RedPlug's Tory

플레이북의 동적인 사용을 테스트 하기 위해

CentOS * 5, Ubuntu * 5 환경으로 구성

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  #==============#
  # CentOS nodes #
  #==============#
  
  #Ansible-Node101
  config.vm.define "ansible-node101" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node101(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node101"
	 cfg.vm.network "public_network", ip: "192.168.0.101"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60101, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end
  
  #Ansible-Node102	 
  config.vm.define "ansible-node102" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node102(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node102"
	 cfg.vm.network "public_network", ip: "192.168.0.102"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60102, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  #Ansible-Node103	 
  config.vm.define "ansible-node103" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node103(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node103"
	 cfg.vm.network "public_network", ip: "192.168.0.103"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60103, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  #Ansible-Node104	 
  config.vm.define "ansible-node104" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node104(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node104"
	 cfg.vm.network "public_network", ip: "192.168.0.104"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60104, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  #Ansible-Node105	 
  config.vm.define "ansible-node105" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node105(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node105"
	 cfg.vm.network "public_network", ip: "192.168.0.105"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60105, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  
  #==============#
  # Ubuntu nodes #
  #==============#
  
  #Ansible-Node201
  config.vm.define "ansible-node201" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node201(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node201"
	 cfg.vm.network "public_network", ip: "192.168.0.201"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60201, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end
  
  #Ansible-Node202	 
  config.vm.define "ansible-node202" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node202(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node202"
	 cfg.vm.network "public_network", ip: "192.168.0.202"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60202, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true
  end

  #Ansible-Node203	 
  config.vm.define "ansible-node203" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node203(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node203"
	 cfg.vm.network "public_network", ip: "192.168.0.203"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60203, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end

  #Ansible-Node204	 
  config.vm.define "ansible-node204" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node204(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node204"
	 cfg.vm.network "public_network", ip: "192.168.0.204"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60204, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end

  #Ansible-Node205	 
  config.vm.define "ansible-node205" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node205(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node205"
	 cfg.vm.network "public_network", ip: "192.168.0.205"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60205, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end
  
  
  #================#
  # Ansible Server #
  #================#
  
  config.vm.define "ansible-server" do |cfg|
    cfg.vm.box = "centos/7"
 	cfg.vm.provider "virtualbox" do |vb|
	  vb.name = "Ansible-Server(github_SysNet4Admin)"
	end
	cfg.vm.host_name = "ansible-server"
	cfg.vm.network "public_network", ip: "192.168.0.10"
	cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
	cfg.vm.synced_folder "../data", "/vagrant", disabled: true
	cfg.vm.provision "shell", inline: "yum install epel-release -y"
	cfg.vm.provision "shell", inline: "yum install ansible -y"
	cfg.vm.provision "file", source: "ansible_env_ready.yml", 
	  destination: "ansible_env_ready.yml"
	cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
  end
end

앤서블 환경 구성 파일

ansible_env_ready.yml

---
- name: Setup for the Ansible's Environment
  hosts: localhost
  gather_facts: no
  
  tasks:
    - name: Add "/etc/ansible/hosts"
      blockinfile: 
        path: /etc/ansible/hosts
        block: |
          [nodes]
          192.168.0.[101:105]
          192.168.0.[201:205]

    - name: Generate sshkey
      become: yes
      become_user: vagrant
      shell: "{{ item }}"
      with_items:
        - "ssh-keyscan 192.168.0.101 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.102 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.103 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.104 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.105 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.201 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.202 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.203 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.204 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.0.205 >> ~/.ssh/known_hosts"
          
    - name: Create vim env's directories & files
      shell: "{{ item }}"
      with_items:
        - "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
        - "touch /home/vagrant/.vimrc"
        - "touch /home/vagrant/.bashrc"
      
    - name: Install vim-enhanced
      yum: 
        name: vim-enhanced
        state: present
        
    - name: Install git
      yum: 
        name: git
        state: present
        
    - name: Download pathogen.vim
      shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
              https://tpo.pe/pathogen.vim"
      
    - name: Git clone vim-ansible-yaml
      git:
        repo: https://github.com/chase/vim-ansible-yaml.git
        dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
        
    - name: Configure vimrc
      lineinfile: 
        path: /home/vagrant/.vimrc
        line: "{{ item }}"
      with_items:
        - "set number"
        - "execute pathogen#infect()"
        - "syntax on"

    - name: Configure Bashrc
      lineinfile:   
        path: /home/vagrant/.bashrc
        line: "{{ item }}"
      with_items:
        - "alias ans='ansible'"
        - "alias anp='ansible-playbook'"

기존 노드 모두 삭제 진행

vagrant up

핑체크

vagrant ssh ansible-server
ans nodes -m ping -k

known_hosts를 자동으로 등록하기

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  #==============#
  # CentOS nodes #
  #==============#
  
  #Ansible-Node101
  config.vm.define "ansible-node101" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node101(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node101"
	 cfg.vm.network "public_network", ip: "192.168.0.101"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60101, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end
  
  #Ansible-Node102	 
  config.vm.define "ansible-node102" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node102(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node102"
	 cfg.vm.network "public_network", ip: "192.168.0.102"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60102, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  #Ansible-Node103	 
  config.vm.define "ansible-node103" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node103(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node103"
	 cfg.vm.network "public_network", ip: "192.168.0.103"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60103, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  #Ansible-Node104	 
  config.vm.define "ansible-node104" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node104(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node104"
	 cfg.vm.network "public_network", ip: "192.168.0.104"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60104, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  #Ansible-Node105	 
  config.vm.define "ansible-node105" do |cfg|
     cfg.vm.box = "centos/7"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node105(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node105"
	 cfg.vm.network "public_network", ip: "192.168.0.105"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60105, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
	 cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
  end

  
  #==============#
  # Ubuntu nodes #
  #==============#
  
  #Ansible-Node201
  config.vm.define "ansible-node201" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node201(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node201"
	 cfg.vm.network "public_network", ip: "192.168.0.201"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60201, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end
  
  #Ansible-Node202	 
  config.vm.define "ansible-node202" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node202(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node202"
	 cfg.vm.network "public_network", ip: "192.168.0.202"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60202, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true
  end

  #Ansible-Node203	 
  config.vm.define "ansible-node203" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node203(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node203"
	 cfg.vm.network "public_network", ip: "192.168.0.203"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60203, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end

  #Ansible-Node204	 
  config.vm.define "ansible-node204" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node204(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node204"
	 cfg.vm.network "public_network", ip: "192.168.0.204"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60204, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end

  #Ansible-Node205	 
  config.vm.define "ansible-node205" do |cfg|
     cfg.vm.box = "ubuntu/trusty64"
	 cfg.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Node205(github_SysNet4Admin)"
	 end
	 cfg.vm.host_name = "ansible-node205"
	 cfg.vm.network "public_network", ip: "192.168.0.205"
	 cfg.vm.network "forwarded_port", guest: 22, host: 60205, auto_correct: true, id: "ssh"
	 cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
  end
  
  
  #================#
  # Ansible Server #
  #================#
  
  config.vm.define "ansible-server" do |cfg|
    cfg.vm.box = "centos/7"
 	cfg.vm.provider "virtualbox" do |vb|
	  vb.name = "Ansible-Server(github_SysNet4Admin)"
	end
	cfg.vm.host_name = "ansible-server"
	cfg.vm.network "public_network", ip: "192.168.0.10"
	cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
	cfg.vm.synced_folder "../data", "/vagrant", disabled: true
	cfg.vm.provision "shell", inline: "yum install epel-release -y"
	cfg.vm.provision "shell", inline: "yum install ansible -y"
	cfg.vm.provision "file", source: "ansible_env_ready.yml", 
	  destination: "ansible_env_ready.yml"
	cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
	cfg.vm.provision "file", source: "auto_pass.yml", destination: "auto_pass.yml"
	cfg.vm.provision "shell", inline: "ansible-playbook auto_pass.yml", privileged: false
  end
end

ansible_env_ready.yml

---
- name: Setup for the Ansible's Environment
  hosts: localhost
  gather_facts: no
  
  tasks:
    - name: Add "/etc/ansible/hosts"
      blockinfile: 
        path: /etc/ansible/hosts
        block: |
          [nodes]
          192.168.0.[101:105]
          192.168.0.[201:205]

          
    - name: Create vim env's directories & files
      shell: "{{ item }}"
      with_items:
        - "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
        - "touch /home/vagrant/.vimrc"
        - "touch /home/vagrant/.bashrc"
      
    - name: Install vim-enhanced
      yum: 
        name: vim-enhanced
        state: present
        
    - name: Install git
      yum: 
        name: git
        state: present
        
    - name: Download pathogen.vim
      shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
              https://tpo.pe/pathogen.vim"
      
    - name: Git clone vim-ansible-yaml
      git:
        repo: https://github.com/chase/vim-ansible-yaml.git
        dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
        
    - name: Configure vimrc
      lineinfile: 
        path: /home/vagrant/.vimrc
        line: "{{ item }}"
      with_items:
        - "set number"
        - "execute pathogen#infect()"
        - "syntax on"

    - name: Configure Bashrc
      lineinfile:   
        path: /home/vagrant/.bashrc
        line: "{{ item }}"
      with_items:
        - "alias ans='ansible'"
        - "alias anp='ansible-playbook'"

auto_pass.yml

---
- name: Create authority between server and nodes
  hosts: nodes
  connection: local
  serial: 1
  gather_facts: no

  tasks:
    - name: ssh-keyscan for known_hosts file
      command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }}
      register: keyscan

    - name: input key
      lineinfile:      
        path: ~/.ssh/known_hosts
        line: "{{ item }}"
        create: yes     
      with_items:
        - "{{ keyscan.stdout_lines }}"

삭제 후 재생성

vag_reconf.bat

재 생성 후

vagrant ssh ansible-server
ans nodes -m ping -k

authorizeD_keys 등록

auto_pass.yml

---
- name: Create authority between server and nodes
  hosts: nodes
  connection: local
  serial: 1
  gather_facts: no
  vars:
    ansible_password: vagrant

  tasks:
    - name: ssh-keyscan for known_hosts file
      command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }}
      register: keyscan

    - name: input key
      lineinfile:      
        path: ~/.ssh/known_hosts
        line: "{{ item }}"
        create: yes     
      with_items:
        - "{{ keyscan.stdout_lines }}"

    - name: sshkeygen for authorized_keys file
      command: "ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ''"
      ignore_errors: yes
      run_once: true

    - name: input key for each node
      connection: ssh
      authorized_key:
        user: vagrant
        state: present
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

변경 후 ansible 서버 프로비져닝

vagrant provision ansible-server

암호 없이 핑체크

vagrant ssh ansible-server
ans -m ping

플레이북 동적으로 구성하기

gather_facts: no 

-> facts를 수집하지 않음. 앤서블 노드들의 다양한 정보를 미리 정의해둔 변수

facts.yml

---
- name: print ipv4.address for nodes
  hosts: nodes
  #gather_facts: no

  tasks:
    - name: debug by msg
      debug:
        msg:
          - "eth0's ip {{ ansible_eth0.ipv4.address }}"
          - "eth1's ip {{ ansible_eth1.ipv4.address }}"

    - name: debug by var
      debug:
        var: "{{ item }}"
      with_items:
        - hostvars[inventory_hostname]['ansible_eth0']['ipv4']['address']
        - hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address']
anp facts.yml

facts확인

ans nodes -m setup > facts.txt

추출한 정보로 특정정보 확인

cat facts.txt | grep SSH_CONNECTION

각 노드별로 출력해주는 --tree명령어

--tree명령을 토앻서 저장된 facts 한줄로 표기(JSON형태)

ans nodes -m setup --tree /tmp/facts > /dev/null
ls /tmp/fats
cat /tmp/facts/192.168.0.101

 

facts_collector.yml

---
- name: Collect facts for each node
  hosts: nodes

  tasks:
    - name: generate facts
      setup:
      register: facts

    - name: save facts
      local_action:
        module: copy
        content: "{{ facts | to_nice_json }}"
        dest: ./{{ ansible_hostname }}_facts_by_collector.txt
anp facts_collector.yml

ls -lh ansible*

 

파일 확인

cat ansible-node101_facts_by_collector.txt | grep SSH

 

when 조건

nginx_install_w_when.yml

우분투에서 nginx 사이트 오류 발생해서 apache.com으로 변경

---
- name: Install nginx on the nodes
  hosts: nodes
  become: yes

  tasks:  
    - name: install epel-release for CentOS
      action: "{{ ansible_pkg_mgr }} name=epel-release state=latest"
      when: ansible_distribution == 'CentOS'
	  
    - name: install nginx web server for CentOS
      action: "{{ ansible_pkg_mgr }} name=nginx state=present"
      when: ansible_distribution == 'CentOS'

    - name: upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/usr/share/nginx/html/ mode=0644
      when: ansible_distribution == 'CentOS'
	  
    - name: start nginx web server
      service: name=nginx state=started
      when: ansible_distribution == 'CentOS'
	  
    - name: install nginx web server for Ubuntu
      action: "{{ ansible_pkg_mgr }} name=nginx state=present update_cache=yes"
      when: ansible_distribution == 'Ubuntu'

    - name: upload default index.html for web server
      get_url: url=https://www.apache.com dest=/usr/share/nginx/html/ 
               mode=0644 validate_certs=no
      when: ansible_distribution == 'Ubuntu'

nginx_remove_w_when.yml

---
- name: Remove nginx on the nodes
  hosts: nodes
  become: yes

  tasks:
    - name: remove epel-release for CentOS
      action: "{{ ansible_pkg_mgr }} name=epel-release state=absent"
      when: ansible_distribution == 'CentOS'
	  
    - name: remove nginx web server for CentOS
      action: "{{ ansible_pkg_mgr }} name=nginx state=absent"
      when: ansible_distribution == 'CentOS'
  
    - name: remove nginx web server
      action: "{{ ansible_pkg_mgr }} name=nginx state=absent autoremove=yes"
      when: ansible_distribution == 'Ubuntu'

설치 실행 (OS 체크해서 진행)

anp nginx_install_w_when.yml

nginx 삭제 진행

anp nginx_remove_w_when.yml

include_tasks

낭비를 줄이기 위한 코드 개선

nginx_install_w_include_tasks.yml

---
- name: Install nginx on the nodes
  hosts: nodes
  become: yes

  tasks:
    - name: nginx for CentOS
      include_tasks: CentOS.yml
      when: ansible_distribution == 'CentOS'
    
    - name: nginx for Ubuntu
      include_tasks: Ubuntu.yml
      when: ansible_distribution == 'Ubuntu'

CentOS.yml

- name: install epel-release
  action: "{{ ansible_pkg_mgr }} name=epel-release state=latest"
- name: install nginx web server
  action: "{{ ansible_pkg_mgr }} name=nginx state=present"
- name: upload default index.html for web server
  get_url: url=https://www.nginx.com dest=/usr/share/nginx/html/ mode=0644
- name: start nginx web server
  service: name=nginx state=started

Ubuntu.yml

- name: install nginx web server
  action: "{{ ansible_pkg_mgr }} name=nginx state=present update_cache=yes"
- name: upload default index.html for web server
  get_url: url=https://www.apache.com dest=/usr/share/nginx/html/ 
           mode=0644 validate_certs=no

nginx_remove_w_include_tasks.yml

---
- name: Remove nginx on the nodes
  hosts: nodes
  become: yes

  tasks:
    - name: nginx for CentOS
      include_tasks: CentOS_remo.yml
      when: ansible_distribution == 'CentOS'
    
    - name: nginx for Ubuntu
      include_tasks: Ubuntu_remo.yml
      when: ansible_distribution == 'Ubuntu'

CentOS_remo.yml

- name: remove epel-release
  action: "{{ ansible_pkg_mgr }} name=epel-release state=absent"
- name: remove nginx web server
  action: "{{ ansible_pkg_mgr }} name=nginx state=absent"

Ubuntu_remo.yml

- name: remove nginx web server
  action: "{{ ansible_pkg_mgr }} name=nginx state=absent autoremove=yes"

 

실행

anp nginx_install_w_include_tasks.yml

설치확인

삭제

anp nginx_remove_w_include_task.yml

if 구문 활용

nginx_install_w_if.yml

---
- name: Install nginx on the nodes
  hosts: nodes
  become: yes
  vars:
    lnx_name: "{{ 'CentOS' if ansible_distribution == 'CentOS'
                   else 'Ubuntu' if ansible_distribution == 'Ubuntu'
                   else 'Just Linux' }}"

  tasks:
    - name: nginx for any linux
      include_tasks: "{{ lnx_name }}.yml"
anp nginx_instal_w_if.yml

nginx_remove_w_if.yml

---
- name: Remove nginx on the nodes
  hosts: nodes
  become: yes
  vars:
    lnx_name: "{{ 'CentOS' if ansible_distribution == 'CentOS'
                   else 'Ubuntu' if ansible_distribution == 'Ubuntu'
                   else 'Just Linux' }}"

  tasks:
    - name: nginx for any linux
      include_tasks: "{{ lnx_name }}_remo.yml"
anp nginx_remove_w_if.yml

NFS 구성을 효율적으로 하기

nfs_adv.yml

---
- name: Setup for nfs server
  hosts: localhost
  tasks:
    - include_tasks: nfs_server.yml

- name: Setup for nfs clients
  hosts: nodes
  tasks:
    - include_tasks: nfs_clients.yml

nfs_server.yml

- name: make nfs_shared directory
  file:
    path: "{{ ansible_user_dir }}/nfs_shared"
    state: directory
    mode: 0777

- name: configure /etc/exports
  become: yes
  lineinfile:
    path: /etc/exports
    line: "{{ ansible_user_dir }}/nfs_shared 192.168.0.0/24(rw,sync)"

- name: nfs service restart
  become: yes
  service:
    name: nfs
    state: restarted

nfs_client.yml

- name: make nfs_client directory
  file:
    path: "{{ ansible_user_dir }}/nfs"
    state: directory

- name: mount point directory as client
  become: yes
  mount:
    name: "{{ ansible_user_dir }}/nfs"
    src: "{{ ansible_env.SSH_CLIENT.split()[0] }}:/home/vagrant/nfs_shared"
    fstype: nfs
    opts: nfsvers=3
    state: mounted

실행

anp nfs_adv.uml

ans nodes -m shell -a "cat /etc/hostname | xargs -i touch ./nfs/{}"
ls ./nfs_shared

넥서스 스위치의 구성 파일을 효율적으로 백업하기 -> 장비 없어서 패스

Cumulus로 접속하기 위한 인증을 자동화 하기

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  #===============#
  # Cumulus nodes #
  #===============#
  
  #Ansible-Cumulus01
  config.vm.define "ansible-cl01" do |cl|
     cl.vm.box = "CumulusCommunity/cumulus-vx"
	 cl.vm.box_version = "3.6.0"
	 cl.vm.box_check_update = false
	 cl.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Cumulus01(github_SysNet4Admin)"
	   vb.customize ['modifyvm', :id, '--macaddress1', '080027000061']
	   vb.customize ['modifyvm', :id, '--natnet1', '10.0.61.0/24']
	 end
	 cl.vm.host_name = "ansible-cl01"
     cl.vm.network "public_network", ip: "192.168.0.61"
	 cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
	 cl.vm.network "forwarded_port", guest: 22, host: 60061, auto_correct: true, id: "ssh"
	 cl.vm.synced_folder "../data", "/vagrant", disabled: true 
  end

  #Ansible-Cumulus02
  config.vm.define "ansible-cl02" do |cl|
     cl.vm.box = "CumulusCommunity/cumulus-vx"
	 cl.vm.box_version = "3.6.0"
	 cl.vm.box_check_update = false
	 cl.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Cumulus02(github_SysNet4Admin)"
	   vb.customize ['modifyvm', :id, '--macaddress1', '080027000062']
	   vb.customize ['modifyvm', :id, '--natnet1', '10.0.62.0/24']
	 end
	 cl.vm.host_name = "ansible-cl02"
	 cl.vm.network "public_network", ip: "192.168.0.62"
	 cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
	 cl.vm.network "forwarded_port", guest: 22, host: 60062, auto_correct: true, id: "ssh"
	 cl.vm.synced_folder "../data", "/vagrant", disabled: true 
  end  
 
 #Ansible-Cumulus03
  config.vm.define "ansible-cl03" do |cl|
     cl.vm.box = "CumulusCommunity/cumulus-vx"
	 cl.vm.box_version = "3.6.0"
	 cl.vm.box_check_update = false
	 cl.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Cumulus03(github_SysNet4Admin)"
	   vb.customize ['modifyvm', :id, '--macaddress1', '080027000063']
	   vb.customize ['modifyvm', :id, '--natnet1', '10.0.63.0/24']
	 end
	 cl.vm.host_name = "ansible-cl03"
	 cl.vm.network "public_network", ip: "192.168.0.63"
	 cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
	 cl.vm.network "forwarded_port", guest: 22, host: 60063, auto_correct: true, id: "ssh"
	 cl.vm.synced_folder "../data", "/vagrant", disabled: true 
  end  
  
  #Ansible-Cumulus04
  config.vm.define "ansible-cl04" do |cl|
     cl.vm.box = "CumulusCommunity/cumulus-vx"
	 cl.vm.box_version = "3.6.0"
	 cl.vm.box_check_update = false
	 cl.vm.provider "virtualbox" do |vb|
	   vb.name = "Ansible-Cumulus04(github_SysNet4Admin)"
	   vb.customize ['modifyvm', :id, '--macaddress1', '080027000064']
	   vb.customize ['modifyvm', :id, '--natnet1', '10.0.64.0/24']
	 end
	 cl.vm.host_name = "ansible-cl04"
	 cl.vm.network "public_network", ip: "192.168.0.64"
	 cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
	 cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
	 cl.vm.network "forwarded_port", guest: 22, host: 60064, auto_correct: true, id: "ssh"
	 cl.vm.synced_folder "../data", "/vagrant", disabled: true 
  end  
 
  #================#
  # Ansible Server #
  #================#
  
  config.vm.define "ansible-server" do |cfg|
    cfg.vm.box = "centos/7"
 	cfg.vm.provider "virtualbox" do |vb|
	  vb.name = "Ansible-Server(github_SysNet4Admin)"
	end
	cfg.vm.host_name = "ansible-server"
	cfg.vm.network "public_network", ip: "192.168.0.10"
	cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
	cfg.vm.synced_folder "../data", "/vagrant", disabled: true
	cfg.vm.provision "shell", inline: "yum install epel-release -y"
	cfg.vm.provision "shell", inline: "yum install ansible -y"
	cfg.vm.provision "file", source: "ansible_env_ready.yml", 
	  destination: "ansible_env_ready.yml"
	cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
	cfg.vm.provision "file", source: "cl_auto_pass.yml", destination: "cl_auto_pass.yml"
	cfg.vm.provision "shell", inline: "ansible-playbook cl_auto_pass.yml", 
	  privileged: false
  end
end

ansible_env_ready.yml

---
- name: Setup for the Ansible's Environment
  hosts: localhost
  gather_facts: no
  
  tasks:
    - name: Add "/etc/ansible/hosts"
      blockinfile: 
        path: /etc/ansible/hosts
        block: |
          [spine]
          192.168.0.61  
          192.168.0.62 
          
          [leaf]
          192.168.0.63 
          192.168.0.64 
          
          [cl:children]
          spine  
          leaf  
    
    - name: Create vim env's directories & files
      shell: "{{ item }}"
      with_items:
        - "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
        - "touch /home/vagrant/.vimrc"
        - "touch /home/vagrant/.bashrc"
      
    - name: Install vim-enhanced
      yum: 
        name: vim-enhanced
        state: present
        
    - name: Install git
      yum: 
        name: git
        state: present
        
    - name: Download pathogen.vim
      shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
              https://tpo.pe/pathogen.vim"
      
    - name: Git clone vim-ansible-yaml
      git:
        repo: https://github.com/chase/vim-ansible-yaml.git
        dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
        
    - name: Configure vimrc
      lineinfile: 
        path: /home/vagrant/.vimrc
        line: "{{ item }}"
      with_items:
        - "set number"
        - "execute pathogen#infect()"
        - "syntax on"

    - name: Configure Bashrc
      lineinfile:   
        path: /home/vagrant/.bashrc
        line: "{{ item }}"
      with_items:
        - "alias ans='ansible'"
        - "alias anp='ansible-playbook'"

cl_auto_pass.yml

---
- name: Create authority between ansible-server and cumulus-nodes
  hosts: cl
  connection: local
  vars:
    ansible_password: vagrant
    ansible_become_pass: CumulusLinux!

  tasks:
    - name: ssh-keyscan for known_hosts file
      command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }}
      register: keyscan
    
    - name: input key    
      lineinfile:
        path: ~/.ssh/known_hosts
        line: "{{ item }}"
        create: yes       
      with_items:
        - "{{ keyscan.stdout_lines }}"
          
    - name: ssh-keygen for authorized_keys file
      command: |
        ssh-keygen -C cumulus@{{ ansible_hostname }} \ 
                   -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ''
      ignore_errors: yes
      run_once: true

    - name: input key for each node
      connection: ssh
      become: yes
      authorized_key:
        user: cumulus
        state: present
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

vm 전체 삭제 후 재생성

vagrant up

인증 확인

cumulus에 대한 인증 추가이므로 유저를 추가해주어야 함

anp cl -m ping
anp cl -m ping --user cumulus

무한재부팅....증상으로 우선 마무리..ㅠㅠ