![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
Ansibleとはなにか? †
サーバー構成 †
Vagrantでサーバーを起動 †
$ cd ~/Documents/MyVagrant $ mkdir ansible_lessons $ cd ansible_lessons $ vagrant init bento/centos-6.7
$ vi Vagrantfile config.vm.box = "bento/centos-6.7"
config.vm.define "host" do |node| node.vm.box = "bento/centos-6.7" node.vm.hostname = "host" node.vm.network :private_network, ip: "192.168.43.51" end config.vm.define "web" do |node| node.vm.box = "bento/centos-6.7" node.vm.hostname = "web" node.vm.network :private_network, ip: "192.168.43.52" end config.vm.define "db" do |node| node.vm.box = "bento/centos-6.7" node.vm.hostname = "db" node.vm.network :private_network, ip: "192.168.43.53" end $ vagrant up ... ... ==> host: Successfully added box 'bento/centos-6.7' (v2.2.7) for 'virtualbox'! ... ... $ vagrant status Current machine states: host running (virtualbox) web running (virtualbox) db running (virtualbox) This environment represents multiple VMs. The VMs are all listed above with their current state. For more information about a specific VM, run `vagrant status NAME`. Ansibleをインストールしてみよう †
$ vagrant ssh host
[vagrant@host ~]$ wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[vagrant@host ~]$ sudo rpm -Uvh epel-release-6-8.noarch.rpm
[vagrant@host ~]$ sudo yum -y install ansible [vagrant@host ~]$ ansible --version ansible 2.1.1.0 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides SSH接続の設定をしていこう †
[vagrant@host ~]$ vi .ssh/config Host web HostName 192.168.43.52 Host db HostName 192.168.43.53 $ chmod 600 .ssh/config
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/vagrant/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:
$ ssh-copy-id web The authenticity of host '192.168.43.52 (192.168.43.52)' can't be established. RSA key fingerprint is 90:d8:41:6f:c5:39:1d:54:0d:43:4e:34:dc:f1:d2:6b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.43.52' (RSA) to the list of known hosts. vagrant@192.168.43.52's password: $ ssh-copy-id db
$ ssh web $ exit $ ssh db $ exit ansibleを使ってみよう †
[vagrant@host ~]$ vi hosts [web] 192.168.43.52 [db] 192.168.43.53
$ ansible all -i hosts -m ping
192.168.43.53 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.43.52 | SUCCESS => {
"changed": false,
"ping": "pong"
}
$ vi ansible.cfg [defaults] hostfile = ./hosts $ ansible all -m ping
192.168.43.52 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.43.53 | SUCCESS => {
"changed": false,
"ping": "pong"
}
playbookを使ってみよう †
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji
$ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** changed: [192.168.43.53] changed: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0
$ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** ok: [192.168.43.53] ok: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=0 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0
$ ssh web $ cat /etc/passwd yuji:x:501:501::/home/yuji:/bin/bash $ exit $ ssh db $ cat /etc/passwd yuji:x:501:501::/home/yuji:/bin/bash $ exit 公式ドキュメントを見てみよう †
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
$ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** changed: [192.168.43.53] changed: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0
ansible-playbook のオプションを使ってみよう †
$ ansible-playbook playbook.yml --syntax-check [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. playbook: playbook.yml
$ ansible-playbook playbook.yml --list-task
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
playbook: playbook.yml
play #1 (all): all TAGS: []
tasks:
add a new user TAGS: []
$ ansible-playbook playbook.yml --check [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.53] ok: [192.168.43.52] TASK [add a new user] ********************************************************** ok: [192.168.43.53] ok: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=2 changed=0 unreachable=0 failed=0 192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0 playbookで変数を使ってみよう †
$ vi playbook.yml ---
- hosts: all
sudo: yes
vars:
username: yuji
tasks:
- name: add a new user
user: name={{username}}
$ vi playbook.yml ---
- hosts: all
sudo: yes
vars_prompt:
username: "Enter username"
tasks:
- name: add a new user
user: name={{username}}
$ ansible-playbook playbook.yml Enter username: yuji yum, serviceモジュールを使ってみよう †
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
$ ansible-playbook playbook.yml
file, copyモジュールを使ってみよう †
$ vi index.html <html> hello from ansible! </html>
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
- name: change owner
file: dest=/var/www/html owner=vagrant recurse=yes
- name: copy index.html
copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
$ ansible-playbook playbook.yml TASK [copy index.html] *********************************************************
fatal: [192.168.43.52]: FAILED! => {"changed": false, "checksum": "21f2fc90aaf25beff7f6d34f80cab32114d00ecc", "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
NO MORE HOSTS LEFT *************************************************************
[WARNING]: Could not create retry file 'playbook.retry'. [Errno 2] No
such file or directory: ''
PLAY RECAP *********************************************************************
192.168.43.52 : ok=6 changed=1 unreachable=0 failed=1
192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- name: install libselinux-python
yum: name=libselinux-python state=latest
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
- name: change owner
file: dest=/var/www/html owner=vagrant recurse=yes
- name: copy index.html
copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
$ ansible-playbook playbook.yml [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] ok: [192.168.43.53] TASK [add a new user] ********************************************************** ok: [192.168.43.53] ok: [192.168.43.52] TASK [install libselinux-python] *********************************************** changed: [192.168.43.52] changed: [192.168.43.53] PLAY [web] ********************************************************************* TASK [setup] ******************************************************************* ok: [192.168.43.52] TASK [install apache] ********************************************************** ok: [192.168.43.52] TASK [start apache and enabled] ************************************************ ok: [192.168.43.52] TASK [change owner] ************************************************************ ok: [192.168.43.52] TASK [copy index.html] ********************************************************* changed: [192.168.43.52] PLAY RECAP ********************************************************************* 192.168.43.52 : ok=8 changed=2 unreachable=0 failed=0 192.168.43.53 : ok=3 changed=1 unreachable=0 failed=0
with_items, notify/handlersを使おう †
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- name: install libselinux-python
yum: name=libselinux-python state=latest
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
- name: change owner
file: dest=/var/www/html owner=vagrant recurse=yes
- name: copy index.html
copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
- name: install php packages
yum: name={{item}} state=latest
with_items:
- php
- php-devel
- php-mbstring
- php-mysql
notify:
- restart apache
handlers:
- name: restart apache
service: name=httpd state=restarted
$ ansible-playbook playbook.yml *notifyに記述した内容に変更がない場合はhandlersは呼ばれない(実行されない) PHPを動作させてみよう †
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- name: install libselinux-python
yum: name=libselinux-python state=latest
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
- name: change owner
file: dest=/var/www/html owner=vagrant recurse=yes
- name: copy index.html
copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
- name: install php packages
yum: name={{item}} state=latest
with_items:
- php
- php-devel
- php-mbstring
- php-mysql
notify:
- restart apache
- name: copy hello.php
copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
handlers:
- name: restart apache
service: name=httpd state=restarted
$ vi hello.php <?php echo "hello from PHP!"; $ ansible-playbook playbook.yml
MySQLを導入してみよう †$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- name: install libselinux-python
yum: name=libselinux-python state=latest
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
- name: change owner
file: dest=/var/www/html owner=vagrant recurse=yes
- name: copy index.html
copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
- name: install php packages
yum: name={{item}} state=latest
with_items:
- php
- php-devel
- php-mbstring
- php-mysql
notify:
- restart apache
- name: copy hello.php
copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
handlers:
- name: restart apache
service: name=httpd state=restarted
- hosts: db
sudo: yes
tasks:
- name: install mysql
yum: name=mysql-server state=latest
- name: start mysql and enabled
service: name=mysqld state=started enabled=yes
$ ansible-playbook playbook.yml
$ ssh db $ mysql --version mysql Ver 14.14 Distrib 5.1.73, for redhat-linux-gnu (x86_64) using readline 5.1 $ exit mysql_db, mysql_userを使ってみよう †$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- name: install libselinux-python
yum: name=libselinux-python state=latest
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
- name: change owner
file: dest=/var/www/html owner=vagrant recurse=yes
- name: copy index.html
copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
- name: install php packages
yum: name={{item}} state=latest
with_items:
- php
- php-devel
- php-mbstring
- php-mysql
notify:
- restart apache
- name: copy hello.php
copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
handlers:
- name: restart apache
service: name=httpd state=restarted
- hosts: db
sudo: yes
tasks:
- name: install mysql
yum: name=mysql-server state=latest
- name: start mysql and enabled
service: name=mysqld state=started enabled=yes
- name: create a database
mysql_db: name=mydb state=present
- name: create a user for mydb
mysql_user: name=dbuser password=dbpassword priv=mydb.*:ALL state=present
$ ansible-playbook playbook.yml TASK [create a database] *******************************************************
fatal: [192.168.43.53]: FAILED! => {"changed": false, "failed": true, "msg": "the python mysqldb module is required"}
NO MORE HOSTS LEFT *************************************************************
[WARNING]: Could not create retry file 'playbook.retry'. [Errno 2] No
such file or directory: ''
PLAY RECAP *********************************************************************
192.168.43.52 : ok=10 changed=0 unreachable=0 failed=0
192.168.43.53 : ok=6 changed=0 unreachable=0 failed=1
$ vi playbook.yml ---
- hosts: all
sudo: yes
tasks:
- name: add a new user
user: name=yuji state=absent
- name: install libselinux-python
yum: name=libselinux-python state=latest
- hosts: web
sudo: yes
tasks:
- name: install apache
yum: name=httpd state=latest
- name: start apache and enabled
service: name=httpd state=started enabled=yes
- name: change owner
file: dest=/var/www/html owner=vagrant recurse=yes
- name: copy index.html
copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
- name: install php packages
yum: name={{item}} state=latest
with_items:
- php
- php-devel
- php-mbstring
- php-mysql
notify:
- restart apache
- name: copy hello.php
copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
handlers:
- name: restart apache
service: name=httpd state=restarted
- hosts: db
sudo: yes
tasks:
- name: install mysql
yum: name={{item}} state=latest
with_items:
- mysql-server
- MySQL-python
- name: start mysql and enabled
service: name=mysqld state=started enabled=yes
- name: create a database
mysql_db: name=mydb state=present
- name: create a user for mydb
mysql_user: name=dbuser password=dbpassword priv=mydb.*:ALL state=present
$ ansible-playbook playbook.yml
$ ssh db $ mysql -u dbuser -p mydb mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mydb | | test | +--------------------+ mysql> exit $ exit |
