Skip to main content

Ansible

簡介

Ansible是一套軟體工具,其可實現基礎架構即程式碼。它是開源的,並且該套件包括軟體供應、組態管理和應用程式部署等功能。 Ansible 最初由 Michael DeHaan 編寫,並於 2015 年被Red Hat收購,其旨在自動化設定類 Unix系統和Microsoft Windows 的環境。

Commands

# 列出 lookup 可用的 plugins
# Usage:
# motd_value: "{{ lookup('file', '/etc/motd') }}"
ansible-doc -l -t lookup

Ansible Semaphore

Install with Docker

Create the directory

mkdir playbooks
mkdir config
chown 1001:1001 config

docker-compose.yml:

---
volumes:
  semaphore-mysql:
    driver: local
services:
  mysql:
    image: mysql:8.0
    hostname: mysql
    volumes:
      - semaphore-mysql:/var/lib/mysql
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE=semaphore
      - MYSQL_USER=semaphore
      - MYSQL_PASSWORD=secret-password  # change!
    restart: unless-stopped
  semaphore:
    container_name: ansiblesemaphore
    image: semaphoreui/semaphore:v2.8.90
    user: 1001:1001 # change if needed
    ports:
      - 3000:3000
    environment:
      - SEMAPHORE_DB_USER=semaphore
      - SEMAPHORE_DB_PASS=secret-password  # change!
      - SEMAPHORE_DB_HOST=mysql
      - SEMAPHORE_DB_PORT=3306
      - SEMAPHORE_DB_DIALECT=mysql
      - SEMAPHORE_DB=semaphore
      - SEMAPHORE_ADMIN_PASSWORD=secret-admin-password  # change!
      - SEMAPHORE_ADMIN_NAME=admin
      - SEMAPHORE_ADMIN_EMAIL=admin@localhost
      - SEMAPHORE_ADMIN=admin
      - SEMAPHORE_ACCESS_KEY_ENCRYPTION=  # add to your access key encryption !
      - ANSIBLE_HOST_KEY_CHECKING=false  # (optional) change to true if you want to enable host key checking
    volumes:
      - ./inventory/:/inventory:ro
      - ./authorized-keys/:/authorized-keys:ro
      - ./config/:/etc/semaphore:rw
      - ./playbooks:/playbooks:ro
    restart: unless-stopped
    depends_on:
      - mysql

You must specify following confidential variables:

  • MYSQL_PASSWORD and SEMAPHORE_DB_PASS — password for the MySQL user.
  • SEMAPHORE_ADMIN_PASSWORD — password for the Semaphore's admin user.
  • SEMAPHORE_ACCESS_KEY_ENCRYPTION — key for encrypting access keys in database. It must be generated by using the following command: head -c32 /dev/urandom | base64.
Get Started
    Create New Project New Key:
      Name1: None Type1: None Name2: ssh_alang Type2: SSH Key Username2: alang Private key2: <Key-String> Name3: sudo_alang Type3: Login with password Login3: alang Password3: <password> New Repository:
        Name: Local Path: /playbooks Access Key: None

         

        AWX

        RedHat 8.7

        相依性套件

        dnf update
reboot
dnf install ansible-core openssl-libs
dnf group install "Development Tools"
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf install python39-setuptools_scm

        AWX

        git clone -b 22.3.0 https://github.com/ansible/awx.git
cd awx

# 如果要自訂密碼,可以編輯檔案;也可以跳過
#vi tools/docker-compose/inventory

make docker-compose-build
cp Makefile{,.orig}
sed -i 's/^\(DOCKER_COMPOSE ?=\).*/\1 docker compose/' Makefile
make docker-compose

        指令會在前景保持執行,下面的其他操作要在另外一個終端機執行。

        AWX Web UI: https://server.ip.adress:8043/

        網頁顯示錯誤訊息:

        <% if (process.env.NODE_ENV === 'production') { %> <% } %> <% if (process.env.NODE_ENV === 'production') { %> <% } else { %> <% } %> <% if (process.env.NODE_ENV === 'production') { %>

        Clean and build the UI

        docker exec tools_awx_1 make clean-ui ui-devel

        輸出內容停在以下訊息

        Creating an optimized production build...
        Browserslist: caniuse-lite is outdated. Please run:
          npx update-browserslist-db@latest
          Why you should do it regularly: https://github.com/browserslist/update-db#readme

        Ctrl + C 離開

        docker exec -it tools_awx_1 bash
> cd /awx_devel/awx/ui
> npx update-browserslist-db@latest
> exit

        再執行一次

        docker exec tools_awx_1 make clean-ui ui-devel

        如果成功執行,輸出結果如下:

        The project was built assuming it is hosted at ./.
        You can control this with the homepage field in your package.json.

        The build folder is ready to be deployed.

        Find out more about deployment here:

          https://cra.link/deployment

        touch awx/ui/.ui-built
        make[1]: Leaving directory '/awx_devel'

        重啟 AWX 主程式執行

        先 Ctrl + C 中止 container,再執行

        make docker-compose

        瀏覽網頁:https://server.ip.adress:8043/

        awx-login.png

        帳號:admin ,密碼:{在 log 裡}

        Q & A

        No match for argument: rsyslog-8.2102.0-106.el9

        Solution:

        cp tools/ansible/roles/dockerfile/templates/Dockerfile.j2{,.orig}
sed -i 's/rsyslog-8.[0-9a-z\.\-]*/rsyslog/g' tools/ansible/roles/dockerfile/templates/Dockerfile.j2

        AWX Commands

        啟動 AWX

        # 前景運行
cd awx-repo/
make docker-compose

# 背景運行
make docker-compose COMPOSE_UP_OPTS=-d

        停止 AWX

        docker stop tools_awx_1 tools_postgres_1 tools_redis_1

        Create an admin user

        docker exec -ti tools_awx_1 awx-manage createsuperuser

        Back to top