container_aria

my file learn about tech container (docker, podman, kubernetes)

---

Project maintained by ariafatah0711 Hosted on GitHub Pages — Theme by mattgraham

• list module
• module ad hoc command
• ansible playbook
• ansible playbook vars
• conditional
• tags
• loops
• vault

install

# ansible
## linux
sudo apt install pipx

pip3 install ansible
## or
pipx install ansible-core
## or
pipx install --include-deps ansible

# ansible lint
pip3 install ansible-lint

command

ansible <pattern> -m <module_name> -a "<module options>" -i <inventory_path>
ansible webservers -m service -a "name=httpd state=restarted" -i inventory

ansible [pattern] -m [module] -a "[module options]"

ansible-playbook <playbook.yaml>
ansible-playbook <playbook.yaml> --check # only check the module not execute
ansible-playbook <playbook.yaml> --ask-vault-pass # with vault file encrypt

# install module network mikrotik
ansible-galaxy collection install community.routeros
pip install paramiko
ansible-galaxy collection install community.routeros ansible.netcommon ansible.utils

inventory

srv1 ansible_user=admin ansible_ssh_private_key_file=~/.ssh/id_rsa
srv2 ansible_user=madun

#==========================================================
# group
[node_docker]
node1
node2
node3

#==========================================================
# var
[node_docker:vars]
ansible_user=root
ansible_ssh_private_key_file=/ssh_node/private.key

#==========================================================
# range
[webservers]
www[01:50].example.com
# www01.example.com, www02.example.com

[databases]
db-[a:f].example.com

#==========================================================
# 

config

# inventory and host_key_checking
[defaults]
inventory=./inventory/hosts
host_key_checking=False

#==========================================================
# forks => task pararel
[defaults]
inventory=./inventory/hosts
host_key_checking=False

forks = 30

module

# module
ansible.builtin.ping # Try to connect to host, verify a usable python and return pong on success
ansible.builtin.command # Execute commands on targets
ansible.builtin.copy # Copy files to remote locations
ansible.builtin.package # Generic OS package manager
ansible.builtin.package_facts # Package information as facts
ansible.builtin.pause # Pause playbook execution
ansible.builtin.pip # Manages Python library dependencies
ansible.builtin.raw # Executes a low-down and dirty command
ansible.builtin.service # Manage services
ansible.builtin.script # Runs a local script on a remote node after transferring it
ansible.builtin.reboot # Reboot a machine

# rebort server
ansible atlanta -a "/sbin/reboot"
ansible atlanta -a "/sbin/reboot" -f 10 -u username
ansible atlanta -a "/sbin/reboot" -f 10 -u username --become [--ask-become-pass]

# manage file
ansible atlanta -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts"
ansible webservers -m ansible.builtin.file -a "dest=/srv/foo/b.txt mode=600 owner=mdehaan group=mdehaan"
ansible webservers -m ansible.builtin.file -a "dest=/path/to/c mode=755 owner=mdehaan group=mdehaan state=directory" # mkdir -p
ansible webservers -m ansible.builtin.file -a "dest=/path/to/c state=absent" # delete

# Managing packages
ansible webservers -m ansible.builtin.yum -a "name=acme state=present"
...

# Managing users and groups
ansible all -m ansible.builtin.user -a "name=foo password=<encrypted password here>"
ansible all -m ansible.builtin.user -a "name=foo state=absent" # remove user

# Managing services
ansible webservers -m ansible.builtin.service -a "name=httpd state=started"
ansible webservers -m ansible.builtin.service -a "name=httpd state=restarted"
ansible webservers -m ansible.builtin.service -a "name=httpd state=stopped"

# Gathering facts =>  discovered variables about a system
ansible all -m ansible.builtin.setup

# Check mode => only check not make any changes to remote systems.
ansible all -m copy -a "content=foo dest=/root/bar.txt" -C

module example

cat > data.txt << EOF
aria fatah anom
....
EOF

ansible node_docker -m command -a "date"
ansible node_docker -m copy -a "src=./data.txt dest=/tmp/" # src, dest => adalah argument/parameter
ansible node_docker -m command -a "cat /tmp/data.txt"

playbook

01 - playbook-webserver.yaml

---
- name: Playbook setup web server
  hosts: node_docker
  # become: yes
  # become_method: sudo
  tasks:
    - name: Update repository
      ansible.builtin.apt:
        update_cache: true
    - name: Install nginx
      ansible.builtin.apt:
        name: nginx
        state: latest
    - name: Copy file html
      ansible.builtin.copy:
        src: ./web/
        dest: /var/www/html
    - name: Start nginx
      ansible.builtin.service:
        name: nginx
        state: "started"
        enabled: True

02 - playbook-webserver.yaml

---
- name: Playbook setup web server
  hosts: node_docker
  tasks:
    - name: Update repository
      ansible.builtin.apt:
        update_cache: true
    - name: Install nginx
      ansible.builtin.apt:
        name: nginx
        state: present
    - name: Copy file html
      ansible.builtin.copy:
        src: ./web/
        dest: /var/www/html
        mode: '644'
    - name: Start ngix
      ansible.builtin.sysvinit:
        name: nginx
        state: started
        enabled: true

02 - playbook vars

# list
region:
  - northeast
  - southeast
  - midwest

## mamnggil list
region: ""

# dictionary
foo:
  field1: one
  field2: two

## memanggil dictionary



# merged list
merged_list: ""

# merged dict
merged_dict: ""

03 - playbook_webserver_vars

---
- name: Playbook setup web server
  hosts: node_docker
  become: true
  vars: # mendefinisikan variable
    user_app: ansibleweb
  tasks:
    - name: Install nginx
      ansible.builtin.apt:
        name: nginx
        state: present
    - name: Buat user 
      ansible.builtin.user:
        name: ""
        password: belajaransible
        shell: /bin/bash
    - name: Copy file html
      ansible.builtin.copy:
        src: ./web/
        dest: /var/www/html/
        mode: '644'
        owner: ""
        group: ""

03 - playbook conditional

tasks:
  - name: Configure SELinux to start mysql on any port
    ansible.posix.seboolean:
      name: mysql_connect_any
      state: true
      persistent: true
    when: ansible_selinux.status == "enabled"

04 - playbook-webserver_when.yaml

---
- name: Playbook setup web server
  hosts: node_docker
  become: true
  # gather_facts: true # defaultnya memang true
  vars: # mendefinisikan variable
    user_app: ansibleweb
  tasks:

    ## Install nginx
    - name: Install nginx (Debian)
      ansible.builtin.apt:
        name: nginx
        state: present
      when:
        - ansible_os_family == "Debian"
        - ansible_processor_cores >= 1 or ansible_memory_mb.real.total >= 512
    - name: Install nginx (Alpine)
      community.general.apk:
        name: nginx
        state: present
      when:
        - ansible_os_family == "Alpine"
        - ansible_processor_cores >= 1 or ansible_memory_mb.real.total >= 512

    ## Buat user
    - name: Buat user (Debian) 
      ansible.builtin.user:
        name: ""
        password: belajaransible
        shell: /bin/bash
      when:
        - ansible_os_family == "Debian"
    - name: Buat user (Alpine) 
      ansible.builtin.user:
        name: ""
        password: belajaransible
        shell: /bin/sh
      when:
        - ansible_os_family == "Alpine"

    ## Copy file html
    - name: Copy file html (Debian)
      ansible.builtin.copy:
        src: ./web/
        dest: /var/www/html/
        mode: '604'
        owner: ""
        group: ""
      when:
        - ansible_os_family == "Debian"
    - name: Copy file html (Alpine)
      ansible.builtin.copy:
        src: ./web/
        dest: /usr/share/nginx/html
        mode: '604'
        owner: ""
        group: ""
      when:
        - ansible_os_family == "Alpine"

03 - playbook tags

tasks:
- name: Install the servers
  ansible.builtin.yum:
    name:
    - httpd
    - memcached
    state: present
  tags:
  - packages
  - webservers

- name: Configure the service
  ansible.builtin.template:
    src: templates/src.j2
    dest: /etc/foo.conf
  tags:
  - configuration

05 - playbook-webserver_tags.yaml

---
- name: Playbook setup web server
  hosts: node_docker
  become: true
  gather_facts: true # defaultnya memang true
  vars: # mendefinisikan variable
    user_app: ansibleweb
  tasks:

    ## Install nginx
    - name: Install nginx (Debian)
      ansible.builtin.apt:
        name: nginx
        state: present
      when:
        - ansible_os_family == "Debian"
        - ansible_processor_cores >= 1 or ansible_memory_mb.real.total >= 512
      tags:
        - install
    - name: Install nginx (Alpine)
      community.general.apk:
        name: nginx
        state: present
      when:
        - ansible_os_family == "Alpine"
        - ansible_processor_cores >= 1 or ansible_memory_mb.real.total >= 512
      tags:
        - install

    ## Buat user
    - name: Buat user (Debian) 
      ansible.builtin.user:
        name: ""
        password: belajaransible
        shell: /bin/bash
      when:
        - ansible_os_family == "Debian"
      tags:
        - setup
        - create_user
    - name: Buat user (Alpine) 
      ansible.builtin.user:
        name: ""
        password: belajaransible
        shell: /bin/sh
      when:
        - ansible_os_family == "Alpine"
      tags:
        - setup
        - create_user

    ## Copy file html
    - name: Copy file html (Debian)
      ansible.builtin.copy:
        src: ./web/
        dest: /var/www/html/
        mode: '604'
        owner: ""
        group: ""
      when:
        - ansible_os_family == "Debian"
      tags:
        - setup
        - copy_file
    - name: Copy file html (Alpine)
      ansible.builtin.copy:
        src: ./web/
        dest: /usr/share/nginx/html
        mode: '604'
        owner: ""
        group: ""
      when:
        - ansible_os_family == "Alpine"
      tags:
        - setup
        - copy_file

04 - playbook loops

# 1 with_items
with_items:
  - 1
  - [2,3]
  - 4

loop: ""
loop: ""
with_fileglob: '*.txt'

# 2 loop
- name: Add several users
  ansible.builtin.user:
    name: ""
    state: present
    groups: "wheel"
  loop:
     - testuser1
     - testuser2

# 3 loop
- name: Add several users
  ansible.builtin.user:
    name: ""
    state: present
    groups: ""
  loop:
    - { name: 'testuser1', groups: 'wheel' }
    - { name: 'testuser2', groups: 'root' }

# 4 with list
- name: with_list
  ansible.builtin.debug:
    msg: ""
  with_list:
    - one
    - two

06 - playbook-php_loops.yaml

---
- name: Playbook setup PHP
  hosts: node_docker
  become: true
  gather_facts: true # defaultnya memang true
  vars:
    # taget_php_version: 8.2
    taget_php_version: Null
  tasks:
    - name: Add repository for PHP
      ansible.builtin.apt_repository:
        repo: 'ppa:ondrej/php'
        state: present
      tags:
        - prepare
        - add_repo_php

    - name: Update repo
      ansible.builtin.apt:
        update_cache: true
      tags: prepare

    - name: Install php 
      ansible.builtin.apt:
        name: ""
        state: present
      with_items:
        - php
        - php-cli
        - php-common
        - php-imap
        - php-redis
        - php-xml
        - php-zip
        - php-mbstring
        - php-curl
        - php-gd
        - php-bcmath
        - php-gmp
        - php-mysqli
      tags:
        - install

ansible vault

create encrypt file

ansible-vault create <nama_file>
ansible-vault create secret-user.yaml
# New Vault password: # 123 (example)
# Confirm New Vault password: # 123 (example)

# text editor =======
user_pass: pass123
#===================

cat secret-user.yaml
# $ANSIBLE_VAULT;1.1;AES256
# 38303762303065326161333033633365613733666232353235626365346465663963613463653233...

view / edit encrypt file

ansible-vault edit <nama_file>
ansible-vault view <nama_file>

ansible-vault view secret-user.yaml
# Vault password: 123
# user_pass: pass123

ansible-vault edit secret-user.yaml
# Vault password: 123

07 - playbook-vault.yaml

- name: Playbook buat user baru
  hosts: node_docker
  become: true
  gather_facts: true # defaultnya memang true
  vars: # mendefinisikan variable
    user_app: user01
  tasks:

    - name: Parsing variable dari secret file
      ansible.builtin.include_vars:
        file: secret-user.yaml

    - name: Add new user
      ansible.builtin.user:
        name: ""
        # password: belajaransible # gak secure kita ganti pake Ansible Vault

        password: "" # ambil value dari variable lalu lakukan hash
        shell: /bin/bash
      when:
        - ansible_os_family == "Debian"

try cath finnaly

  - name: Do complex stuff
      block:
         - name: Task 1
           ansible.builtin.debug:
             msg: 'execute task 1'

         - name: Task 2
           ansible.builtin.debug:
             msg: 'execute task 2'

      rescue:
         - name: Complex stuf block failed
           ansible.builtin.debug:
             msg: 'handle failure'
      always:
         - name: Clean up task
           ansible.builtin.debug:
             msg: "run always"