diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6c17944 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +.ipynb_checkpoints/ +passwort +Kap2_Rollen/ +simple_playbook.yml +ssh-add-passphrase.sh +.gitignore_gitlab diff --git a/.gitignore_github b/.gitignore_github new file mode 100644 index 0000000..6c17944 --- /dev/null +++ b/.gitignore_github @@ -0,0 +1,6 @@ +.ipynb_checkpoints/ +passwort +Kap2_Rollen/ +simple_playbook.yml +ssh-add-passphrase.sh +.gitignore_gitlab diff --git a/00 Erste Schritte mit ansible.ipynb b/00 Erste Schritte mit ansible.ipynb new file mode 100644 index 0000000..4a72aab --- /dev/null +++ b/00 Erste Schritte mit ansible.ipynb @@ -0,0 +1,1367 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Ansible Adhoc Kommandos\n", + "\n", + "Zunächst muss Ansible auf einem Host installiert sein.\n", + "\n", + "http://docs.ansible.com/ansible/intro_installation.html\n", + "\n", + "Danch können einfache Adhoc Kommandos ausgeführt werden.\n", + "\n", + "http://docs.ansible.com/ansible/intro_getting_started.html" + ] + }, + { + "cell_type": "code", + "execution_count": 1, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [] + } + ], + "source": [ + "history -c" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Löscht die Bash-History. Siehe https://wiki.ubuntuusers.de/Bash/#History\n", + "\n", + "Dann kann getestet werden ob ansible installiert ist." + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "ansible 2.1.2.0\r\n", + " config file = \r\n", + " configured module search path = Default w/o overrides\r\n" + ] + } + ], + "source": [ + "ansible --version" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Update ansible via pip.\n", + "\n", + "Wegen pip siehe: https://docs.python.org/2/installing/" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\u001b[33mThe directory '/home/vagrant/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.\u001b[0m\r\n", + "\u001b[33mThe directory '/home/vagrant/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.\u001b[0m\r\n", + "Requirement already up-to-date: ansible in /usr/local/lib/python2.7/dist-packages\r\n", + "Requirement already up-to-date: PyYAML in /usr/local/lib/python2.7/dist-packages (from ansible)\r\n", + "Collecting setuptools (from ansible)\r\n", + " Downloading setuptools-28.6.0-py2.py3-none-any.whl (471kB)\r\n", + "\u001b[?25l\r", + "\u001b[K 2% |▊ | 10kB 32.6MB/s eta 0:00:01\r", + "\u001b[K 4% |█▍ | 20kB 1.5MB/s eta 0:00:01\r", + "\u001b[K 6% |██ | 30kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 8% |██▊ | 40kB 1.4MB/s eta 0:00:01\r", + "\u001b[K 10% |███▌ | 51kB 1.2MB/s eta 0:00:01\r", + "\u001b[K 13% |████▏ | 61kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 15% |████▉ | 71kB 1.2MB/s eta 0:00:01\r", + "\u001b[K 17% |█████▌ | 81kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 19% |██████▎ | 92kB 1.2MB/s eta 0:00:01\r", + "\u001b[K 21% |███████ | 102kB 1.2MB/s eta 0:00:01\r", + "\u001b[K 23% |███████▋ | 112kB 993kB/s eta 0:00:01\r", + "\u001b[K 26% |████████▎ | 122kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 28% |█████████ | 133kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 30% |█████████▊ | 143kB 972kB/s eta 0:00:01\r", + "\u001b[K 32% |██████████▍ | 153kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 34% |███████████ | 163kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 36% |███████████▉ | 174kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 39% |████████████▌ | 184kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 41% |█████████████▏ | 194kB 972kB/s eta 0:00:01\r", + "\u001b[K 43% |█████████████▉ | 204kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 45% |██████████████▋ | 215kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 47% |███████████████▎ | 225kB 969kB/s eta 0:00:01\r", + "\u001b[K 49% |████████████████ | 235kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 52% |████████████████▋ | 245kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 54% |█████████████████▍ | 256kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 56% |██████████████████ | 266kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 58% |██████████████████▊ | 276kB 970kB/s eta 0:00:01\r", + "\u001b[K 60% |███████████████████▍ | 286kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 62% |████████████████████▏ | 296kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 65% |████████████████████▉ | 307kB 971kB/s eta 0:00:01\r", + "\u001b[K 67% |█████████████████████▌ | 317kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 69% |██████████████████████▏ | 327kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 71% |███████████████████████ | 337kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 73% |███████████████████████▋ | 348kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 75% |████████████████████████▎ | 358kB 970kB/s eta 0:00:01\r", + "\u001b[K 78% |█████████████████████████ | 368kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 80% |█████████████████████████▊ | 378kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 82% |██████████████████████████▍ | 389kB 969kB/s eta 0:00:01\r", + "\u001b[K 84% |███████████████████████████ | 399kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 86% |███████████████████████████▊ | 409kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 88% |████████████████████████████▌ | 419kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 91% |█████████████████████████████▏ | 430kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 93% |█████████████████████████████▉ | 440kB 970kB/s eta 0:00:01\r", + "\u001b[K 95% |██████████████████████████████▌ | 450kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 97% |███████████████████████████████▎| 460kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 99% |████████████████████████████████| 471kB 1.1MB/s eta 0:00:01\r", + "\u001b[K 100% |████████████████████████████████| 481kB 864kB/s \r\n", + "\u001b[?25hRequirement already up-to-date: jinja2 in /usr/local/lib/python2.7/dist-packages (from ansible)\r\n", + "Requirement already up-to-date: paramiko in /usr/local/lib/python2.7/dist-packages (from ansible)\r\n", + "Requirement already up-to-date: pycrypto>=2.6 in /usr/local/lib/python2.7/dist-packages (from ansible)\r\n", + "Requirement already up-to-date: MarkupSafe in /usr/local/lib/python2.7/dist-packages (from jinja2->ansible)\r\n", + "Requirement already up-to-date: pyasn1>=0.1.7 in /usr/local/lib/python2.7/dist-packages (from paramiko->ansible)\r\n", + "Requirement already up-to-date: cryptography>=1.1 in /usr/local/lib/python2.7/dist-packages (from paramiko->ansible)\r\n", + "Requirement already up-to-date: ipaddress in /usr/local/lib/python2.7/dist-packages (from cryptography>=1.1->paramiko->ansible)\r\n", + "Requirement already up-to-date: six>=1.4.1 in /usr/local/lib/python2.7/dist-packages (from cryptography>=1.1->paramiko->ansible)\r\n", + "Requirement already up-to-date: enum34 in /usr/local/lib/python2.7/dist-packages (from cryptography>=1.1->paramiko->ansible)\r\n", + "Requirement already up-to-date: idna>=2.0 in /usr/local/lib/python2.7/dist-packages (from cryptography>=1.1->paramiko->ansible)\r\n", + "Requirement already up-to-date: cffi>=1.4.1 in /usr/local/lib/python2.7/dist-packages (from cryptography>=1.1->paramiko->ansible)\r\n", + "Requirement already up-to-date: pycparser in /usr/local/lib/python2.7/dist-packages (from cffi>=1.4.1->cryptography>=1.1->paramiko->ansible)\r\n", + "Installing collected packages: setuptools\r\n", + " Found existing installation: setuptools 28.3.0\r\n", + " Uninstalling setuptools-28.3.0:\r\n", + " Successfully uninstalled setuptools-28.3.0\r\n", + "Successfully installed setuptools-28.6.0\r\n" + ] + } + ], + "source": [ + "sudo pip install --upgrade ansible" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "ansible 2.1.2.0\r\n", + " config file = \r\n", + " configured module search path = Default w/o overrides\r\n" + ] + } + ], + "source": [ + "ansible --version" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Einrichten einer Inventorydatei.\n", + "\n", + "http://docs.ansible.com/ansible/intro_inventory.html" + ] + }, + { + "cell_type": "code", + "execution_count": 5, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "insgesamt 12K\r\n", + "525129 drwxr-xr-x 3 root root 4,0K Sep 21 17:17 .\r\n", + "262145 drwxr-xr-x 115 root root 4,0K Okt 17 08:07 ..\r\n", + "525175 drwxr-xr-x 10 root root 4,0K Okt 12 20:34 roles\r\n" + ] + } + ], + "source": [ + "ls -lachi /etc/ansible/\n", + "sudo cp /vagrant/hosts /etc/ansible" + ] + }, + { + "cell_type": "code", + "execution_count": 6, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "[ctl]\r\n", + "127.0.0.1 ansible_connection=local\r\n", + "\r\n", + "[www]\r\n", + "192.168.60.11\r\n", + "192.168.60.12\r\n", + "192.168.60.13\r\n", + "\r\n", + "[db]\r\n", + "192.168.60.21\r\n", + "192.168.60.22\r\n", + "\r\n", + "[lb]\r\n", + "192.168.60.2\r\n", + "\r\n", + "[backend:children]\r\n", + "www\r\n", + "db\r\n", + "\r\n", + "# Point of entry\r\n", + "[poe:children]\r\n", + "lb\r\n", + "www\r\n" + ] + } + ], + "source": [ + "cat /etc/ansible/hosts" + ] + }, + { + "cell_type": "code", + "execution_count": 8, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "127.0.0.1 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n" + ] + } + ], + "source": [ + "ansible ctl -m ping" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Erstellen eines ssh-key ohne Nachfrage. Ein evtl. existierender Schlüssel wird gelöscht.\n", + "\n", + "ACHTUNG: Nicht für produktiv Systeme. Hier besser mit Variablen arbeiten.\n", + "\n", + "Wegen ENV Siehe auch: https://12factor.net/de/\n", + "\n", + "ToDO. Hier mit ENV zeigen.\n", + "\n", + "SSH_PASSPHRASE=geheim" + ] + }, + { + "cell_type": "code", + "execution_count": 9, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Generating public/private rsa key pair.\r\n", + "Your identification has been saved in /home/vagrant/.ssh/id_rsa.\r\n", + "Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.\r\n", + "The key fingerprint is:\r\n", + "SHA256:KJ1V10SR4xSUA6dhrKkjrYB6CNwiwYPg8rewNjWZqVY vagrant@ctl\r\n", + "The key's randomart image is:\r\n", + "+---[RSA 2048]----+\r\n", + "| ..=*B= |\r\n", + "|. . o.+B |\r\n", + "|= . o.o o |\r\n", + "|++ . + o . |\r\n", + "|ooo..++.S. |\r\n", + "|oo+.E.. + |\r\n", + "|oo.B + o . |\r\n", + "|o B . . |\r\n", + "| + . |\r\n", + "+----[SHA256]-----+\r\n" + ] + } + ], + "source": [ + "if [ -f ~/.ssh/id_rsa ]; then rm ~/.ssh/id_rsa*; fi && ssh-keygen -t rsa -f ~/.ssh/id_rsa -N geheim" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Automatisches verteilen mit ssh-cop-id\n", + "\n", + "http://serverfault.com/questions/306541/automating-ssh-copy-id\n", + "\n", + "Achtung: Der Host-Key muss als erstes akzeptiert werden." + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Can I automatically add a new host to known_hosts?\n", + "\n", + "http://serverfault.com/questions/132970/can-i-automatically-add-a-new-host-to-known-hosts\n", + "\n", + "Nur etwas, wenn dem Netz vetraut wird. NICHT FÜR PRODUKTIV SYSTEME!" + ] + }, + { + "cell_type": "code", + "execution_count": 10, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "# 192.168.60.2:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.2:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.2:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n" + ] + } + ], + "source": [ + "ssh-keyscan -H 192.168.60.2 >> ~/.ssh/known_hosts" + ] + }, + { + "cell_type": "code", + "execution_count": 11, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "|1|plnagrukktq51R6s86RfFo5LpWc=|Y3qGwPjRHth9gb7tBlbEl24C/jg= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU171qwSgbEtEal2fCozSU7wsNRzA2H/DuUaLku6xRazRkfQZnFHcDn5pFk/GhHLTCwDRXz7nnnbBFFJK3jr03AsOr6rtqJuojQEIh1Yz1wKI4Dvvawteb8UnveKcef7OGs6a2nphGC+ZYX8txu+gdSF9HNVxGbUyFtbNeKRpAPCRgAkHfh1stxwPK8BQiaPQbEHSWzPer1G38Qsq1QzbKXWrizU057i5pw38cdRQ8CaVYe9u+rUnNEOfGjpESh06lb1vdZDEmily7D0jWDW7+Tw7hbr3uw+wUiJaVEGrBbQQotIqcrWTz6AqrwXKdZpklJZkcPx5JGS3Ym13AUBDB\r\n", + "|1|E2JMOtS40Z89qlsiSDy99ynMaTY=|oIN/lWhb5VoHoPvciSUbAlkpLjA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOUj8l+Ejj53rTy5+9bMcbINLRZ6UFxaK6fRE6uklH7YvPh08DepyspTONUWuwwYSwJuHBldP8Joafx5jNuW2sI=\r\n", + "|1|WX4OU3NhdMdxeMIsXTI69q932pc=|s9UgWihQrQxhQM4P6004v59Zzb8= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAc42trNYnv58q3PiJSJ+lLhkHY9NOX4kVrrJdC8fJLf\r\n" + ] + } + ], + "source": [ + "cat ~/.ssh/known_hosts" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "SSH Schlüssel verteilen ohne Passwortabfrage." + ] + }, + { + "cell_type": "code", + "execution_count": 12, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\r", + "0% [Wird verarbeitet]\r", + " \r", + "OK:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease\r\n", + "\r", + "0% [Warten auf Kopfzeilen] [Verbindung mit security.ubuntu.com (91.189.91.26)] \r", + "0% [1 InRelease gpgv 247 kB] [Warten auf Kopfzeilen] [Warten auf Kopfzeilen] [W\r", + " \r", + "OK:2 http://ppa.launchpad.net/chronitis/jupyter/ubuntu xenial InRelease\r\n", + "\r", + "0% [1 InRelease gpgv 247 kB] [Warten auf Kopfzeilen] [Warten auf Kopfzeilen] [W\r", + " \r", + "OK:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease\r\n", + "\r", + "0% [1 InRelease gpgv 247 kB] [Warten auf Kopfzeilen] [Warten auf Kopfzeilen] [W\r", + " \r", + "OK:4 http://de.archive.ubuntu.com/ubuntu xenial-backports InRelease\r\n", + "\r", + " \r", + "OK:5 http://ppa.launchpad.net/nginx/stable/ubuntu xenial InRelease\r\n", + "\r", + " \r", + "Ign:6 http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 InRelease\r\n", + "\r", + " \r", + "0% [1 InRelease gpgv 247 kB] [Warten auf Kopfzeilen] [Warten auf Kopfzeilen]\r", + " \r", + "OK:7 http://security.ubuntu.com/ubuntu xenial-security InRelease\r\n", + "\r", + "0% [1 InRelease gpgv 247 kB] [Warten auf Kopfzeilen] [Warten auf Kopfzeilen]\r", + " \r", + "OK:8 http://ppa.launchpad.net/nijel/phpmyadmin/ubuntu xenial InRelease\r\n", + "\r", + " \r", + "0% [1 InRelease gpgv 247 kB] [Warten auf Kopfzeilen]\r", + " \r", + "OK:9 http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 Release\r\n", + "\r", + " \r", + "0% [1 InRelease gpgv 247 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [2 InRelease gpgv 18,1 kB]\r", + " \r", + "OK:10 https://apt.dockerproject.org/repo ubuntu-xenial InRelease\r\n", + "\r", + "0% [2 InRelease gpgv 18,1 kB]\r", + " \r", + "OK:11 https://deb.nodesource.com/node_4.x xenial InRelease\r\n", + "\r", + "0% [2 InRelease gpgv 18,1 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [3 InRelease gpgv 95,7 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [4 InRelease gpgv 92,2 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [5 InRelease gpgv 17,5 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [7 InRelease gpgv 94,5 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [8 InRelease gpgv 17,5 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [Release.gpg gpgv 3.462 B]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [10 InRelease gpgv 30,2 kB]\r", + " \r", + "0% [Wird verarbeitet]\r", + "0% [11 InRelease gpgv 3.914 B]\r", + " \r", + "20% [Wird verarbeitet]\r", + " \r", + "\r", + "Paketlisten werden gelesen... 0%\r", + "\r", + "Paketlisten werden gelesen... 0%\r", + "\r", + "Paketlisten werden gelesen... 1%\r", + "\r", + "Paketlisten werden gelesen... 4%\r", + "\r", + "Paketlisten werden gelesen... 4%\r", + "\r", + "Paketlisten werden gelesen... 9%\r", + "\r", + "Paketlisten werden gelesen... 9%\r", + "\r", + "Paketlisten werden gelesen... 11%\r", + "\r", + "Paketlisten werden gelesen... 11%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 13%\r", + "\r", + "Paketlisten werden gelesen... 22%\r", + "\r", + "Paketlisten werden gelesen... 40%\r", + "\r", + "Paketlisten werden gelesen... 40%\r", + "\r", + "Paketlisten werden gelesen... 40%\r", + "\r", + "Paketlisten werden gelesen... 65%\r", + "\r", + "Paketlisten werden gelesen... 66%\r", + "\r", + "Paketlisten werden gelesen... 66%\r", + "\r", + "Paketlisten werden gelesen... 72%\r", + "\r", + "Paketlisten werden gelesen... 72%\r", + "\r", + "Paketlisten werden gelesen... 87%\r", + "\r", + "Paketlisten werden gelesen... 87%\r", + "\r", + "Paketlisten werden gelesen... 88%\r", + "\r", + "Paketlisten werden gelesen... 88%\r", + "\r", + "Paketlisten werden gelesen... 88%\r", + "\r", + "Paketlisten werden gelesen... 88%\r", + "\r", + "Paketlisten werden gelesen... 88%\r", + "\r", + "Paketlisten werden gelesen... 88%\r", + "\r", + "Paketlisten werden gelesen... 89%\r", + "\r", + "Paketlisten werden gelesen... 89%\r", + "\r", + "Paketlisten werden gelesen... 90%\r", + "\r", + "Paketlisten werden gelesen... 90%\r", + "\r", + "Paketlisten werden gelesen... 92%\r", + "\r", + "Paketlisten werden gelesen... 92%\r", + "\r", + "Paketlisten werden gelesen... 93%\r", + "\r", + "Paketlisten werden gelesen... 93%\r", + "\r", + "Paketlisten werden gelesen... 94%\r", + "\r", + "Paketlisten werden gelesen... 94%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 96%\r", + "\r", + "Paketlisten werden gelesen... 97%\r", + "\r", + "Paketlisten werden gelesen... 97%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 98%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... 99%\r", + "\r", + "Paketlisten werden gelesen... Fertig\r", + "\r\n", + "\r", + "Paketlisten werden gelesen... 0%\r", + "\r", + "Paketlisten werden gelesen... 100%\r", + "\r", + "Paketlisten werden gelesen... Fertig\r", + "\r\n", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 0%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 0%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 50%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 50%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut. \r", + "\r\n", + "\r", + "Statusinformationen werden eingelesen.... 0%\r", + "\r", + "Statusinformationen werden eingelesen.... 0%\r", + "\r", + "Statusinformationen werden eingelesen.... Fertig\r", + "\r\n", + "Die folgenden NEUEN Pakete werden installiert:\r\n", + " sshpass\r\n", + "0 aktualisiert, 1 neu installiert, 0 zu entfernen und 8 nicht aktualisiert.\r\n", + "Es müssen 10,5 kB an Archiven heruntergeladen werden.\r\n", + "Nach dieser Operation werden 56,3 kB Plattenplatz zusätzlich benutzt.\r\n", + "\r", + "0% [Wird verarbeitet]\r", + " \r", + "Holen:1 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 sshpass amd64 1.05-1 [10,5 kB]\r\n", + "\r", + "0% [1 sshpass 0 B/10,5 kB 0%]\r", + " \r", + "100% [Wird verarbeitet]\r", + " \r", + "Es wurden 10,5 kB in 0 s geholt (28,3 kB/s).\r\n", + "debconf: kann Oberfläche nicht initialisieren: Dialog\r\n", + "debconf: (Die Dialog-Oberfläche funktioniert nicht auf einem Dumb-Terminal, einem Emacs-Shellbuffer oder ohne ein steuerndes Terminal.)\r\n", + "debconf: greife zurück auf die Oberfläche: Readline\r\n", + "Vormals nicht ausgewähltes Paket sshpass wird gewählt.\r\n", + "(Lese Datenbank ... \r", + "(Lese Datenbank ... 5%\r", + "(Lese Datenbank ... 10%\r", + "(Lese Datenbank ... 15%\r", + "(Lese Datenbank ... 20%\r", + "(Lese Datenbank ... 25%\r", + "(Lese Datenbank ... 30%\r", + "(Lese Datenbank ... 35%\r", + "(Lese Datenbank ... 40%\r", + "(Lese Datenbank ... 45%\r", + "(Lese Datenbank ... 50%\r", + "(Lese Datenbank ... 55%\r", + "(Lese Datenbank ... 60%\r", + "(Lese Datenbank ... 65%\r", + "(Lese Datenbank ... 70%\r", + "(Lese Datenbank ... 75%\r", + "(Lese Datenbank ... 80%\r", + "(Lese Datenbank ... 85%\r", + "(Lese Datenbank ... 90%\r", + "(Lese Datenbank ... 95%\r", + "(Lese Datenbank ... 100%\r", + "(Lese Datenbank ... 243033 Dateien und Verzeichnisse sind derzeit installiert.)\r\n", + "Vorbereitung zum Entpacken von .../sshpass_1.05-1_amd64.deb ...\r\n", + "Entpacken von sshpass (1.05-1) ...\r\n", + "Trigger für man-db (2.7.5-1) werden verarbeitet ...\r\n", + "sshpass (1.05-1) wird eingerichtet ...\r\n" + ] + } + ], + "source": [ + "sudo apt-get update\n", + "sudo apt-get install -y sshpass" + ] + }, + { + "cell_type": "code", + "execution_count": 13, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: \"/home/vagrant/.ssh/id_rsa.pub\"\r\n", + "/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n", + "/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\r\n", + "\r\n", + "Number of key(s) added: 1\r\n", + "\r\n", + "Now try logging into the machine, with: \"ssh 'vagrant@192.168.60.2'\"\r\n", + "and check to make sure that only the key(s) you wanted were added.\r\n", + "\r\n" + ] + } + ], + "source": [ + "echo 'vagrant' > passwort\n", + "sshpass -f passwort ssh-copy-id vagrant@192.168.60.2" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Da wir in Jupyter bzw. in einem Skript keine passphrase eingeben können, hier ein Workaround mit dem Kommando expect.\n", + "\n", + "https://wiki.ubuntuusers.de/Tcl/#Installation-ueber-Download" + ] + }, + { + "cell_type": "code", + "execution_count": 14, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\r", + "Paketlisten werden gelesen... 0%\r", + "\r", + "Paketlisten werden gelesen... 100%\r", + "\r", + "Paketlisten werden gelesen... Fertig\r", + "\r\n", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 0%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 0%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 50%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut.... 50%\r", + "\r", + "Abhängigkeitsbaum wird aufgebaut. \r", + "\r\n", + "\r", + "Statusinformationen werden eingelesen.... 0%\r", + "\r", + "Statusinformationen werden eingelesen.... 0%\r", + "\r", + "Statusinformationen werden eingelesen.... Fertig\r", + "\r\n", + "Die folgenden zusätzlichen Pakete werden Installiert\r\n", + " tcl-expect\r\n", + "Die folgenden NEUEN Pakete werden installiert:\r\n", + " expect tcl-expect\r\n", + "0 aktualisiert, 2 neu installiert, 0 zu entfernen und 8 nicht aktualisiert.\r\n", + "Es müssen 241 kB an Archiven heruntergeladen werden.\r\n", + "Nach dieser Operation werden 538 kB Plattenplatz zusätzlich benutzt.\r\n", + "\r", + "0% [Wird verarbeitet]\r", + " \r", + "Holen:1 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 tcl-expect amd64 5.45-7 [104 kB]\r\n", + "\r", + "0% [1 tcl-expect 0 B/104 kB 0%]\r", + " \r", + "44% [Wird verarbeitet]\r", + " \r", + "Holen:2 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 expect amd64 5.45-7 [137 kB]\r\n", + "\r", + "44% [2 expect 0 B/137 kB 0%]\r", + " \r", + "100% [Wird verarbeitet]\r", + " \r", + "Es wurden 241 kB in 0 s geholt (548 kB/s).\r\n", + "debconf: kann Oberfläche nicht initialisieren: Dialog\r\n", + "debconf: (Die Dialog-Oberfläche funktioniert nicht auf einem Dumb-Terminal, einem Emacs-Shellbuffer oder ohne ein steuerndes Terminal.)\r\n", + "debconf: greife zurück auf die Oberfläche: Readline\r\n", + "Vormals nicht ausgewähltes Paket tcl-expect:amd64 wird gewählt.\r\n", + "(Lese Datenbank ... \r", + "(Lese Datenbank ... 5%\r", + "(Lese Datenbank ... 10%\r", + "(Lese Datenbank ... 15%\r", + "(Lese Datenbank ... 20%\r", + "(Lese Datenbank ... 25%\r", + "(Lese Datenbank ... 30%\r", + "(Lese Datenbank ... 35%\r", + "(Lese Datenbank ... 40%\r", + "(Lese Datenbank ... 45%\r", + "(Lese Datenbank ... 50%\r", + "(Lese Datenbank ... 55%\r", + "(Lese Datenbank ... 60%\r", + "(Lese Datenbank ... 65%\r", + "(Lese Datenbank ... 70%\r", + "(Lese Datenbank ... 75%\r", + "(Lese Datenbank ... 80%\r", + "(Lese Datenbank ... 85%\r", + "(Lese Datenbank ... 90%\r", + "(Lese Datenbank ... 95%\r", + "(Lese Datenbank ... 100%\r", + "(Lese Datenbank ... 243038 Dateien und Verzeichnisse sind derzeit installiert.)\r\n", + "Vorbereitung zum Entpacken von .../tcl-expect_5.45-7_amd64.deb ...\r\n", + "Entpacken von tcl-expect:amd64 (5.45-7) ...\r\n", + "Vormals nicht ausgewähltes Paket expect wird gewählt.\r\n", + "Vorbereitung zum Entpacken von .../expect_5.45-7_amd64.deb ...\r\n", + "Entpacken von expect (5.45-7) ...\r\n", + "Trigger für libc-bin (2.23-0ubuntu3) werden verarbeitet ...\r\n", + "Trigger für man-db (2.7.5-1) werden verarbeitet ...\r\n", + "tcl-expect:amd64 (5.45-7) wird eingerichtet ...\r\n", + "expect (5.45-7) wird eingerichtet ...\r\n", + "Trigger für libc-bin (2.23-0ubuntu3) werden verarbeitet ...\r\n" + ] + } + ], + "source": [ + "sudo apt-get install -y expect" + ] + }, + { + "cell_type": "code", + "execution_count": 15, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [] + } + ], + "source": [ + "cp /vagrant/ssh-add-passphrase.sh ./\n", + "chmod u+x ssh-add-passphrase.sh" + ] + }, + { + "cell_type": "code", + "execution_count": 16, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "#!/usr/bin/expect -f\r\n", + "spawn ssh-add /home/vagrant/.ssh/id_rsa\r\n", + "expect \"Enter passphrase for /home/vagrant/.ssh/id_rsa:\"\r\n", + "send \"geheim\\n\";\r\n", + "interact\r\n" + ] + } + ], + "source": [ + "cat ssh-add-passphrase.sh" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Setzen der ssh-agent Umgebung für die jetzige Bashsitzung. Dies muss für jede neue Bashsitzung erneut durchgeführt werden." + ] + }, + { + "cell_type": "code", + "execution_count": 17, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "spawn ssh-add /home/vagrant/.ssh/id_rsa\r", + "\r", + "\r\n", + "Enter passphrase for /home/vagrant/.ssh/id_rsa: \r\n", + "Identity added: /home/vagrant/.ssh/id_rsa (/home/vagrant/.ssh/id_rsa)\r\n" + ] + } + ], + "source": [ + "eval `ssh-agent -s` > /dev/null\n", + "./ssh-add-passphrase.sh" + ] + }, + { + "cell_type": "code", + "execution_count": 18, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "SSH_AGENT_PID=6823\r\n", + "XDG_SESSION_ID=c1\r\n", + "SHELL=/bin/bash\r\n", + "USER=vagrant\r\n", + "LS_COLORS=\r\n", + "SSH_AUTH_SOCK=/tmp/ssh-RRBJIWd9Q84l/agent.6822\r\n", + "JPY_PARENT_PID=1269\r\n", + "PAGER=cat\r\n", + "MAIL=/var/mail/vagrant\r\n", + "PATH=/home/vagrant/.gem/ruby/2.3.0/bin:/home/vagrant/bin:/home/vagrant/.local/bin:/usr/local/lib/npm/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/snap/bin\r\n", + "NPM_CONFIG_PREFIX=/usr/local/lib/npm\r\n", + "PWD=/home/vagrant/projects\r\n", + "LANG=de_DE.UTF-8\r\n", + "NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript:/usr/local/lib/npm/lib/node_modules\r\n", + "PS1=[PEXP\\[\\]ECT_PROMPT>\r\n", + "SHLVL=2\r\n", + "HOME=/home/vagrant\r\n", + "LOGNAME=vagrant\r\n", + "LESSOPEN=| /usr/bin/lesspipe %s\r\n", + "XDG_RUNTIME_DIR=/run/user/1000\r\n", + "LESSCLOSE=/usr/bin/lesspipe %s %s\r\n", + "_=/usr/bin/env\r\n" + ] + } + ], + "source": [ + "env" + ] + }, + { + "cell_type": "code", + "execution_count": 20, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "declare -x HOME=\"/home/vagrant\"\r\n", + "declare -x JPY_PARENT_PID=\"1269\"\r\n", + "declare -x LANG=\"de_DE.UTF-8\"\r\n", + "declare -x LESSCLOSE=\"/usr/bin/lesspipe %s %s\"\r\n", + "declare -x LESSOPEN=\"| /usr/bin/lesspipe %s\"\r\n", + "declare -x LOGNAME=\"vagrant\"\r\n", + "declare -x LS_COLORS=\"\"\r\n", + "declare -x MAIL=\"/var/mail/vagrant\"\r\n", + "declare -x NODE_PATH=\"/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript:/usr/local/lib/npm/lib/node_modules\"\r\n", + "declare -x NPM_CONFIG_PREFIX=\"/usr/local/lib/npm\"\r\n", + "declare -x OLDPWD\r\n", + "declare -x PAGER=\"cat\"\r\n", + "declare -x PATH=\"/home/vagrant/.gem/ruby/2.3.0/bin:/home/vagrant/bin:/home/vagrant/.local/bin:/usr/local/lib/npm/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/snap/bin\"\r\n", + "declare -x PS1=\"[PEXP\\\\[\\\\]ECT_PROMPT>\"\r\n", + "declare -x PWD=\"/home/vagrant/projects\"\r\n", + "declare -x SHELL=\"/bin/bash\"\r\n", + "declare -x SHLVL=\"2\"\r\n", + "declare -x SSH_AGENT_PID=\"6823\"\r\n", + "declare -x SSH_AUTH_SOCK=\"/tmp/ssh-RRBJIWd9Q84l/agent.6822\"\r\n", + "declare -x USER=\"vagrant\"\r\n", + "declare -x XDG_RUNTIME_DIR=\"/run/user/1000\"\r\n", + "declare -x XDG_SESSION_ID=\"c1\"\r\n" + ] + } + ], + "source": [ + "export" + ] + }, + { + "cell_type": "code", + "execution_count": 19, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "2048 SHA256:KJ1V10SR4xSUA6dhrKkjrYB6CNwiwYPg8rewNjWZqVY /home/vagrant/.ssh/id_rsa (RSA)\r\n" + ] + } + ], + "source": [ + "ssh-add -l" + ] + }, + { + "cell_type": "code", + "execution_count": 21, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "192.168.60.2 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n" + ] + } + ], + "source": [ + "ansible lb -m ping" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "For Schleife in der Bash. Achtung erst den Maschienen-Fingerprint akzeptieren und dann den Schlüssel verteilen.\n", + "\n", + "Mehr zu Bash-Skripte unter:\n", + "\n", + "* https://wiki.ubuntuusers.de/Shell/Bash-Skripting-Guide_f%C3%BCr_Anf%C3%A4nger/" + ] + }, + { + "cell_type": "code", + "execution_count": 22, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "# 192.168.60.11:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.11:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.11:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n", + "/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\r\n", + "\r\n", + "Number of key(s) added: 1\r\n", + "\r\n", + "Now try logging into the machine, with: \"ssh 'vagrant@192.168.60.11'\"\r\n", + "and check to make sure that only the key(s) you wanted were added.\r\n", + "\r\n", + "# 192.168.60.12:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.12:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.12:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n", + "/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\r\n", + "\r\n", + "Number of key(s) added: 1\r\n", + "\r\n", + "Now try logging into the machine, with: \"ssh 'vagrant@192.168.60.12'\"\r\n", + "and check to make sure that only the key(s) you wanted were added.\r\n", + "\r\n", + "# 192.168.60.13:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.13:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.13:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n", + "/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\r\n", + "\r\n", + "Number of key(s) added: 1\r\n", + "\r\n", + "Now try logging into the machine, with: \"ssh 'vagrant@192.168.60.13'\"\r\n", + "and check to make sure that only the key(s) you wanted were added.\r\n", + "\r\n", + "# 192.168.60.21:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.21:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.21:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n", + "/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\r\n", + "\r\n", + "Number of key(s) added: 1\r\n", + "\r\n", + "Now try logging into the machine, with: \"ssh 'vagrant@192.168.60.21'\"\r\n", + "and check to make sure that only the key(s) you wanted were added.\r\n", + "\r\n", + "# 192.168.60.22:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.22:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "# 192.168.60.22:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\n", + "/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n", + "/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\r\n", + "\r\n", + "Number of key(s) added: 1\r\n", + "\r\n", + "Now try logging into the machine, with: \"ssh 'vagrant@192.168.60.22'\"\r\n", + "and check to make sure that only the key(s) you wanted were added.\r\n", + "\r\n" + ] + } + ], + "source": [ + "for i in 11 12 13 21 22\n", + "do \n", + " ssh-keyscan -H 192.168.60.${i} >> ~/.ssh/known_hosts\n", + " sshpass -f passwort ssh-copy-id vagrant@192.168.60.${i}\n", + "done" + ] + }, + { + "cell_type": "code", + "execution_count": 25, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "127.0.0.1 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n", + "192.168.60.21 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n", + "192.168.60.2 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n", + "192.168.60.11 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n", + "192.168.60.12 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n", + "192.168.60.13 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n", + "192.168.60.22 | SUCCESS => {\r\n", + " \"changed\": false, \r\n", + " \"ping\": \"pong\"\r\n", + "}\r\n" + ] + } + ], + "source": [ + "ansible all -m ping" + ] + }, + { + "cell_type": "code", + "execution_count": 24, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + " 1 echo $?\r\n", + " 2 ansible --version\r\n", + " 3 echo $?\r\n", + " 4 sudo pip install --upgrade ansible\r\n", + " 5 echo $?\r\n", + " 6 ansible --version\r\n", + " 7 echo $?\r\n", + " 8 ls -lachi /etc/ansible/\r\n", + " 9 sudo cp /vagrant/hosts /etc/ansible\r\n", + " 10 echo $?\r\n", + " 11 cat /etc/ansible/hosts\r\n", + " 12 echo $?\r\n", + " 13 ansible local -m ping\r\n", + " 14 echo $?\r\n", + " 15 ansible ctl -m ping\r\n", + " 16 echo $?\r\n", + " 17 if [ -f ~/.ssh/id_rsa ]; then rm ~/.ssh/id_rsa*; fi && ssh-keygen -t rsa -f ~/.ssh/id_rsa -N geheim\r\n", + " 18 echo $?\r\n", + " 19 ssh-keyscan -H 192.168.60.2 >> ~/.ssh/known_hosts\r\n", + " 20 echo $?\r\n", + " 21 cat ~/.ssh/known_hosts\r\n", + " 22 echo $?\r\n", + " 23 sudo apt-get update\r\n", + " 24 sudo apt-get install -y sshpass\r\n", + " 25 echo $?\r\n", + " 26 echo 'vagrant' > passwort\r\n", + " 27 sshpass -f passwort ssh-copy-id vagrant@192.168.60.2\r\n", + " 28 echo $?\r\n", + " 29 sudo apt-get install -y expect\r\n", + " 30 echo $?\r\n", + " 31 cp /vagrant/ssh-add-passphrase.sh ./\r\n", + " 32 chmod u+x ssh-add-passphrase.sh\r\n", + " 33 echo $?\r\n", + " 34 cat ssh-add-passphrase.sh\r\n", + " 35 echo $?\r\n", + " 36 eval `ssh-agent -s` > /dev/null\r\n", + " 37 ./ssh-add-passphrase.sh\r\n", + " 38 echo $?\r\n", + " 39 env\r\n", + " 40 echo $?\r\n", + " 41 ssh-add -l\r\n", + " 42 echo $?\r\n", + " 43 export\r\n", + " 44 echo $?\r\n", + " 45 ansible lb -m ping\r\n", + " 46 echo $?\r\n", + " 47 for i in 11 12 13 21 22; do ssh-keyscan -H 192.168.60.${i} >> ~/.ssh/known_hosts; sshpass -f passwort ssh-copy-id vagrant@192.168.60.${i}; done\r\n", + " 48 echo $?\r\n", + " 49 ansible all -m ping\r\n", + " 50 echo $?\r\n", + " 51 history\r\n" + ] + } + ], + "source": [ + "history " + ] + }, + { + "cell_type": "markdown", + "metadata": { + "collapsed": true + }, + "source": [ + "__Aufgabe__: Da wir öfters ein ```bash vagrant destroy``` ausführen. Wäre es sinnvoll ein Skript für das automatische Einrichten von Ansible und ssh zu haben. Erstellen Sie dieses Skript.\n", + "\n", + "Der Ansible Test funktioniert. Somit können wir mit den Playbooks weiter machen." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true + }, + "outputs": [], + "source": [] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Bash", + "language": "bash", + "name": "bash" + }, + "language_info": { + "codemirror_mode": "shell", + "file_extension": ".sh", + "mimetype": "text/x-sh", + "name": "bash" + } + }, + "nbformat": 4, + "nbformat_minor": 1 +} diff --git a/01_Playbooks.ipynb b/01_Playbooks.ipynb new file mode 100644 index 0000000..b91dd39 --- /dev/null +++ b/01_Playbooks.ipynb @@ -0,0 +1,384 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": { + "collapsed": true + }, + "source": [ + "# YAML Dateien\n", + "\n", + "\n", + "* Die erste Zeile eines Playbooks sollte mit \"---\" beginnen (drei Bindestriche). Diese zeigt den Beginn eines YAML-Dokumentes an.\n", + "* Listen in YAML werden mit einem Bindestrich \"-\" gefolgt von einem Leerraum dargestellt.\n", + "* Ein Playbook enthält eine Liste von Spielanweisungen;\n", + "Sie werden mit \"-\" dargestellt. Jedes Spiel ist ein assoziatives Array, ein Dictonary oder eine Map in Form von Schlüssel/Wert-Paaren.\n", + "* Einrückungen sind wichtig. Alle Mitglieder einer Liste sollten gleich Eingerückt sein.\n", + "* Jede Spielanwiesung kann Schlüssel-Wert-Paare enthalten, getrennt durch \":\", um Hosts, Variablen, Rollen, Aufgaben und so weiter anzugeben.\n", + "\n", + "## Weblinks\n", + "\n", + "* https://de.wikipedia.org/wiki/YAML\n", + "* http://www.yaml.org/\n", + "* http://docs.ansible.com/ansible/YAMLSyntax.html\n", + "\n", + "## Playbooks\n", + "\n", + "simple_playbook.yml\n", + "\n", + "```yaml\n", + "---\n", + "- hosts: all\n", + " remote_user: vagrant\n", + " become: yes\n", + " tasks:\n", + " - group: name=devops state=present\n", + " - name: create devops user with admin previleges\n", + " user: name=devops comment=\"Devops User\" uid=2001 group=devops\n", + " - name: install htop package\n", + " apt: name=htop state=present update_cache=yes\n", + "\n", + "- hosts: www\n", + " user: vagrant\n", + " become: yes\n", + " tasks:\n", + " - name: add official nginx repository\n", + " apt_repository: repo='ppa:nginx/stable'\n", + " - name: install nginx web server and ensure its at the latest version\n", + " apt: name=nginx state=latest\n", + " - name:\n", + " service: name=nginx state=started\n", + "```\n", + "\n", + "Alternativ\n", + "\n", + "```yaml\n", + "---\n", + "- hosts: all\n", + " remote_user: vagrant\n", + " become: yes\n", + " tasks:\n", + " - group:\n", + " name: devops\n", + " state: present\n", + " - name: create devops user with admin previleges\n", + " user:\n", + " name: devops\n", + " comment: \"Devops User\"\n", + " uid: 2001\n", + " group: devops\n", + " - name: install htop package\n", + " apt:\n", + " name: htop\n", + " state: present\n", + " update_cache: yes\n", + "\n", + "- hosts: www\n", + " user: vagrant\n", + " become: yes\n", + " tasks:\n", + " - name: add official nginx repository\n", + " apt_repository:\n", + " repo: 'ppa:nginx/stable'\n", + " - name: install nginx web server and ensure its at the latest version\n", + " apt:\n", + " name: nginx\n", + " state: latest\n", + " - name:\n", + " service:\n", + " name: nginx\n", + " state: started\n", + "```" + ] + }, + { + "cell_type": "code", + "execution_count": 1, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [] + } + ], + "source": [ + "cp /vagrant/simple_playbook.yml ./" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "spawn ssh-add /home/vagrant/.ssh/id_rsa\r", + "\r", + "\r\n", + "Enter passphrase for /home/vagrant/.ssh/id_rsa: \r\n", + "Identity added: /home/vagrant/.ssh/id_rsa (/home/vagrant/.ssh/id_rsa)\r\n" + ] + } + ], + "source": [ + "eval `ssh-agent -s` > /dev/null\n", + "./ssh-add-passphrase.sh" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\r\n", + "PLAY [all] *********************************************************************\r\n", + "\r\n", + "TASK [setup] *******************************************************************\r\n", + "ok: [192.168.60.21]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.2]\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.22]\r\n", + "ok: [localhost]\r\n", + "ok: [192.168.60.13]\r\n", + "\r\n", + "TASK [group] *******************************************************************\r\n", + "changed: [192.168.60.21]\r\n", + "changed: [192.168.60.2]\r\n", + "changed: [192.168.60.12]\r\n", + "changed: [192.168.60.22]\r\n", + "changed: [192.168.60.11]\r\n", + "changed: [localhost]\r\n", + "changed: [192.168.60.13]\r\n", + "\r\n", + "TASK [create devops user with admin previleges] ********************************\r\n", + "changed: [192.168.60.22]\r\n", + "changed: [192.168.60.11]\r\n", + "changed: [192.168.60.12]\r\n", + "changed: [192.168.60.2]\r\n", + "changed: [192.168.60.21]\r\n", + "changed: [192.168.60.13]\r\n", + "changed: [localhost]\r\n", + "\r\n", + "TASK [install htop package] ****************************************************\r\n", + "ok: [192.168.60.22]\r\n", + "ok: [192.168.60.2]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.21]\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [localhost]\r\n", + "\r\n", + "PLAY [www] *********************************************************************\r\n", + "\r\n", + "TASK [setup] *******************************************************************\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [192.168.60.12]\r\n", + "\r\n", + "TASK [add official nginx repository] *******************************************\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.11]\r\n", + "\r\n", + "TASK [install nginx web server and ensure its at the latest version] ***********\r\n", + "changed: [192.168.60.11]\r\n", + "changed: [192.168.60.12]\r\n", + "changed: [192.168.60.13]\r\n", + "\r\n", + "TASK [service] *****************************************************************\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [192.168.60.12]\r\n", + "\r\n", + "PLAY RECAP *********************************************************************\r\n", + "192.168.60.11 : ok=8 changed=3 unreachable=0 failed=0 \r\n", + "192.168.60.12 : ok=8 changed=3 unreachable=0 failed=0 \r\n", + "192.168.60.13 : ok=8 changed=3 unreachable=0 failed=0 \r\n", + "192.168.60.2 : ok=4 changed=2 unreachable=0 failed=0 \r\n", + "192.168.60.21 : ok=4 changed=2 unreachable=0 failed=0 \r\n", + "192.168.60.22 : ok=4 changed=2 unreachable=0 failed=0 \r\n", + "localhost : ok=4 changed=2 unreachable=0 failed=0 \r\n", + "\r\n" + ] + } + ], + "source": [ + "ansible-playbook simple_playbook.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Playbooks\n", + "\n", + "Wichtige Abschnitte der obigen Playbooks sind:\n", + "\n", + "1. Wer soll wie konfiguriert werden (hosts). \n", + "2. Was soll ablaufen (tasks). \n", + "\n", + "## Pattern für hosts\n", + "\n", + "Im vorherigen Playbook bestimmen die folgenden Zeilen, welche Hosts für einen Play/Spiel ausgewählt werden sollen. \n", + "Eine bestimmte Spielanweisung für:\n", + "\n", + "* hosts: all\n", + "* hosts: www\n", + "\n", + "Der erste Block wird mit allen Hosts ausgeführt. Der zweite Abschnitt/Play wird mit der www-Gruppe durchgeführt.\n", + "\n", + "Die Pattern können eine der folgenden Liste, oder ihre Kobinationen, sein:\n", + "\n", + " Pattern Beispiele\n", + " Gruppenname Name_der_Rechner (ansible inventory)\n", + " Spiel alle all oder *\n", + " Range Name_des_Rechner[0:100]\n", + " Hostnamen globs *.example.com, host01.example.com\n", + " Ausnahmen Name_der_Rechner:!diesen_nicht\n", + " Überschneidung Name_der_Rechner:&weitere_Namen\n", + " Reguläre Ausdrücke ~(nn|zk).*\\.example\\.org\n", + "\n", + "## Der Block Tasks\n", + "\n", + "Die Aufgaben für eine Gruppe (hosts). Aufgaben sind eine Folge von Aktionen, die gegen eine Gruppe von Hosts ausgeführt werden. Jedes Play enthält in der Regel mehrere Tasks, die seriell auf jeder Maschine ausgeführt werden, die dem Muster entspricht.\n", + "\n", + "Jede Aktion in einer Aufgabenliste kann deklariert werden, indem Folgendes angegeben wird:\n", + "\n", + "* Der Name des Moduls\n", + "* Optional der Zustand der verwalteten Systemkomponente\n", + "* Die optionalen Parameter\n", + "\n", + "## Module\n", + "\n", + "Module sind die gekapselten Prozeduren, die spezifischen Systemkomponenten für bestimmten Plattformen verwalten z. B. apt, user oder service.\n", + "\n", + "http://docs.ansible.com/ansible/list_of_all_modules.html\n", + "\n", + "Nichts gefunden? Dann selber schreiben:\n", + "\n", + "http://docs.ansible.com/ansible/developing_modules.html\n", + "\n", + "## Module und Idempotence\n", + "\n", + "Aus der Wikipedia (10/2016) \"Analog dazu wird in der Informatik ein Stück Programmcode, das mehrfach hintereinander ausgeführt das gleiche Ergebnis wie bei einer einzigen Ausführung liefert, als idempotent bezeichnet.\"" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\r\n", + "PLAY [all] *********************************************************************\r\n", + "\r\n", + "TASK [setup] *******************************************************************\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.21]\r\n", + "ok: [192.168.60.2]\r\n", + "ok: [192.168.60.22]\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [localhost]\r\n", + "\r\n", + "TASK [group] *******************************************************************\r\n", + "ok: [192.168.60.2]\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.21]\r\n", + "ok: [192.168.60.22]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [localhost]\r\n", + "ok: [192.168.60.13]\r\n", + "\r\n", + "TASK [create devops user with admin previleges] ********************************\r\n", + "ok: [192.168.60.21]\r\n", + "ok: [192.168.60.2]\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.22]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [localhost]\r\n", + "\r\n", + "TASK [install htop package] ****************************************************\r\n", + "ok: [192.168.60.21]\r\n", + "ok: [192.168.60.2]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.22]\r\n", + "ok: [localhost]\r\n", + "ok: [192.168.60.13]\r\n", + "\r\n", + "PLAY [www] *********************************************************************\r\n", + "\r\n", + "TASK [setup] *******************************************************************\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.12]\r\n", + "\r\n", + "TASK [add official nginx repository] *******************************************\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [192.168.60.12]\r\n", + "\r\n", + "TASK [install nginx web server and ensure its at the latest version] ***********\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.13]\r\n", + "\r\n", + "TASK [service] *****************************************************************\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.13]\r\n", + "\r\n", + "PLAY RECAP *********************************************************************\r\n", + "192.168.60.11 : ok=8 changed=0 unreachable=0 failed=0 \r\n", + "192.168.60.12 : ok=8 changed=0 unreachable=0 failed=0 \r\n", + "192.168.60.13 : ok=8 changed=0 unreachable=0 failed=0 \r\n", + "192.168.60.2 : ok=4 changed=0 unreachable=0 failed=0 \r\n", + "192.168.60.21 : ok=4 changed=0 unreachable=0 failed=0 \r\n", + "192.168.60.22 : ok=4 changed=0 unreachable=0 failed=0 \r\n", + "localhost : ok=4 changed=0 unreachable=0 failed=0 \r\n", + "\r\n" + ] + } + ], + "source": [ + "ansible-playbook simple_playbook.yml" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Bash", + "language": "bash", + "name": "bash" + }, + "language_info": { + "codemirror_mode": "shell", + "file_extension": ".sh", + "mimetype": "text/x-sh", + "name": "bash" + } + }, + "nbformat": 4, + "nbformat_minor": 1 +} diff --git a/02_Rollen.ipynb b/02_Rollen.ipynb new file mode 100644 index 0000000..1cf6ca9 --- /dev/null +++ b/02_Rollen.ipynb @@ -0,0 +1,675 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Modular mit Ansible Rollen\n", + "\n", + "Würde man seine Infrastruktur mit Webservern, Datenbanken, Loadbalancer, Queues und so weiter in einem Playbook verwalten, würde dies zu einer riesigen Abfolge von Aktionen in __einem__ Skript führen.\n", + "\n", + "Darüber hinaus kann man eine Teil z.B. Datenbanken nicht in anderen Projekten weiter verwenden.\n", + "\n", + "Hier kommen Rollen ins Spiel. Zum Beispiel für:\n", + "\n", + "* nginx\n", + "* mysql\n", + "* mongodb\n", + "* tomcat\n", + "* ...\n", + "\n", + "Hier zunächst die Rolle für den Webserver nginx." + ] + }, + { + "cell_type": "code", + "execution_count": 1, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "spawn ssh-add /home/vagrant/.ssh/id_rsa\r", + "\r", + "\r\n", + "Enter passphrase for /home/vagrant/.ssh/id_rsa: \r\n", + "Identity added: /home/vagrant/.ssh/id_rsa (/home/vagrant/.ssh/id_rsa)\r\n" + ] + } + ], + "source": [ + "eval `ssh-agent -s` > /dev/null\n", + "./ssh-add-passphrase.sh" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [] + } + ], + "source": [ + "cp -R /vagrant/Kap2_Rollen ./" + ] + }, + { + "cell_type": "code", + "execution_count": 1, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [] + } + ], + "source": [ + "cd Kap2_Rollen" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "/home/vagrant/projects/Kap2_Rollen\r\n" + ] + } + ], + "source": [ + "pwd" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + ".\r\n", + "|-- customhosts\r\n", + "|-- roles\r\n", + "| |-- base\r\n", + "| | `-- tasks\r\n", + "| | `-- main.yml\r\n", + "| `-- nginx\r\n", + "| |-- files\r\n", + "| | |-- default.conf\r\n", + "| | `-- index.html\r\n", + "| |-- handlers\r\n", + "| | `-- main.yml\r\n", + "| |-- meta\r\n", + "| | `-- main.yml\r\n", + "| `-- tasks\r\n", + "| |-- configure.yml\r\n", + "| |-- install.yml\r\n", + "| |-- main.yml\r\n", + "| `-- service.yml\r\n", + "|-- site.yml\r\n", + "`-- www.yml\r\n", + "\r\n", + "8 directories, 12 files\r\n" + ] + } + ], + "source": [ + "tree --charset=ascii" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Rollen werden u.a. unter dem Ordner roles/ abgelegt. Können aber auch über mehrere Ordner verteilt abgelegt werden wie z.B. /deploy/ansible/roles und /deploy/ansible/community/roles.\n", + "Dies kann über eine Datei ansible.cfg mit dem Eintrag\n", + " \n", + " roles_path = /deploy/ansible/roles:/deploy/ansible/community/roles\n", + " \n", + "geschehen.\n", + "\n", + "Mehr über Rollen hier: http://docs.ansible.com/ansible/playbooks_roles.html\n", + "\n", + "und über ansible.cfg: http://docs.ansible.com/ansible/intro_configuration.html\n", + "\n", + "Jede Rolle bekommt einen Ornder mit ihrem Rolen-Namen. Diese Ornder können weitere Unterordner haben. Der wichtigste ist der tasks/ Ordner. Es gibt aber noch weitere wichtige Ordner wie handlers/, templates/, files/, meta/, vars/ uvw. Normalerweise beinhalten alle diese Ornder eine Datei mit dem Namen main.yml.\n", + "\n", + "Wie können Rollen aufgerufen werden? Schauen wir uns das Playbook site.yml an:" + ] + }, + { + "cell_type": "code", + "execution_count": 6, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "---\r\n", + "# This is a sitewide playbook\r\n", + "- include: www.yml\r\n" + ] + } + ], + "source": [ + "cat site.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "In Playbooks können Teile mit include eingebunden werde. Diese werden im aktuellen Verzeichnis gesucht, wenn kein absoluter/relativer Pfad angegeben wurde.\n", + "\n", + "Mehr über Include: http://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse\n", + "\n", + "Hier der Inhalt von www.yml" + ] + }, + { + "cell_type": "code", + "execution_count": 7, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "---\r\n", + "- hosts: www\r\n", + " remote_user: vagrant\r\n", + " become: yes\r\n", + " pre_tasks:\r\n", + " - debug: \r\n", + " msg: 'I\":\" Beginning to configure web server..'\r\n", + "\r\n", + " roles:\r\n", + " - nginx\r\n", + "\r\n", + " post_tasks:\r\n", + " - debug:\r\n", + " msg: 'I\":\" Done configuring nginx web server...'\r\n" + ] + } + ], + "source": [ + "cat www.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Diese Playbook wird nur für die Gruppe __www__ ausgeführt.\n", + "\n", + "Der Abschnitt __pre_tasks__ bzw. __post_tasks__ wird vor bzw. nachdem Task Abschnitt ausgeführt.\n", + "\n", + "Unser Task Block wird hier durch eine Rolle __nginx__ abgebildet.\n", + "\n", + "Schauen wir uns zunächst den Meta (Beschreibung) zu dieser Rolle an." + ] + }, + { + "cell_type": "code", + "execution_count": 8, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "---\r\n", + "dependencies:\r\n", + " - { role: base}\r\n", + "\r\n" + ] + } + ], + "source": [ + "cat roles/nginx/meta/main.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Die Rolle nginx ist Abhängig von der Rolle base. Daher hier die Rolle base." + ] + }, + { + "cell_type": "code", + "execution_count": 9, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "---\r\n", + "# essential tasks. should run on all nodes\r\n", + " - name: creating devops group \r\n", + " group: name=devops state=present\r\n", + " - name: create devops user with admin previleges\r\n", + " user: name=devops comment=\"Devops User\" uid=2001 group=devops\r\n", + " - name: install htop package\r\n", + " action: apt name=htop state=present update_cache=yes\r\n" + ] + } + ], + "source": [ + "cat roles/base/tasks/main.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Hier werden unser User, Gruppen und Grundlegende Pakete installiert.\n", + "\n", + "Schauen wir uns die Rolle nginx im Ordner tasks/ näher an." + ] + }, + { + "cell_type": "code", + "execution_count": 10, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "---\r\n", + "# This is main tasks file for nginx role\r\n", + " - include: install.yml\r\n", + " - include: configure.yml\r\n", + " - include: service.yml\r\n", + "\r\n", + " \r\n", + "---\r\n", + " - name: add official nginx repository\r\n", + " apt_repository: repo='deb http://nginx.org/packages/ubuntu/ lucid nginx'\r\n", + " - name: install nginx web server and ensure its at the latest version\r\n", + " apt: name=nginx state=latest force=yes\r\n", + "---\r\n", + " - name: create default site configurations \r\n", + " copy: src=default.conf dest=/etc/nginx/conf.d/default.conf mode=0644\r\n", + " notify: \r\n", + " - restart nginx service\r\n", + " - name: create home page for default site\r\n", + " copy: src=index.html dest=/usr/share/nginx/html/index.html\r\n", + "\r\n", + "---\r\n", + " - name: start nginx service\r\n", + " service: name=nginx state=started\r\n" + ] + } + ], + "source": [ + "cat roles/nginx/tasks/main.yml \\\n", + " roles/nginx/tasks/install.yml \\\n", + " roles/nginx/tasks/configure.yml \\\n", + " roles/nginx/tasks/service.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Die install.yml sorgt fügt das nginx repro ein und installiert die neuster Version von nginx. Auch wenn diese schon installiert wurde.\n", + "\n", + "In der configure.yml wird die Datei default.conf aus dem Ordner files/ der Rolle nginx auf dem entsprechenden Pfad kopiert.\n", + "\n", + "ACHTUNG: Das Modul copy schaut im Ordner files/ nach ob die Datei default.conf existiert. Somit sind Rollen unabhängig von ihrer Installation." + ] + }, + { + "cell_type": "code", + "execution_count": 11, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "server {\r\n", + " listen 80;\r\n", + " server_name localhost;\r\n", + "\r\n", + " location / {\r\n", + " root /usr/share/nginx/html;\r\n", + " index index.html;\r\n", + " }\r\n", + "}\r\n" + ] + } + ], + "source": [ + "cat roles/nginx/files/default.conf" + ] + }, + { + "cell_type": "code", + "execution_count": 12, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\r\n", + " \r\n", + "

Ole Ole Ole

\r\n", + "

Welcome to FIFA World Cup News Portal

\r\n", + " \r\n", + "\r\n" + ] + } + ], + "source": [ + "cat roles/nginx/files/index.html" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "In der Datei configure.yml wird der Handler \"restart nginx serice\" aufgerufen. Dieser wird über den Ordner handlers/ in der main.yml gesucht und gefunden.\n", + "\n", + "Mehr hierzu unter: http://docs.ansible.com/ansible/playbooks_intro.html#handlers-running-operations-on-change" + ] + }, + { + "cell_type": "code", + "execution_count": 13, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "---\r\n", + "- name: restart nginx service\r\n", + " service: name=nginx state=restarted\r\n", + "\r\n" + ] + } + ], + "source": [ + "cat roles/nginx/handlers/main.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Eine lokales Inventory wird hier auch definiert." + ] + }, + { + "cell_type": "code", + "execution_count": 14, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "[local]\r\n", + "localhost ansible_connection=local\r\n", + "\r\n", + "[www]\r\n", + "192.168.60.11 ansible_ssh_user=vagrant\r\n", + "192.168.60.12 ansible_ssh_user=vagrant\r\n", + "192.168.60.13 ansible_ssh_user=vagrant\r\n", + "\r\n", + "[lb]\r\n", + "192.168.60.2 ansible_ssh_user=vagrant\r\n", + "\r\n", + "[db]\r\n", + "192.168.60.21 ansible_ssh_user=vagrant\r\n", + "192.168.60.22 ansible_ssh_user=vagrant\r\n" + ] + } + ], + "source": [ + "cat customhosts" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Hier der Auffruf:" + ] + }, + { + "cell_type": "code", + "execution_count": 15, + "metadata": { + "collapsed": false, + "scrolled": true + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "statically included: /home/vagrant/projects/Kap2_Rollen/roles/nginx/tasks/install.yml\r\n", + "statically included: /home/vagrant/projects/Kap2_Rollen/roles/nginx/tasks/configure.yml\r\n", + "statically included: /home/vagrant/projects/Kap2_Rollen/roles/nginx/tasks/service.yml\r\n", + "\r\n", + "PLAY [www] *********************************************************************\r\n", + "\r\n", + "TASK [setup] *******************************************************************\r\n", + "ok: [192.168.60.12]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.13]\r\n", + "\r\n", + "TASK [debug] *******************************************************************\r\n", + "ok: [192.168.60.11] => {\r\n", + " \"msg\": \"I\\\":\\\" Beginning to configure web server..\"\r\n", + "}\r\n", + "ok: [192.168.60.12] => {\r\n", + " \"msg\": \"I\\\":\\\" Beginning to configure web server..\"\r\n", + "}\r\n", + "ok: [192.168.60.13] => {\r\n", + " \"msg\": \"I\\\":\\\" Beginning to configure web server..\"\r\n", + "}\r\n", + "\r\n", + "TASK [base : creating devops group] ********************************************\r\n", + "changed: [192.168.60.11]\r\n", + "changed: [192.168.60.12]\r\n", + "changed: [192.168.60.13]\r\n", + "\r\n", + "TASK [base : create devops user with admin previleges] *************************\r\n", + "changed: [192.168.60.13]\r\n", + "changed: [192.168.60.12]\r\n", + "changed: [192.168.60.11]\r\n", + "\r\n", + "TASK [base : install htop package] *********************************************\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [192.168.60.12]\r\n", + "\r\n", + "TASK [nginx : add official nginx repository] ***********************************\r\n", + "changed: [192.168.60.12]\r\n", + "changed: [192.168.60.13]\r\n", + "changed: [192.168.60.11]\r\n", + "\r\n", + "TASK [nginx : install nginx web server and ensure its at the latest version] ***\r\n", + "changed: [192.168.60.12]\r\n", + "changed: [192.168.60.13]\r\n", + "changed: [192.168.60.11]\r\n", + "\r\n", + "TASK [nginx : create default site configurations] ******************************\r\n", + "changed: [192.168.60.11]\r\n", + "changed: [192.168.60.13]\r\n", + "changed: [192.168.60.12]\r\n", + "\r\n", + "TASK [nginx : create home page for default site] *******************************\r\n", + "changed: [192.168.60.11]\r\n", + "changed: [192.168.60.13]\r\n", + "changed: [192.168.60.12]\r\n", + "\r\n", + "TASK [nginx : start nginx service] *********************************************\r\n", + "ok: [192.168.60.13]\r\n", + "ok: [192.168.60.11]\r\n", + "ok: [192.168.60.12]\r\n", + "\r\n", + "RUNNING HANDLER [nginx : restart nginx service] ********************************\r\n", + "changed: [192.168.60.11]\r\n", + "changed: [192.168.60.13]\r\n", + "changed: [192.168.60.12]\r\n", + "\r\n", + "TASK [debug] *******************************************************************\r\n", + "ok: [192.168.60.11] => {\r\n", + " \"msg\": \"I\\\":\\\" Done configuring nginx web server...\"\r\n", + "}\r\n", + "ok: [192.168.60.12] => {\r\n", + " \"msg\": \"I\\\":\\\" Done configuring nginx web server...\"\r\n", + "}\r\n", + "ok: [192.168.60.13] => {\r\n", + " \"msg\": \"I\\\":\\\" Done configuring nginx web server...\"\r\n", + "}\r\n", + "\r\n", + "PLAY RECAP *********************************************************************\r\n", + "192.168.60.11 : ok=12 changed=7 unreachable=0 failed=0 \r\n", + "192.168.60.12 : ok=12 changed=7 unreachable=0 failed=0 \r\n", + "192.168.60.13 : ok=12 changed=7 unreachable=0 failed=0 \r\n", + "\r\n" + ] + } + ], + "source": [ + "ansible-playbook -i customhosts site.yml" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Beachten Sie dabie folgendes:\n", + "\n", + "* Die pre_tasks und post_tasks Ausführung.\n", + "* Die Rolle base wird ausgeführt. Warum?\n", + "\n", + "Der Funktiontest könnte so aussehen:" + ] + }, + { + "cell_type": "code", + "execution_count": 16, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "phpMyAdmin
\r\n", + "
\r\n", + " \"phpMyAdmin\"\r\n", + "

Welcome to phpMyAdmin

\r\n", + "
Language
\r\n", + "
\r\n", + " \r\n", + "
\r\n", + "
\r\n", + " Log in\"Documentation\"
\r\n", + " \r\n", + " \r\n", + "
\r\n", + "
\r\n", + " \r\n", + " \r\n", + "
\r\n", + " \r\n", + "
\r\n", + "
\r\n", + "
\r\n", + "
" + ] + } + ], + "source": [ + "curl 192.168.60.11" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "collapsed": true + }, + "source": [ + "OOPS: Da leckt noch Öl raus, da muss man noch bei.\n", + "\n", + "M.a.W: Es wird noch die pma geladen und nicht unsere Webseite. Unsere Rolle muss noch angepasste werden." + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Bash", + "language": "bash", + "name": "bash" + }, + "language_info": { + "codemirror_mode": "shell", + "file_extension": ".sh", + "mimetype": "text/x-sh", + "name": "bash" + } + }, + "nbformat": 4, + "nbformat_minor": 1 +}