Ansible
ansible https://www.jianshu.com/u/ace85431b4bb Tower API :https://docs.ansible.com/ansible-tower/latest/html/towerapi/browseable.html Tower Documentation: https://docs.ansible.com/ansible-tower/latest/html/administration/ldap_auth.html
1 概述
https://kionf.com/2018/07/06/zabbix-alarm-phone
2 ansible-playbooks
2.1.1 内置变量
| 变量名 | 含义 |备注 | | — | — | — | |ansible_hostname | 获取主机名| 必须注释# gather_facts: False |
3 Ansible-Tower部署and破解
API文档 https://docs.ansible.com/ansible-tower/2.3.0/html/towerapi/intro.html
3.1.1 安装ansible-tower-setup-3.2.5
wget http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz -P /data/tower/
cd /data/tower/
tar xvf ansible-tower-setup-latest.tar.gz -C ./
cd ansible-tower-setup-3.2.5/
编辑inventory配置文件如下
[tower]
localhost ansible_connection=local
[database]
[all:vars]
admin_password='xxxx'
pg_host='127.0.0.1'
pg_port='5432'
pg_database='awx'
pg_username='awx'
pg_password='awx'
rabbitmq_port=5672
rabbitmq_vhost=tower
rabbitmq_username=tower
rabbitmq_password='tower'
rabbitmq_cookie=cookiemonster
# Needs to be true for fqdns and ip addresses
rabbitmq_use_long_name=false
# Isolated Tower nodes automatically generate an RSA key for authentication;
# To disable this behavior, set this value to false
# isolated_key_generation=true
运行安装脚本
sh setup.sh
3.1.2 破解
访问tower:https://10.10.10.1,默认用户名为admin密码为inventory文件中设置的admin_password=’admin’
先修改这个文件,不然后面破解不成功
vim /var/lib/awx/venv/awx/lib/python2.7/site-packages/tower_license/__init__.py
119 def _check_cloudforms_subscription(self):
120 return True
121 #if os.path.exists('/var/lib/awx/i18n.db'):
122 # return True
我是centos7,找到安装目录文件地址如下
# ll /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.py*
-rw-r--r--. 1 root root 82616 8月 7 15:43 /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.pyc
-rw-r--r--. 1 root root 82569 8月 7 15:43 /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.pyo
首先下载python反编译工具
pip install uncompyle2
反编译文件tasks.pyc
#反编译文件
uncompyle6 task.pyc >/tmp/task.py
#141行添加
141 validation_info.get('instance_count', 0) = 9999999
# 删除加密文件
mv /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/tasks.py* ~/bak/
#拷贝修改后文件到此目录
cp /tmp/tasks.py /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/main/
#重启服务
ansible-tower-service restart
查看修改后效果,settings=>view your license
3.2.1 Tower使用
http://doubikang.com/2017/10/14/hello-world/
创建登录凭证
SETTINGS -> CREDENTIALS -> CREATE CREDENTIAL
Name自定义,然后选择type
接下来填写自己的用户名密码或者key
3.2.2 Tower 静态文件
- 静态文件目录/var/lib/awx/public/static
修改logo:
/var/lib/awx/public/static/assets/logo-header.svg
/var/lib/awx/public/static/assets/logo-login.svg
3.2.3 tower数据迁移
-
数据导出: pg_dump -U awx -p 5432 awx -f awx
-
数据导入:
4 books-gitlib-jenkins-tower
4.1 gitlab webhook 调用jenkins同步数据
配置jenkins
这个URL配置在gitlab中的webhook里面
build后同步数据
echo "Hello word!"
SOURCE_DIR=/data/workspace/workspace/xxxx/ansible-playbooks/
DEST_DIR=/data/ansible-playbooks/
REMOTE_IP=xxxx
REMOTE_USER=awx
/usr/bin/rsync -e "ssh -p22" -avpgolr --delete-before $SOURCE_DIR $REMOTE_USER@$REMOTE_IP:$DEST_DIR
echo "end~ nice"
4.2 tower配置目录
vim /etc/tower/settings.py
PROJECTS_ROOT = '/data/ansible-playbooks‘
然后Tower中就可以使用仓库中的books