I have a question regarding this syntax in the file haproxy.cfg when setting up a loadbalancer for 2 webservers. I have to distribute the weight (70/20) over 2 webservers over the port 80.
Is this correct?
And do i need to specify the {{ Port }} or not?
Management server -> Loadbalancer -> 2 webservers
Is this port 80 only on the left side, right side or both sides?
(file: roles/loadbalancer/templates/haproxy.cfg)
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind {{ Port }}
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server {{ server1Name }} {{ server1IP }} check weight 70
server {{ server2Name }} {{ server2IP }} check weight 30
# server app3 127.0.0.1:5003 check
# server app4 127.0.0.1:5004 check
(file: roles/loadbalancer/vars/main.yml)
---
# vars file for roles/loadbalancer
Port: "{{ hostvars['node1']['ansible_port'] }}"
server1Name: "{{ hostvars['webnode1']['inventory_hostname'] }}"
server1IP: "{{ hostvars['webnode1']['ansible_host'] }}"
server2Name: "{{ hostvars['webnode2']['inventory_hostname'] }}"
server2IP: "{{ hostvars['webnode2']['ansible_host'] }}"
Yes in the server line have the port be there after the ip.
server {{ server1Name }} {{ server1IP }}:{{server1port}} check weight 70
You can find here the full documentation of the server keyword
Related
I need to create an inbound nat rule on my loadbalancer to redirect a certain port to a virtual machine. I've created my loadbalancer like so. I'm on Ansible 2.9.6.
- name: Create loadbalancers
azure_rm_loadbalancer:
resource_group: "{{ item.lb_resource_group }}"
name: "{{ item.lb_name }}"
frontend_ip_configurations: "{{ item.lb_frontend_ip_configurations }}"
backend_address_pools: "{{ item.lb_backend_address_pools }}"
probes: "{{ item.lb_probes }}"
load_balancing_rules: "{{ item.lb_load_balancing_rules }}"
inbound_nat_rules: "{{ item.lb_inbound_nat_rules }}"
with_items:
- "{{ lbs }}"
tags:
- lb
The inbound nat-rule looks like this.
- name: "nat-rule-in"
backend_port: 821
protocol: Tcp
frontend_port: 380
frontend_ip_configuration: "lb-frontend"
I've looked in this documentation and can not find anything that says something about this. Is it not possible to set a target VM for an inbound nat-rule using Ansible or do I need to do it somewhere else?
I've also searched the VM documentation for Ansible-azure but can't find anything related to NAT rules there either.
What you need to find is not the azure_rm_virtualmachine module in Ansible, it should be the azure_rm_networkinterface module. You can configure the ip_configurations property of the azure_rm_networkinterface to set the load_balancer_backend_address_pools, this property can associate the VM to the Load Balancer.
Seems as if this really isn't an option with Ansible-azure itself.
I instead used the Azure-CLI with an SPN and ran the command through Ansible using command.
$ sudo apt-get install azure-cli
Within Ansible I used the code below to set the target VM after creating the inbound nat rule.
- name: Create inbound NAT rules
command: az network nic ip-config inbound-nat-rule add --ip-config-name <name> --resource-group <name> --lb-name <name> --nic-name <name> --inbound-nat-rule <name>
Same issue with az cli ...
It costed me a lot of time, glad I found this page. Indeed the way to (currently still) link the NAT rule to a backend is via the ipconfig object of the nic of the VM. https://learn.microsoft.com/en-us/cli/azure/network/nic/ip-config/inbound-nat-rule?view=azure-cli-latest
Hello to all stack overflow community.
I'm seeking you help because I've been trying to accomplish the task of getting a file from remote Windows to local linux using Ansible-AWX and I can't get it to work. Bellow I shared the playbook and most of tests I've done but none of them worked.
I'm getting latest file in a windows directory and trying to transfer that file to local AWX either inside the docker or in the linux server where AWX is running.
Test_1: Said file was copied but when I go inside the docker nothing there. I can't find an answer and couldn't find any on Google.
Test_2: Didn't work. It says can't authenticate to linux server
Test_3: Task became idle and I have to restart the docker to be able to stop it. It gets crazy. No idea why.
Test_4: It says connection unexpectedly closed.
I didn't want to provide output to reduce noise and because I can't share the information. I removed names and ips from playbook as well.
I'm connecting to Windows server using AD.
Please, I don't know what else to do. Thanks for your help in advance.
---
- name: Get file from Windows to Linux
hosts: all # remote windows server ip
gather_facts: true
become: true
vars:
local_dest_path_test1: \var\lib\awx\public\ # Inside AWX docker
local_dest_path_test2: \\<linux_ip>\home\user_name\temp\ # Outside AWX docker in the linux server
local_dest_path_test3: /var/lib/awx/public/ # Inside AWX docker
# Source file in remote windows server
src_file: C:\temp\
tasks:
# Getting file information to be copied
- name: Get files in a folder
win_find:
paths: "{{ src_file }}"
register: found_files
- name: Get latest file
set_fact:
latest_file: "{{ found_files.files | sort(attribute='creationtime',reverse=true) | first }}"
# Test 1
- name: copy files from Windows to Linux
win_copy:
src: "{{ latest_file.path }}"
dest: "{{ local_dest_path_test1 }}"
remote_src: yes
# Test 2
- name: copy files from Windows to Linux
win_copy:
src: "{{ latest_file.path }}"
dest: "{{ local_dest_path_test2 }}"
remote_src: yes
become: yes
become_method: su
become_flags: logon_type=new_credentials logon_flags=netcredentials_only
vars:
ansible_become_user: <linux_user_name>
ansible_become_pass: <linux_user_password>
ansible_remote_tmp: <linux_remote_path>
# Test 3
- name: Fetch latest file to linux
fetch:
src: "{{ latest_file.path }}"
dest: "{{ local_dest_path_test3 }}"
flat: yes
fail_on_missing: yes
delegate_to: 127.0.0.1
# Test 4
- name: Transfer file from Windows to Linux
synchronize:
src: "{{ latest_file.path }}"
dest: "{{ local_dest_path_test3 }}"
mode: pull
delegate_to: 127.0.0.1
I would like to monitor multiple logs on the universal forwarder. How can i do this? Also when I set forward-server am running out in error. with Enable boot-start somehow i have to accept license manually to finish up the installation. Any suggestions, please?
- name: connect forward server to Splunk server
command: "{{ splunkbin }} add forward-server {{ item }} -auth {{ splunkcreds }}"
with_items: "{{ splunkserver }}"
when: splunkserver is defined
notify: restart_splunk
- name: Enable Boot Start
command: "{{ splunkbin }} enable boot-start"
- name: add temporary monitor to create directory
command: "{{ splunkbin }} add monitor /etc/hosts -auth {{ splunkcreds }}"
notify: restart_splunk
Use the following to accept the license without prompting
- name: Enable Boot Start
command: "{{ splunkbin }} enable boot-start --accept-license"
I want to provision Windows host that is in subnet accessible only with Linux jump host.
Windows machine uses winrm connection method.
Linux jump server is available via SSH.
I have no problem accessing windows host if available directly with:
ansible_connection: winrm
If I try to delegate the task to the Linux jump server (that has direct access to Windows) by:
- name: Ping windows
hosts: windows_machines
tasks:
- name: ping
win_ping:
delegate_to: "{{ item }}"
with_items: "{{ groups['jump_servers'][0] }}"
it tries to connect to establish WINRM connection to the jump host. Not exactly what I had in mind.
Note that for windows_machines group I have group_vars defined:
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
How should I provision Windows hosts via a bastion host?
My priority was to have all the configuration in one place and not distribute part of Ansible to the bastion/jump host. I went for establishing ssh tunnel for the 5986 port.
Here is the complete task:
- name: Tunneled configuration of Windows host in a subnet
hosts: windows
connection: local #This is the trick to connect to localhost not actual host
gather_facts: no
tasks:
- name: First setup a tunnel
local_action: command ssh -Nf -4 -o ControlPersist=1m -o ControlMaster=auto -o ControlPath="~/.ssh/mux2win-%r#%h:%p" -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o UserKnownHostsFile="/dev/null" -i {{ hostvars[item].ansible_ssh_private_key_file }} {{ hostvars[item].ansible_ssh_user }}#{{ hostvars[item].ansible_host }} -L {{ ansible_port }}:{{ actual_host }}:{{ ansible_port }}
with_items:
- "{{ groups['jump_servers'][0] }}" #I know my topology so I know which host to use
- name: (optional) Second ensure it is up
local_action: command ssh -O check -S "~/.ssh/mux2win-%r#%h:%p" {{ hostvars[item].ansible_ssh_user }}#{{ hostvars[item].ansible_host }}
with_items:
- "{{ groups['jump_servers'][0] }}"
# ------- actual windows tasks (from ansible examples) ------------
- name: Ping
connection: local
win_ping:
- name: test raw module- run ipconfig
raw: ipconfig
register: ipconfig
- debug: var=ipconfig
- name: Test stat module- test stat module on file
win_stat: path="C:/Windows/win.ini"
register: stat_file
- debug: var=stat_file
- name: Check stat_file result
assert:
that:
- "stat_file.stat.exists"
- "not stat_file.stat.isdir"
- "stat_file.stat.size > 0"
- "stat_file.stat.md5"
# ------- end of actual windows tasks ------------
- name: Stop the tunnel. It would stop anyway after 1m.
local_action: command ssh -O stop -S "~/.ssh/mux2win-%r#%h:%p" {{ hostvars[item].ansible_ssh_user }}#{{ hostvars[item].ansible_host }}
with_items:
- "{{ groups['jump_servers'][0] }}"
For this to work I had to modify slightly the inventory file:
[windows]
windows1 ansible_host=127.0.0.1 ansible_ssh_user=Administrator actual_host=192.168.0.2 (...)
Ansible can connect by accessing 5986 port on local host, so ansible_host has to be set to 127.0.0.1 and to have the information on the actual ip of the Windows machine a custom variable actual_host is set.
That's not what the delegate_to option on a task does.
Instead, delegate_to will make sure that the task only runs against a specific node rather than the group that is listed in the role/playbook.
So for example you may have a role that sets up MySQL on a cluster of boxes that are defined generically but then want to do specific configuration/tasks on the master alone, leaving the master to then replicate these out to the slaves.
You can do SSH proxying where you forward SSH connections through a bastion/jump host but that obviously needs your connection to be SSH throughout which doesn't help you.
The only thing I can think of to help you here would be to use Ansible directly from the bastion/jump host possibly triggered by Ansible (or anything else really) from your machine outside of the protected zone.
I'm in the process of setting up Ansible to take over for a puppet install.
I see puppet manifest that is setting up a ypbind file, and it pushes out a slightly different version of the yp.conf file based on hostname.
So I have the following puppet definitions:
class ypbind {
file {'yp.conf':
ensure => file,
content => template("ypbind/yp.conf.erb"),
owner => 'root',
group => 'root',
mode => '0644',
notify => Service['ypbind'],
path => '/etc/yp.conf',
}
service {'ypbind':
enable => true,
ensure => running,
}
}
Followed by this template (domains and IPs sanitized)
<% case
when #hostname =~/(^[p|d]NY-)/ -%>
#New York Data Center NIS
domain NY1.domain.com IP1
domain NY2.domain.com IP2
domain SF1.domain.com IP3
<%when #hostname =~/(^[p|d]SF-)/ -%>
#San Fran Data Center NIS
domain SF1.domain.com IP1
domain SF2.domain.com IP2
domain NY1.domain.com IP3
<% else -%>
#Default to NY DC
domain NY1.domain.com IP1
domain NY2.domain.com IP2
<% end -%>
My question is how do I replicate this logic using Ansible?
I think I figured out a way to do it with hostname, but I'd have to use multiple files. Is there a way to do the same thing in ansible as this puppet example?
---
- hosts: all
sudo: yes
gather_facts: yes
user: ansible
tasks:
- name: update NY ypbind
template: src=/etc/ansible/files/yp.conf.NY dest=/etc/yp.conf mode=0644 owner=root group=root
notify: restart ypbind
when: ansible_hostname | match('^[p|d]NY-test01')
- name: update SF ypbind
template: src=/etc/ansible/files/yp.conf.SF dest=/etc/yp.conf mode=0644 owner=root group=root
notify: restart ypbind
when: ansible_hostname | match('^[p|d]SF-test01')
handlers:
- name: restart ypbind
- service: name=ypbind state=restarted
I think after research, I'd just use the jinja2 template system, just not sure how quite yet...
For anyone else that might be interested, it turned out to be pretty simple. It was just the following.
ypbind.yaml
---
- hosts: all
sudo: yes
gather_facts: yes
user: ansible
tasks:
- name: update NY ypbind
template: src=/etc/ansible/files/yp.conf.j2 dest=/etc/yp.conf mode=0644 owner=root group=root
notify: restart ypbind
handlers:
- name: restart ypbind
service: name=ypbind state=restarted
yp.conf.j2
{% if ansible_hostname |match ('^[p|d]sf-') %}
domain SF.domain.com server 10.200.0.1
domain SF.domain.com server 10.200.0.2
domain NY.domain.com server 10.201.0.1
{% else %}
domain NY.domain.com server 10.201.0.1
domain NY.domain.com server 10.201.0.2
domain SF.domain.com server 10.200.0.1
{% endif %}