How to mount cifs [ansible]

March 31, 2020 Leave a comment

Simple ansible play too mount samba/cifs share using credential file.

- name: "mount share"
    mount:
     state: "mounted"
     fstype: "cifs"
     name: /mnt/win/
     src: "//192.168.1.86/instshare"
     opts: "credentials=/root/.smb_passwords,file_mode=0644,dir_mode=0755,gid=root,uid=root"

Credential file looks like

# cat /root/.smb_passwords
username=my_name
password=strong_password

It’s also usefull to umount folder

  - name: Unmount
    mount:
     path: /mnt/win/
     state: unmounted

Filed under Ansible Tagged with

How to copy multiple files (wildcard) [ansible]

March 18, 2019 Leave a comment

Jednoduchy play na skopirovanie viacerych adresarov medzi servermi.

- hosts: {{ my_host}}
  user: root
  tasks:
  - name: copy certs
    copy:
       src: "{{ item }}"
       dest: "/etc/letsencrypt/live/dubnik.sk/"
    with_fileglob:
       - "/etc/ansible/files/dubnik/*.pem"

  - systemd:
       name: restart http service
       state: restarted

Filed under Ansible Tagged with

Deploy zabbix agent via ansible

October 30, 2018 Leave a comment 

- hosts: '{{ my_host }}'
  user: root
  tasks:
    ### Pridame centos zabbix repository
    - name: Install zabbix repo
      yum:
       name: http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
       state: present
    
     ### Naninstalujeme zabbix agenta
    - name: Install zabbix agent
      yum:
       name: zabbix-agent
       state: present

     ### Nastavime aby sa agent spustal pri starte
    - name: Enable zabbix service
      systemd:
       name: zabbix-agent
       enabled: yes

    ### Modul zabbix_host zabezpeci vytvorenie hosta na zabbix servery
    ### Nazov jednotlivych premennych je jednoznacny a nemal byt problem ho porozumiet
    - name: Create a new host or update an existing host's info
      local_action:
        module: zabbix_host
        server_url: http://zabbix.dubnik.sk/zabbix
        login_user: admin
        login_password: str0ng_password
        host_name: "{{ ansible_fqdn }}"
        visible_name: "{{ visible_hostname }}"
        host_groups:
        - DUBNIK 
        - DUBNIK\LINUX
        link_templates:
        - Template OS Linux
        - Template Security Updates CentOS7
        - Template ICMP Ping
        status: enabled
        state: present
        inventory_mode: automatic
        proxy: zabbix-proxy01.dubnik.sk 
        interfaces:
         - type: 1
           main: 1
           useip: 1
           ip: "{{inventory_hostname}}"
           dns: "{{ ansible_fqdn }}"
           port: 10050

    ### Nastavime Hostname z premennej ansible_fqdn
    - name: Create agent hostname
      lineinfile:
        dest: /etc/zabbix/zabbix_agentd.conf
        regexp: ^Hostname=.*
        insertafter: ^# Hostname=
        line: Hostname={{ ansible_fqdn }}  

   ### Nastavime IP adresu zabbix servera/proxy
    - name: Create agent server
      lineinfile:
        dest: /etc/zabbix/zabbix_agentd.conf
        regexp: ^Server=.*
        insertafter: ^# Server=
        line: Server=192.168.1.87

    ### Nastavime IP adresu active zabbix servera/proxy
    - name: Create agent serveractive
      lineinfile:
        dest: /etc/zabbix/zabbix_agentd.conf
        regexp: ^ServerActive=.*
        insertafter: ^# ServerActive=
        line: ServerActive=192.168.1.87

     ### Zvysime default Timeout pre spusatanie externych skriptov
    - name: Create agent Timeout
      lineinfile:
        dest: /etc/zabbix/zabbix_agentd.conf
        regexp: ^Timeout=.*
        insertafter: ^# Timeout=
        line: Timeout=25
  
      ### Nakopriujeme conf subor pre monitring updateov alebo lubovolny conf subor, ktory potrebujeme
    - name: Create yum update config
      copy: src=/etc/ansible/files/userparameter_yum.conf dest=/etc/zabbix/zabbix_agentd.d/
      when: ansible_distribution == 'CentOS'

    ### Uzivatela zabbix pridame do skupiny adm aby mal pravo citat logy
    - user:
        name: zabbix
        groups: adm
        append: yes

    ### Nastavime prava na citanie logov
    - file:
        path: /var/log/messages
        owner: root
        group: adm
        mode: 0640

     ### Restartneme agent po zmenach
    - name: Restart zabbix-agent service
      systemd:
       name: zabbix-agent
       state: restarted 

  ### Ak su hosti monitorovany cez proxy restartnem sluzbu pre rychle discovery / volitelne
- hosts: zabbix-proxy
  user: root
  tasks:
    - name: Restart zabbix-proxy service
      systemd:
       name: zabbix-proxy
       state: restarted

A spustime.

#ansible-playbook playbook_sitel_zabbix_add.yml --extra-vars "my_host=ns01.dubnik.sk ansible_fqdn=dubnik-ba-srv-ns01.dubnik.sk visible_hostname=ns01.dubnik.sk"


Zdroj: https://docs.ansible.com/ansible/2.6/modules/zabbix_host_module.html

Filed under Ansible, Linux Tagged with

Ansible playbook to manage MariaDB

April 17, 2018 Leave a comment

Na vytvaranie a vymazanie DB v prostredi MariaDB pouizvam jednoduchy Ansible playbook.
Vytvorenie DB.

- hosts: db01
  user: root
  tasks:
  - name: Create a new database with name '{{ db_name }}'
    mysql_db:
      name: '{{ db_name }}'
      state: present

  - name: Create database user
    mysql_user: user='{{ db_user }}' password='{{ db_password }}' host='{{ db_host }}' priv='{{ db_name }}.*:ALL' state=present

Zmazanie DB.

- hosts: db01
  user: root
  tasks:
  - name: Remove database with name '{{ db_name }}'
    mysql_db:
      name: '{{ db_name }}'
      state: absent

Filed under Ansible Tagged with

Failed to connect to Zabbix server: urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]

April 12, 2018 Leave a comment

Pri pouziti Ansible modulu pre Zabbix moze pri kontaktovani Zabbix API vyskocit nasledovna chyba.

"changed": false, "msg": "Failed to connect to Zabbix server: 
urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]

Tento problem by mal byt coskoro oficialne odstraneny v novsej verzii. Ak sa proble stale vyskytuje mozeme validaciu certifikatu ignorovat nasledovne

# export PYTHONHTTPSVERIFY=0

Nasledne Ansible playbook zbehne vpohode.

Filed under Ansible, Short Howto's