Ansible

From 탱이의 잡동사니
Revision as of 12:28, 10 June 2020 by Pchero (talk | contribs) (→‎Conditionals =)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Overview

Ansible 내용 정리.

Installation

apt 를 이용한 ansible 설치시, ansible_python_interpreter 관련 문제가 발생할 소지가 크다. 이런 문제를 방지하기 위해서는 pip 으로 설치를 하면 편하다.

$ pip3 install ansible

gcp_compute 플러그인 사용시, 다음의 패키지를 추가로 설치해주어야 한다.

$ pip3 install requests google-auth

Options

--ask-vault-pass

Vault password 를 묻도록 한다.

$ ansible-playbook --ask-vault-pass test.yml

-i

Inventory 를 지정한다.

Example

$ ansible -i ./hosts --list-hosts remote
  hosts (1):
    192.168.100.10

-K, --ask-become-pass

sudo 명령어 사용시, 사용되는 비밀번호를 묻도록 한다.

Example

$ ansible all -m ping -K
SUDO password: 
192.168.56.102 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.56.101 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

-m, --module-name

지정된 모듈을 실행한다.(default=command)

-m MODULE_NAME, --module-name=MODULE_NAME

-u, --user

지정된 사용자로 접속한다. (default=None)

-u REMOTE_USER, --user=REMOTE_USER

Example

$ ansible -i ./hosts remote -m ping -u pchero
192.168.100.10 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Directory

directory layout

production                # inventory file for production servers
staging                   # inventory file for staging environment

group_vars/
   group1.yml             # here we assign variables to particular groups
   group2.yml
host_vars/
   hostname1.yml          # here we assign variables to particular systems
   hostname2.yml

library/                  # if any custom modules, put them here (optional)
module_utils/             # if any custom module_utils to support modules, put them here (optional)
filter_plugins/           # if any custom filter plugins, put them here (optional)

site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case

    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/               # ""

Configuration

ansible.cfg

Ansible.cfg 파일은 Ansible 동작시 적용되는 여러가지 config 옵션들을 가지고 있는 파일이다.

기본적으로는 /etc/ansible/ansible.cfg 파일을 사용하지만, ANSIBLE_CONFIG 환경 변수를 조정하면 다른 위치의 config 파일을 불러오도록 설정할 수도 있다. 자세하게는 다음의 Priority 를 따른다<ref>https://docs.ansible.com/ansible/devel/reference_appendices/config.html#the-configuration-file</ref>.

ANSIBLE_CONFIG (environment variable if set)
ansible.cfg (in the current directory)
~/.ansible.cfg (in the home directory)
/etc/ansible/ansible.cfg

Environment Variables

config 파일을 직접 수정하는 것 말고도 Environment Variable 을 수정하는 것으로도 config 설정을 변경할 수 있다.

  • ANSIBLE_REMOTE_USER : ssh username

See also

Comparisons

Variables

/etc/hosts

Ansible 은 목적 host 를 찾을 때는 /etc/hosts 파일을 사용한다.

만약 호스트마다 다른 사용자 id 를 사용해야 한다면, 다음과 같이 설정하면 된다.

www.example.com    ansible_ssh_user=jerry

Modules

get_url

Downloads files from HTTP, HTTPS or FTP to the remote server. The remote server must have direct access to the remote resource.

By default, if an environment variable <protocol>_proxy is set on the target host, requests will be sent through that proxy. This behaviour can be overridden by setting a variable for this task (see setting the environment), or by using the use_proxy option. HTTP redirects can redirect from HTTP to HTTPS so you should be sure that your proxy environment for both protocols is correct.

From Ansible 2.4 when run with --check, it will do a HEAD request to validate the URL but will not download the entire file or verify it against hashes. For Windows targets, use the win_get_url module instead.

Example

- name: Download the Asterisk archive
  get_url: url={{ asterisk_url }} dest={{ asterisk_source_file }}
  register: asterisk_archive

See also

ping

A trivial test module, this module always returns pong on successful contact. It does not make sense in playbooks, but it is useful from /usr/bin/ansible to verify the ability to login and that a usable Python is configured.

This is NOT ICMP ping, this is just a trivial test module that requires Python on the remote-node.

For Windows targets, use the win_ping module instead. For Network target, use the net_ping module instead.

Example

ansible asterisk -i inventory/test-virtualbox -u pchero -m ping
192.168.100.10 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

See also

Return variables

The Ansible modules normally return a data structure that can be registered into a variable, or seen directly when output by the ansible program. Each module can optionally document its own unique values.

See also

Conditionals

tasks:
  - name: "shut down Debian flavored systems"
    command: /sbin/shutdown -t now
    when: ansible_facts['os_family'] == "Debian"
    # note that all variables can be used directly in conditionals without double curly braces

See also

Errors

google-auth

다음과 같은 에러가 나올 수 있다.

inventories/inventory.gcp.yml with auto plugin: gce inventory plugin cannot start: 
Failed to import the required Python library (google-auth) on runner-72989761-project-16424757-concurrent-0's Python /usr/bin/python3. 

Please read module documentation and install in the appropriate location. 
If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter

이럴 때는 ansible_python_interpreter 경로를 다시한번 확인해주거나 다음의 패키지를 추가로 설치해주면 된다. 에러메시지에는 google-auth 패키지만을 언급하고 있지만, 실제로는 requests 패키지도 같이 추가로 설치해주어야 한다.

$ pip3 install requests google-auth

See also