[우아하게 앤서블] Chapter 6 - 플레이북을 효율적으로 작성하기
플레이북의 동적인 사용을 테스트 하기 위해
CentOS * 5, Ubuntu * 5 환경으로 구성
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
#==============#
# CentOS nodes #
#==============#
#Ansible-Node101
config.vm.define "ansible-node101" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node101(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node101"
cfg.vm.network "public_network", ip: "192.168.0.101"
cfg.vm.network "forwarded_port", guest: 22, host: 60101, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node102
config.vm.define "ansible-node102" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node102(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node102"
cfg.vm.network "public_network", ip: "192.168.0.102"
cfg.vm.network "forwarded_port", guest: 22, host: 60102, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node103
config.vm.define "ansible-node103" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node103(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node103"
cfg.vm.network "public_network", ip: "192.168.0.103"
cfg.vm.network "forwarded_port", guest: 22, host: 60103, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node104
config.vm.define "ansible-node104" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node104(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node104"
cfg.vm.network "public_network", ip: "192.168.0.104"
cfg.vm.network "forwarded_port", guest: 22, host: 60104, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node105
config.vm.define "ansible-node105" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node105(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node105"
cfg.vm.network "public_network", ip: "192.168.0.105"
cfg.vm.network "forwarded_port", guest: 22, host: 60105, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#==============#
# Ubuntu nodes #
#==============#
#Ansible-Node201
config.vm.define "ansible-node201" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node201(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node201"
cfg.vm.network "public_network", ip: "192.168.0.201"
cfg.vm.network "forwarded_port", guest: 22, host: 60201, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node202
config.vm.define "ansible-node202" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node202(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node202"
cfg.vm.network "public_network", ip: "192.168.0.202"
cfg.vm.network "forwarded_port", guest: 22, host: 60202, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node203
config.vm.define "ansible-node203" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node203(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node203"
cfg.vm.network "public_network", ip: "192.168.0.203"
cfg.vm.network "forwarded_port", guest: 22, host: 60203, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node204
config.vm.define "ansible-node204" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node204(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node204"
cfg.vm.network "public_network", ip: "192.168.0.204"
cfg.vm.network "forwarded_port", guest: 22, host: 60204, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node205
config.vm.define "ansible-node205" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node205(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node205"
cfg.vm.network "public_network", ip: "192.168.0.205"
cfg.vm.network "forwarded_port", guest: 22, host: 60205, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#================#
# Ansible Server #
#================#
config.vm.define "ansible-server" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Server(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-server"
cfg.vm.network "public_network", ip: "192.168.0.10"
cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", inline: "yum install epel-release -y"
cfg.vm.provision "shell", inline: "yum install ansible -y"
cfg.vm.provision "file", source: "ansible_env_ready.yml",
destination: "ansible_env_ready.yml"
cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
end
end
앤서블 환경 구성 파일
ansible_env_ready.yml
---
- name: Setup for the Ansible's Environment
hosts: localhost
gather_facts: no
tasks:
- name: Add "/etc/ansible/hosts"
blockinfile:
path: /etc/ansible/hosts
block: |
[nodes]
192.168.0.[101:105]
192.168.0.[201:205]
- name: Generate sshkey
become: yes
become_user: vagrant
shell: "{{ item }}"
with_items:
- "ssh-keyscan 192.168.0.101 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.102 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.103 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.104 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.105 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.201 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.202 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.203 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.204 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.0.205 >> ~/.ssh/known_hosts"
- name: Create vim env's directories & files
shell: "{{ item }}"
with_items:
- "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
- "touch /home/vagrant/.vimrc"
- "touch /home/vagrant/.bashrc"
- name: Install vim-enhanced
yum:
name: vim-enhanced
state: present
- name: Install git
yum:
name: git
state: present
- name: Download pathogen.vim
shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
https://tpo.pe/pathogen.vim"
- name: Git clone vim-ansible-yaml
git:
repo: https://github.com/chase/vim-ansible-yaml.git
dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
- name: Configure vimrc
lineinfile:
path: /home/vagrant/.vimrc
line: "{{ item }}"
with_items:
- "set number"
- "execute pathogen#infect()"
- "syntax on"
- name: Configure Bashrc
lineinfile:
path: /home/vagrant/.bashrc
line: "{{ item }}"
with_items:
- "alias ans='ansible'"
- "alias anp='ansible-playbook'"
기존 노드 모두 삭제 진행
vagrant up
핑체크
vagrant ssh ansible-server
ans nodes -m ping -k
known_hosts를 자동으로 등록하기
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
#==============#
# CentOS nodes #
#==============#
#Ansible-Node101
config.vm.define "ansible-node101" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node101(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node101"
cfg.vm.network "public_network", ip: "192.168.0.101"
cfg.vm.network "forwarded_port", guest: 22, host: 60101, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node102
config.vm.define "ansible-node102" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node102(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node102"
cfg.vm.network "public_network", ip: "192.168.0.102"
cfg.vm.network "forwarded_port", guest: 22, host: 60102, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node103
config.vm.define "ansible-node103" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node103(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node103"
cfg.vm.network "public_network", ip: "192.168.0.103"
cfg.vm.network "forwarded_port", guest: 22, host: 60103, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node104
config.vm.define "ansible-node104" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node104(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node104"
cfg.vm.network "public_network", ip: "192.168.0.104"
cfg.vm.network "forwarded_port", guest: 22, host: 60104, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#Ansible-Node105
config.vm.define "ansible-node105" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node105(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node105"
cfg.vm.network "public_network", ip: "192.168.0.105"
cfg.vm.network "forwarded_port", guest: 22, host: 60105, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", path: "bash_ssh_conf_4_CentOS.sh"
end
#==============#
# Ubuntu nodes #
#==============#
#Ansible-Node201
config.vm.define "ansible-node201" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node201(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node201"
cfg.vm.network "public_network", ip: "192.168.0.201"
cfg.vm.network "forwarded_port", guest: 22, host: 60201, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node202
config.vm.define "ansible-node202" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node202(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node202"
cfg.vm.network "public_network", ip: "192.168.0.202"
cfg.vm.network "forwarded_port", guest: 22, host: 60202, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node203
config.vm.define "ansible-node203" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node203(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node203"
cfg.vm.network "public_network", ip: "192.168.0.203"
cfg.vm.network "forwarded_port", guest: 22, host: 60203, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node204
config.vm.define "ansible-node204" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node204(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node204"
cfg.vm.network "public_network", ip: "192.168.0.204"
cfg.vm.network "forwarded_port", guest: 22, host: 60204, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Node205
config.vm.define "ansible-node205" do |cfg|
cfg.vm.box = "ubuntu/trusty64"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Node205(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-node205"
cfg.vm.network "public_network", ip: "192.168.0.205"
cfg.vm.network "forwarded_port", guest: 22, host: 60205, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
#================#
# Ansible Server #
#================#
config.vm.define "ansible-server" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Server(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-server"
cfg.vm.network "public_network", ip: "192.168.0.10"
cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", inline: "yum install epel-release -y"
cfg.vm.provision "shell", inline: "yum install ansible -y"
cfg.vm.provision "file", source: "ansible_env_ready.yml",
destination: "ansible_env_ready.yml"
cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
cfg.vm.provision "file", source: "auto_pass.yml", destination: "auto_pass.yml"
cfg.vm.provision "shell", inline: "ansible-playbook auto_pass.yml", privileged: false
end
end
ansible_env_ready.yml
---
- name: Setup for the Ansible's Environment
hosts: localhost
gather_facts: no
tasks:
- name: Add "/etc/ansible/hosts"
blockinfile:
path: /etc/ansible/hosts
block: |
[nodes]
192.168.0.[101:105]
192.168.0.[201:205]
- name: Create vim env's directories & files
shell: "{{ item }}"
with_items:
- "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
- "touch /home/vagrant/.vimrc"
- "touch /home/vagrant/.bashrc"
- name: Install vim-enhanced
yum:
name: vim-enhanced
state: present
- name: Install git
yum:
name: git
state: present
- name: Download pathogen.vim
shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
https://tpo.pe/pathogen.vim"
- name: Git clone vim-ansible-yaml
git:
repo: https://github.com/chase/vim-ansible-yaml.git
dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
- name: Configure vimrc
lineinfile:
path: /home/vagrant/.vimrc
line: "{{ item }}"
with_items:
- "set number"
- "execute pathogen#infect()"
- "syntax on"
- name: Configure Bashrc
lineinfile:
path: /home/vagrant/.bashrc
line: "{{ item }}"
with_items:
- "alias ans='ansible'"
- "alias anp='ansible-playbook'"
auto_pass.yml
---
- name: Create authority between server and nodes
hosts: nodes
connection: local
serial: 1
gather_facts: no
tasks:
- name: ssh-keyscan for known_hosts file
command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }}
register: keyscan
- name: input key
lineinfile:
path: ~/.ssh/known_hosts
line: "{{ item }}"
create: yes
with_items:
- "{{ keyscan.stdout_lines }}"
삭제 후 재생성
vag_reconf.bat
재 생성 후
vagrant ssh ansible-server
ans nodes -m ping -k
authorizeD_keys 등록
auto_pass.yml
---
- name: Create authority between server and nodes
hosts: nodes
connection: local
serial: 1
gather_facts: no
vars:
ansible_password: vagrant
tasks:
- name: ssh-keyscan for known_hosts file
command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }}
register: keyscan
- name: input key
lineinfile:
path: ~/.ssh/known_hosts
line: "{{ item }}"
create: yes
with_items:
- "{{ keyscan.stdout_lines }}"
- name: sshkeygen for authorized_keys file
command: "ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ''"
ignore_errors: yes
run_once: true
- name: input key for each node
connection: ssh
authorized_key:
user: vagrant
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
변경 후 ansible 서버 프로비져닝
vagrant provision ansible-server
암호 없이 핑체크
vagrant ssh ansible-server
ans -m ping
플레이북 동적으로 구성하기
gather_facts: no
-> facts를 수집하지 않음. 앤서블 노드들의 다양한 정보를 미리 정의해둔 변수
facts.yml
---
- name: print ipv4.address for nodes
hosts: nodes
#gather_facts: no
tasks:
- name: debug by msg
debug:
msg:
- "eth0's ip {{ ansible_eth0.ipv4.address }}"
- "eth1's ip {{ ansible_eth1.ipv4.address }}"
- name: debug by var
debug:
var: "{{ item }}"
with_items:
- hostvars[inventory_hostname]['ansible_eth0']['ipv4']['address']
- hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address']
anp facts.yml
facts확인
ans nodes -m setup > facts.txt
추출한 정보로 특정정보 확인
cat facts.txt | grep SSH_CONNECTION
각 노드별로 출력해주는 --tree명령어
--tree명령을 토앻서 저장된 facts 한줄로 표기(JSON형태)
ans nodes -m setup --tree /tmp/facts > /dev/null
ls /tmp/fats
cat /tmp/facts/192.168.0.101
facts_collector.yml
---
- name: Collect facts for each node
hosts: nodes
tasks:
- name: generate facts
setup:
register: facts
- name: save facts
local_action:
module: copy
content: "{{ facts | to_nice_json }}"
dest: ./{{ ansible_hostname }}_facts_by_collector.txt
anp facts_collector.yml
ls -lh ansible*
파일 확인
cat ansible-node101_facts_by_collector.txt | grep SSH
when 조건
nginx_install_w_when.yml
우분투에서 nginx 사이트 오류 발생해서 apache.com으로 변경
---
- name: Install nginx on the nodes
hosts: nodes
become: yes
tasks:
- name: install epel-release for CentOS
action: "{{ ansible_pkg_mgr }} name=epel-release state=latest"
when: ansible_distribution == 'CentOS'
- name: install nginx web server for CentOS
action: "{{ ansible_pkg_mgr }} name=nginx state=present"
when: ansible_distribution == 'CentOS'
- name: upload default index.html for web server
get_url: url=https://www.nginx.com dest=/usr/share/nginx/html/ mode=0644
when: ansible_distribution == 'CentOS'
- name: start nginx web server
service: name=nginx state=started
when: ansible_distribution == 'CentOS'
- name: install nginx web server for Ubuntu
action: "{{ ansible_pkg_mgr }} name=nginx state=present update_cache=yes"
when: ansible_distribution == 'Ubuntu'
- name: upload default index.html for web server
get_url: url=https://www.apache.com dest=/usr/share/nginx/html/
mode=0644 validate_certs=no
when: ansible_distribution == 'Ubuntu'
nginx_remove_w_when.yml
---
- name: Remove nginx on the nodes
hosts: nodes
become: yes
tasks:
- name: remove epel-release for CentOS
action: "{{ ansible_pkg_mgr }} name=epel-release state=absent"
when: ansible_distribution == 'CentOS'
- name: remove nginx web server for CentOS
action: "{{ ansible_pkg_mgr }} name=nginx state=absent"
when: ansible_distribution == 'CentOS'
- name: remove nginx web server
action: "{{ ansible_pkg_mgr }} name=nginx state=absent autoremove=yes"
when: ansible_distribution == 'Ubuntu'
설치 실행 (OS 체크해서 진행)
anp nginx_install_w_when.yml
nginx 삭제 진행
anp nginx_remove_w_when.yml
include_tasks
낭비를 줄이기 위한 코드 개선
nginx_install_w_include_tasks.yml
---
- name: Install nginx on the nodes
hosts: nodes
become: yes
tasks:
- name: nginx for CentOS
include_tasks: CentOS.yml
when: ansible_distribution == 'CentOS'
- name: nginx for Ubuntu
include_tasks: Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
CentOS.yml
- name: install epel-release
action: "{{ ansible_pkg_mgr }} name=epel-release state=latest"
- name: install nginx web server
action: "{{ ansible_pkg_mgr }} name=nginx state=present"
- name: upload default index.html for web server
get_url: url=https://www.nginx.com dest=/usr/share/nginx/html/ mode=0644
- name: start nginx web server
service: name=nginx state=started
Ubuntu.yml
- name: install nginx web server
action: "{{ ansible_pkg_mgr }} name=nginx state=present update_cache=yes"
- name: upload default index.html for web server
get_url: url=https://www.apache.com dest=/usr/share/nginx/html/
mode=0644 validate_certs=no
nginx_remove_w_include_tasks.yml
---
- name: Remove nginx on the nodes
hosts: nodes
become: yes
tasks:
- name: nginx for CentOS
include_tasks: CentOS_remo.yml
when: ansible_distribution == 'CentOS'
- name: nginx for Ubuntu
include_tasks: Ubuntu_remo.yml
when: ansible_distribution == 'Ubuntu'
CentOS_remo.yml
- name: remove epel-release
action: "{{ ansible_pkg_mgr }} name=epel-release state=absent"
- name: remove nginx web server
action: "{{ ansible_pkg_mgr }} name=nginx state=absent"
Ubuntu_remo.yml
- name: remove nginx web server
action: "{{ ansible_pkg_mgr }} name=nginx state=absent autoremove=yes"
실행
anp nginx_install_w_include_tasks.yml
설치확인
삭제
anp nginx_remove_w_include_task.yml
if 구문 활용
nginx_install_w_if.yml
---
- name: Install nginx on the nodes
hosts: nodes
become: yes
vars:
lnx_name: "{{ 'CentOS' if ansible_distribution == 'CentOS'
else 'Ubuntu' if ansible_distribution == 'Ubuntu'
else 'Just Linux' }}"
tasks:
- name: nginx for any linux
include_tasks: "{{ lnx_name }}.yml"
anp nginx_instal_w_if.yml
nginx_remove_w_if.yml
---
- name: Remove nginx on the nodes
hosts: nodes
become: yes
vars:
lnx_name: "{{ 'CentOS' if ansible_distribution == 'CentOS'
else 'Ubuntu' if ansible_distribution == 'Ubuntu'
else 'Just Linux' }}"
tasks:
- name: nginx for any linux
include_tasks: "{{ lnx_name }}_remo.yml"
anp nginx_remove_w_if.yml
NFS 구성을 효율적으로 하기
nfs_adv.yml
---
- name: Setup for nfs server
hosts: localhost
tasks:
- include_tasks: nfs_server.yml
- name: Setup for nfs clients
hosts: nodes
tasks:
- include_tasks: nfs_clients.yml
nfs_server.yml
- name: make nfs_shared directory
file:
path: "{{ ansible_user_dir }}/nfs_shared"
state: directory
mode: 0777
- name: configure /etc/exports
become: yes
lineinfile:
path: /etc/exports
line: "{{ ansible_user_dir }}/nfs_shared 192.168.0.0/24(rw,sync)"
- name: nfs service restart
become: yes
service:
name: nfs
state: restarted
nfs_client.yml
- name: make nfs_client directory
file:
path: "{{ ansible_user_dir }}/nfs"
state: directory
- name: mount point directory as client
become: yes
mount:
name: "{{ ansible_user_dir }}/nfs"
src: "{{ ansible_env.SSH_CLIENT.split()[0] }}:/home/vagrant/nfs_shared"
fstype: nfs
opts: nfsvers=3
state: mounted
실행
anp nfs_adv.uml
ans nodes -m shell -a "cat /etc/hostname | xargs -i touch ./nfs/{}"
ls ./nfs_shared
넥서스 스위치의 구성 파일을 효율적으로 백업하기 -> 장비 없어서 패스
Cumulus로 접속하기 위한 인증을 자동화 하기
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
#===============#
# Cumulus nodes #
#===============#
#Ansible-Cumulus01
config.vm.define "ansible-cl01" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus01(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000061']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.61.0/24']
end
cl.vm.host_name = "ansible-cl01"
cl.vm.network "public_network", ip: "192.168.0.61"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60061, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Cumulus02
config.vm.define "ansible-cl02" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus02(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000062']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.62.0/24']
end
cl.vm.host_name = "ansible-cl02"
cl.vm.network "public_network", ip: "192.168.0.62"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60062, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Cumulus03
config.vm.define "ansible-cl03" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus03(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000063']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.63.0/24']
end
cl.vm.host_name = "ansible-cl03"
cl.vm.network "public_network", ip: "192.168.0.63"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60063, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Cumulus04
config.vm.define "ansible-cl04" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus04(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000064']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.64.0/24']
end
cl.vm.host_name = "ansible-cl04"
cl.vm.network "public_network", ip: "192.168.0.64"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60064, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#================#
# Ansible Server #
#================#
config.vm.define "ansible-server" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Server(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-server"
cfg.vm.network "public_network", ip: "192.168.0.10"
cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", inline: "yum install epel-release -y"
cfg.vm.provision "shell", inline: "yum install ansible -y"
cfg.vm.provision "file", source: "ansible_env_ready.yml",
destination: "ansible_env_ready.yml"
cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
cfg.vm.provision "file", source: "cl_auto_pass.yml", destination: "cl_auto_pass.yml"
cfg.vm.provision "shell", inline: "ansible-playbook cl_auto_pass.yml",
privileged: false
end
end
ansible_env_ready.yml
---
- name: Setup for the Ansible's Environment
hosts: localhost
gather_facts: no
tasks:
- name: Add "/etc/ansible/hosts"
blockinfile:
path: /etc/ansible/hosts
block: |
[spine]
192.168.0.61
192.168.0.62
[leaf]
192.168.0.63
192.168.0.64
[cl:children]
spine
leaf
- name: Create vim env's directories & files
shell: "{{ item }}"
with_items:
- "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
- "touch /home/vagrant/.vimrc"
- "touch /home/vagrant/.bashrc"
- name: Install vim-enhanced
yum:
name: vim-enhanced
state: present
- name: Install git
yum:
name: git
state: present
- name: Download pathogen.vim
shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
https://tpo.pe/pathogen.vim"
- name: Git clone vim-ansible-yaml
git:
repo: https://github.com/chase/vim-ansible-yaml.git
dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
- name: Configure vimrc
lineinfile:
path: /home/vagrant/.vimrc
line: "{{ item }}"
with_items:
- "set number"
- "execute pathogen#infect()"
- "syntax on"
- name: Configure Bashrc
lineinfile:
path: /home/vagrant/.bashrc
line: "{{ item }}"
with_items:
- "alias ans='ansible'"
- "alias anp='ansible-playbook'"
cl_auto_pass.yml
---
- name: Create authority between ansible-server and cumulus-nodes
hosts: cl
connection: local
vars:
ansible_password: vagrant
ansible_become_pass: CumulusLinux!
tasks:
- name: ssh-keyscan for known_hosts file
command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }}
register: keyscan
- name: input key
lineinfile:
path: ~/.ssh/known_hosts
line: "{{ item }}"
create: yes
with_items:
- "{{ keyscan.stdout_lines }}"
- name: ssh-keygen for authorized_keys file
command: |
ssh-keygen -C cumulus@{{ ansible_hostname }} \
-b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ''
ignore_errors: yes
run_once: true
- name: input key for each node
connection: ssh
become: yes
authorized_key:
user: cumulus
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
vm 전체 삭제 후 재생성
vagrant up
인증 확인
cumulus에 대한 인증 추가이므로 유저를 추가해주어야 함
anp cl -m ping
anp cl -m ping --user cumulus
무한재부팅....증상으로 우선 마무리..ㅠㅠ