Prikazaću vam nekoliko operacija koje administrator može da obavi na udaljenom Windows sistemu koristeći Ansible playbook.
Ansible je jedan od najpopularnijih DevOps alata na tržištu danas. Pruža brojne Windows module koji se koriste za konfiguraciju i upravljanje Windows serverima. Pretpostavljam da već imate instaliran Ansible na Windows-u sa kojeg želite da upravljate Windows serverima.
Sledi nekoliko uobičajenih zadataka koje Windows administratori obavljaju svakodnevno. Bićete zadivljeni kada vidite koliko je lako upravljati Windows-om pomoću Ansible-a.
IP adresa mog Ansible Windows kontrolera je 192.168.0.106, a IP adresa mog udaljenog Windows sistema je 192.168.0.102. Pre nego što počnete, proverite da li ste pokrenuli `win_ping` modul kako biste potvrdili da li ste u mogućnosti da se povežete sa udaljenim serverom operativnog sistema Windows.
[email protected] ~
$ ansible win -m win_ping
192.168.0.102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Moja konekcija sa udaljenim hostom je uspešna.
Dakle, počnimo sa Ansible Playbook-ovima…
Kopiranje datoteka
`win_copy` je Ansible modul koji kopira datoteku sa lokalnog servera na udaljeni Windows host. Koristiću ovaj modul za kopiranje jednog PDF dokumenta.
Koristite YAML kod ispod, navedite izvornu i odredišnu putanju.
[email protected] ~
$ vi copy.yml
---
- hosts: win
tasks:
- name: Copy File
win_copy:
src: C:output.pdf
dest: C:ansible_examples
remote_src: yes
Pokrenite Ansible playbook za `win_copy`.
[email protected] ~ $ ansible-playbook copy.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Copy File] ***************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Datoteka je uspešno kopirana na odredišnu lokaciju na udaljenom Windows sistemu.
Instaliranje/deinstaliranje MSI paketa
Da biste instalirali aplikaciju koristeći MSI datoteku, potrebno je da koristite `win_get_url` da navedete putanju MSI datoteke za preuzimanje, a zatim koristite modul `win_package` da biste je instalirali. Stanje `present` znači da će MSI biti instaliran na mašini, i da je aplikacija u sadašnjem stanju.
Ovde, instaliram Apache.
YAML kod koji će se koristiti:
[email protected] ~
$ vi msi.yml
---
- name: Installing Apache MSI
hosts: win
tasks:
- name: Download the Apache installer
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Install MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: present
Pokrenite Ansible playbook da biste instalirali koristeći MSI.
[email protected] ~ $ ansible-playbook msi.yml PLAY [Installing Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Download the Apache installer] ********************************************************************************************************* changed: [192.168.0.102] TASK [Install MSI] *************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Sada idite na Windows sistem i proverite da li je Apache aplikacija uspešno instalirana.
C:Userstechblog.co.rs>cd C:Program Files (x86)Apache Software FoundationApache2.2bin C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v Server version: Apache/2.2.25 (Win32) Server built: Jul 10 2013 01:52:12
Takođe možete instalirati aplikacije koristeći MSI sa argumentima. Ispod je isti primer kao gore, ali umesto stanja, koristimo argument za instaliranje da instaliramo Apache.
YAML kod koji će se koristiti:
---
- name: Installing Apache MSI
hosts: win
tasks:
- name: Download the Apache installer
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Install MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
arguments:
- /install
- /passive
- /norestart
Da biste deinstalirali aplikaciju pomoću MSI datoteke, potrebno je da koristite modul `win_package`. Stanje `absent` znači da će aplikacija biti deinstalirana pomoću MSI datoteke.
Evo, deinstaliram Apache.
[email protected] ~
$ vi uninstall_msi.yml
---
- name: UnInstalling Apache MSI
hosts: win
tasks:
- name: UnInstall MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: absent
Pokrenite Ansible playbook da biste deinstalirali koristeći MSI.
[email protected] ~ $ ansible-playbook uninstall_msi.yml PLAY [UnInstalling Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [UnInstall MSI] ************************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Sada, ako proverim Apache verziju, dobiću donji izlaz pošto je aplikacija deinstalirana.
C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v 'httpd' is not recognized as an internal or external command, operable program or batch file.
Deinstaliranje softvera (.exe)
Takođe možete da deinstalirate softver sa .exe datotekom koristeći ID proizvoda tog softvera.
[email protected] ~
$ vi uninstall.yml
---
- hosts: win
tasks:
- name: Uninstall 7-Zip from the exe
win_package:
path: C:Program Files7-ZipUninstall.exe
product_id: 7-Zip
arguments: /S
state: absent
Pokrenite Ansible playbook da deinstalirate 7-Zip.
[email protected] ~ $ ansible-playbook uninstall.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Uninstall 7-Zip from the exe] *********************************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Zaustavljanje/pokretanje/ponovno pokretanje Windows servisa
`win_service` Ansible modul se koristi za pokretanje, zaustavljanje ili ponovno pokretanje servisa. Ovde ću vam pokazati kako da zaustavite Tomcat servis.
Morate da navedete ime servisa u YAML datoteci i podesite stanje da se zaustavi.
[email protected] ~
$ vi service.yml
---
- hosts: win
tasks:
- name: Stop service Tomcat
win_service:
name: Tomcat8
state: stopped
Pokrenite Ansible playbook da zaustavite Tomcat servis.
[email protected] ~ $ ansible-playbook service.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Stop service Tomcat] **************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Ako proverite Tomcat servis na Windows sistemu, on je sada u zaustavljenom statusu.
Možete definisati stanje kao `started`, `restarted` ili `paused` da biste promenili status servisa.
Prikupljanje činjenica
Koristeći `win_disk_facts` Ansible modul, možete preuzeti sve informacije o disku ciljnog hosta.
[email protected] ~
$ vi disk.yml
---
- hosts: win
tasks:
- name: Get disk facts
win_disk_facts:
- name: Output first disk size
debug:
var: ansible_facts.disks[0].size
- name: Convert first system disk into various formats
debug:
msg: '{{ disksize_gib }} vs {{ disksize_gib_human }}'
vars:
# Get first system disk
disk: '{{ ansible_facts.disks|selectattr("system_disk")|first }}'
# Show disk size in Gibibytes
disksize_gib_human: '{{ disk.size|filesizeformat(true) }}'
disksize_gib: '{{ (disk.size/1024|pow(3))|round|int }} GiB'
Pokrenite Ansible playbook da biste dobili informacije o disku.
[email protected] ~
$ ansible-playbook disk.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Get disk facts] ************************************************************************************************************************
ok: [192.168.0.102]
TASK [Output first disk size] ****************************************************************************************************************
ok: [192.168.0.102] => {
"ansible_facts.disks[0].size": "1000204886016"
}
TASK [Convert first system disk into various formats] ****************************************************************************************
ok: [192.168.0.102] => {
"msg": "932 GiB vs 931.5 GiB"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0
Koristeći `win_command` Ansible modul, možete izvršiti komande na udaljenom hostu i dobiti informacije o procesoru, detalje o uređaju i još mnogo toga.
[email protected] ~
$ vi check.yml
---
- hosts: win
tasks:
- name: Get disk facts
win_command: wmic cpu get caption, deviceid, name, numberofcores, maxclockspeed, status
register: usage
- debug: msg="{{ usage.stdout }}"
Pokrenite Ansible playbook da biste dobili informacije o udaljenom sistemu.
[email protected] ~
$ ansible-playbook check.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Get facts] ************************************************************************************************************************
changed: [192.168.0.102]
TASK [debug] *********************************************************************************************************************************
ok: [192.168.0.102] => {
"msg": "Caption DeviceID MaxClockSpeed
Name
NumberOfCores Status rrnIntel64 Family 6 Model 142 Stepping 9 CPU0 2712 Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz 2 OK rrnrrn"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=1 unreachable=0 failed=0
skipped=0 rescued=0
ignored=0
Pokretanje komandi
Koje god komande da pokrenete na Windowsu, one se mogu pokrenuti kroz Ansible `win_command` modul. Samo treba da navedete komandu u vašoj YAML datoteci. Ovde, samo pravim direktorijum.
[email protected] ~
$ vi commands.yml
---
- hosts: win
tasks:
- name: run an executable using win_command
win_command: whoami.exe
- name: run a cmd command
win_command: cmd.exe /c mkdir C:test
Pokrenite Ansible playbook da biste izvršili operaciju `win_command`.
[email protected] ~ $ ansible-playbook commands.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [run an executable using win_command] *************************************************************************************************** changed: [192.168.0.102] TASK [run a cmd command] ********************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Promenljive okruženja
Windows sistem ima više promenljivih okruženja, na primer, `JAVA_HOME`. Koristeći Ansible modul `win_environment`, možete dodati ili modifikovati promenljive okruženja na Windows sistemu. U ovom primeru, dodajem novu promenljivu na listu promenljivih Windows okruženja.
[email protected] ~
$ vi env.yml
---
- hosts: win
tasks:
- name: Set an environment variable for all users
win_environment:
state: present
name: NewVariable
value: New Value
level: machine
Pokrenite Ansible playbook da dodate promenljivu okruženja na udaljenoj Windows mašini.
[email protected] ~ $ ansible-playbook env.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Set an environment variable for all users] ********************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Idite na prozor promenljivih okruženja; videćete da je nova promenljiva koju ste upravo dodali prisutna ovde.
Dodavanje/Izmena registra
`win_regedit` Ansible modul se koristi za dodavanje ili uređivanje detalja registra na udaljenoj Windows mašini. Morate da navedete putanju registra i sadržaj koji se dodaje/ažurira. Ovde pravim novi unos u registru `techblog.co.rs` unutar putanje `HKLM:SOFTWARE`, a zatim dodajem ime i podatke u ovaj registar.
[email protected] ~
$ vi registry.yml
---
- hosts: win
tasks:
- name: Creating a registry
win_regedit:
path: HKLM:SOFTWAREtechblog.co.rs
- name: Modifying a registry, adding name and data
win_regedit:
path: HKLM:SOFTWAREtechblog.co.rs
name: Geek
data: Flare
Pokrenite Ansible playbook da biste dodali registar.
[email protected] ~ $ ansible-playbook registry.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Creating a registry] ******************************************************************************************************************* changed: [192.168.0.102] TASK [Modifying a registry, adding name and data] ******************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Ako odete u uređivač registra na udaljenom sistemu, možete videti da je ovaj registar uspešno dodat sa parametrima imena i podataka.
Brisanje logova
`win_eventlog` Ansible modul se koristi za dodavanje, brisanje ili uklanjanje logova Windows događaja iz Windows sistema.
Idite na Windows PowerShell i navedite EventLogs prisutne na udaljenoj Windows mašini.
PS C:Userstechblog.co.rs> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 20 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,828 System
15,360 0 OverwriteAsNeeded 3,662 Windows PowerShell
Sada ću pokazati kako da uklonite logove iz svih izvora za Internet Explorer.
[email protected] ~
$ vi log.yml
---
- hosts: win
tasks:
- name: Remove Internet Explorer Logs
win_eventlog:
name: Internet Explorer
state: absent
Pokrenite Ansible playbook da biste uklonili Internet Explorer logove sa udaljene Windows mašine.
[email protected] ~ $ ansible-playbook log.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Remove Internet Explorer Logs] ********************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Sada, ako ponovo navedete EventLogs, videćete da su logovi Internet Explorer-a uklonjeni.
PS C:Userstechblog.co.rs> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,835 System
15,360 0 OverwriteAsNeeded 56 Windows PowerShell
Dakle, to je bilo sve o Ansible playbook-ovima, koji se mogu koristiti za udaljenu administraciju Windows-a. Samo napred i isprobajte ove knjige. Možete probati i druge Ansible Windows module koji su dostupni.