目录

Ansible

ansible https://www.jianshu.com/u/ace85431b4bb Tower API :https://docs.ansible.com/ansible-tower/latest/html/towerapi/browseable.html Tower Documentation: https://docs.ansible.com/ansible-tower/latest/html/administration/ldap_auth.html

1 概述

https://kionf.com/2018/07/06/zabbix-alarm-phone

2 ansible-playbooks

2.1.1 内置变量

| 变量名 | 含义 |备注 | | — | — | — | |ansible_hostname | 获取主机名| 必须注释# gather_facts: False |

3 Ansible-Tower部署and破解

API文档 https://docs.ansible.com/ansible-tower/2.3.0/html/towerapi/intro.html

3.1.1 安装ansible-tower-setup-3.2.5

wget http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz -P /data/tower/
cd /data/tower/
tar xvf ansible-tower-setup-latest.tar.gz -C ./
cd ansible-tower-setup-3.2.5/

编辑inventory配置文件如下

[tower]
localhost ansible_connection=local

[database]

[all:vars]
admin_password='xxxx'

pg_host='127.0.0.1'
pg_port='5432'

pg_database='awx'
pg_username='awx'
pg_password='awx'

rabbitmq_port=5672
rabbitmq_vhost=tower
rabbitmq_username=tower
rabbitmq_password='tower'
rabbitmq_cookie=cookiemonster

# Needs to be true for fqdns and ip addresses
rabbitmq_use_long_name=false

# Isolated Tower nodes automatically generate an RSA key for authentication;
# To disable this behavior, set this value to false
# isolated_key_generation=true

运行安装脚本

sh setup.sh

3.1.2 破解

访问tower:https://10.10.10.1,默认用户名为admin密码为inventory文件中设置的admin_password=’admin’

先修改这个文件,不然后面破解不成功

vim /var/lib/awx/venv/awx/lib/python2.7/site-packages/tower_license/__init__.py

119     def _check_cloudforms_subscription(self):
120         return True
121         #if os.path.exists('/var/lib/awx/i18n.db'):
122         #    return True

我是centos7,找到安装目录文件地址如下

# ll /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.py*
-rw-r--r--. 1 root root 82616 8月   7 15:43 /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.pyc
-rw-r--r--. 1 root root 82569 8月   7 15:43 /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.pyo

首先下载python反编译工具

pip install uncompyle2

反编译文件tasks.pyc

#反编译文件
uncompyle6 task.pyc >/tmp/task.py

#141行添加
 141     validation_info.get('instance_count', 0) = 9999999


# 删除加密文件
mv /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.py* ~/bak/
#拷贝修改后文件到此目录
cp /tmp/tasks.py /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/

#重启服务
ansible-tower-service restart

查看修改后效果,settings=>view your license

3.2.1 Tower使用

http://doubikang.com/2017/10/14/hello-world/

创建登录凭证 SETTINGS -> CREDENTIALS -> CREATE CREDENTIAL Name自定义,然后选择type 接下来填写自己的用户名密码或者key

3.2.2 Tower 静态文件

  • 静态文件目录/var/lib/awx/public/static
修改logo: 
/var/lib/awx/public/static/assets/logo-header.svg
/var/lib/awx/public/static/assets/logo-login.svg

3.2.3 tower数据迁移

  • 数据导出: pg_dump -U awx -p 5432 awx -f awx

  • 数据导入:

4 books-gitlib-jenkins-tower

4.1 gitlab webhook 调用jenkins同步数据

配置jenkins

这个URL配置在gitlab中的webhook里面

build后同步数据 

echo "Hello word!"
SOURCE_DIR=/data/workspace/workspace/xxxx/ansible-playbooks/
DEST_DIR=/data/ansible-playbooks/
REMOTE_IP=xxxx
REMOTE_USER=awx
/usr/bin/rsync  -e "ssh -p22" -avpgolr --delete-before $SOURCE_DIR $REMOTE_USER@$REMOTE_IP:$DEST_DIR
echo "end~ nice"

4.2 tower配置目录

 vim /etc/tower/settings.py
 PROJECTS_ROOT = '/data/ansible-playbooks‘

然后Tower中就可以使用仓库中的books