Ansible
------------------------------------------------------------------------------------------------------------
Playbook Format
------------------------------------------------------------------------------------------------------------
- name: play1
hosts: class
become: true
tasks:
- name: Adding user
user:
name: ansible
comment: "GECOS VALUE"
groups: wheel
password:changeme
generate_ssh_key: yes
createhome: yes
tags:
- useradd
- name: Deleting user
user:
name: ansible
state: absent
tags:
- userdel
------------------------------------------------------------------------------------------------------------------------
Basic Commands
------------------------------------------------------------------------------------------------------------------------
Running ansible playbook
# ansible-playbook playbook.yml
Running commands using ssh and sudo password
# ansible-playbook user.yaml -u username --ask-pass --ask-su-pass
Dry run
ansible-playbook -C user.yaml
Syntax Check
# ansible-playbook --syntax-check user.yaml
To enter encrypted password in palybbok
# openssl passwd -1 "plaintextpassword"
To set password of vault:
# ansible-vault encrypt playbook.yml
To edit encrypted yml file:
# ansible-vault edit playbook.yml
To decrypt password:
# ansible-vault decrypt playbook.yml
To run encrypted playbook:
# ansible-vault playbook.yml --ask-vault-pass
To run playbook using tags:
# ansible-playbook playbook.yml --tags tag-name
Creating roles
# ansible-galaxy init users
-----------------------------------------------------------------------------------------------------------------------------
Roles directory structure
-----------------------------------------------------------------------------------------------------------------------------
defaults: default variables used by a role
vars: vars and defaults house variables, but variables in vars have a higher priority
files: where you put files that need to be added to the machine being provisioned
handlers: contain targets for notify directives, and are almost always associated with services
meta: metadata of an Ansible role consists of attributes such as author, supported platforms, and dependencies
tasks: houses a series of Ansible plays to install, configure, and run software
templates: similar to files except that templates support modification as they’re added to the machine being provisioned
-----------------------------------------------------------------------------------------------------------------------------
Configuration file
-----------------------------------------------------------------------------------------------------------------------------
[defaults]
inventory=/home/ansible/inventory -- location of inventory file
remote_user=username -- User used to execute tasks
forks=5 -- Tasks will be executed on 5 hosts in parallel
[priviledge_escalation]
become=True -- To activate priviledges escalation
become_method=sudo -- Method used for root priviledges
become_ask_pass=True -- Ask for sudo password
become_user=username -- the user you become, NOT the user you login as
-----------------------------------------------------------------------------------------------------------------------------
delegate_to keyword
-----------------------------------------------------------------------------------------------------------------------------
If you want to perform a task on one host with reference to other hosts
- name: take out of load balancer pool
command: /usr/bin/take_out_of_pool {{ inventory_hostname }}
delegate_to: 127.0.0.1
-----------------------------------------------------------------------------------------------------------------------------
Register variable
-----------------------------------------------------------------------------------------------------------------------------
It will store the output in variable and we can use output later
- name: Ansible register with_items example
shell: "find *.txt"
args:
chdir: "/Users/mdtutorials2/Documents/Ansible"
register: with_output
- shell: "cp {{ item }} {{item}}_bkp"
with_items:
- "{{ with_output.stdout_lines }}"
- name: User creation and deletion evidence
shell: "echo On {{inventory_hostname}} && getent passwd testing"
tags:
- evidence
register: output
- name: local file
copy:
content: "{{ output.stdout }}"
dest: "evidence.txt"
delegate_to: localhost
tags:
- fetch
-----------------------------------------------------------------------------------------------------------------------------
Command Line options
-----------------------------------------------------------------------------------------------------------------------------
--ask-su-pass
ask for su password (deprecated, use become)
--ask-sudo-pass
ask for sudo password (deprecated, use become)
--ask-vault-pass
ask for vault password
--become-method <BECOME_METHOD>
privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun | enable ]
--become-user <BECOME_USER>
run operations as this user (default=root)
--list-hosts
outputs a list of matching hosts; does not execute anything else
--playbook-dir <BASEDIR>
Since this tool does not use playbooks, use this as a subsitute playbook directory.This sets the relative path for many features including roles/ group_vars/ etc.
--syntax-check
perform a syntax check on the playbook, but do not execute it
-C, --check
don’t make any changes; instead, try to predict some of the changes that may occur
-K, --ask-become-pass
ask for privilege escalation password
-f <FORKS>, --forks <FORKS>
specify number of parallel processes to use (default=5)
-i, --inventory, --inventory-file
specify inventory host path or comma separated host list. –inventory-file is deprecated
-k, --ask-pass
ask for connection password
-t <TREE>, --tree <TREE>
log output to this directory
run_once: true -- means to run the task for exactly one host in the list of hosts.
-----------------------------------------------------------------------------------------------------------------------------------
Modules
------------------------------------------------------------------------------------------------------------------------------------
yum:
name: "httpd", "*", "@Development tools"
state: present, absent, latest
security: yes
enablerepo: "epel,ol7_latest"
disablerepo: "epel,ol7_latest"
update_cache: yes, no
exclude: kernel*,foo*
apt:
name: foo, "*"
update_cache: yes
state: present, absent, latest
upgrade: dist
autoclean: yes
autoremove: yes
user:
name: johnd
comment: John Doe
uid: 1040
group: admin
shell: /bin/bash
groups: admins,developers
append: yes
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
expires: 1422403387
state: absent, present
update_password: on_create
lvol:
vg: firefly
lv: test
size: 512, 100%FREE, +100%FREE, 80%VG
pvs: /dev/sda,/dev/sdb
resizefs: true
state: absent
force: yes
snapshot: snap1
#!/bin/sh
free -m | awk 'NR==2{printf "Memory Usage: %s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }'
df -h | awk '$NF=="/"{printf "Disk Usage: %d/%dGB (%s)\n", $3,$2,$5}'
top -bn1 | grep load | awk '{printf "CPU Load: %.2f\n", $(NF-2)}'
setup variables:
"ansible_system_vendor": "VMware, Inc.",
"ansible_swapfree_mb": 1999,
"ansible_swaptotal_mb": 1999,
"ansible_system": "Linux",
"ansible_processor_cores": 1,
"ansible_processor_count": 1,
"ansible_processor_threads_per_core": 1,
"ansible_nodename": "mbunixlmc801",
"ansible_os_family": "Debian",
"ansible_memtotal_mb": 2000,
"ansible_mounts":
"ansible_memfree_mb": 924,
"ansible_memory_mb":
"ansible_lsb":
"ansible_kernel":
"ansible_fqdn": "mbunixlmc801.ucsfmedicalcenter.org",
"ansible_hostname": "mbunixlmc801",
"ansible_interfaces":
"ansible_domain": "ucsfmedicalcenter.org",
"ansible_distribution": "Ubuntu",
"ansible_distribution_version": "16.04",
"ansible_dns":
"ansible_devices.sda.partitions":
"ansible_default_ipv4":
"ansible_bios_date": "09/21/2015",
"ansible_bios_version": "6.00",
Thursday, 31 May 2018
Ansible Cheat Sheet
Tuesday, 29 May 2018
Docker Cheat Sheet
Docker ========================================== Process ID 1 of any container is very critical. If we stop that process, container will stop 1. To search docker image in repository # docker search container-name 2. To check downloaded images # docker images 3. To check running docker containers # docker ps 4. To check all docker containers on system # docker ps -a 5. To check container configuration like IP, gateway etc. # docker inspect docker-name 6. To run a container # docker run -it --name fedora-web -d fedora /bin/bash # docker run -it --net my_network ubuntu:14.04 # docker run -it -p 8080:80 --name apache2-web apache2:1.1 docker run -it --name ubutnu-mem -m 500M -d ubuntu /bin/bash -d -- to run container in backgroud -p -- to map host ports with container port -i -- Keep STDIN open even if not attached -m -- to set memory limit 7. To build image using running container # docker commit -m "ubuntu-db image" ubuntu-db umeshso/ubuntu-db:1.0 8. To create our own network # docker network create my_network # docker network ls 9. To remove container # docker rm container-ID/container-name 10. To remove container image # docker rmi container-ID 11. To build docker from Dockerfile # docker build -t apache2:1.1 . --- -t is used to tag the image 12. To execute command in docker # docker exec -it ubuntu-db mysqladmin status # docker exec -it ubuntu-web service apache2 status 13. To login into container # docker attach ubuntu-db 14. To start and stop container # docker start container-name/ID # docker stop container-name/ID 15. To download and upload image from repo # docker pull image-name # docker push image-name 16. To check stats # docker stats --all CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 6c5485af8267 0.03% 336 MiB / 1.953 GiB 16.80% 1.11 MB / 1.97 MB 383 MB / 144 MB 34 c05ba59feed4 0.00% 78.1 MiB / 1.953 GiB 3.90% 96.1 MB / 12.7 MB 147 MB / 204 MB 12 17. To monitor container # docker logs container-ID # docker top container-ID 18. To check docker info # docker info 19. Enable swappiness # add below line /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1" # update-grub 20. To update resources docker update --cpuset-cpus "1" --memory "1g" docker-id 21. Build parameters FROM: - Base image to be used RUN: - allows you to install your application and packages required for it. CMD: - the command the container executes by default when you launch the built image. Dockerfile have only one CMD. COPY: - copy files from main host to container WORKDIR: - Set the current working directory EXPOSE: - Ports to open ENV: - to update the PATH environment variable for the software your container installs USER - to add user and group into container ENTRYPOINT: - should be defined when using the container as an executable. CMD is the default argument to container. Without entrypoint, default argument is command that is executed. With entrypoint, cmd is passed to entrypoint as argument. The ENTRYPOINT specifies a command that will always be executed when the container starts. The CMD specifies arguments that will be fed to the ENTRYPOINT. Example: ----------------------------------------------------------------------------------------------------------------- FROM ubuntu MAINTAINER umesh.bhatia@ucsf.edu EXPOSE 80 443 RUN mkdir /data WORKDIR /data RUN apt-get update && apt-get install -y apache2 RUN service apache2 start COPY 000-default.conf /etc/apache2/sites-enabled/000-default.conf CMD [ "/bin/bash" ] 22. Swarm To initialize: - # docker swarm init --advertise-addr 192.168.56.101 To check swarm configuration: - # docker info To join worker in cluster: - # docker swarm join-token worker To join manager in cluster: - # docker swarm join-token manager To create service in cluster: - # docker service create -p 8080:80 --name webserver nginx To create replicas for services: - # docker service create --name replicated_service --replicas 3 nginx To create service globally on all nodes: - # docker service create --name global_service --mode global nginx To list services running on cluster: - # docker service ls To check nodes for services: - # docker service ps global_service To increase replicas: - # docker service scale replicated_service=5 To check info of services running on cluster: - # docker service inspect --pretty replicated_service To remove services: - # docker service rm webserver
Subscribe to:
Posts (Atom)