Ansibleとはなにか? †
サーバー構成 †
Vagrantでサーバーを起動 †
$ cd ~/Documents/MyVagrant $ mkdir ansible_lessons $ cd ansible_lessons $ vagrant init bento/centos-6.7
$ vi Vagrantfile config.vm.box = "bento/centos-6.7"
config.vm.define "host" do |node| node.vm.box = "bento/centos-6.7" node.vm.hostname = "host" node.vm.network :private_network, ip: "192.168.43.51" end config.vm.define "web" do |node| node.vm.box = "bento/centos-6.7" node.vm.hostname = "web" node.vm.network :private_network, ip: "192.168.43.52" end config.vm.define "db" do |node| node.vm.box = "bento/centos-6.7" node.vm.hostname = "db" node.vm.network :private_network, ip: "192.168.43.53" end $ vagrant up ... ... ==> host: Successfully added box 'bento/centos-6.7' (v2.2.7) for 'virtualbox'! ... ... $ vagrant status Current machine states: host running (virtualbox) web running (virtualbox) db running (virtualbox) This environment represents multiple VMs. The VMs are all listed above with their current state. For more information about a specific VM, run `vagrant status NAME`. Ansibleをインストールしてみよう †
$ vagrant ssh host
[vagrant@host ~]$ wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[vagrant@host ~]$ sudo rpm -Uvh epel-release-6-8.noarch.rpm
[vagrant@host ~]$ sudo yum -y install ansible [vagrant@host ~]$ ansible --version ansible 2.1.1.0 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides SSH接続の設定をしていこう †
[vagrant@host ~]$ vi .ssh/config Host web HostName 192.168.43.52 Host db HostName 192.168.43.53 $ chmod 600 .ssh/config
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/vagrant/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:
$ ssh-copy-id web The authenticity of host '192.168.43.52 (192.168.43.52)' can't be established. RSA key fingerprint is 90:d8:41:6f:c5:39:1d:54:0d:43:4e:34:dc:f1:d2:6b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.43.52' (RSA) to the list of known hosts. vagrant@192.168.43.52's password: $ ssh-copy-id db
$ ssh web $ exit $ ssh db $ exit ansibleを使ってみよう †
[vagrant@host ~]$ vi hosts [web] 192.168.43.52 [db] 192.168.43.53
$ ansible all -i hosts -m ping 192.168.43.53 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.43.52 | SUCCESS => { "changed": false, "ping": "pong" }
$ vi ansible.cfg [defaults] hostfile = ./hosts $ ansible all -m ping 192.168.43.52 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.43.53 | SUCCESS => { "changed": false, "ping": "pong" } playbookを使ってみよう †
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji
$ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** changed: [192.168.43.53] changed: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0
$ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** ok: [192.168.43.53] ok: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=0 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0
$ ssh web $ cat /etc/passwd yuji:x:501:501::/home/yuji:/bin/bash $ exit $ ssh db $ cat /etc/passwd yuji:x:501:501::/home/yuji:/bin/bash $ exit 公式ドキュメントを見てみよう †
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent $ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** changed: [192.168.43.53] changed: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0
ansible-playbook のオプションを使ってみよう †
$ ansible-playbook playbook.yml --syntax-check [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. playbook: playbook.yml
$ ansible-playbook playbook.yml --list-task [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. playbook: playbook.yml play #1 (all): all TAGS: [] tasks: add a new user TAGS: []
$ ansible-playbook playbook.yml --check [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.53] ok: [192.168.43.52] TASK [add a new user] ********************************************************** ok: [192.168.43.53] ok: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=0 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0 playbookで変数を使ってみよう †
$ vi playbook.yml --- - hosts: all sudo: yes vars: username: yuji tasks: - name: add a new user user: name={{username}}
$ vi playbook.yml --- - hosts: all sudo: yes vars_prompt: username: "Enter username" tasks: - name: add a new user user: name={{username}} $ ansible-playbook playbook.yml Enter username: yuji yum, serviceモジュールを使ってみよう †
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes $ ansible-playbook playbook.yml
file, copyモジュールを使ってみよう †
$ vi index.html <html> hello from ansible! </html>
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes - name: change owner file: dest=/var/www/html owner=vagrant recurse=yes - name: copy index.html copy: src=./index.html dest=/var/www/html/index.html owner=vagrant $ ansible-playbook playbook.yml TASK [copy index.html] ********************************************************* fatal: [192.168.43.52]: FAILED! => {"changed": false, "checksum": "21f2fc90aaf25beff7f6d34f80cab32114d00ecc", "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"} NO MORE HOSTS LEFT ************************************************************* [WARNING]: Could not create retry file 'playbook.retry'. [Errno 2] No such file or directory: '' PLAY RECAP ********************************************************************* 192.168.43.52 : ok=6 changed=1 unreachable=0 failed=1 192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - name: install libselinux-python yum: name=libselinux-python state=latest - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes - name: change owner file: dest=/var/www/html owner=vagrant recurse=yes - name: copy index.html copy: src=./index.html dest=/var/www/html/index.html owner=vagrant $ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** ok: [192.168.43.53] ok: [192.168.43.52] TASK [install libselinux-python] *********************************************** changed: [192.168.43.52] changed: [192.168.43.53] PLAY [web] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] TASK [install apache] ********************************************************** ok: [192.168.43.52] TASK [start apache and enabled] ************************************************ ok: [192.168.43.52] TASK [change owner] ************************************************************ ok: [192.168.43.52] TASK [copy index.html] ********************************************************* changed: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=8 changed=2 unreachable=0 failed=0 192.168.43.53 : ok=3 changed=1 unreachable=0 failed=0
with_items, notify/handlersを使おう †
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - name: install libselinux-python yum: name=libselinux-python state=latest - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes - name: change owner file: dest=/var/www/html owner=vagrant recurse=yes - name: copy index.html copy: src=./index.html dest=/var/www/html/index.html owner=vagrant - name: install php packages yum: name={{item}} state=latest with_items: - php - php-devel - php-mbstring - php-mysql notify: - restart apache handlers: - name: restart apache service: name=httpd state=restarted $ ansible-playbook playbook.yml *notifyに記述した内容に変更がない場合はhandlersは呼ばれない(実行されない) PHPを動作させてみよう †
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - name: install libselinux-python yum: name=libselinux-python state=latest - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes - name: change owner file: dest=/var/www/html owner=vagrant recurse=yes - name: copy index.html copy: src=./index.html dest=/var/www/html/index.html owner=vagrant - name: install php packages yum: name={{item}} state=latest with_items: - php - php-devel - php-mbstring - php-mysql notify: - restart apache - name: copy hello.php copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant handlers: - name: restart apache service: name=httpd state=restarted
$ vi hello.php <?php echo "hello from PHP!"; $ ansible-playbook playbook.yml
MySQLを導入してみよう †$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - name: install libselinux-python yum: name=libselinux-python state=latest - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes - name: change owner file: dest=/var/www/html owner=vagrant recurse=yes - name: copy index.html copy: src=./index.html dest=/var/www/html/index.html owner=vagrant - name: install php packages yum: name={{item}} state=latest with_items: - php - php-devel - php-mbstring - php-mysql notify: - restart apache - name: copy hello.php copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant handlers: - name: restart apache service: name=httpd state=restarted - hosts: db sudo: yes tasks: - name: install mysql yum: name=mysql-server state=latest - name: start mysql and enabled service: name=mysqld state=started enabled=yes $ ansible-playbook playbook.yml
$ ssh db $ mysql --version mysql Ver 14.14 Distrib 5.1.73, for redhat-linux-gnu (x86_64) using readline 5.1 $ exit mysql_db, mysql_userを使ってみよう †$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - name: install libselinux-python yum: name=libselinux-python state=latest - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes - name: change owner file: dest=/var/www/html owner=vagrant recurse=yes - name: copy index.html copy: src=./index.html dest=/var/www/html/index.html owner=vagrant - name: install php packages yum: name={{item}} state=latest with_items: - php - php-devel - php-mbstring - php-mysql notify: - restart apache - name: copy hello.php copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant handlers: - name: restart apache service: name=httpd state=restarted - hosts: db sudo: yes tasks: - name: install mysql yum: name=mysql-server state=latest - name: start mysql and enabled service: name=mysqld state=started enabled=yes - name: create a database mysql_db: name=mydb state=present - name: create a user for mydb mysql_user: name=dbuser password=dbpassword priv=mydb.*:ALL state=present $ ansible-playbook playbook.yml TASK [create a database] ******************************************************* fatal: [192.168.43.53]: FAILED! => {"changed": false, "failed": true, "msg": "the python mysqldb module is required"} NO MORE HOSTS LEFT ************************************************************* [WARNING]: Could not create retry file 'playbook.retry'. [Errno 2] No such file or directory: '' PLAY RECAP ********************************************************************* 192.168.43.52 : ok=10 changed=0 unreachable=0 failed=0 192.168.43.53 : ok=6 changed=0 unreachable=0 failed=1
$ vi playbook.yml --- - hosts: all sudo: yes tasks: - name: add a new user user: name=yuji state=absent - name: install libselinux-python yum: name=libselinux-python state=latest - hosts: web sudo: yes tasks: - name: install apache yum: name=httpd state=latest - name: start apache and enabled service: name=httpd state=started enabled=yes - name: change owner file: dest=/var/www/html owner=vagrant recurse=yes - name: copy index.html copy: src=./index.html dest=/var/www/html/index.html owner=vagrant - name: install php packages yum: name={{item}} state=latest with_items: - php - php-devel - php-mbstring - php-mysql notify: - restart apache - name: copy hello.php copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant handlers: - name: restart apache service: name=httpd state=restarted - hosts: db sudo: yes tasks: - name: install mysql yum: name={{item}} state=latest with_items: - mysql-server - MySQL-python - name: start mysql and enabled service: name=mysqld state=started enabled=yes - name: create a database mysql_db: name=mydb state=present - name: create a user for mydb mysql_user: name=dbuser password=dbpassword priv=mydb.*:ALL state=present $ ansible-playbook playbook.yml
$ ssh db $ mysql -u dbuser -p mydb mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mydb | | test | +--------------------+ mysql> exit $ exit |