Ansible入門 のバックアップ(No.3)

[ トップ ]   [ 新規 | 一覧 | 単語検索 | 最終更新 | ヘルプ ]

• バックアップ一覧
• 差分 を表示
• 現在との差分 を表示
• ソース を表示
• Ansible入門 へ行く。
  • 1 (2016-09-19 (月) 07:45:36)
  • 2 (2016-10-16 (日) 17:22:48)
  • 3 (2017-03-12 (日) 19:38:33)

---

Ansibleとはなにか？ †

• 概要：サーバーの構成管理ツール

• 公式サイト：
  • 公式サイト: www.ansible.com
  • ドキュメンテーション: docs.ansible.com

• 知識：
  • Unixコマンド
  • Vim
  • Vagrant
  • YAML

• 環境：
  • MacOS X
  • Vagrant

サーバー構成 †

• Host
  • Ansible
  • Python実行環境
  • Inventory：どのサーバーを管理するか記述
  • ansible.cfg：Ansible全体の設定を記述
  • Playbook：管理対象に対して具体的にどのような設定（構成）を行うか記述

• Web
  • 管理対象
  • Python実行環境
  • Hostとの鍵認証/SSH接続
  • User / Apache / PHP ※Ansibleで構成管理

• DB
  • 管理対象
  • Python実行環境
  • Hostとの鍵認証/SSH接続
  • User / MySQL ※Ansibleで構成管理

Vagrantでサーバーを起動 †

• 利用可能なBoxファイルを検索

• Atlas >> Discover Vagrant Boxes

• 'bento/centos-6.7'のVagrant boxを利用

• Vagrantfileを生成

$ cd ~/Documents/MyVagrant
$ mkdir ansible_lessons
$ cd ansible_lessons
$ vagrant init bento/centos-6.7

• Vagrantfileを開き下記をコメントアウト

$ vi Vagrantfile

config.vm.box = "bento/centos-6.7"

• 下記を貼り付け

config.vm.define "host" do |node|
  node.vm.box = "bento/centos-6.7"
  node.vm.hostname = "host"
  node.vm.network :private_network, ip: "192.168.43.51"
end

config.vm.define "web" do |node|
  node.vm.box = "bento/centos-6.7"
  node.vm.hostname = "web"
  node.vm.network :private_network, ip: "192.168.43.52"
end

config.vm.define "db" do |node|
  node.vm.box = "bento/centos-6.7"
  node.vm.hostname = "db"
  node.vm.network :private_network, ip: "192.168.43.53"
end

$ vagrant up
...
...
==> host: Successfully added box 'bento/centos-6.7' (v2.2.7) for 'virtualbox'!
...
...

$ vagrant status
Current machine states:

host                      running (virtualbox)
web                       running (virtualbox)
db                        running (virtualbox)

This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.

Ansibleをインストールしてみよう †

• Ansibleをインストールするhostにssh接続

$ vagrant ssh host

• epelリポジトリをダウンロード

• Index of /pub/epel/6/x86_64よりepel-release-6-8.noarch.rpmのリンクアドレスをコピー

[vagrant@host ~]$ wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

• epelリポジトリをインストール

[vagrant@host ~]$ sudo rpm -Uvh epel-release-6-8.noarch.rpm

• Ansibleをインストール

[vagrant@host ~]$ sudo yum -y install ansible
[vagrant@host ~]$ $ ansible --version
ansible 2.1.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

SSH接続の設定をしていこう †

• WebとDBに対してssh configを設定

[vagrant@host ~]$ vi .ssh/config

Host web
 HostName 192.168.43.52
Host db
 HostName 192.168.43.53

$ chmod 600 .ssh/config

• 秘密鍵/公開鍵作成

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

• WebとDBに公開鍵を転送 *Vagrantユーザーのデフォルトパスワードは 'vagrant'

$ ssh-copy-id web
The authenticity of host '192.168.43.52 (192.168.43.52)' can't be established.
RSA key fingerprint is 90:d8:41:6f:c5:39:1d:54:0d:43:4e:34:dc:f1:d2:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.43.52' (RSA) to the list of known hosts.
vagrant@192.168.43.52's password:

$ ssh-copy-id db

• SSH接続確認

$ ssh web
$ exit
$ ssh db
$ exit

ansibleを使ってみよう †

• Inventoryファイル作成

[vagrant@host ~]$ vi hosts

[web]
192.168.43.52

[db]
192.168.43.53

• ansible実行（WebとDBに対してping確認）

$ ansible all -i hosts -m ping
192.168.43.53 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.43.52 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

• ansible config作成（ansible実行時にInventoryファイルの指定を省略可能に）

$ vi ansible.cfg

[defaults]
hostfile = ./hosts

$ ansible all -m ping
192.168.43.52 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.43.53 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

playbookを使ってみよう †

• Playbook作成

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji

• Playbook実行

$ ansible-playbook playbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
changed: [192.168.43.53]
changed: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52              : ok=2    changed=1    unreachable=0    failed=0
192.168.43.53              : ok=2    changed=1    unreachable=0    failed=0

• Playbook再実行 *冪等性が担保されていることの確認

$ ansible-playbook playbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52              : ok=2    changed=0    unreachable=0    failed=0
192.168.43.53              : ok=2    changed=0    unreachable=0    failed=0

• yuji ユーザーが作成されていることの確認

$ ssh web
$ cat /etc/passwd
yuji:x:501:501::/home/yuji:/bin/bash
$ exit

$ ssh db
$ cat /etc/passwd
yuji:x:501:501::/home/yuji:/bin/bash
$ exit

公式ドキュメントを見てみよう †

• docs.ansible.com >> Module Index にてモジュール一覧と使用方法（オプション等）の情報あり
• userモジュールの stateオプションを利用してみる

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent

$ ansible-playbook playbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
changed: [192.168.43.53]
changed: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52              : ok=2    changed=1    unreachable=0    failed=0
192.168.43.53              : ok=2    changed=1    unreachable=0    failed=0

• yuji ユーザーが存在しない（削除されている）ことを確認

ansible-playbook のオプションを使ってみよう †

• Playbookの文法正誤チェック

$ ansible-playbook playbook.yml --syntax-check
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

playbook: playbook.yml

• タスクの一覧表示

$ ansible-playbook playbook.yml --list-task
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

playbook: playbook.yml

  play #1 (all): all	TAGS: []
    tasks:
      add a new user	TAGS: []

• dry run 実行

$ ansible-playbook playbook.yml --check
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

TASK [add a new user] **********************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52              : ok=2    changed=0    unreachable=0    failed=0
192.168.43.53              : ok=2    changed=0    unreachable=0    failed=0

playbookで変数を使ってみよう †

• vars を使って変数を指定

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  vars:
    username: yuji
  tasks:
    - name: add a new user
      user: name={{username}}

• ansible-playbook実行時にユーザーに変数を入力させる

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  vars_prompt:
    username: "Enter username"
  tasks:
    - name: add a new user
      user: name={{username}}

$ ansible-playbook playbook.yml
Enter username: yuji

yum, serviceモジュールを使ってみよう †

• Webに対してApacheのインストール＆起動設定

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes

$ ansible-playbook playbook.yml

• ブラウザ経由で 192.168.43.52 へアクセスしApacheのTest Pageが表示されることを確認

file, copyモジュールを使ってみよう †

• index.html作成

$ vi index.html

<html>
hello from ansible!
</html>

• DocumentRootのオーナーを変更

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy index.html
      copy: src=./index.html dest=/var/www/html/index.html owner=vagrant

$ ansible-playbook playbook.yml

TASK [copy index.html] *********************************************************
fatal: [192.168.43.52]: FAILED! => {"changed": false, "checksum": "21f2fc90aaf25beff7f6d34f80cab32114d00ecc", "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}

NO MORE HOSTS LEFT *************************************************************
 [WARNING]: Could not create retry file 'playbook.retry'.         [Errno 2] No
such file or directory: ''


PLAY RECAP *********************************************************************
192.168.43.52              : ok=6    changed=1    unreachable=0    failed=1
192.168.43.53              : ok=2    changed=0    unreachable=0    failed=0

• libselinux-python がインストールされていないというエラーが発生したため対応

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent
    - name: install libselinux-python
      yum: name=libselinux-python state=latest

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy index.html
      copy: src=./index.html dest=/var/www/html/index.html owner=vagrant

$ ansible-playbook playbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is 'sudo' (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

TASK [install libselinux-python] ***********************************************
changed: [192.168.43.52]
changed: [192.168.43.53]

PLAY [web] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]

TASK [install apache] **********************************************************
ok: [192.168.43.52]

TASK [start apache and enabled] ************************************************
ok: [192.168.43.52]

TASK [change owner] ************************************************************
ok: [192.168.43.52]

TASK [copy index.html] *********************************************************
changed: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52              : ok=8    changed=2    unreachable=0    failed=0
192.168.43.53              : ok=3    changed=1    unreachable=0    failed=0

• ブラウザ経由で 192.168.43.52 へアクセスし hello from ansible! が表示されることを確認

with_items, notify/handlersを使おう †

• PHPのインストール

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent
    - name: install libselinux-python
      yum: name=libselinux-python state=latest

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy index.html
      copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
    - name: install php packages
      yum: name={{item}} state=latest
      with_items:
        - php 
        - php-devel
        - php-mbstring
        - php-mysql
      notify:
        - restart apache
  handlers:
    - name: restart apache
      service: name=httpd state=restarted

$ ansible-playbook playbook.yml

*notifyに記述した内容に変更がない場合はhandlersは呼ばれない（実行されない）

PHPを動作させてみよう †

• PHPファイルの転送

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent
    - name: install libselinux-python
      yum: name=libselinux-python state=latest

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy index.html
      copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
    - name: install php packages
      yum: name={{item}} state=latest
      with_items:
        - php 
        - php-devel
        - php-mbstring
        - php-mysql
      notify:
        - restart apache
    - name: copy hello.php
      copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
  handlers: 
    - name: restart apache
      service: name=httpd state=restarted

• hello.php作成

$ vi hello.php

<?php

echo "hello from PHP!";

$ ansible-playbook playbook.yml

• ブラウザ経由で 192.168.43.52/hello.php へアクセスし hello from PHP! が表示されることを確認

MySQLを導入してみよう †

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent
    - name: install libselinux-python
      yum: name=libselinux-python state=latest

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy index.html
      copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
    - name: install php packages
      yum: name={{item}} state=latest
      with_items:
        - php 
        - php-devel
        - php-mbstring
        - php-mysql
      notify:
        - restart apache
    - name: copy hello.php
      copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
  handlers: 
    - name: restart apache
      service: name=httpd state=restarted

- hosts: db
  sudo: yes
  tasks: 
    - name: install mysql
      yum: name=mysql-server state=latest
    - name: start mysql and enabled
      service: name=mysqld state=started enabled=yes

$ ansible-playbook playbook.yml

• MySQL確認

$ ssh db
$ mysql --version
mysql  Ver 14.14 Distrib 5.1.73, for redhat-linux-gnu (x86_64) using readline 5.1
$ exit

mysql_db, mysql_userを使ってみよう †

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent
    - name: install libselinux-python
      yum: name=libselinux-python state=latest

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy index.html
      copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
    - name: install php packages
      yum: name={{item}} state=latest
      with_items:
        - php 
        - php-devel
        - php-mbstring
        - php-mysql
      notify:
        - restart apache
    - name: copy hello.php
      copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
  handlers: 
    - name: restart apache
      service: name=httpd state=restarted

- hosts: db
  sudo: yes
  tasks: 
    - name: install mysql
      yum: name=mysql-server state=latest
    - name: start mysql and enabled
      service: name=mysqld state=started enabled=yes
    - name: create a database
      mysql_db: name=mydb state=present
    - name: create a user for mydb
      mysql_user: name=dbuser password=dbpassword priv=mydb.*:ALL state=present

$ ansible-playbook playbook.yml

TASK [create a database] *******************************************************
fatal: [192.168.43.53]: FAILED! => {"changed": false, "failed": true, "msg": "the python mysqldb module is required"}

NO MORE HOSTS LEFT *************************************************************
 [WARNING]: Could not create retry file 'playbook.retry'.         [Errno 2] No
such file or directory: ''


PLAY RECAP *********************************************************************
192.168.43.52              : ok=10   changed=0    unreachable=0    failed=0
192.168.43.53              : ok=6    changed=0    unreachable=0    failed=1

• python mysqldb がインストールされていないというエラーが発生したため対応

$ vi playbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=yuji state=absent
    - name: install libselinux-python
      yum: name=libselinux-python state=latest

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy index.html
      copy: src=./index.html dest=/var/www/html/index.html owner=vagrant
    - name: install php packages
      yum: name={{item}} state=latest
      with_items:
        - php 
        - php-devel
        - php-mbstring
        - php-mysql
      notify:
        - restart apache
    - name: copy hello.php
      copy: src=./hello.php dest=/var/www/html/hello.php owner=vagrant
  handlers: 
    - name: restart apache
      service: name=httpd state=restarted

- hosts: db
  sudo: yes
  tasks: 
    - name: install mysql
      yum: name={{item}} state=latest
      with_items:
        - mysql-server
        - MySQL-python
    - name: start mysql and enabled
      service: name=mysqld state=started enabled=yes
    - name: create a database
      mysql_db: name=mydb state=present
    - name: create a user for mydb
      mysql_user: name=dbuser password=dbpassword priv=mydb.*:ALL state=present

$ ansible-playbook playbook.yml

• MySQL確認

$ ssh db
$ mysql -u dbuser -p mydb
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mydb               |
| test               |
+--------------------+
mysql> exit
$ exit

     

Site admin: admin

PukiWiki 1.4.7 Copyright © 2001-2006 PukiWiki Developers Team. License is GPL.
Based on "PukiWiki" 1.3 by yu-ji. Powered by PHP 5.3.3. HTML convert time: 0.023 sec.