Scribd
Upload
18 views18 pages

Modul Ansible

The document provides a comprehensive guide on configuring Ansible for managing multiple Debian servers, including setting up SSH access, creating an inventory file, and writing playbooks for various tasks such as user creation and hostname configuration. It details the execution of commands and playbooks to ensure successful connections and operations across the servers. Additionally, it includes instructions for importing users from a CSV file and managing system information using Ansible modules.

Uploaded by

santosadidik543
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
18 views18 pages

Modul Ansible

The document provides a comprehensive guide on configuring Ansible for managing multiple Debian servers, including setting up SSH access, creating an inventory file, and writing playbooks for various tasks such as user creation and hostname configuration. It details the execution of commands and playbooks to ensure successful connections and operations across the servers. Additionally, it includes instructions for importing users from a CSV file and managing system information using Ansible modules.

Uploaded by

santosadidik543
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd

MODUL ANSIBLE

Di setiap host
root@tusirah:~# [Link] /etc/ssh/sshd_config
PermitRootLogin yes

reboot os debian

control node
sudo su -
ssh-keygen
ssh-copy-id root@[Link]
ssh-copy-id root@[Link]

test koneksi server debian


masih sebagai root control node
ssh root@[Link]
ssh root@[Link]

harus bisa login root tanpa password

Node Control
mkdir /etc/ansible
[Link] /etc/ansible/hosts

[servers]

server1 ansible_host=[Link]

server2 ansible_host=[Link]

[all:vars]

ansible_python_interpreter=/usr/bin/python3

ansible-inventory --list -y
all:
children:
servers:
hosts:
server1:
ansible_host: [Link]
ansible_python_interpreter: /usr/bin/python3
server2:
ansible_host: [Link]
ansible_python_interpreter: /usr/bin/python3
ansible all -m ping -u root
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
server2 | SUCCESS => {
"changed": false,
"ping": "pong"

root@tusirah:~# ansible all -m command -a "uname -a" -u root


server1 | CHANGED | rc=0 >>
Linux debianfw 6.1.0-32-amd64 #1 SMP PREEMPT_DYNAMIC Debian
6.1.129-1 (2025-03-06) x86_64 GNU/Linux
server2 | CHANGED | rc=0 >>
Linux server2 6.1.0-32-amd64 #1 SMP PREEMPT_DYNAMIC Debian
6.1.129-1 (2025-03-06) x86_64 GNU/Linux

root@tusirah:~# ansible all -m command -a "whoami" -u root


server2 | CHANGED | rc=0 >>
root
server1 | CHANGED | rc=0 >>
root

cat /etc/ansible/hosts > [Link]

[Link] [Link]
[servers]

server1 ansible_host=[Link] ansible_user=root

server2 ansible_host=[Link] ansible_user=root

[all:vars]

ansible_python_interpreter=/usr/bin/python3

[Link] [Link]
- name: My first play
hosts: server1
tasks:
- name: Ping my hosts
[Link]:

- name: Print message


[Link]:
msg: Hello world
- name: Server dua
hosts: server2
tasks:
- name: Ping my hosts
[Link]:

- name: Print message


[Link]:
msg: Hello world

atau group juga bisa


[Link] [Link]

- name: My first play


hosts: servers
tasks:
- name: Ping my hosts
[Link]:

- name: Print message


[Link]:
msg: Hello world

command playbook
ansible-playbook -i [Link] [Link]

PLAY [My first play]


******************************************************************
***********************

TASK [Gathering Facts]


******************************************************************
*********************
ok: [server1]

TASK [Ping my hosts]


******************************************************************
***********************
ok: [server1]

TASK [Print message]


******************************************************************
***********************
ok: [server1] => {
"msg": "Hello world"
}

PLAY [Server dua]


******************************************************************
**************************
TASK [Gathering Facts]
******************************************************************
*********************
ok: [server2]

TASK [Ping my hosts]


******************************************************************
***********************
ok: [server2]

TASK [Print message]


******************************************************************
***********************
ok: [server2] => {
"msg": "Hello world"
}

PLAY RECAP
******************************************************************
*********************************
server1 : ok=3 changed=0 unreachable=0
failed=0 skipped=0 rescued=0 ignor
ed=0
server2 : ok=3 changed=0 unreachable=0
failed=0 skipped=0 rescued=0 ignor
ed=0

root@tusirah:~# ansible-playbook -i [Link] [Link]

PLAY [My first play]


******************************************************************
***********************

TASK [Gathering Facts]


******************************************************************
*********************
ok: [server2]
ok: [server1]

TASK [Ping my hosts]


******************************************************************
***********************
ok: [server1]
ok: [server2]

TASK [Print message]


******************************************************************
***********************
ok: [server1] => {
"msg": "Hello world"
}
ok: [server2] => {
"msg": "Hello world"
}

PLAY RECAP
******************************************************************
*********************************
server1 : ok=3 changed=0 unreachable=0
failed=0 skipped=0 rescued=0 ignor
ed=0
server2 : ok=3 changed=0 unreachable=0
failed=0 skipped=0 rescued=0 ignor
ed=0

adduser debian host

[Link] [Link]
- name: Create a user
hosts: server1
become: yes
tasks:
- name: Add user odik
user:
name: odik
shell: /bin/bash
home: /home/odik

root@tusirah:~# ansible-playbook -i [Link] [Link]

PLAY [Create a user]


******************************************************************
***********************

TASK [Gathering Facts]


******************************************************************
*********************
ok: [server1]

TASK [Add user odik]


******************************************************************
***********************
changed: [server1]

PLAY RECAP
******************************************************************
*********************************
server1 : ok=2 changed=1 unreachable=0
failed=0 skipped=0 rescued=0 ignor
ed=0
[Link] [Link]
- name: Test Ping and Uname
hosts: all
gather_facts: no
tasks:
- name: Ping target hosts
[Link]:

- name: Get system information


[Link]: uname -a
register: uname_output

- name: Show system information


[Link]:
msg: "{{ uname_output.stdout }}"

root@tusirah:~# ansible-playbook -i [Link] [Link]

PLAY [Test Ping and Uname]


******************************************************************
*****************

TASK [Ping target hosts]


******************************************************************
*******************
ok: [server1]
ok: [server2]

TASK [Get system information]


******************************************************************
**************
changed: [server2]
changed: [server1]

TASK [Show system information]


******************************************************************
*************
ok: [server1] => {
"msg": "Linux debianfw 6.1.0-32-amd64 #1 SMP PREEMPT_DYNAMIC
Debian 6.1.129-1 (2025-03-06) x86_64 GNU/Linu
x"
}
ok: [server2] => {
"msg": "Linux server2 6.1.0-32-amd64 #1 SMP PREEMPT_DYNAMIC
Debian 6.1.129-1 (2025-03-06) x86_64 GNU/Linux
"
}

PLAY RECAP
******************************************************************
*********************************
server1 : ok=3 changed=1 unreachable=0
failed=0 skipped=0 rescued=0 ignor
ed=0
server2 : ok=3 changed=1 unreachable=0
failed=0 skipped=0 rescued=0 ignor
ed=0

Rubah Hostname
cat [Link]
[servers]
server1 ansible_host=[Link] ansible_user=root
server2 ansible_host=[Link] ansible_user=root
server3 ansible_host=[Link] ansible_user=root

[all:vars]
ansible_python_interpreter=/usr/bin/python3

[Link] [Link]
- name: Configure Hostname on Multiple Servers
hosts: all
become: yes
vars:
server_hostnames:
- { name: "server1", ip: "[Link]" }
- { name: "server2", ip: "[Link]" }
- { name: "server3", ip: "[Link]" }

tasks:
- name: Set hostname
hostname:
name: "{{ [Link] }}"
loop: "{{ server_hostnames }}"
when: ansible_default_ipv4.address == [Link]

- name: Update /etc/hosts file


lineinfile:
path: /etc/hosts
regexp: '^[Link]'
line: "[Link] {{ [Link] }}"
loop: "{{ server_hostnames }}"
when: ansible_default_ipv4.address == [Link]

- name: Restart hostname service (if required)


command: hostnamectl set-hostname {{ [Link] }}
loop: "{{ server_hostnames }}"
when: ansible_default_ipv4.address == [Link] and
ansible_distribution in ["Ubuntu", "Debian"]
ansible-playbook -i [Link] [Link]

PLAY [Configure Hostname on Multiple Servers]


****************************************************************

TASK [Gathering Facts]


******************************************************************
*********************
ok: [server1]
ok: [server3]
ok: [server2]

TASK [Set hostname]


******************************************************************
************************
skipping: [server2] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server3] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server3] => (item={'name': 'server2', 'ip':
'[Link]'})
ok: [server2] => (item={'name': 'server2', 'ip': '[Link]'})

skipping: [server2] => (item={'name': 'server3', 'ip':


'[Link]'})
changed: [server3] => (item={'name': 'server3', 'ip':
'[Link]'})
changed: [server1] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server1] => (item={'name': 'server2', 'ip':
'[Link]'})
skipping: [server1] => (item={'name': 'server3', 'ip':
'[Link]'})

TASK [Update /etc/hosts file]


******************************************************************
**************
skipping: [server2] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server3] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server3] => (item={'name': 'server2', 'ip':
'[Link]'})
changed: [server2] => (item={'name': 'server2', 'ip':
'[Link]'})
skipping: [server2] => (item={'name': 'server3', 'ip':
'[Link]'})
changed: [server3] => (item={'name': 'server3', 'ip':
'[Link]'})
changed: [server1] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server1] => (item={'name': 'server2', 'ip':
'[Link]'})
skipping: [server1] => (item={'name': 'server3', 'ip':
'[Link]'})

TASK [Restart hostname service (if required)]


****************************************************************
skipping: [server2] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server3] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server3] => (item={'name': 'server2', 'ip':
'[Link]'})
changed: [server3] => (item={'name': 'server3', 'ip':
'[Link]'})
changed: [server1] => (item={'name': 'server1', 'ip':
'[Link]'})
skipping: [server1] => (item={'name': 'server2', 'ip':
'[Link]'})
skipping: [server1] => (item={'name': 'server3', 'ip':
'[Link]'})
changed: [server2] => (item={'name': 'server2', 'ip':
'[Link]'})
skipping: [server2] => (item={'name': 'server3', 'ip':
'[Link]'})

PLAY RECAP
******************************************************************
*********************************
server1 : ok=4 changed=3 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0
server2 : ok=4 changed=2 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0
server3 : ok=4 changed=3 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0

USER Import dan CSV


cat [Link]
username,password,shell,groups
utik,pass123,/bin/bash,sudo
doni,pass123,/bin/bash,developer
roni,pass123,/bin/bash,sales
rudi,pass123,/bin/bash,sales

[Link] [Link]
---
- name: Import users from CSV and create accounts
hosts: all
become: yes
tasks:

- name: Copy CSV file to remote servers


[Link]:
src: "/home/budi/workflow/hosts/[Link]"
dest: "/tmp/[Link]"
mode: '0644'

- name: Read CSV file from remote server


[Link].read_csv:
path: "/tmp/[Link]"
register: users_list

- name: Ensure required groups exist


[Link]:
name: "{{ item }}"
state: present
loop:
- sudo
- sales
- developer

- name: Create users from CSV data


[Link]:
name: "{{ [Link] }}"
password: "{{ [Link] | password_hash('sha512') }}"
shell: "{{ [Link] }}"
groups: "{{ [Link] }}"
append: yes
loop: "{{ users_list.list }}"

ansible-playbook -i [Link] [Link]


PLAY [Import users from CSV and create accounts]
******************************************************************
******************************************************************
*******

TASK [Gathering Facts]


******************************************************************
******************************************************************
*********************************
ok: [server2]
ok: [server1]
ok: [server3]

TASK [Copy CSV file to remote servers]


******************************************************************
******************************************************************
*****************
ok: [server1]
ok: [server3]
ok: [server2]

TASK [Read CSV file from remote server]


******************************************************************
******************************************************************
****************
ok: [server3]
ok: [server1]
ok: [server2]

TASK [Ensure required groups exist]


******************************************************************
******************************************************************
********************
ok: [server3] => (item=sudo)
ok: [server2] => (item=sudo)
ok: [server1] => (item=sudo)
changed: [server3] => (item=sales)
changed: [server2] => (item=sales)
changed: [server1] => (item=sales)
changed: [server2] => (item=developer)
changed: [server3] => (item=developer)
changed: [server1] => (item=developer)

TASK [Create users from CSV data]


******************************************************************
******************************************************************
**********************
changed: [server1] => (item={'username': 'utik', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sudo'})
changed: [server2] => (item={'username': 'utik', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sudo'})
changed: [server3] => (item={'username': 'utik', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sudo'})
changed: [server2] => (item={'username': 'doni', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'developer'})
changed: [server1] => (item={'username': 'doni', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'developer'})
changed: [server3] => (item={'username': 'doni', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'developer'})
changed: [server2] => (item={'username': 'roni', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sales'})
changed: [server3] => (item={'username': 'roni', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sales'})
changed: [server1] => (item={'username': 'roni', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sales'})
changed: [server2] => (item={'username': 'rudi', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sales'})
changed: [server3] => (item={'username': 'rudi', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sales'})
changed: [server1] => (item={'username': 'rudi', 'password':
'pass123', 'shell': '/bin/bash', 'groups': 'sales'})

PLAY RECAP
******************************************************************
******************************************************************
*********************************************
server1 : ok=5 changed=2 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0
server2 : ok=5 changed=2 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0
server3 : ok=5 changed=2 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0

Untuk DNS Bind9

budi@tusirah:~/workflow/hosts$ tree ansible-bind9/


ansible-bind9/
├── [Link]
├── [Link]
└── roles
└── bind9
├── handlers
│ └── [Link]
├── tasks
│ └── [Link]
└── templates
├── [Link].j2
└── [Link].j2

cd ansible-bind9

vim [Link]
[bind9_servers]
dns_server1 ansible_host=[Link] ansible_user=root
dns_server2 ansible_host=[Link] ansible_user=root

vim [Link]
- name: Deploy BIND9 DNS Server
hosts: bind9_servers
become: yes
roles:
- bind9

vim roles/bind9/tasks/[Link]
- name: Install BIND9
apt:
name: bind9
state: present
update_cache: yes

- name: Copy [Link]


template:
src: [Link].j2
dest: /etc/bind/[Link]
notify: Restart BIND9
- name: Copy zone file for [Link]
template:
src: [Link].j2
dest: /etc/bind/[Link]
notify: Restart BIND9

- name: Ensure BIND9 is running and enabled


service:
name: bind9
state: started
enabled: yes

vim roles/bind9/templates/[Link].j2

zone "[Link]" {
type master;
file "/etc/bind/[Link]";
};

vim roles/bind9/templates/[Link].j2

$TTL 86400
@ IN SOA [Link]. [Link]. (
2024032001 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL

; Nameservers
@ IN NS [Link].

; A records
ns IN A [Link]
ns2 IN A [Link]
www IN A [Link]
www IN A [Link]
mail IN A [Link]

; MX records
@ IN MX 10 [Link].

vim roles/bind9/handlers/[Link]

- name: Restart BIND9


service:
name: bind9
state: restarted
pwd
/home/budi/workflow/hosts/ansible-bind9

ansible all -i [Link] -m ping


dns_server2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
dns_server1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}

ansible-playbook -i [Link] [Link]

ansible all -i [Link] -m command -a "systemctl status bind


[Link]"

Client DNS

budi@tusirah:~/workflow/hosts$ mkdir client-dns

budi@tusirah:~/workflow/hosts$ tree client-dns/


client-dns/
├── [Link]
├── [Link]
└── templates
└── [Link].j2

cd client-dns
mkdir templates

vim [Link]
[servers]
server1 ansible_host=[Link] ansible_user=root
server2 ansible_host=[Link] ansible_user=root
server3 ansible_host=[Link] ansible_user=root

[all:vars]
ansible_python_interpreter=/usr/bin/python3

vim templates/[Link].j2
# Managed by Ansible
nameserver [Link]
nameserver [Link]

vim [Link]
- name: Update [Link] using template
hosts: all
become: yes
tasks:
- name: Deploy [Link] template
template:
src: [Link].j2
dest: /etc/[Link]
owner: root
group: root
mode: '0644'

budi@tusirah:~/workflow/hosts/client-dns$ ansible all -i


[Link] -m ping

server2 | SUCCESS => {


"changed": false,
"ping": "pong"
}
server3 | SUCCESS => {
"changed": false,
"ping": "pong"
}
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}

ansible-playbook -i [Link] [Link]

ansible all -i [Link] -m command -a "nslookup


[Link]"

server1 | CHANGED | rc=0 >>


Server: [Link]
Address: [Link]#53

Name: [Link]
Address: [Link]
Name: [Link]
Address: [Link]
server2 | CHANGED | rc=0 >>
Server: [Link]
Address: [Link]#53

Name: [Link]
Address: [Link]
Name: [Link]
Address: [Link]
server3 | CHANGED | rc=0 >>
Server: [Link]
Address: [Link]#53

Name: [Link]
Address: [Link]
Name: [Link]
Address: [Link]

Ansible Deploy Nginx

mkdir ansible-nginx
cd ansible-nginx

vim [Link]
[webservers]
web1 ansible_host=[Link] ansible_user=root
web2 ansible_host=[Link] ansible_user=root

[all:vars]
ansible_python_interpreter=/usr/bin/python3

vim [Link]
- name: Deploy Nginx with Custom Config and Index Page
hosts: webservers
become: yes
tasks:
- name: Install Nginx
[Link]:
name: nginx
state: present
update_cache: yes

- name: Deploy Nginx Configuration


[Link]:
src: [Link].j2
dest: /etc/nginx/sites-available/default
notify: Restart Nginx
- name: Ensure default site is enabled
[Link]:
src: /etc/nginx/sites-available/default
dest: /etc/nginx/sites-enabled/default
state: link
notify: Restart Nginx

- name: Deploy Index Page


[Link]:
src: [Link].j2
dest: /var/www/html/[Link]

handlers:
- name: Restart Nginx
[Link]:
name: nginx
state: restarted

mkdir templates

vim [Link].j2
server {
listen 80;
server_name _;
root /var/www/html;
index [Link];

location / {
try_files $uri $uri/ =404;
}
}

vim [Link].j2

<html>
<head><title>Hello</title></head>
<body>
<h1>Hello from {{ ansible_hostname }}!</h1>
</body>
</html>

cd /home/budi/workflow/hosts/ansible-nginx/

ansible all -i [Link] -m ping


web1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
web2 | SUCCESS => {
"changed": false,
"ping": "pong"
}

ansible-playbook -i [Link] [Link]

You might also like