ansible-Orchestrator-Management-Hosts mit Hilfe eines Kickstartfiles für CentOS 8.x (PXE-Server)] django
@@ Zeile 1: / Zeile 1: @@
 ====== Installation eines Ansible-Orchestrator-Management-Hosts mit Hilfe eines Kickstartfiles für CentOS 8.x (PXE-Server) ======
-<WRAP center round todo 55%>
-**Seite in der Entstehung, noch nicht aktuell! Wird laufend aktualisiert!**
-</WRAP>
 Kurz mal einen Rechner zu installieren, wie im Kapitel **[[centos:pxe_c8:pxe_3|Installation von CentOS 8.x via PXE]]** beschrieben und anschließend manuell dann anschließend Ansible mit Ansible einzurichten, wie **[[https://dokuwiki.tachtler.net/doku.php?id=tachtler:ansible_mit_ansible_einrichten|hier]]** beschrieben, mag auch eine Variante darstellen.
@@ Zeile 12: / Zeile 8: @@
 ===== Voraussetzungen =====
-===== TFTP-/PXE-Bootserver =====
+==== TFTP-/PXE-Bootserver ====
 Folgende Voraussetzungen müssen hierzu erfüllt werden:
   - Der [[centos:dhcp_c7|DHCP-Server]] muss für PXE konfiguriert werden und im Netz erreichbar sein.
@@ Zeile 19: / Zeile 15: @@
   - Die Netzwerkkarte im Clientrechner __muss__ PXE unterstützen!
-===== SSH-Schlüsselmaterial =====
+==== SSH-Schlüsselmaterial ====
 Der Grundgedanke bei dieser Vorhaben ist, im Zweifel immer wieder exakt den gleichen **Ansible-Ochestrator-Management-Host** reproduzierbar aufzusetzen, werden wir das benötigte SSH-Schlüsselmaterial zu aller erst erzeugen und dann auch entsprechend sicher im physischen Safe wegsperren, so dass wir im Katastrophenfall darauf zurückgreifen zu können.
@@ Zeile 59: / Zeile 55: @@
 ===== Ansible-Orchestrator-Management-Host =====
+==== Aufgabenstellung ====
+Wie Eingangs schon angesprochen, wollen wir unseren Ansible-Orchestrator-Management-Host bei Bedarf immer nach dem gleichen Grundschema aufbauen, konfigurieren und auch härten. Wir werden also diese Aufgaben standardisieren und automatisch abarbeiten lassen.
-FIXME **//do geds weida ...//**
+Folgende Aufgaben wird unser Script für uns reproduzierbar künftig erledigen:
+  - **[[centos:pxe_c8:pxe_3|Grundinstallation]]** eines CentOS 8 Hosts (Minimalinstallation)
-In aller Regel werden wir eine Gruppe von zu installierenden Hosts immer nach dem gleichen Grundschema aufbauen, konfigurieren und auch härten wollen. Was liegt also näher, als diese Aufgaben zu standardisieren und automatisch abarbeiten zu lassen.
-Neben der Grundinstallation eines CentOS 8 Hosts werden wir nun noch folgende Dinge setzen lassen:
   - **IP-Adresse und Hostname** Durch Angabe des Hostnamens beim Booten des Installationsimages wollen wir diesen setzen und auch die zugehörige IP-Adresse übernehmen lassen. (Der Hostname wir so z.B. auch bei der Definition der VolumeGroup eines LVMs verwendet.)
+  - **Installations-Logfile** zum Nachvollziehen der erfolgten INstallation unter **''/root/anaconda-postinstall.log''** anlegen.
   - **[[centos:rename_nic_c8#grub_bootloader|Bootloader]]** Da wir beim Booten der Maschine detailierte Informationen sehen wollen werden wir die Option **rhgb** in der GRUB-Definition entfernen.
   - **[[centos:logins_individuell_anpassen|MOTD und ISSUE.NET]]** individualisieren inkl. Hostnamen
   - **[[centos:ssh_c7#ssh-daemon|SSH-Daemon]]** Den SSH Daemon härten wir und passen die Konfigurationsdatei entsprechend an.
   - **[[centos:ssh_c7#zielverzeichnis_anlegen_und_oeffentlichen_schluessel_kopieren|SSH-Publickey]]** Für unseren Admin-Account **django** hinterlegen wir den zugehörigen öffentlichen SSH-Schlüssel.
-  - **[[wiki:start#repos|Repositories]]** Statt der öffentlichen, sollen nur noch die lokal gesyncten Repositories verwendet werden; daher macht es auch keinen Sinn die Einträge **''mirrorlist=''** in den entsprechenden repo-filers stehen zu lassen. Zusätzlich zum Standard soll auch noch das Repository **[[centos:epel8|EPEL]]** eingebunden und genutzt werden.
+  - **[[wiki:start#repos|Repositories]]** Statt der öffentlichen, sollen nur noch die lokal gesyncten Repositories verwendet werden; daher macht es auch keinen Sinn die Einträge **''mirrorlist=''** in den entsprechenden repo-filers stehen zu lassen.
+  - Zusätzlich zum Standard soll auch noch das Repository **[[centos:epel8|EPEL]]** eingebunden und genutzt werden.
   - **Update** Zum Schluss stellen wir noch sicher dass alle installierten Pakete in der aktuellsten Version vorliegen und lassen dann das System neu starten.
+  - **NFS-Client zur Verbindung NAS einrichten**, damit später die Playbooks gesichert werden können.
+  - **[[centos:ansible:basics#installation|Ansible installieren]]**
+  - **Ansible System-User** erstellen und zuvor erstelltes **[[#ssh-schluesselmaterial|Schlüsselmaterial]]** hinterlegen
+  - **[[centos:ansible:first#ansibledirectory_layout|Ansible: Directory Layout]]**- Verzeichnisstruktur anlegen
+  - **[[centos:ansible:first#musterkonfiguration|Ansible konfigurieren]]**
-Hierzu erweitern wir die zuvor angelegte Kickstartdatei //**/srv/kickstart/ks_centos_8_x86_64_dmz.cfg**//.
+==== Kickstartdatei anlegen ====
-   # vim /srv/kickstart/ks_centos_8_x86_64_dmz.cfg
+Zur automatischen Installation und Konfiguration unseres Ansible-Orchestrator-Management-Hosts verwenden wir folgende Kickstart-Datei.
+   # vim /srv/kickstart/ks_centos_8_x86_64_ansible.cfg
-<file bash /srv/kickstart/ks_centos_8_x86_64_dmz.cfg># Django 2020-06-12 Kickstart-Datei zum automatischen Betanken von DMZ-Maschinen (64 Bit)
+<file bash /srv/kickstart/ks_centos_8_x86_64_ansible.cfg># Django 2020-06-21 Kickstart-Datei zum automatischen Betanken des Ansible-Orchestrator-Management-Hosts (64 Bit)
 # Version=CentOS 8 (RHEL 8)
+# 1) Grundinstallation ##########################################################################################
 # Tastaturlayout definieren
@@ Zeile 88: / Zeile 93: @@
 # die aus dem Preinstall-Script beim PXE-Boot übernommen wurden.
 %include /tmp/networks.cfg
+network  --bootproto=static --device=eth1 --ip 10.20.30.40 --netmask 255.255.255.0 --ipv6=auto --activate
 # Zeitzone setzen
-timezone Europe/Berlin --isUtc --ntpservers=vml000027.dmz.nausch.org
+timezone Europe/Berlin --isUtc --ntpservers=time.dmz.nausch.org
 services --enabled="chronyd"
 # Netzwerkinstallation aus dem eigenen Repository mit den aktuellen Paketen
-url --url="http://10.0.0.57/centos/8/BaseOS/x86_64/os/"
+url --url="http://repo.dmz.nausch.org/centos/8/BaseOS/x86_64/os/"
-repo --name="AppStream" --baseurl=http://10.0.0.57/centos/8/BaseOS/x86_64/os/../../../AppStream/x86_64/os/
+repo --name="AppStream" --baseurl=http://repo.dmz.nausch.org/centos/8/BaseOS/x86_64/os/../../../AppStream/x86_64/os/
 # Root-Passwort verschlüsselt vorgeben
@@ Zeile 104: / Zeile 110: @@
 # vorhandene Partitionen löschen
-ignoredisk --only-use=vda
+#ignoredisk --only-use=vda
-clearpart --all --initlabel --drives=vda
+#clearpart --all --initlabel --drives=vda
 # autopart --type=lvm
@@ Zeile 128: / Zeile 134: @@
 net-tools
 lsof
+tree
 %end
@@ Zeile 144: / Zeile 151: @@
 %end
+#################################################################################################################
-# Preinstall-Anweisungen Netzwerk-Adresse und Hostname ermitteln und setzen
+# 2) Preinstall-Anweisungen: IP-Adresse und Hostname ermitteln und setzen #######################################
 %pre
 #!/bin/bash
@@ Zeile 167: / Zeile 175: @@
     done
 %end
+#################################################################################################################
-# Postinstall-Anweisungen
+# 3) Postinstall-Anweisungen: Installations-Log erzeugen und VVariablen setzen ##################################
 %post --log=/root/anaconda-postinstall.log
 #!/bin/bash
@@ Zeile 175: / Zeile 184: @@
 case $x in SERVERNAME*)
 eval $x
+#################################################################################################################
-############ bootloader anpassen, rhgb bei den Bootoptionen entfernen ###########
+# 4) Bootloader anpassen, rhgb bei den Bootoptionen entfernen ###################################################
 sed -i 's/rhgb//g' /etc/default/grub
 grub2-mkconfig -o /boot/grub2/grub.cfg
-#################################################################################
+#################################################################################################################
-######################## MOTD und ISSUE.NET individualisieren ###################
+# 5) MOTD und ISSUE.NET individualisieren #######################################################################
 # /etc/issue.net anlegen
 cat <<ISSUE.NET > /etc/issue.net
@@ Zeile 196: / Zeile 206: @@
 ISSUE.NET
-chown root:root /etc/issue.net
+chown root: /etc/issue.net
 chmod 644 /etc/issue.net
@@ Zeile 215: / Zeile 225: @@
 MOTD
-chown root:root /etc/motd
+chown root: /etc/motd
 chmod 644 /etc/motd
-#################################################################################
+#################################################################################################################
-########################### ssh-daemon konfigurieren ############################
+# 6) SSH-Daemon konfigurieren ###################################################################################
 cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
 cat <<SSHD_CONFIG > /etc/ssh/sshd_config
@@ Zeile 341: / Zeile 351: @@
 # allow/deny directives are processed in the following order:
 # DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
-AllowUsers django
+AllowUsers django ansible
 # Specifies whether sshd(8) should check file modes and ownership of the
@@ Zeile 541: / Zeile 551: @@
 #	ForceCommand cvs server
 SSHD_CONFIG
-chown root:root /etc/ssh/sshd_config
+chown root: /etc/ssh/sshd_config
 chmod 600 /etc/ssh/sshd_config
-#################################################################################
+#################################################################################################################
-####################### Django's ssh-pubkey hinterlegen #########################
+# 7) SSH-Publickey des Admin-Accounts hinterlegen ###############################################################
 mkdir /home/django/.ssh
 chmod 700 /home/django/.ssh
-chown django:django /home/django/.ssh
+chown django: /home/django/.ssh
 cat <<AUTHORIZED_KEYS >/home/django/.ssh/authorized_keys
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AA/F1CKDicH1n5Kn13+YjpbHqHOkhsMagrrD5dIbkU6ddoBSp django@nausch.org
+ssh-ed25519 AAAAC3OkhsMagNI1NTE5AAAAIDYjDCtBTfrpbHHkRrqHrrD5d+IbkzaC1lZDU6ddoBSp django@nausch.org
 AUTHORIZED_KEYS
 chmod 644 /home/django/.ssh/authorized_keys
-chown django:django /home/django/.ssh/authorized_keys
+chown django: /home/django/.ssh/authorized_keys
-#################################################################################
+#################################################################################################################
-############### lokales gespiegeltes CentOS-Repository benutzen #################
+# 8) lokal gespiegeltes CentOS-Repository benutzen ##############################################################
 cp -a /etc/yum.repos.d/CentOS-AppStream.repo /etc/yum.repos.d/CentOS-AppStream.repo.orig
 cat <<CENTOS-APPSTREAM > /etc/yum.repos.d/epel-modular.repo
@@ Zeile 573: / Zeile 583: @@
 [AppStream]
 name=CentOS-\$releasever - AppStream
-baseurl=http://10.0.0.57/centos/\$releasever/AppStream/\$basearch/os/
+baseurl=http://repo.dmz.nausch.org/centos/\$releasever/AppStream/\$basearch/os/
 gpgcheck=1
 enabled=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 CENTOS-APPSTREAM
-chown root:root /etc/yum.repos.d/CentOS-AppStream.repo
+chown root: /etc/yum.repos.d/CentOS-AppStream.repo
 chmod 644 /etc/yum.repos.d/CentOS-AppStream.repo
@@ Zeile 597: / Zeile 607: @@
 [BaseOS]
 name=CentOS-\$releasever - Base
-baseurl=http://10.0.0.57/centos/\$releasever/BaseOS/\$basearch/os/
+baseurl=http://repo.dmz.nausch.org/centos/\$releasever/BaseOS/\$basearch/os/
 gpgcheck=1
 enabled=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 CENTOS-BASE
-chown root:root /etc/yum.repos.d/CentOS-AppStream.repo
+chown root: /etc/yum.repos.d/CentOS-AppStream.repo
 chmod 644 /etc/yum.repos.d/CentOS-AppStream.repo
@@ Zeile 622: / Zeile 632: @@
 [extras]
 name=CentOS-\$releasever - Extras
-baseurl=http://10.0.0.57/centos/\$releasever/extras/\$basearch/os/
+baseurl=http://repo.dmz.nausch.org/centos/\$releasever/extras/\$basearch/os/
 gpgcheck=1
 enabled=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 CENTOS-EXTRAS
-chown root:root /etc/yum.repos.d/CentOS-Extras.repo
+chown root: /etc/yum.repos.d/CentOS-Extras.repo
 chmod 644 /etc/yum.repos.d/CentOS-Extras.repo
-#################################################################################
+#################################################################################################################
-###### EPEL installieren und lokales gespiegeltes EPEL-Repository benutzen ######
+# 9) EPEL installieren und lokales gespiegeltes EPEL-Repository benutzen ########################################
 dnf install epel-release -y
 rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-
@@ Zeile 639: / Zeile 649: @@
 [epel-modular]
 name=Extra Packages for Enterprise Linux Modular \$releasever - \$basearch
-baseurl=http://10.0.0.57/epel/\$releasever/Modular/\$basearch
+baseurl=http://repo.dmz.nausch.org/epel/\$releasever/Modular/\$basearch
 enabled=1
 gpgcheck=1
@@ Zeile 646: / Zeile 656: @@
 [epel-modular-debuginfo]
 name=Extra Packages for Enterprise Linux Modular \$releasever - \$basearch - Debug
-baseurl=http://10.0.0.57/epel/\$releasever/Modular/\$basearch/debug
+baseurl=http://repo.dmz.nausch.org/epel/\$releasever/Modular/\$basearch/debug
 enabled=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
@@ Zeile 653: / Zeile 663: @@
 [epel-modular-source]
 name=Extra Packages for Enterprise Linux Modular \$releasever - \$basearch - Source
-baseurl=http://10.0.0.57/epel/\$releasever/Modular/\$basearch/SRPMS
+baseurl=http://repo.dmz.nausch.org/epel/\$releasever/Modular/\$basearch/SRPMS
 enabled=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
@@ Zeile 659: / Zeile 669: @@
 EPEL-MODULAR
-chown root:root /etc/yum.repos.d/epel-modular.repo
+chown root: /etc/yum.repos.d/epel-modular.repo
 chmod 644 /etc/yum.repos.d/epel-modular.repo
@@ Zeile 666: / Zeile 676: @@
 [epel]
 name=Extra Packages for Enterprise Linux \$releasever - \$basearch
-baseurl=http://10.0.0.57/epel/\$releasever/Everything/\$basearch
+baseurl=http://repo.dmz.nausch.org/epel/\$releasever/Everything/\$basearch
 enabled=1
 gpgcheck=1
@@ Zeile 673: / Zeile 683: @@
 [epel-debuginfo]
 name=Extra Packages for Enterprise Linux \$releasever - \$basearch - Debug
-baseurl=http://10.0.0.57/epel/\$releasever/Everything/\$basearch/debug
+baseurl=http://repo.dmz.nausch.org/epel/\$releasever/Everything/\$basearch/debug
 enabled=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
@@ Zeile 680: / Zeile 690: @@
 [epel-source]
 name=Extra Packages for Enterprise Linux \$releasever - \$basearch - Source
-baseurl=http://10.0.0.57/epel/\$releasever/Everything/SRPMS
+baseurl=http://repo.dmz.nausch.org/epel/\$releasever/Everything/SRPMS
 enabled=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
 gpgcheck=1
 EPEL
-chown root:root /etc/yum.repos.d/epel.repo
+chown root: /etc/yum.repos.d/epel.repo
 chmod 644 /etc/yum.repos.d/epel.repo
-#################################################################################
+#################################################################################################################
-############################ System Updaten #####################################
+# 10) System Updaten ############################################################################################
 dnf update -y
-#################################################################################
+#################################################################################################################
+# 11) NFS-Client zur Verbindung NAS einrichten ##################################################################
+dnf install nfs-utils -y
+mkdir /srv/repository
+cp -a /etc/fstab /etc/fstab.orig
+cat <<FSTAB >> /etc/fstab
+.20.30.10:/volume1/backup	/srv/repository	nfs rw,rsize=8192,wsize=8192,soft,bg,nolock	0 0
+FSTAB
+mount /srv/repository
+#################################################################################################################
+# 12) Ansible installieren ######################################################################################
+dnf install ansible-doc ansible -y
+#################################################################################################################
+# 13) Ansible System-User erstellen und zuvor erstelltes Schlüsselmaterial hinterlegen ##########################
+groupadd --gid 65533 ansible && useradd ansible --create-home --home-dir /home/ansible --comment "Ansible System-User" --gid 65533 --uid 65533 --password '$6$7d6OVSAcprhrUHrX$YJUg2rUQwRfJ4UdvQjSOR3cmS0xwoRRkMNCjLNsjAuleUzKCHvOh9ZXWPze.1CQ9Y2uwAS59SsMIwYKJ1lgBr.'
+mkdir /home/ansible/.ssh
+chmod 700 /home/ansible/.ssh
+chown ansible: /home/ansible/.ssh
+cat <<KEY > /home/ansible/.ssh/id_ed25519_ansible
+-----BEGIN OPENSSH PRIVATE KEY-----
+QyNTUxOQAAACC7YuO2mTknrX7zRcVVapCQH0il48r3pgd5EWREOav5HwAAAJhJEdo0SRHa
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+AAAEBTt8W5ylj51xHums6dfdjpPM5qpgCVHIGJV8W5leF5Brti47aZOSetfvNFxVVqkJAf
+SKXjyvemB3kRZEQ5q/kfAAAAEkFuc2libGUgU3lzdGVtdXNlcgECAw==
+-----END OPENSSH PRIVATE KEY-----
+KEY
+chmod 400 /home/ansible/.ssh/id_ed25519_ansible
+chown ansible:  /home/ansible/.ssh/id_ed25519_ansible
+cat <<KEY_PUB > /home/ansible/.ssh/id_ed25519_ansible.pub
+ssh-ed25519 AAAAC3NzaC1lZDemB3kRZEQI1NTE5A7aZOSetfvNFxVVqkJAfSKXjAAAILti4yv5q/kf Ansible Systemuser
+KEY_PUB
+chmod 644 /home/ansible/.ssh/id_ed25519_ansible.pub
+chown ansible:  /home/ansible/.ssh/id_ed25519_ansible.pub
+cp /home/ansible/.ssh/id_ed25519_ansible.pub /home/ansible/.ssh/authorized_keys
+chmod 644 /home/ansible/.ssh/authorized_keys
+chown ansible:  /home/ansible/.ssh/authorized_keys
+usermod -aG wheel ansible
+#################################################################################################################
+# 14) Ansible: Directory Layout - Verzeichnisstruktur anlegen ####################################################
+mkdir -p /home/ansible/ansible/inventories/{production,staging}/{group_vars,host_vars}
+mkdir -p /home/ansible/ansible/{library,module_utils,filter_plugins}
+touch /home/ansible/ansible/inventories/{production,staging}/hosts.yml
+mkdir -p /home/ansible/ansible/roles/common/{tasks,handlers,templates,files,vars,defaults,meta,library,module_utils,lookup_plugin}
+touch /home/ansible/ansible/site.yml /home/ansible/ansible/roles/common/{tasks,handlers,templates,files,vars,defaults,meta}/main.yml
+chown -R ansible: /home/ansible/ansible/
+cat <<HOSTS > /home/ansible/ansible/inventories/production/hosts
+--- #YAML start syntax (optional)
+centos8:
+  hosts:
+    ansible:
+      ansible_ssh_host: 10.0.0.40
+    #demo:
+    #  ansible_ssh_host: 10.0.0.190
+    #  ansible_ssh_port: 22
+... #YAML ende syntax (optional)
+HOSTS
+chmod 644 /home/ansible/ansible/inventories/production/hosts.yml
+chown ansible: /home/ansible/ansible/inventories/production/hosts.yml
+#################################################################################################################
+# 15) Ansible konfigurieren #####################################################################################
+cat <<ANSIBLE_CFG > /home/ansible/.ansible.cfg
+# config file for ansible -- https://ansible.com/
+# ===============================================
+# nearly all parameters can be overridden in ansible-playbook
+# or with command line flags. ansible will read ANSIBLE_CONFIG,
+# ansible.cfg in the current working directory, .ansible.cfg in
+# the home directory or /etc/ansible/ansible.cfg, whichever it
+# finds first
+[defaults]
+# some basic default values...
+# Django : 2020-06-19
+# default: #inventory      = /etc/ansible/hosts
+inventory = /home/ansible/ansible/inventories/production/hosts.yml
+#library        = /usr/share/my_modules/
+#module_utils   = /usr/share/my_module_utils/
+#remote_tmp     = ~/.ansible/tmp
+#local_tmp      = ~/.ansible/tmp
+#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
+#forks          = 5
+#poll_interval  = 15
+#sudo_user      = root
+#ask_sudo_pass = True
+#ask_pass      = True
+#transport      = smart
+#remote_port    = 22
+#module_lang    = C
+#module_set_locale = False
+# plays will gather facts by default, which contain information about
+# the remote system.
+#
+# smart - gather by default, but don't regather if already gathered
+# implicit - gather by default, turn off with gather_facts: False
+# explicit - do not gather by default, must say gather_facts: True
+#gathering = implicit
+# This only affects the gathering done by a play's gather_facts directive,
+# by default gathering retrieves all facts subsets
+# all - gather all subsets
+# network - gather min and network facts
+# hardware - gather hardware facts (longest facts to retrieve)
+# virtual - gather min and virtual facts
+# facter - import facts from facter
+# ohai - import facts from ohai
+# You can combine them using comma (ex: network,virtual)
+# You can negate them using ! (ex: !hardware,!facter,!ohai)
+# A minimal set of facts is always gathered.
+#gather_subset = all
+# some hardware related facts are collected
+# with a maximum timeout of 10 seconds. This
+# option lets you increase or decrease that
+# timeout to something more suitable for the
+# environment.
+# gather_timeout = 10
+# Ansible facts are available inside the ansible_facts.* dictionary
+# namespace. This setting maintains the behaviour which was the default prior
+# to 2.5, duplicating these variables into the main namespace, each with a
+# prefix of 'ansible_'.
+# This variable is set to True by default for backwards compatibility. It
+# will be changed to a default of 'False' in a future release.
+# ansible_facts.
+# inject_facts_as_vars = True
+# additional paths to search for roles in, colon separated
+#roles_path    = /etc/ansible/roles
+# uncomment this to disable SSH key host checking
+#host_key_checking = False
+# change the default callback, you can only have one 'stdout' type  enabled at a time.
+#stdout_callback = skippy
+## Ansible ships with some plugins that require whitelisting,
+## this is done to avoid running all of a type by default.
+## These setting lists those that you want enabled for your system.
+## Custom plugins should not need this unless plugin author specifies it.
+# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
+#callback_whitelist = timer, mail
+# Determine whether includes in tasks and handlers are "static" by
+# default. As of 2.0, includes are dynamic by default. Setting these
+# values to True will make includes behave more like they did in the
+# 1.x versions.
+#task_includes_static = False
+#handler_includes_static = False
+# Controls if a missing handler for a notification event is an error or a warning
+#error_on_missing_handler = True
+# change this for alternative sudo implementations
+#sudo_exe = sudo
+# What flags to pass to sudo
+# WARNING: leaving out the defaults might create unexpected behaviours
+#sudo_flags = -H -S -n
+# SSH timeout
+#timeout = 10
+# default user to use for playbooks if user is not specified
+# (/usr/bin/ansible will use current user as default)
+#remote_user = root
+# Django : 2020-06-19
+# default: unset
+remote_user = ansible
+# logging is off by default unless this path is defined
+# if so defined, consider logrotate
+#log_path = /var/log/ansible.log
+# default module name for /usr/bin/ansible
+#module_name = command
+# use this shell for commands executed under sudo
+# you may need to change this to bin/bash in rare instances
+# if sudo is constrained
+#executable = /bin/sh
+# if inventory variables overlap, does the higher precedence one win
+# or are hash values merged together?  The default is 'replace' but
+# this can also be set to 'merge'.
+#hash_behaviour = replace
+# by default, variables from roles will be visible in the global variable
+# scope. To prevent this, the following option can be enabled, and only
+# tasks and handlers within the role will see the variables there
+#private_role_vars = yes
+# list any Jinja2 extensions to enable here:
+#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
+# if set, always use this private key file for authentication, same as
+# if passing --private-key to ansible or ansible-playbook
+#private_key_file = /path/to/file
+# Django : 2020-06-19
+# default: unset
+private_key_file = /home/ansible/.ssh/id_ed25519_ansible
+# If set, configures the path to the Vault password file as an alternative to
+# specifying --vault-password-file on the command line.
+#vault_password_file = /path/to/vault_password_file
+# format of string {{ ansible_managed }} available within Jinja2
+# templates indicates to users editing templates files will be replaced.
+# replacing {file}, {host} and {uid} and strftime codes with proper values.
+#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
+# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
+# in some situations so the default is a static string:
+#ansible_managed = Ansible managed
+# by default, ansible-playbook will display "Skipping [host]" if it determines a task
+# should not be run on a host.  Set this to "False" if you don't want to see these "Skipping"
+# messages. NOTE: the task header will still be shown regardless of whether or not the
+# task is skipped.
+#display_skipped_hosts = True
+# by default, if a task in a playbook does not include a name: field then
+# ansible-playbook will construct a header that includes the task's action but
+# not the task's args.  This is a security feature because ansible cannot know
+# if the *module* considers an argument to be no_log at the time that the
+# header is printed.  If your environment doesn't have a problem securing
+# stdout from ansible-playbook (or you have manually specified no_log in your
+# playbook on all of the tasks where you have secret information) then you can
+# safely set this to True to get more informative messages.
+#display_args_to_stdout = False
+# by default (as of 1.3), Ansible will raise errors when attempting to dereference
+# Jinja2 variables that are not set in templates or action lines. Uncomment this line
+# to revert the behavior to pre-1.3.
+#error_on_undefined_vars = False
+# by default (as of 1.6), Ansible may display warnings based on the configuration of the
+# system running ansible itself. This may include warnings about 3rd party packages or
+# other conditions that should be resolved if possible.
+# to disable these warnings, set the following value to False:
+#system_warnings = True
+# by default (as of 1.4), Ansible may display deprecation warnings for language
+# features that should no longer be used and will be removed in future versions.
+# to disable these warnings, set the following value to False:
+#deprecation_warnings = True
+# (as of 1.8), Ansible can optionally warn when usage of the shell and
+# command module appear to be simplified by using a default Ansible module
+# instead.  These warnings can be silenced by adjusting the following
+# setting or adding warn=yes or warn=no to the end of the command line
+# parameter string.  This will for example suggest using the git module
+# instead of shelling out to the git command.
+# command_warnings = False
+# set plugin path directories here, separate with colons
+#action_plugins     = /usr/share/ansible/plugins/action
+#become_plugins     = /usr/share/ansible/plugins/become
+#cache_plugins      = /usr/share/ansible/plugins/cache
+#callback_plugins   = /usr/share/ansible/plugins/callback
+#connection_plugins = /usr/share/ansible/plugins/connection
+#lookup_plugins     = /usr/share/ansible/plugins/lookup
+#inventory_plugins  = /usr/share/ansible/plugins/inventory
+#vars_plugins       = /usr/share/ansible/plugins/vars
+#filter_plugins     = /usr/share/ansible/plugins/filter
+#test_plugins       = /usr/share/ansible/plugins/test
+#terminal_plugins   = /usr/share/ansible/plugins/terminal
+#strategy_plugins   = /usr/share/ansible/plugins/strategy
+# by default, ansible will use the 'linear' strategy but you may want to try
+# another one
+#strategy = free
+# by default callbacks are not loaded for /bin/ansible, enable this if you
+# want, for example, a notification or logging callback to also apply to
+# /bin/ansible runs
+#bin_ansible_callbacks = False
+# don't like cows?  that's unfortunate.
+# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
+#nocows = 1
+# set which cowsay stencil you'd like to use by default. When set to 'random',
+# a random stencil will be selected for each task. The selection will be filtered
+# against the  option below.
+#cow_selection = default
+#cow_selection = random
+# when using the 'random' option for cowsay, stencils will be restricted to this list.
+# it should be formatted as a comma-separated list with no spaces between names.
+# NOTE: line continuations here are for formatting purposes only, as the INI parser
+#       in python does not support them.
+#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,#              hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,#              stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
+# don't like colors either?
+# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
+#nocolor = 1
+# if set to a persistent type (not 'memory', for example 'redis') fact values
+# from previous runs in Ansible will be stored.  This may be useful when
+# wanting to use, for example, IP information from one group of servers
+# without having to talk to them in the same playbook run to get their
+# current IP information.
+#fact_caching = memory
+#This option tells Ansible where to cache facts. The value is plugin dependent.
+#For the jsonfile plugin, it should be a path to a local directory.
+#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
+#fact_caching_connection=/tmp
+# retry files
+# When a playbook fails a .retry file can be created that will be placed in ~/
+# You can enable this feature by setting retry_files_enabled to True
+# and you can change the location of the files by setting retry_files_save_path
+#retry_files_enabled = False
+#retry_files_save_path = ~/.ansible-retry
+# squash actions
+# Ansible can optimise actions that call modules with list parameters
+# when looping. Instead of calling the module once per with_ item, the
+# module is called once with all items at once. Currently this only works
+# under limited circumstances, and only with parameters named 'name'.
+#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
+# prevents logging of task data, off by default
+#no_log = False
+# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
+#no_target_syslog = False
+# controls whether Ansible will raise an error or warning if a task has no
+# choice but to create world readable temporary files to execute a module on
+# the remote machine.  This option is False by default for security.  Users may
+# turn this on to have behaviour more like Ansible prior to 2.1.x.  See
+# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
+# for more secure ways to fix this than enabling this option.
+#allow_world_readable_tmpfiles = False
+# controls the compression level of variables sent to
+# worker processes. At the default of 0, no compression
+# is used. This value must be an integer from 0 to 9.
+#var_compression_level = 9
+# controls what compression method is used for new-style ansible modules when
+# they are sent to the remote system.  The compression types depend on having
+# support compiled into both the controller's python and the client's python.
+# The names should match with the python Zipfile compression types:
+# * ZIP_STORED (no compression. available everywhere)
+# * ZIP_DEFLATED (uses zlib, the default)
+# These values may be set per host via the ansible_module_compression inventory
+# variable
+#module_compression = 'ZIP_DEFLATED'
+# This controls the cutoff point (in bytes) on --diff for files
+# set to 0 for unlimited (RAM may suffer!).
+#max_diff_size = 1048576
+# This controls how ansible handles multiple --tags and --skip-tags arguments
+# on the CLI.  If this is True then multiple arguments are merged together.  If
+# it is False, then the last specified argument is used and the others are ignored.
+# This option will be removed in 2.8.
+#merge_multiple_cli_flags = True
+# Controls showing custom stats at the end, off by default
+#show_custom_stats = True
+# Controls which files to ignore when using a directory as inventory with
+# possibly multiple sources (both static and dynamic)
+#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
+# This family of modules use an alternative execution path optimized for network appliances
+# only update this setting if you know how this works, otherwise it can break module execution
+#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
+# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
+# a loop with ) to return data that is not marked "unsafe". This means the data may contain
+# jinja2 templating language which will be run through the templating engine.
+# ENABLING THIS COULD BE A SECURITY RISK
+#allow_unsafe_lookups = False
+# set default errors for all plays
+#any_errors_fatal = False
+[inventory]
+# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
+#enable_plugins = host_list, virtualbox, yaml, constructed
+# ignore these extensions when parsing a directory as inventory source
+#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
+# ignore files matching these patterns when parsing a directory as inventory source
+#ignore_patterns=
+# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
+#unparsed_is_failed=False
+[privilege_escalation]
+# Django : 2020-06-19
+# default: #become=True
+#          #become_method=sudo
+#          #become_user=root
+#          #become_ask_pass=False
+become=True
+become_method=sudo
+become_user=root
+become_ask_pass=True
+[paramiko_connection]
+# uncomment this line to cause the paramiko connection plugin to not record new host
+# keys encountered.  Increases performance on new host additions.  Setting works independently of the
+# host key checking setting above.
+#record_host_keys=False
+# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
+# line to disable this behaviour.
+#pty=False
+# paramiko will default to looking for SSH keys initially when trying to
+# authenticate to remote devices.  This is a problem for some network devices
+# that close the connection after a key failure.  Uncomment this line to
+# disable the Paramiko look for keys function
+#look_for_keys = False
+# When using persistent connections with Paramiko, the connection runs in a
+# background process.  If the host doesn't already have a valid SSH key, by
+# default Ansible will prompt to add the host key.  This will cause connections
+# running in background processes to fail.  Uncomment this line to have
+# Paramiko automatically add host keys.
+#host_key_auto_add = True
+[ssh_connection]
+# ssh arguments to use
+# Leaving off ControlPersist will result in poor performance, so use
+# paramiko on older platforms rather than removing it, -C controls compression use
+#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
+# The base directory for the ControlPath sockets.
+# This is the "%(directory)s" in the control_path option
+#
+# Example:
+# control_path_dir = /tmp/.ansible/cp
+#control_path_dir = ~/.ansible/cp
+# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
+# port and username (empty string in the config). The hash mitigates a common problem users
+# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
+# In those cases, a "too long for Unix domain socket" ssh error would occur.
+#
+# Example:
+# control_path = %(directory)s/%%h-%%r
+#control_path =
+# Enabling pipelining reduces the number of SSH operations required to
+# execute a module on the remote server. This can result in a significant
+# performance improvement when enabled, however when using "sudo:" you must
+# first disable 'requiretty' in /etc/sudoers
+#
+# By default, this option is disabled to preserve compatibility with
+# sudoers configurations that have requiretty (the default on many distros).
+#
+#pipelining = False
+# Control the mechanism for transferring files (old)
+#   * smart = try sftp and then try scp [default]
+#   * True = use scp only
+#   * False = use sftp only
+#scp_if_ssh = smart
+# Control the mechanism for transferring files (new)
+# If set, this will override the scp_if_ssh option
+#   * sftp  = use sftp to transfer files
+#   * scp   = use scp to transfer files
+#   * piped = use 'dd' over SSH to transfer files
+#   * smart = try sftp, scp, and piped, in that order [default]
+#transfer_method = smart
+# if False, sftp will not use batch mode to transfer files. This may cause some
+# types of file transfer failures impossible to catch however, and should
+# only be disabled if your sftp version has problems with batch mode
+#sftp_batch_mode = False
+# The -tt argument is passed to ssh when pipelining is not enabled because sudo
+# requires a tty by default.
+#usetty = True
+# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
+# For each retry attempt, there is an exponential backoff,
+# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
+#retries = 3
+[persistent_connection]
+# Configures the persistent connection timeout value in seconds.  This value is
+# how long the persistent connection will remain idle before it is destroyed.
+# If the connection doesn't receive a request before the timeout value
+# expires, the connection is shutdown. The default value is 30 seconds.
+#connect_timeout = 30
+# The command timeout value defines the amount of time to wait for a command
+# or RPC call before timing out. The value for the command timeout must
+# be less than the value of the persistent connection idle timeout (connect_timeout)
+# The default value is 30 second.
+#command_timeout = 30
+[accelerate]
+#accelerate_port = 5099
+#accelerate_timeout = 30
+#accelerate_connect_timeout = 5.0
+# The daemon timeout is measured in minutes. This time is measured
+# from the last activity to the accelerate daemon.
+#accelerate_daemon_timeout = 30
+# If set to yes, accelerate_multi_key will allow multiple
+# private keys to be uploaded to it, though each user must
+# have access to the system via SSH to add a new key. The default
+# is "no".
+#accelerate_multi_key = yes
+[selinux]
+# file systems that require special treatment when dealing with security context
+# the default behaviour that copies the existing context or uses the user default
+# needs to be changed to use the file system dependent context.
+#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,vfat
+# Set this to yes to allow libvirt_lxc connections to work without SELinux.
+#libvirt_lxc_noseclabel = yes
+[colors]
+#highlight = white
+#verbose = blue
+#warn = bright purple
+#error = red
+#debug = dark gray
+#deprecate = purple
+#skip = cyan
+#unreachable = red
+#ok = green
+#changed = yellow
+#diff_add = green
+#diff_remove = red
+#diff_lines = cyan
+[diff]
+# Always print diff when running ( same as always running with -D/--diff )
+# always = no
+# Set how many context lines to show in diff
+# context = 3
+ANSIBLE_CFG
+chown ansible: /home/ansible/.ansible.cfg
+#################################################################################################################
 ;;
 esac;
 done
 %end
 </file>
-Damit nun beim Laden der Menüdatei bei PXE-Boot die überarbeitete Kickstart-Datei geladen werden kann, erweitern wir nun die Menü-Datei unseres PXE-Bootservers.
+==== PXE-Bootmenü-Datei anpassen ====
+Damit nun beim Laden der Menüdatei bei PXE-Boot die überarbeitete Kickstart-Datei geladen werden kann, erweitern wir nun die Menü-Datei **''/var/lib/tftpboot/pxelinux.cfg/dmz-64''** unseres PXE-Bootservers.
+   # vim /var/lib/tftpboot/pxelinux.cfg/dmz-64
-   # vim /var/lib/tftpboot/pxelinux.cfg/dmz-64
+Dort tragen wir beim betreffenden **LABEL** die Optionen **''ks''**, **''net.ifnames''** und **''biosdevname''** sowie am Ende der Zeile **''SERVERNAME=vml000040''** ein.
-Dort tragen wir beim betreffenden **LABEL** die Optionen **''ks''**, **''net.ifnames''** und **''biosdevname''** sowie am Ende der Zeile **''SERVERNAME=''** ein.
 <code>LABEL 3
-   MENU LABEL ^3) Installation von CentOS 8 (64 Bit)
+   MENU LABEL ^3) Installation der CentOS 8 (64 Bit) Ansible-Startup
    KERNEL images/centos/8/x86_64/vmlinuz
-   APPEND ks=http://10.0.0.57/kickstart/ks_centos_8_x86_64_dmz.cfg initrd=images/centos/8/x86_64/initrd.img ksdevice=eth0 ip=dhcp --hostname=vml000250.dmz.nausch.org method=http://10.0.0.57/centos/8/BaseOS/x86_64/os/ net.ifnames=0 biosdevname=0 SERVERNAME=
+   APPEND ks=http://10.0.0.57/kickstart/ks_centos_8_x86_64_ansible.cfg initrd=images/centos/8/x86_64/initrd.img ksdevice=eth0 ip=dhcp --hostname=vml000250.dmz.nausch.org method=http://10.0.0.57/centos/8/BaseOS/x86_64/os/ net.ifnames=0 biosdevname=0 SERVERNAME=vml000040</code>
-</code>
-Anschliessend starten wir wie gewohnt unsere virtuelle Maschine.
+==== Installation AOMH via PXE ====
+Anschliessend starten wir wie gewohnt unsere virtuelle Maschine via PXE-Boot.
-{{ :centos:pxe_c7:pxe-boot-menue-004.png?nolink&800 |Bild: Bildschirmhardcopy der Installationskonfiguration}}
+{{ :centos:ansible:aomh_01.png?nolink&800 |Bild: Bildschirmhardcopy des PXE Bootmenüs}}
-<WRAP center round tip 80%>
+Da schon alle relevanten **[[#pxe-bootmenue-datei_anpassen|Konfigurationsoptionen]]** brauchen wir hier nur noch den entsprechenden Menünkt auswählen und die Installation beginnt vollautomatisch.
+Am Ende des Installationsvorganges werden wir informiert, dass das postinstall-script, welches wir per PXE-Boot bzw. genauer gesagt mit dem Kickstartfile mitgegeben hatten, ausgeführt wird.
-Zum Setzen des Hostnamens wählen wir nun wie gewünscht den betreffenden Menüpunkt aus, drücken dann aber **__NICHT__** die **EINGABETASTE**, sondern die Taste **TAB**! Anschliessend geben wir den Hostnamen ein.
+{{ :centos:ansible:aomh_02.png?nolink&800 |Bild: Bildschirmhardcopy des Installationsvorgangs}}
-</WRAP>
-{{ :centos:pxe_c8:pxe-boot-menue-087b.png?nolink&800 |Bild: Bildschirmhardcopy Auswahl PXE Bootmenü}}
+Ist die Installation abgeschlossen startet unser neuer Host.
-Am Ende des Installationsvorganges werden wir informiert, dass das postinstall-script, welches wir per PXE-Boot bzw. genauer gesagt mit dem Kickstartfile mitgegeben hatten, ausgeführt wird.
-{{ :centos:pxe_c8:pxe-boot-menue-087c.png?nolink&800 |Bild: Bildschirmhardcopy Anzeige "Ausführung postinstall script"}}
+{{ :centos:ansible:aomh_03.png?nolink&800 |Bild: Bildschirmhardcopy des Bootvorgangs unseres AOMH}}
 Nach kurzer Wartezeit haben wir ein neues, vorkonfiguriertes und vor allem aktuelles System, bei dem wir uns direkt per **''ssh''** verbinden können.
-   $ ssh 10.0.0.50
+   $ ssh 10.0.0.40
-<code>The authenticity of host '10.0.0.50 (10.0.0.50)' can't be established.
+<code>The authenticity of host '10.0.0.40 (10.0.0.40)' can't be established.
-ED25519 key fingerprint is SHA256:JKV0iNvjQGMhkWIGEPC1hQH/vzpbeabl1g7s46yhMj6.
+ED25519 key fingerprint is SHA256:ayqTv8KN1YeMpTudnHRuC3jxSzc4Z92TX3wjRcFavsY.
-Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Are you sure you want to continue connecting (yes/no)? yes
-Warning: Permanently added '10.0.0.50' (ED25519) to the list of known hosts.
+Warning: Permanently added '10.0.0.40' (ED25519) to the list of known hosts.
 ##############################################################################
 #                                                                            #
@@ Zeile 745: / Zeile 1323: @@
 #                 This is the home server of Michael Nausch.                 #
 #                                                                            #
-#                            vml000050.nausch.org                            #
+#                            vml000040.nausch.org                            #
 #                                                                            #
 #             Unauthorized access to this system is prohibited !             #
@@ Zeile 752: / Zeile 1330: @@
 #         By accessing this system, you consent to this monitoring.          #
 #                                                                            #
-##############################################################################</code>
+##############################################################################
+</code>
+Wir können dann natürlich auch sofort zu unserem Ansible-Administrationsaccount **ansible** wechseln.
+   $ su - ansible
+Nach eingabe des zugehörigen Passwortes befinden wir uns im Homeverzeichnis des Ansible-Administrationsaccounts
+  Password:
+  [ansible@vml000040 ~]$
+Dot können wir uns z.B. vergewissern dass das **[[centos:ansible:first#ansibledirectory_layout|Ansible: Directory Layout]]** wie gewünscht angelegt ist.
+   $ tree ansible/
+<code>ansible/
+├── filter_plugins
+├── inventories
+│   ├── production
+│   │   ├── group_vars
+│   │   ├── hosts.yml
+│   │   └── host_vars
+│   └── staging
+│       ├── group_vars
+│       ├── hosts.yml
+│       └── host_vars
+├── library
+├── module_utils
+├── roles
+│   └── common
+│       ├── defaults
+│       │   └── main.yml
+│       ├── files
+│       │   └── main.yml
+│       ├── handlers
+│       │   └── main.yml
+│       ├── library
+│       ├── lookup_plugin
+│       ├── meta
+│       │   └── main.yml
+│       ├── module_utils
+│       ├── tasks
+│       │   └── main.yml
+│       ├── templates
+│       │   └── main.yml
+│       └── vars
+│           └── main.yml
+└── site.yml
+directories, 10 files</code>
+Zum Schluss lassen wir uns mit Hilfe des Befehls die aktuell installierte CentOS-Version anzeigen.
+   $ ansible centos8 -m shell -a "/usr/bin/cat /etc/redhat-release"
+Da wir uns das erste mal mit dem Host ansible verbinden werden wir nach der Eingabe des Passwortes gefragt, ob der Fingerprint des ED25519 Schlüssel stimmt. Nachdem wir das gewissenhaft überprüft habenbestätigen wir diese Frage mit einem **''yes''**
+<html><pre class="code">
+<font style="color: rgb(0, 0, 0)">BECOME password:
+The authenticity of host '10.0.0.40 (10.0.0.40)' can't be established.
+ED25519 key fingerprint is SHA256:ayqTv8KN1YeMp4Z92TX3TudnHRuC3jxSzcwjRcFavsY.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes</font>
+<font style="color: rgb(196, 160, 0)"><b>ansible | CHANGED | rc=0 >>
+CentOS Linux release 8.2.2004 (Core)</font></b></pre>
+</html>
+<WRAP center round tip 75%>
+Wir haben also nunmehr die Möglichkeit stets bei Bedarf immer eine gleiche Installation unseres \\
+**A**nsible-**O**rchestrator-**M**anagement-**H**ost //from the scratch// zu Installieren. \\
+Letztendlich brauchen wir dann nur noch unsere individuellen **playbooks**-, **inventory**- und **role**-Definitionen \\
+in die zugehörigen Verzeichnisse zurück sichern!
+</WRAP>
+====== Links ======
+  * **[[centos:ansible:start|zurück zum Kapitel "Ansible - Start"]] <= **
+  * **=> [[centos:ansible:playbooks1|weiter zum Kapitel "Ansible - Playbookbeispiele]]**
+  * **[[centos:ansible:start|Zurück zur "Ansible"-Übersicht]] <= **
+  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
+  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**
-Die Netzwerkschnittstelle hat entsprechend die gewünschte Bezeichnung erhalten.
-   # ip a
-<code>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-    inet 127.0.0.1/8 scope host lo
-       valid_lft forever preferred_lft forever
-    inet6 ::1/128 scope host
-       valid_lft forever preferred_lft forever
-: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
-    link/ether 52:54:00:74:80:c2 brd ff:ff:ff:ff:ff:ff
-    inet 10.0.0.50/24 brd 10.0.0.255 scope global noprefixroute eth0
-       valid_lft forever preferred_lft forever
-    inet6 fe80::5054:ff:fe74:80c2/64 scope link noprefixroute
-       valid_lft forever preferred_lft forever</code>
-Das System ist auch mit den aktuellesten Programmpaketen bestückt.
-   # dnf update
-<code>Last metadata expiration check: 0:12:20 ago on Sun 14 Jun 2020 01:49:52 PM CEST.
-Dependencies resolved.
-Nothing to do.
-Complete!</code>