hi all,
as our network is behind the internet none of our ansible clients/hosts or server are internet facing.
if i make a playbook to install packages like apache or nginx to the clients/hosts that it uses the servers proxy to install packages rather than the clients/hosts trying to reach out the internet?
thanks,
rob
I would expect that Ansible should be able to connect to the Internet using the same method you currently use for OS installs and updates? Or is the Intranet network air-gapped?
ansible hosts and the main server are none internet facing, all hosts and server are on different vlans but those vlans can talk to eachother
basically i want all the clients to get all the packages from server as im only going to make server use proxy
Does this help?
nice so set up and env variable for all the hosts to talk to the proxy to download the packages
so i imagine you just cant set it up so all hosts talk back to the server to download the packages?
If, for example, all your servers were running Debian and all the packages to be installed / updated were from the Debian repos rather than 3rd party ones then it might be worth setting up a Debian mirror that your Intranet clients can access and that has access to the Internet to receive updates. The same thing could probably be done for most GNU/Linux distros.
If there are only some packages needed then you could consider creating your own apt repo on the server that has Internet access and then have the Intranet clients get updates from it.
nice one thanks @chris now i just need to work out how to write yaml files for different things ie install packages, make config changes etc
i imagine for windows hosts the same yaml file will work
I haven’t used Windows for ~25 years so I’m not in a position to answer any Windows related questions.
Hi,
i imagine for windows hosts the same yaml file will work
Depends on what’s in it and how you organize your configuration. But specific tasks you’d use to configure your hosts package manager (to use a cache proxy for instance) or install said package on them won’t work on Windows hosts, as modules are for the most part OS-related (well, connection method, interpreter and tools related would be more accurate). Windows have their own set of core plugins and modules you could use, as well as multiple resources you could find online.
For most commonly used modules, there is a Windows pendant; as an example, here is the ansible.builtin.package module you could use to manage packages on GNU/Linux hosts, and here the ansible.windows.win_package module, which should work in a similar manner, but for Windows.
Now you could have a playbook containing tasks for GNU/Linux as well as Windows hosts, but you’d have to ensure os-specific tasks targets related hosts in some way, be it to use multiple plays or conditions (when:).