Ansible: Difference between revisions
No edit summary |
|||
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
Ansible 내용 정리. | Ansible 내용 정리. | ||
== Installation == | |||
* https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian | |||
apt 를 이용한 ansible 설치시, ansible_python_interpreter 관련 문제가 발생할 소지가 크다. 이런 문제를 방지하기 위해서는 pip 으로 설치를 하면 편하다. | |||
<pre> | |||
$ pip3 install ansible | |||
</pre> | |||
gcp_compute 플러그인 사용시, 다음의 패키지를 추가로 설치해주어야 한다. | |||
* https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html | |||
<pre> | |||
$ pip3 install requests google-auth | |||
</pre> | |||
== Options == | == Options == | ||
| Line 104: | Line 118: | ||
fooapp/ # "" | fooapp/ # "" | ||
</pre> | </pre> | ||
== Configuration == | |||
=== ansible.cfg === | |||
Ansible.cfg 파일은 Ansible 동작시 적용되는 여러가지 config 옵션들을 가지고 있는 파일이다. | |||
기본적으로는 /etc/ansible/ansible.cfg 파일을 사용하지만, '''ANSIBLE_CONFIG''' 환경 변수를 조정하면 다른 위치의 config 파일을 불러오도록 설정할 수도 있다. 자세하게는 다음의 Priority 를 따른다<ref>https://docs.ansible.com/ansible/devel/reference_appendices/config.html#the-configuration-file</ref>. | |||
<pre> | |||
ANSIBLE_CONFIG (environment variable if set) | |||
ansible.cfg (in the current directory) | |||
~/.ansible.cfg (in the home directory) | |||
/etc/ansible/ansible.cfg | |||
</pre> | |||
* https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir | |||
* https://docs.ansible.com/ansible/latest/plugins/inventory.html - Inventory 관련 설정 | |||
=== Environment Variables === | |||
config 파일을 직접 수정하는 것 말고도 Environment Variable 을 수정하는 것으로도 config 설정을 변경할 수 있다. | |||
* ANSIBLE_REMOTE_USER : ssh username | |||
==== See also ==== | |||
* https://docs.ansible.com/ansible/latest/reference_appendices/config.html | |||
== Comparisons == | |||
* https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html | |||
== Variables == | |||
* https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html | |||
== /etc/hosts == | == /etc/hosts == | ||
| Line 149: | Line 190: | ||
==== See also ==== | ==== See also ==== | ||
* https://docs.ansible.com/ansible/latest/modules/ping_module.html#ping-module | * https://docs.ansible.com/ansible/latest/modules/ping_module.html#ping-module | ||
== Return variables == | |||
The Ansible modules normally return a data structure that can be registered into a variable, or seen directly when output by the ansible program. Each module can optionally document its own unique values. | |||
=== See also === | |||
* https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html | |||
== Conditionals == | |||
<pre> | |||
tasks: | |||
- name: "shut down Debian flavored systems" | |||
command: /sbin/shutdown -t now | |||
when: ansible_facts['os_family'] == "Debian" | |||
# note that all variables can be used directly in conditionals without double curly braces | |||
</pre> | |||
=== See also === | |||
* https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html | |||
== Errors == | |||
=== google-auth === | |||
다음과 같은 에러가 나올 수 있다. | |||
<pre> | |||
inventories/inventory.gcp.yml with auto plugin: gce inventory plugin cannot start: | |||
Failed to import the required Python library (google-auth) on runner-72989761-project-16424757-concurrent-0's Python /usr/bin/python3. | |||
Please read module documentation and install in the appropriate location. | |||
If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter | |||
</pre> | |||
이럴 때는 ansible_python_interpreter 경로를 다시한번 확인해주거나 다음의 패키지를 추가로 설치해주면 된다. 에러메시지에는 google-auth 패키지만을 언급하고 있지만, 실제로는 requests 패키지도 같이 추가로 설치해주어야 한다. | |||
<pre> | |||
$ pip3 install requests google-auth | |||
</pre> | |||
== See also == | == See also == | ||
Latest revision as of 12:28, 10 June 2020
Overview
Ansible 내용 정리.
Installation
apt 를 이용한 ansible 설치시, ansible_python_interpreter 관련 문제가 발생할 소지가 크다. 이런 문제를 방지하기 위해서는 pip 으로 설치를 하면 편하다.
$ pip3 install ansible
gcp_compute 플러그인 사용시, 다음의 패키지를 추가로 설치해주어야 한다.
$ pip3 install requests google-auth
Options
--ask-vault-pass
Vault password 를 묻도록 한다.
$ ansible-playbook --ask-vault-pass test.yml
-i
Inventory 를 지정한다.
Example
$ ansible -i ./hosts --list-hosts remote
hosts (1):
192.168.100.10
-K, --ask-become-pass
sudo 명령어 사용시, 사용되는 비밀번호를 묻도록 한다.
Example
$ ansible all -m ping -K
SUDO password:
192.168.56.102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.56.101 | SUCCESS => {
"changed": false,
"ping": "pong"
}
-m, --module-name
지정된 모듈을 실행한다.(default=command)
-m MODULE_NAME, --module-name=MODULE_NAME
-u, --user
지정된 사용자로 접속한다. (default=None)
-u REMOTE_USER, --user=REMOTE_USER
Example
$ ansible -i ./hosts remote -m ping -u pchero
192.168.100.10 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Directory
directory layout
production # inventory file for production servers
staging # inventory file for staging environment
group_vars/
group1.yml # here we assign variables to particular groups
group2.yml
host_vars/
hostname1.yml # here we assign variables to particular systems
hostname2.yml
library/ # if any custom modules, put them here (optional)
module_utils/ # if any custom module_utils to support modules, put them here (optional)
filter_plugins/ # if any custom filter plugins, put them here (optional)
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
module_utils/ # roles can also include custom module_utils
lookup_plugins/ # or other types of plugins, like lookup in this case
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
Configuration
ansible.cfg
Ansible.cfg 파일은 Ansible 동작시 적용되는 여러가지 config 옵션들을 가지고 있는 파일이다.
기본적으로는 /etc/ansible/ansible.cfg 파일을 사용하지만, ANSIBLE_CONFIG 환경 변수를 조정하면 다른 위치의 config 파일을 불러오도록 설정할 수도 있다. 자세하게는 다음의 Priority 를 따른다<ref>https://docs.ansible.com/ansible/devel/reference_appendices/config.html#the-configuration-file</ref>.
ANSIBLE_CONFIG (environment variable if set) ansible.cfg (in the current directory) ~/.ansible.cfg (in the home directory) /etc/ansible/ansible.cfg
- https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
- https://docs.ansible.com/ansible/latest/plugins/inventory.html - Inventory 관련 설정
Environment Variables
config 파일을 직접 수정하는 것 말고도 Environment Variable 을 수정하는 것으로도 config 설정을 변경할 수 있다.
- ANSIBLE_REMOTE_USER : ssh username
See also
Comparisons
Variables
/etc/hosts
Ansible 은 목적 host 를 찾을 때는 /etc/hosts 파일을 사용한다.
만약 호스트마다 다른 사용자 id 를 사용해야 한다면, 다음과 같이 설정하면 된다.
www.example.com ansible_ssh_user=jerry
Modules
get_url
Downloads files from HTTP, HTTPS or FTP to the remote server. The remote server must have direct access to the remote resource.
By default, if an environment variable <protocol>_proxy is set on the target host, requests will be sent through that proxy. This behaviour can be overridden by setting a variable for this task (see setting the environment), or by using the use_proxy option. HTTP redirects can redirect from HTTP to HTTPS so you should be sure that your proxy environment for both protocols is correct.
From Ansible 2.4 when run with --check, it will do a HEAD request to validate the URL but will not download the entire file or verify it against hashes. For Windows targets, use the win_get_url module instead.
Example
- name: Download the Asterisk archive
get_url: url={{ asterisk_url }} dest={{ asterisk_source_file }}
register: asterisk_archive
See also
ping
A trivial test module, this module always returns pong on successful contact. It does not make sense in playbooks, but it is useful from /usr/bin/ansible to verify the ability to login and that a usable Python is configured.
This is NOT ICMP ping, this is just a trivial test module that requires Python on the remote-node.
For Windows targets, use the win_ping module instead. For Network target, use the net_ping module instead.
Example
ansible asterisk -i inventory/test-virtualbox -u pchero -m ping
192.168.100.10 | SUCCESS => {
"changed": false,
"ping": "pong"
}
See also
Return variables
The Ansible modules normally return a data structure that can be registered into a variable, or seen directly when output by the ansible program. Each module can optionally document its own unique values.
See also
Conditionals
tasks:
- name: "shut down Debian flavored systems"
command: /sbin/shutdown -t now
when: ansible_facts['os_family'] == "Debian"
# note that all variables can be used directly in conditionals without double curly braces
See also
Errors
google-auth
다음과 같은 에러가 나올 수 있다.
inventories/inventory.gcp.yml with auto plugin: gce inventory plugin cannot start: Failed to import the required Python library (google-auth) on runner-72989761-project-16424757-concurrent-0's Python /usr/bin/python3. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter
이럴 때는 ansible_python_interpreter 경로를 다시한번 확인해주거나 다음의 패키지를 추가로 설치해주면 된다. 에러메시지에는 google-auth 패키지만을 언급하고 있지만, 실제로는 requests 패키지도 같이 추가로 설치해주어야 한다.
$ pip3 install requests google-auth
See also
- https://docs.ansible.com/ - ansible menual