Hero Image
Windows SSH setup

Windows SSH setup Install OpenSSH for Windows 預設的 shell 是使用 cmd,照文件說,若需要修改,是要改 ansible_shell_type 變數,這應該是要在 inventory 主機裡加入主機變數:ansible_shell_type,變數內容可以是 cmd 或 powershell。 inventory 主機裡要加入 ansible_connection 主機變數,告知要使用 ssh 連線。(192.168.192.11 ansible_user=Administrator ansible_connection=ssh ansible_shell_type=cmd ) 可能會需要在 ansible.cfg 裡加上 remote_tmp 設定,指定為 C:\TEMP Playbook 裡可以使用 win_ 開頭的模組,或是使用 raw 模組

Tuesday, January 3, 2023 閱讀
Hero Image
將指令輸出轉為圖片

將指令輸出轉為圖片 --- - name: Capture command output and convert to image hosts: all tasks: - name: Display content of /etc/redhat-release shell: cat /etc/redhat-release register: redhat_release_result - name: hostname shell: hostname register: hostname_result # 可以使用 ImageMagick 來轉換文字為圖片 - name: Convert command output as image shell: echo -e "{{ hostname_result.stdout }}\n{{ redhat_release_result.stdout }}" | convert label:@- {{ hostname_result.stdout }}.png delegate_to: localhost

Thursday, November 10, 2022 閱讀
Hero Image
LVM - lvg and lvol

LVM - lvg and lvol volume group - name: 在 /dev/sda1 跟 /dev/sdb1 之上建立 volume group,其 extend size 設置為 32MB community.general.lvg: vg: vg.services pvs: /dev/sda1,/dev/sdb1 pesize: 32 local volume - name: 建立一個大小為 512m 的 local volume community.general.lvol: vg: firefly lv: test size: 512 Example --- - name: Create LVM for DRBD hosts: all become: yes vars: vg_name: drbdpool tasks: - name: Create a new primary partition for LVM community.general.parted: device: /dev/sdb number: 1 align: optimal flags: [lvm] state: present - name: Create a volume group on top of /dev/sda1 with physical extent size = 32MB community.general.lvg: vg: "{{ vg_name }}" pvs: /dev/sdb1 state: present - name: Create a logical volume community.general.lvol: vg: "{{ vg_name }}" lv: drbddata size: 100%FREE

Monday, September 5, 2022 閱讀
Hero Image
YAML 裡的字串很長該怎麼做?

YAML 裡的字串很長該怎麼做? 在 YAML 裡已經有規範此部份,在這種情況有四種方法可以幫助我們: |: 其下內容的換行,就是換行,最後一行會有換行。 >: 其下內容的換行,不會是換行,會變為一個很長的字串,最後會有換行。 |-: 其下內容的換行,就是換行,但最後一行不會有換行。 >-: 其下內容的換常,不會是換行,最後一行也不會有換行。 簡單的說,> 跟 >- 可以增加 YAML 的可讀性,又不會有多餘的換行符號。而 | 跟 |- 則可以讓字串跟定義的一致,在 YAML 裡看到換行,那字串裡就會有換行符號。 --- - name: Test long string hosts: all vars: s1: "hello" s2: | s2 this is my very very very long string line1 line2 line3 s3: > s3 this is my very very very long string line1 line2 line3 s4: |- s4 this is my very very very long string line1 line2 line3 s5: >- s5 this is my very very very long string line1 line2 line3 tasks: - name: s1 copy: content: "{{ s1 }}" dest: "/tmp/s1.txt" # hello% - name: s2 copy: content: "{{ s2 }}" dest: "/tmp/s2.txt" # s2 # this is my very very very # long string # line1 # line2 # line3 - name: s3 copy: content: "{{ s3 }}" dest: "/tmp/s3.txt" # s3 this is my very very very long string line1 line2 line3 - name: s4 copy: content: "{{ s4 }}" dest: "/tmp/s4.txt" # s4 # this is my very very very # long string # line1 # line2 # line3% - name: s5 copy: content: "{{ s5 }}" dest: "/tmp/s5.txt" # s5 this is my very very very long string line1 line2 line3%

Monday, August 29, 2022 閱讀
Hero Image
將 List 轉置為 dict 的 list

將 List 轉置為 dict 的 list list my_users: - aaa - bbb - ccc dict my_users: - Name: aaa - Name: bbb - Name: ccc playbook - name: Transform data vars: orig_users: - aaa - bbb - ccc my_users: [] set_fact: my_users: "{{ my_users + [{} | combine({'Name': item})] }}" loop: "{{ orig_users }}" 說明如下: 利用 combine 這個 filter 來組出 dict 利用 loop 去 iterate orig_users 用 my_users + [{} | combine({‘Name’: item})] 來做 List append```

Wednesday, March 9, 2022 閱讀
Hero Image
Misspelling, missing collection, or incorrect module path for fortios_system_config_backup_restore

Misspelling, missing collection, or incorrect module path for fortios_system_config_backup_restore issue Hi, I’m trying to retrieve the configuration from a Fortigate using the module fortios_system_config_backup_restore and basing on your playbook example. I have ansible 2.10.6. When I use the collection fortinet.fortios:1.1.8, I got the following error: missing 1 required positional argument: 'mod' The full traceback is: Traceback (most recent call last): File "/home/ansible/.ansible/tmp/ansible-local-8668osvgufxk/ansible-tmp-1615481963.0092971-8768-3877705280026/AnsiballZ_fortios_system_config_backup_restore.py", line 102, in <module> _ansiballz_main() File "/home/ansible/.ansible/tmp/ansible-local-8668osvgufxk/ansible-tmp-1615481963.0092971-8768-3877705280026/AnsiballZ_fortios_system_config_backup_restore.py", line 94, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/home/ansible/.ansible/tmp/ansible-local-8668osvgufxk/ansible-tmp-1615481963.0092971-8768-3877705280026/AnsiballZ_fortios_system_config_backup_restore.py", line 40, in invoke_module runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_system_config_backup_restore', init_globals=None, run_name='__main__', alter_sys=True) File "/usr/lib/python3.8/runpy.py", line 207, in run_module return _run_module_code(code, init_globals, run_name, mod_spec) File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code _run_code(code, mod_globals, init_globals, File "/usr/lib/python3.8/runpy.py", line 87, in _run_code exec(code, run_globals) File "/tmp/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload_mplamrs7/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py", line 472, in <module> File "/tmp/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload_mplamrs7/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py", line 436, in main TypeError: __init__() missing 1 required positional argument: 'mod' fatal: [fortigate-01]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/ansible/.ansible/tmp/ansible-local-8668osvgufxk/ansible-tmp-1615481963.0092971-8768-3877705280026/AnsiballZ_fortios_system_config_backup_restore.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/ansible/.ansible/tmp/ansible-local-8668osvgufxk/ansible-tmp-1615481963.0092971-8768-3877705280026/AnsiballZ_fortios_system_config_backup_restore.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/ansible/.ansible/tmp/ansible-local-8668osvgufxk/ansible-tmp-1615481963.0092971-8768-3877705280026/AnsiballZ_fortios_system_config_backup_restore.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_system_config_backup_restore', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload_mplamrs7/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py\", line 472, in <module>\n File \"/tmp/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload_mplamrs7/ansible_fortinet.fortios.fortios_system_config_backup_restore_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py\", line 436, in main\nTypeError: __init__() missing 1 required positional argument: 'mod'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 } Using the recent pre release fortinet.fortios:2.0.0 , I got:

Thursday, January 6, 2022 閱讀
Hero Image
[網友好文]Cisco UCS CIMC系列文章

[網友好文]Cisco UCS CIMC 系列文章 Ansible - 設定 Cisco UCS CIMC 時區 Ansible - 設定 Cisco UCS CIMC DNS 和停用 IPv6 Ansible - 設定 Cisco UCS CIMC Fan Policy Ansible - 設定 Cisco UCS CIMC Mail Alert Ansible - 設定 Cisco UCS CIMC 40Gb vNIC 參數 Ansible - 設定 Cisco UCS CIMC NTP 時間校時

Thursday, July 15, 2021 閱讀
Hero Image
ansible.builtin.slurp - 讀取檔案內容

ansible.builtin.slurp - 讀取檔案內容 --- - name: Use HTTP POST to upload file hosts: all tasks: - name: Read binary file content slurp: path: "/bin/ls" register: bin_file - name: Send HTTP POST Request uri: url: "https://your_server/upload.php" headers: Accept: "application/json" Content-Type: "application/octet-stream" method: POST validate_certs: false body: "{{ bin_file.content }}" status_code: - 200 - 201 register: upload_result - name: Display upload_result debug: var: upload_result 使用 slurp,就可以避掉 lookup(‘file’) 的限制。 可以讀取受控端主機上的檔案,也可以利用 delegate_to: localhost 來讀取主控端主機上的檔案。 可以讀取二進位檔案來做進一步處理,例如做 base64 編碼

Monday, May 31, 2021 閱讀
Hero Image
New LibSSH Connection Plugin for Ansible Network Replaces Paramiko, Adds FIPS Mode Enablement

New LibSSH Connection Plugin for Ansible Network Replaces Paramiko, Adds FIPS Mode Enablement Switching Ansible Playbooks to use LibSSH # Installing LibSSH pip install ansible-pylibssh Using LibSSH in Ansible Playbooks Method 1. The ssh_type configuration parameter can be set to use libssh in the active ansible.cfg file of your project [persistent_connection] ssh_type = libssh Method 2: Set the ANSIBLE_NETWORK_CLI_SSH_TYPE environment variable $ export ANSIBLE_NETWORK_CLI_SSH_TYPE=libssh Method 3: Set the ansible_network_cli_ssh_type parameter to libssh within your playbook at the play level

Wednesday, November 25, 2020 閱讀
Hero Image
Backup FortiOS config with Ansible - with RestAPI

Fortigate RestAPI Config Backup - FortiOS 6.0.4 Backup FortiOS config with Ansible - with RestAPI Create access profile FGTAWS0004BE1ADE # config system accprofile FGTAWS0004BE1ADE (accprofile) # edit readOnly new entry 'readOnly' added FGTAWS0004BE1ADE (readOnly) # set sysgrp read FGTAWS0004BE1ADE (readOnly) # end Create API user in Fortigate FGTAWS0004BE1ADE # config system api-user FGTAWS0004BE1ADE (api-user) # edit api-admin new entry 'api-admin' added FGTAWS0004BE1ADE (api-admin) # set accprofile "readOnly" FGTAWS0004BE1ADE (api-admin) # set vdom root FGTAWS0004BE1ADE (api-admin) # config trusthost FGTAWS0004BE1ADE (trusthost) # edit 1 new entry '1' added FGTAWS0004BE1ADE (1) # set ipv4-trusthost 'ip_address_of_your_machine' 255.255.255.255 FGTAWS0004BE1ADE (1) # end FGTAWS0004BE1ADE (api-admin) # end Generate API token FGTAWS0004BE1ADE # execute api-user generate-key api-admin New API key: 'your_api_token' NOTE: The bearer of this API key will be granted all access privileges assigned to the api-user api-admin. Test # fortigate.py import requests import urllib3 # disable security warning for SSL certificate urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # disable security warning for SSL certificate def config_download(ipaddr, api_token, filename='backup.conf'): ''' input: ipaddr(string) - target ip address of fortigate input: api_token(string) - api_token for api user(accprofile should have sysgrp.mnt) input: filename(string) - file name of the config to be saved. default backup.conf output: True if backup successfule. False if not successful. Tested on: Fortigate OnDemand on AWS - FortiOS6.0.4 ''' base_url = f'https://{ipaddr}/api/v2/' headers = {'Authorization': f'Bearer {api_token}'} params = {'scope': 'global'} uri = 'monitor/system/config/backup/' rep = requests.get(base_url + uri, headers=headers, params=params, verify=False) if rep.status_code != 200: print(f'Something went wrong. status_code: {rep.status_code}') return False with open(filename, 'w') as f: f.write(rep.text) return True >>> import fortigate >>> >>> ip_addr = 'Fortigate_IP_Address' >>> api_token = 'API_TOKEN' >>> >>> if (fortigate.config_download(ip_addr, api_token, 'backup20190215.conf')): ... print('Done!') ... else: ... print('Error!!') ... Done! >>> >>> with open('backup20190215.conf', 'r') as f: ... f.readline() ... '#config-version=FGTAWS-6.0.4-FW-build0231-190107:opmode=0:vdom=0:user=api-admin\n' >>> Configure Ansible inventory and playbook $ cat hosts [fortigate] x.x.x.x access_token=w4q9qtfbGry3Nbc40kHjsk9mxG**** y.y.y.y access_token=tfy8c9b8Nxw6N3Q5Q5bg9z69dn**** $ cat fortigate_backup.yml - name: fortigate config backup connection: local hosts: fortigate tasks: - name: get current config uri: url: 'https://{{ ansible_host }}/api/v2/monitor/system/config/backup/?scope=global&access_token={{ access_token }}' return_content: yes validate_certs: no register: current_config - name: write config to local file local_action: copy content={{ current_config.content }} dest=./{{ inventory_hostname }}_{{ ansible_date_time.date }}.txt

Tuesday, November 3, 2020 閱讀
Hero Image
Ansible 簡介

認識 Ansible 大綱 簡介 安裝 常用模組 資料夾結構 結語 簡介 安裝部署工具、設定管理工具等 同類型工具:Chef、Puppet、SaltStack 不需要 Agent、透過 ssh Linux 有 python 即可 ( ssh port ) Win 啟用 winrm 即可 ( 5986 port ) https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#inventory-options 資料夾結構簡單易懂、官方文件豐富易懂、模組多支援設備多、易撰寫 安裝 pip install ansible pip3 install ansible yum install ansible apt-get install ansible apk add ansible 常用模組 ping shell / command file yum systemd / service template / copy debug 常用模組 - ping 常用模組 - shell / command

Saturday, September 26, 2020 閱讀
Hero Image
Abount Ansible Hosts

# hosts 可以這樣寫 $ ansible 'max-compute[!3:9][0:3][0:3]' -m setup --list-hosts hosts (4): max-compute10 max-compute13 max-compute20 max-compute23 $ ansible 'max-compute[!3:9][0:4][0:4]' -m setup --list-hosts hosts (3): max-compute10 max-compute14 max-compute20 $ ansible 'max-compute[!0:3]' -m setup --list-hosts hosts (6): max-compute4 max-compute5 max-compute6 max-compute7 max-compute8 max-compute9 plugin: gcp_compute projects: - project-XXX zones: - asia-east1-a - asia-east1-c - asia-east1-b - asia-east2-a - asia-east2-c - asia-east2-b auth_kind: serviceaccount service_account_file: /root/.ssh/sa001.json filters: - status="RUNNING" hostnames: - name groups: nginx: "'nginx' in name" cassandra: "'cassandra' in name" redis: "'redis' in name" misc: "name in ('noc', 'mt-center')" prod: "'prod' in name and 'gke' not in name" all: "'gke' not in name" search: "'search' in name" cht_domain: "{{ 'web.qat.cht' if ansible_default_ipv4['network'] == '192.168.40.0' else 'ap.qat.cht' if ansible_default_ipv4['network'] == '192.168.50.0' else 'db.qat.cht' if ansible_default_ipv4['network'] == '192.168.60.0' else 'qat.cht' }}"

Tuesday, May 12, 2020 閱讀