Configuração ansible server

Configuração ansible server

Configurando o ansible.cfg

$ cd /etc/ansible/
$ ls
ansible.cfg  hosts  roles

ansible.cfg: Arquivo de configuração do Ansible;
hosts: Arquivo de inventário;
roles: Diretório para armazenar as Roles no Ansible.

$ cat ansible.cfg
# Since Ansible 2.12 (core):
# To generate an example config file (a "disabled" one with all default settings, commented out):
#               $ ansible-config init --disabled > ansible.cfg
#
# Also you can now have a more complete file by including existing plugins:
# ansible-config init --disabled -t all > ansible.cfg
 
# For previous versions of Ansible you can check for examples in the 'stable' branches of each version
# Note that this file was always incomplete  and lagging changes to configuration settings
 
# for example, for 2.9: https://github.com/ansible/ansible/blob/stable-2.9/examples/ansible.cfg

$ sudo su
# ansible-config init --disabled > ansible.cfg

# egrep -v "^#|^;|^$" ansible.cfg
[defaults]
log_path=/var/log/ansible.log
private_key_file=/etc/keys/sshkey
remote_user=root
roles_path=/etc/ansible/roles
timeout=30
[privilege_escalation]
[persistent_connection]
[connection]
[colors]
[selinux]
[diff]
[galaxy]
[inventory]
[netconf_connection]
[paramiko_connection]
[jinja2]
[tags]

log_path: Define a localização do arquivo de logs do Ansible;
private_key_file: Define a localização e o nome da chave privada usada nas conexões SSH entre o servidor Ansible e os nodes da rede;
remote_user: Define o usuário de login para as máquinas de destino;
roles_path: Determina a localização do diretório onde serão armazenadas as Roles do Ansible;
timeout: Define o tempo utilizado na conexão SSH.

Criando chave SSH

# mkdir /etc/keys

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /etc/keys/sshkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/keys/sshkey
Your public key has been saved in /etc/keys/sshkey.pub
The key fingerprint is:
SHA256:Y8rbHFuku02ApvJbLWD6bU4a3kiz2kmnIqbKPo0h1Iw root@ansible-server
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|                 |
|  +              |
| E o   .         |
|.   o o S .      |
|.. o = + =       |
|. * * B + o      |
|o+.X #.= B       |
|B+oo%+= *..      |
+----[SHA256]-----+

Informe o local aonde as chaves serão armazenadas. Como foi definido na configuração do Ansible, as chaves serão armazenadas em: /etc/keys/sshkey

Permitindo acesso root

# vim /etc/ssh/sshd_config
[...]
#PermitRootLogin prohibit-password
PermitRootLogin yes
[...]

# systemctl restart sshd

root@ansible-server:/etc/ansible# passwd
New password:
Retype new password:
passwd: password updated successfully
root@ansible-server:/etc/ansible# exit
exit

Copiando a chave

Com as chaves geradas o próximo passo é copiar a chave pública para as VMs que o Ansible irá gerenciar.

$ sudo ssh-copy-id -i /etc/keys/sshkey.pub ansible-server

$ sudo ssh -i /etc/keys/sshkey ansible-server cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu2204.localdomain
 
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
 
127.0.0.1 ubuntu2204.localdomain
 
127.0.2.1 ansible-server ansible-server

Inventário

$ cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups
 
# Ex 1: Ungrouped hosts, specify before any group headers:
 
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
 
# Ex 2: A collection of hosts belonging to the 'webservers' group:
 
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
 
# If you have multiple hosts following a pattern, you can specify
# them like this:
 
## www[001:006].example.com
 
# Ex 3: A collection of database servers in the 'dbservers' group:
 
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
 
# Here's another example of host ranges, this time there are no
# leading 0s:
 
## db-[99:101]-node.example.com

$ sudo vim /etc/ansible/hosts +$
[...]
[local]
ansible-server
 
[ubuntu]
ub-vm-01
 
[oracle]
ol-vm-02
ansible_python_interpreter=/usr/bin/python3.9
 
[debian]
de-vm-03

$ sudo ansible-inventory --list -y
all:
  children:
    debian:
      hosts:
        de-vm-03: {}
    local:
      hosts:
        ansible-server: {}
    oracle:
      hosts:
        ol-vm-02: {}
    ubuntu:
      hosts:
        ub-vm-01: {}
    ungrouped: {}

Ajustes no arquivo hosts

hosts.yaml

$ cat hosts.yaml
---
- name: File /etc/hosts
  hosts: local
  tasks:
    - name: Testing entries in the /etc/hosts file
      lineinfile:
        path: /etc/hosts
        line: "10.240.0.200 ansible-server.juntotelecom.com.br  ansible-server"
      register: etc_hosts_result

    - name: Clear file /etc/hosts
      when: etc_hosts_result is changed
      shell: echo '' > /etc/hosts
      register: etc_hosts_clear
      tags: hosts

    - name: Config file /etc/hosts
      when: etc_hosts_clear is succeeded
      lineinfile:
        path: /etc/hosts
        line: "{{ item.ip }}  {{ item.fqdn }} {{ item.alias }}"
      with_items:
        - { ip: '127.0.0.1', fqdn: 'localhost.localdomain', alias: 'localhost' }
        - { ip: '10.240.0.200', fqdn: 'ansible-server.juntotelecom.com.br', alias: 'ansible-server' }
        - { ip: '10.240.0.201', fqdn: 'ub-vm-01.juntotelecom.com.br', alias: 'ub-vm-01' }
        - { ip: '10.240.0.202', fqdn: 'ol-vm-02.juntotelecom.com.br', alias: 'ol-vm-02' }
        - { ip: '10.240.0.203', fqdn: 'de-vm-03.juntotelecom.com.br', alias: 'de-vm-03' }

$ sudo ansible-playbook --syntax-check hosts.yaml
 
playbook: hosts.yaml

$ sudo ansible-playbook hosts.yaml
 
PLAY [File /etc/hosts] ******************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [ansible-server]
 
TASK [Testing entries in the /etc/hosts file] *******************************************************************************************************************************************************************
changed: [ansible-server]
 
TASK [Clear file /etc/hosts] ************************************************************************************************************************************************************************************
changed: [ansible-server]
 
TASK [Config file /etc/hosts] ***********************************************************************************************************************************************************************************
changed: [ansible-server] => (item={'ip': '127.0.0.1', 'fqdn': 'localhost.localdomain', 'alias': 'localhost'})
changed: [ansible-server] => (item={'ip': '10.240.0.200', 'fqdn': 'ansible-server.juntotelecom.com.br', 'alias': 'ansible-server'})
changed: [ansible-server] => (item={'ip': '10.240.0.201', 'fqdn': 'ub-vm-01.juntotelecom.com.br', 'alias': 'ub-vm-01'})
changed: [ansible-server] => (item={'ip': '10.240.0.202', 'fqdn': 'ol-vm-02.juntotelecom.com.br', 'alias': 'ol-vm-02'})
changed: [ansible-server] => (item={'ip': '10.240.0.203', 'fqdn': 'de-vm-03.juntotelecom.com.br', 'alias': 'de-vm-03'})
 
PLAY RECAP ******************************************************************************************************************************************************************************************************
ansible-server             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

$ sudo ansible local -m shell -a "cat /etc/hosts"
ansible-server | CHANGED | rc=0 >>
 
127.0.0.1  localhost.localdomain localhost
10.240.0.200  ansible-server.juntotelecom.com.br ansible-server
10.240.0.201  ub-vm-01.juntotelecom.com.br ub-vm-01
10.240.0.202  ol-vm-02.juntotelecom.com.br ol-vm-02
10.240.0.203  de-vm-03.juntotelecom.com.br de-vm-03

Compartilhando a chave SSH

$ sudo ssh-copy-id -i /etc/keys/sshkey.pub ub-vm-01
$ sudo ssh-copy-id -i /etc/keys/sshkey.pub ol-vm-02
$ sudo ssh-copy-id -i /etc/keys/sshkey.pub de-vm-03

$ sudo ansible all -m ping
ansible-server | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
de-vm-03 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
ub-vm-01 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
[WARNING]: Platform linux on host ol-vm-02 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-core/2.13/reference_appendices/interpreter_discovery.html for more information.
ol-vm-02 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3.9"
    },
    "changed": false,
    "ping": "pong"
}

$ sudo ansible oracle -m ping -e 'ansible_python_interpreter=/usr/bin/python3.9'
ol-vm-02 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Referências

Python 3 Support

Table of Contents