- https://stepik.org/course/123806/syllabus
- Rotoro cloud labs: https://rotoro.cloud/ld-courses/ansible-для-начинающих-практический-опыт/
- Beginners QA: https://github.com/rotoro-cloud/ansible-for-beginners
- Official Doc: https://docs.ansible.com/ansible/latest/index.html
- Presentation: https://rotoro.cloud/wp-content/uploads/2021/10/afbrel-0.0.pdf
- Telegram: https://t.me/RoToRoCloud
docker build -t arch_target1 .
docker build -t arch_target2 .
docker run -d -P --name arch_target1 arch_target1
docker run -d -P --name arch_target2 arch_target2
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0c8e9efeb68e arch_target2 "/usr/sbin/sshd -D" 2 seconds ago Up 1 second 0.0.0.0:32778->22/tcp, :::32778->22/tcp arch_target2
b24f2158f2df arch_target1 "/usr/sbin/sshd -D" 7 seconds ago Up 7 seconds 0.0.0.0:32777->22/tcp, :::32777->22/tcp arch_target1
docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target1
docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target2
# echo $(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target1) target1 >> /etc/hosts
# echo $(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target2) target2 >> /etc/hosts
sudo micro /etc/hosts
172.17.0.2 target1
172.17.0.3 target2
ssh root@target1
ssh root@target2
ansible target1 -m ping -i inventory
target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" }
ansible all -m ping -i inventory
target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" } target2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" }
ansible-playbook playbook-ping.yml -i inventory-ping
ok: [target2] ok: [target1] target1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
target2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ansible-playbook playbook-ping.yml -i inventory-ping -vvv
<target1> ESTABLISH SSH CONNECTION FOR USER: root
<target1> SSH: EXEC sshpass -d15 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/jacky/.ansible/cp/9a3d60751b"' target1 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
...
ok: [target2] => {
"changed": false,
"invocation": {
"module_args": {
"data": "pong"
}
},
"ping": "pong"
}
ok: [target1] => {
"changed": false,
"invocation": {
"module_args": {
"data": "pong"
}
},
"ping": "pong"
}
ssh root@target1
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Add correct host key in /home/jacky/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/jacky/.ssh/known_hosts:11 Host key for target1 has changed, and you have requested strict checking. Host key verification failed.
tail ~/.ssh/known_hosts | grep target1
ssh-keygen -R target1
Host target1 found: line 11 /home/jacky/.ssh/known_hosts updated. Original contents retained as /home/jacky/.ssh/known_hosts.old
ssh root@target1
> yes, 123
ansible target2 -m ping -i inventory
target2 | FAILED! => { "msg": "Using an SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host." }
sudo micro /etc/ansible/ansible.cfg
[defaults]
host_key_checking = false
ansible target2 -m ping -i inventory
target2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" }
ansible target1 -m ping -i inventory
target1 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ED25519 key sent by the remote host is\nSHA256:+F8M..3w.\r\nPlease contact your system administrator.\r\nAdd correct host key in /home/jacky/.ssh/known_hosts to get rid of this message.\r\nOffending ED25519 key in /home/jacky/.ssh/known_hosts:12\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\nUpdateHostkeys is disabled because the host key is not trusted.\r\[email protected]: Permission denied (publickey,password).", "unreachable": true }
tail ~/.ssh/known_hosts
ssh-keygen -R target1
ssh-keygen -R 172.17.0.2 // IP for target1
ansible target1 -m ping -i inventory
target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" }