Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
| linux:ansible:playbook_example_10 [24.09.2022 11:55. ] – [Jinja2-Template: ssh_client_config.j2] django | linux:ansible:playbook_example_10 [24.09.2022 13:50. ] (aktuell) – [Links] django | ||
|---|---|---|---|
| Zeile 299: | Zeile 299: | ||
| In dem Task **'' | In dem Task **'' | ||
| $ vim ~/ | $ vim ~/ | ||
| - | <file c++ ssh_client_config.j2> | + | <file c++ ssh_client_config.j2> |
| + | # Clientkonfigurationsbeispiel für unterschiedliche Zielsysteme | ||
| + | ## statische Konfiguration | ||
| + | # localhost | ||
| + | Host localhost | ||
| + | Hostname | ||
| + | IdentityFile ~/ | ||
| + | # externer Einwahl-Hosts | ||
| + | Host example | ||
| + | Hostname 93.184.216.34 | ||
| + | Port 12345 | ||
| + | Protocol 2 | ||
| + | ForwardX11 yes | ||
| + | ForwardAgent yes | ||
| + | IdentityFile ~/ | ||
| + | ## dynamisch aus dem Inventory generierte Konfiguration | ||
| + | # interne Systeme - DMZ | ||
| + | {% for host in groups[' | ||
| + | Host {{ host }} | ||
| + | Hostname {{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | Host {{ hostvars[host][' | ||
| + | Hostname {{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | |||
| + | {% endfor %} | ||
| + | # interne Systeme - Intranet | ||
| + | {% for host in groups[' | ||
| + | Host {{ host }} | ||
| + | Hostname {{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | |||
| + | Host {{ hostvars[host][' | ||
| + | Hostname {{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | |||
| + | {% endfor %} | ||
| + | # externe System | ||
| + | {% for host in groups[' | ||
| + | Host {{ host }} | ||
| + | Hostname [{{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | ProxyCommand | ||
| + | |||
| + | Host {{ host }}-extern | ||
| + | Hostname {{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | |||
| + | {% endfor %} | ||
| + | {% for host in groups[' | ||
| + | Host {{ host }} | ||
| + | Hostname {{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | ProxyCommand | ||
| + | |||
| + | Host {{ host }}-intern | ||
| + | Hostname {{ hostvars[host][' | ||
| + | User {{ hostvars[host][' | ||
| + | Port {{ hostvars[host][' | ||
| + | Protocol {{ hostvars[host][' | ||
| + | IdentityFile {{ hostvars[host][' | ||
| + | |||
| + | {% endfor %} | ||
| + | </ | ||
| + | |||
| + | Das Beispiel passen wir natürlich unserer Umgebung entsprechend an. Einzelne Netzsegmente haben wir in unserem **[[playbook_example_09# | ||
| + | |||
| + | === Inventory === | ||
| + | Die **[[playbook_example_09# | ||
| + | |||
| + | Für unser Playbook-Beispiel hier greifen wir auf das exemplarische **[[playbook_example_09# | ||
| + | $ less ~/ | ||
| + | |||
| + | <file bash hosts># Generiert mit Hilfe von Ansible am 2022-09-20 - diese Datei nicht manuell bearbeiten! | ||
| + | # Inventory Datei für die System-Umgebung bei nausch.org | ||
| + | # | ||
| + | # Hinweise: | ||
| + | # | ||
| + | # leere Zeilen werden ignoriert | ||
| + | # Host- und Gruppendefinitionen werden mit [] abgegrenzt | ||
| + | # Hosts können über ihren Hostnamen, FQN oder ihrer IP-Adresse definiert | ||
| + | # | ||
| + | # | ||
| + | # Host-Definitionen | ||
| + | |||
| + | # Hosts ohne Gruppenzuordnung | ||
| + | localhost | ||
| + | |||
| + | [intranet] | ||
| + | pml010002 | ||
| + | pml010003 | ||
| + | pml010004 | ||
| + | ... | ||
| + | ... | ||
| + | pml010124 | ||
| + | pml010125 | ||
| + | pml010126 | ||
| + | |||
| + | [IDMZ] | ||
| + | vml030010 | ||
| + | vml030020 | ||
| + | vml030030 | ||
| + | vml030040 | ||
| + | ... | ||
| + | ... | ||
| + | vml030230 | ||
| + | vml030240 | ||
| + | vml030250 | ||
| + | |||
| + | [EDMZ] | ||
| + | vml050010 | ||
| + | vml050020 | ||
| + | vml050030 | ||
| + | vml050040 | ||
| + | vml050250 | ||
| + | |||
| + | [TKDMZ] | ||
| + | vml070010 | ||
| + | vml070020 | ||
| + | vml070030 | ||
| + | |||
| + | [external] | ||
| + | customer_no_001 | ||
| + | customer_no_002 | ||
| + | ... | ||
| + | ... | ||
| + | customer_no_042 | ||
| + | |||
| + | [gluon] | ||
| + | ff_pliening_gbw__ug_ | ||
| + | ff_pliening_gbw_egod | ||
| + | ff_pliening_gbw_ogod | ||
| + | ff_pliening_gbw_dgod | ||
| + | ff_pliening_gbw_cpod | ||
| + | ff_roding_fwg_nausch | ||
| + | |||
| + | [raspbian] | ||
| + | ff_pliening_rpb4_ol_v6 | ||
| + | |||
| + | # Host-Gruppen-Definitionen | ||
| + | # (zu welcher Gruppe gehören Untergruppen bzw. Hosts) | ||
| + | |||
| + | [freifunk: | ||
| + | gluon | ||
| + | raspbian | ||
| + | |||
| + | [linux: | ||
| + | intranet | ||
| + | IDMZ | ||
| + | EDMZ | ||
| + | TKDMZ | ||
| + | external | ||
| + | </ | ||
| + | |||
| + | Die betreffenden Hostspezifischen Variablen halten wir hier in entsprechenden Dateien bzw. Unterverzeichnissen vor. Das nachfolgende Beispiel hier zeigt die Host-spezifischen Variablen eines Hosts im Intranet. | ||
| + | $ less ~/ | ||
| + | |||
| + | <file c++ vml030010># | ||
| + | host_alias: fw1 | ||
| + | host_mac: " | ||
| + | host_ipv4: " | ||
| + | host_ipv6: ":: | ||
| + | ssh_port: 22 | ||
| + | ssh_protocol: | ||
| + | ssh_keyfile: | ||
| + | |||
| + | Als Beispiel für einen externen Host, der nur via Jump-Host erreichbar ist sehen wir uns die Inventory-Host-Definition des Hosts **'' | ||
| + | $ less ~/ | ||
| + | |||
| + | |||
| + | <file c++ ff_pliening_gbw__ug_># | ||
| + | host_alias: | ||
| + | host_ipv4: | ||
| + | host_ipv6: 2001: | ||
| + | ssh_user: root | ||
| + | ssh_port: 22 | ||
| + | ssh_protocol: | ||
| + | ssh_keyfile: | ||
| + | host_sshjump: | ||
| + | |||
| + | branch: " | ||
| + | domain: " | ||
| + | director: " | ||
| + | node_contact_address: | ||
| + | node_hostname: | ||
| + | node_latitude: | ||
| + | node_longitude: | ||
| + | node_model: " | ||
| + | node_share_location: | ||
| + | node_ghostmode: | ||
| + | node_release: | ||
| + | node_autoupdate: | ||
| + | </ | ||
| + | Hier sehen wir nun dass unter anderem ein anderer SSH-User, ein anderes SSH-Keyfile sowie ein Jump-Host benutzt wird. Ferner finden sich im Anschluß noch weitere Host-spezische Variablen, für die Konfiguration des betreffenden **[[https:// | ||
| + | === Playbook-Lauf === | ||
| + | Dank der **[[playbook_example_08# | ||
| + | $ ansible-playbook ~/ | ||
| - | ==== Ergebnis: ~/.ssh/config ==== | + | < |
| + | <pre class=" | ||
| + | <font style="color: rgb(0, 0, 0)"> | ||
| + | PLAY [ssh_client_config.yml] ****************************************************************************************************** | ||
| + | TASK [Gathering Facts] ************************************************************************************************************</ | ||
| + | <font style=" | ||
| + | <font style=" | ||
| + | TASK [ssh_client : include_tasks] *************************************************************************************************</ | ||
| + | <font style=" | ||
| + | <font style=" | ||
| + | TASK [ssh_client : Generieren und kopieren der SSH Client Konfiguration ~/ | ||
| + | <font style=" | ||
| + | <font style=" | ||
| + | PLAY RECAP *************************************************************************************************************************</ | ||
| + | <font style=" | ||
| + | </ | ||
| + | </ | ||
| + | === Ergebnis: ~/ | ||
| + | Als Ergebnis erhalten wir dann quasi auf Knopfdruck immer eine aktuelle SSH-Client-Konfigurationsdatei **'' | ||
| <file bash ~/ | <file bash ~/ | ||
| Zeile 331: | Zeile 566: | ||
| # interne Systeme - IDMZ | # interne Systeme - IDMZ | ||
| Host vml030010 | Host vml030010 | ||
| - | Hostname 10.0.0.17 | + | Hostname 10.30.30.10 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 338: | Zeile 573: | ||
| Host fw1 | Host fw1 | ||
| - | Hostname 10.0.0.17 | + | Hostname 10.30.30.10 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 345: | Zeile 580: | ||
| Host vml030020 | Host vml030020 | ||
| - | Hostname 10.0.0.27 | + | Hostname 10.30.30.20 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 352: | Zeile 587: | ||
| Host fw2 | Host fw2 | ||
| - | Hostname 10.0.0.27 | + | Hostname 10.30.30.2 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 359: | Zeile 594: | ||
| Host vml030030 | Host vml030030 | ||
| - | Hostname 10.0.0.37 | + | Hostname 10.30.30.30 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 366: | Zeile 601: | ||
| Host | Host | ||
| - | Hostname 10.0.0.37 | + | Hostname 10.30.30.30 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 376: | Zeile 611: | ||
| Host vml030250 | Host vml030250 | ||
| - | Hostname 10.0.0.40 | + | Hostname 10.30.30.250 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 383: | Zeile 618: | ||
| Host db_clusternode_3 | Host db_clusternode_3 | ||
| - | Hostname 10.0.0.40 | + | Hostname 10.30.30.250 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 391: | Zeile 626: | ||
| # interne Systeme - Intranet | # interne Systeme - Intranet | ||
| Host pml010002 | Host pml010002 | ||
| - | Hostname 10.0.10.2 | + | Hostname 10.10.10.2 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 398: | Zeile 633: | ||
| Host kvm_1 | Host kvm_1 | ||
| - | Hostname 10.0.10.2 | + | Hostname 10.10.10.2 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 408: | Zeile 643: | ||
| Host pml010126 | Host pml010126 | ||
| - | Hostname 10.0.10.71 | + | Hostname 10.10.10.126 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 415: | Zeile 650: | ||
| Host feinstaubsensor | Host feinstaubsensor | ||
| - | Hostname 10.0.10.71 | + | Hostname 10.10.10.126 |
| User django | User django | ||
| Port 22 | Port 22 | ||
| Zeile 457: | Zeile 692: | ||
| </ | </ | ||
| + | ===== Fazit und Ausblick ===== | ||
| + | <WRAP center round info 80%> | ||
| - | FIXME //**... do geds weida!**// FIXME | + | Die manuelle, zeitraubende und ggf. Fehlerbehaftete Pflege der SSH-Client-Konfigurations-Datei durch mehrere Admins auf verschiedenen Ansible-Kontroll-Knoten ist somit Geschichte. Ferner sind wir unabhängig und können so viele SSH-Jump-Hosts verwenden, die eben zum Erreichen der Zielhost von Nöten sind. |
| + | Die initiale Fragestellung //Wie wird sicher gestellt, dass alle Ziele auch erreichbar sind?//, die wir bei unseren **[[detail# | ||
| + | </ | ||
| - | ===== lorem ipsum dolor sit amet ===== | + | ====== |
| + | * **[[detail|zurück zum Kapitel " | ||
| + | * **=> [[playbook_example_11|weiter zum Kapitel " | ||
| + | * **[[start|Zurück zur " | ||
| + | * **[[wiki: | ||
| + | * **[[http:// | ||
| - | :KRIT: FIXME :KRIT: | ||
django