Ansible

From 탱이의 잡동사니
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Overview

Ansible 내용 정리.

Installation

apt 를 이용한 ansible 설치시, ansible_python_interpreter 관련 문제가 발생할 소지가 크다. 이런 문제를 방지하기 위해서는 pip 으로 설치를 하면 편하다.

$ pip3 install ansible

gcp_compute 플러그인 사용시, 다음의 패키지를 추가로 설치해주어야 한다.

$ pip3 install requests google-auth

Options

--ask-vault-pass

Vault password 를 묻도록 한다.

$ ansible-playbook --ask-vault-pass test.yml

-i

Inventory 를 지정한다.

Example

$ ansible -i ./hosts --list-hosts remote
  hosts (1):
    192.168.100.10

-K, --ask-become-pass

sudo 명령어 사용시, 사용되는 비밀번호를 묻도록 한다.

Example

$ ansible all -m ping -K
SUDO password: 
192.168.56.102 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.56.101 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

-m, --module-name

지정된 모듈을 실행한다.(default=command)

-m MODULE_NAME, --module-name=MODULE_NAME

-u, --user

지정된 사용자로 접속한다. (default=None)

-u REMOTE_USER, --user=REMOTE_USER

Example

$ ansible -i ./hosts remote -m ping -u pchero
192.168.100.10 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Directory

directory layout

production                # inventory file for production servers
staging                   # inventory file for staging environment

group_vars/
   group1.yml             # here we assign variables to particular groups
   group2.yml
host_vars/
   hostname1.yml          # here we assign variables to particular systems
   hostname2.yml

library/                  # if any custom modules, put them here (optional)
module_utils/             # if any custom module_utils to support modules, put them here (optional)
filter_plugins/           # if any custom filter plugins, put them here (optional)

site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case

    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/               # ""

Configuration

ansible.cfg

Ansible.cfg 파일은 Ansible 동작시 적용되는 여러가지 config 옵션들을 가지고 있는 파일이다.

기본적으로는 /etc/ansible/ansible.cfg 파일을 사용하지만, ANSIBLE_CONFIG 환경 변수를 조정하면 다른 위치의 config 파일을 불러오도록 설정할 수도 있다. 자세하게는 다음의 Priority 를 따른다<ref>https://docs.ansible.com/ansible/devel/reference_appendices/config.html#the-configuration-file</ref>.

ANSIBLE_CONFIG (environment variable if set)
ansible.cfg (in the current directory)
~/.ansible.cfg (in the home directory)
/etc/ansible/ansible.cfg

Environment Variables

config 파일을 직접 수정하는 것 말고도 Environment Variable 을 수정하는 것으로도 config 설정을 변경할 수 있다.

  • ANSIBLE_REMOTE_USER : ssh username

See also

Comparisons

Variables

/etc/hosts

Ansible 은 목적 host 를 찾을 때는 /etc/hosts 파일을 사용한다.

만약 호스트마다 다른 사용자 id 를 사용해야 한다면, 다음과 같이 설정하면 된다.

www.example.com    ansible_ssh_user=jerry

Modules

get_url

Downloads files from HTTP, HTTPS or FTP to the remote server. The remote server must have direct access to the remote resource.

By default, if an environment variable <protocol>_proxy is set on the target host, requests will be sent through that proxy. This behaviour can be overridden by setting a variable for this task (see setting the environment), or by using the use_proxy option. HTTP redirects can redirect from HTTP to HTTPS so you should be sure that your proxy environment for both protocols is correct.

From Ansible 2.4 when run with --check, it will do a HEAD request to validate the URL but will not download the entire file or verify it against hashes. For Windows targets, use the win_get_url module instead.

Example

- name: Download the Asterisk archive
  get_url: url={{ asterisk_url }} dest={{ asterisk_source_file }}
  register: asterisk_archive

See also

ping

A trivial test module, this module always returns pong on successful contact. It does not make sense in playbooks, but it is useful from /usr/bin/ansible to verify the ability to login and that a usable Python is configured.

This is NOT ICMP ping, this is just a trivial test module that requires Python on the remote-node.

For Windows targets, use the win_ping module instead. For Network target, use the net_ping module instead.

Example

ansible asterisk -i inventory/test-virtualbox -u pchero -m ping
192.168.100.10 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

See also

Return variables

The Ansible modules normally return a data structure that can be registered into a variable, or seen directly when output by the ansible program. Each module can optionally document its own unique values.

See also

Conditionals

tasks:
  - name: "shut down Debian flavored systems"
    command: /sbin/shutdown -t now
    when: ansible_facts['os_family'] == "Debian"
    # note that all variables can be used directly in conditionals without double curly braces

See also

Errors

google-auth

다음과 같은 에러가 나올 수 있다.

inventories/inventory.gcp.yml with auto plugin: gce inventory plugin cannot start: 
Failed to import the required Python library (google-auth) on runner-72989761-project-16424757-concurrent-0's Python /usr/bin/python3. 

Please read module documentation and install in the appropriate location. 
If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter

이럴 때는 ansible_python_interpreter 경로를 다시한번 확인해주거나 다음의 패키지를 추가로 설치해주면 된다. 에러메시지에는 google-auth 패키지만을 언급하고 있지만, 실제로는 requests 패키지도 같이 추가로 설치해주어야 한다.

$ pip3 install requests google-auth

See also