The topology is shown as the follow diagram:
There are a couple of prerequisite steps we need to completed before writing our Ansible Run book.
1. Install rsync on the every server including the remote Ansible Servers and the Central Server.
2. Generate the Vault File
If the Vault file has been build in the previous config collection post, then ignore this step.
3. Install the FTP server in the central server
Please check my post to describe about how to setup FTP/SFTP server.
Step 1: Configure the host file
Step 2: Configure the host var login file
Step 3: Create the Site YML file
Step 4: Initial the Ansible role "ftp-sync"
Step 5: Configure the tasks in "ftp-sync" role
This task will login to the central FTP server and synchronise the files from the local folder "/etc/ansible/backup" to the central server.
yum install rsync
|
2. Generate the Vault File
If the Vault file has been build in the previous config collection post, then ignore this step.
3. Install the FTP server in the central server
Please check my post to describe about how to setup FTP/SFTP server.
Step 1: Configure the host file
/etc/ansible/hosts
[ftp]
192.168.1.216
|
Step 2: Configure the host var login file
/etc/ansible/group_vars/
ansible-vault create ftp
---
ansible_ssh_pass:
123456
ansible_ssh_user:
root
|
Step 3: Create the Site YML file
/etc/ansible/ftp.yml
---
- hosts: ftp
gather_facts: no
become: no
roles:
- ftp-sync
|
Step 4: Initial the Ansible role "ftp-sync"
cd/etc/ansible/roles/
ansible-galaxy init ftp-sync
|
Step 5: Configure the tasks in "ftp-sync" role
This task will login to the central FTP server and synchronise the files from the local folder "/etc/ansible/backup" to the central server.
cd /etc/ansible/roles/ftp-sync/tasks/
vi main.yml
---
- name: syn files
synchronize:
src:
/etc/ansible/backup
dest: /var/ftp/ansible/backup set_remote_user=no
|
Step 6: Enable SSH key based authentication on the Ansible server to bypass the password prompt in "rsync"
Ansible will utilize "rsync" to synchronise the files between the source and destination folders.
Although Ansible has the username/password to login to the Central server, the "rsync" doesn't have those details. So in order to avoid the "password prompt" pop up, we can enable SSH key based authentication for the Ansible Server on the Central server.
Please check my other post which describe how to enable SSH key based authentication for Linux.
Step 7: Setup CRON
# crontab /etc/crontab
# vi /etc/crontab
*/5 * * * * ansible-playbook /etc/ansible/ftp.yml
# every 5 minutes
|
Conclusion
This Ansible playbook achieve our gold to synchronise the configuration files collected by the remote Ansible server to the central storage server. The the users can fetch the configuration files from the central server via FTP, SFTP or HTTP.
No comments:
Post a Comment