#20230522(플레이북

eeapbh·2023년 5월 22일
0

MZC

목록 보기
45/61

ubuntu -> root로 바꿈
sudo -su root

cat /etc/ansible/hosts

복습..

센토스 아파치 애드혹 관리

# ansible centos -m yum -a "name=httpd state=present" -k # yum install -y httpd 랑 똑같음, 
# curl https://www.nginx.com/ -o index.html  # centos에 apache 깔고 사이트 들가면 test1234뜨는데 그거말고 좀잇어보이게 하기위해서 nginx.com에서 index.html하나 다운받앗음
# ansible centos -m copy -a "src=index.html dest=/var/www/html/index.html" -k # 방금 받은 index.html을 소스, 데스티네이션에 복사 scp
# ansible centos -m service -a "name=httpd state=started" -k # name = 여기서는 서비스의 이름 
# ansible centos -m shell -a "systemctl status firewalld" -k
# ansible centos -m shell -a "systemctl start firewalld" -k
# ansible centos -m shell -a "firewall-cmd --permanent --zone=public --add-service=http" -k
# ansible centos -m shell -a "firewall-cmd --reload" -k
# ansible centos -m service -a "name=httpd state=stopped" -k # 한번에 다멈추기! systemctl stop httpd
# ansible centos -m shell -a "systemctl stop firewalld" -k
# ansible centos -m yum -a "name=httpd state=absent" -k  # yum remove -y httpd

우분투 아파치 애드혹 관리

# ansible ubuntu -m apt -a "name=apache2 state=present" -k
# curl https://www.nginx.com/ -o index.html
# ansible ubuntu -m copy -a "src=index.html dest=/var/www/html/index.html" -k  # scp index.html root@192.168.1.197:/var/www/html/
# ansible ubuntu -m service -a "name=apache2 state=stopped" -k
# ansible ubuntu -m service -a "name=apache2 state=started" -k
# ansible ubuntu -m apt -a "name=apache2 state=absent" -k   # apt remove -y apache2

멱등성

앤서블은 멱등성(Idempotency)이란 특징을 가집니다. 이는 여러 번 적용해도 결과가 바뀌지 않으며, 수정된 부분이 있다면 그 부분만 새롭게 반영되는 특징이 있습니다.


# echo "172.16.0.100" >> inventory.list
# cat inventory.list
# echo "172.16.0.100" >> inventory.list
# cat inventory.list



# ansible localhost -c local -m lineinfile -a "path=inventory.list line=172.16.0.200"
# cat inventory.list
# ansible localhost -c local -m lineinfile -a "path=inventory.list line=172.16.0.200"
# cat inventory.list

플레이북 구조

YAML 형식으로 작성된 각각의 Playbook들은 하나 이상의 Play를 가지며, 각각의 Play는 하나 이상의 task(앤서블 모듈)을 실행한다

  • name: Playbook Tutorial # - 로 시작하는 3줄이 한 블록이다.
    hosts: all # ":" 으로 구분해 항목명과 값을 설정한 키-값 형식으로 되어 있다.
    tasks: # 항목명의 위치가 정렬되어 있다. yaml은 들여쓰기가 데이터 구조의 깊이가 된다.

센토스, 우분투 아파치 설치 플레이북

# vi apache_install.yml
- name: Install apache on centos
  hosts: centos

  tasks:
    - name: install apache web server
      yum: name=httpd state=present # ansible centos -m yum -a "name=httpd state=present" -k
    - name: upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/var/www/html/ mode=0644
    - name: start apache web server
      service: name=httpd state=started enabled=yes

- name: Install apache on ubuntu
  hosts: ubuntu

  tasks:
    - name: install apache web server
      apt: name=apache2 state=present
    - name: upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/var/www/html/ mode=0644
    - name: start apache web server
      service: name=apache2 state=started

# ansible-playbook apache_install.yml -k

센토스, 우분투 아파치 삭제 플레이북

# vi apache_remove.yml
- name: Remove apache on centos
  hosts: centos

  tasks:
    - name: remove apache web server
      yum: name=httpd state=absent

- name: Remove apache on ubuntu
  hosts: ubuntu

  tasks:
    - name: remove apache web server
      apt: name=apache2 state=absent

# ansible-playbook apache_remove.yml -k

앤서블 환경 설정 자동화

vi /env.yml
- name: Setup for the Ansible's Environment
  hosts: localhost
  
  tasks:
    - name: Add "/etc/ansible/hosts"
      blockinfile: 
        path: /etc/ansible/hosts
        block: |
          [centos]
          192.168.1.214

          [ubuntu]
          192.168.1.198 ansible_python_interpreter=/usr/bin/python3
          

    - name: Configure Bashrc
      lineinfile:   
        path: /root/.bashrc
        line: "{{ item }}"
      with_items:
        - "alias ans='ansible'"
        - "alias anp='ansible-playbook'"

# ansible-playbook env.yml -k

keypair 설정

# vi keypair_old.yml
- name: Setup for the Ansible's Environment
  hosts: localhost
  
  tasks:
    - name: Generate sshkey
      shell: "{{ item }}"
      with_items:
        - "ssh-keyscan 192.168.1.198 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.1.214 >> ~/.ssh/known_hosts"
        
# ansible-playbook keypair_old.yml -k
# ans -m ping -k
# vi keypair_new.yml
- name: Create known_hosts between server and nodes
  hosts: all
  connection: local
  serial: 1

  tasks:
    - name: ssh-keyscan for known_hosts file
      command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }} # 매직 변수 ansible_host 활용하여 hosts ip 호출
      register: keyscan

    - name: input key
      lineinfile:
        path: ~/.ssh/known_hosts
        line: "{{ item }}"
        create: yes
      with_items:
        - "{{ keyscan.stdout_lines }}"

- name: Create authorized_keys between server and nodes
  hosts: all
  connection: local
  vars:
    ansible_password: root

  tasks:
    - name: ssh-keygen for authorized_keys file
      openssh_keypair: 
        path: ~/.ssh/id_rsa
        size: 2048
        type: rsa
        force: False # overwrite하지 않는다는 False라고 값을 넣거나 아니면 삭제하거나 하면 되겠습니다.

    - name: input key for each node
      connection: ssh
      authorized_key:
        user: root
        state: present
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

# anp keypair.yml

센토스, 우분투 엔진엑스 설치 플레이북

# vi nginx_install.yml
- name: Install nginx on centos
  hosts: centos

  tasks:
    - name: install epel-release
      yum: 
        name: epel-release
        state: latest
    - name: install nginx web server
      yum: name=nginx state=present
    - name: upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/usr/share/nginx/html/ mode=0644
    - name: start nginx web server
      service: name=nginx state=started

- name: Install nginx on ubuntu
  hosts: ubuntu

  tasks:
    - name: install nginx web server
      apt: pkg=nginx state=present update_cache=yes
    - name: Upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/var/www/html/
               mode=0644 validate_certs=no

# ansible-playbook nginx_install.yml

센토스, 우분투 엔진엑스 삭제 플레이북

# vi nginx_remove.yml
- name: Remove nginx on centos
  hosts: centos

  tasks:
    - name: remove nginx web server
      yum: name=nginx state=absent

- name: Remove nginx on ubuntu
  hosts: ubuntu

  tasks:
    - name: remove nginx web server
      apt: pkg=nginx* state=absent

# ansible-playbook nginx_remove.yml

센토스, 우분투 NFS 설치 플레이북


# ansible 서버에서 다음 방화벽 설정
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --permanent --add-service=rpc-bind
# firewall-cmd --reload


# vi nfs.yml
- name: Setup for nfs server
  hosts: localhost

  tasks:
    - name: make nfs_shared directory
      file:
        path: /root/nfs_shared
        state: directory
        mode: 0777

    - name: configure /etc/exports
      lineinfile:
        path: /etc/exports
        line: /root/nfs_shared 192.168.0.0/20(rw,sync)

    - name: Install NFS
      yum:
        name: nfs-utils
        state: present

    - name: nfs service start
      service:
        name: nfs-server
        state: restarted
        enabled: yes

- name: Setup for nfs clients
  hosts: centos

  tasks:
    - name: make nfs_client directory
      file:
        path: /root/nfs
        state: directory

    - name: Install NFS
      yum:
        name: nfs-utils
        state: present

    - name: mount point directory as client  # = mount -t nfs 192.168.1.172:/root/nfs_shared /root/nfs 랑 같음
      mount:
        path: /root/nfs
        src: 192.168.1.172:/root/nfs_shared
        fstype: nfs
        state: mounted

- name: Setup for nfs clients U
  hosts: ubuntu

  tasks:
    - name: make nfs_client directory
      file:
        path: /root/nfs
        state: directory

    - name: Install NFS-U
      apt:
        pkg: nfs-common
        state: present
        update_cache: yes

    - name: mount point directory as client
      mount:
        path: /root/nfs
        src: 192.168.1.172:/root/nfs_shared
        fstype: nfs
        opts: nfsvers=3
        state: mounted

# ansible-playbook nfs.yml -k
# anp nfs.yml
vi /etc/ansible/hosts

centos -> webserver
ubuntu -> dbserver
로 바꾼다.

워드프레스 만들기

# vi wordpress.yml
- name: Setup for webserver
  hosts: webserver

  tasks:
    - name: Install http
      yum:
        name: "{{ item }}"
        state: present
      with_items:
        - httpd
        - php
        - php-mysql
        - php-gd
        - php-mbstring
        - wget
        - unzip

    - name: Unarchive a file that needs to be downloaded (added in 2.0)
      ansible.builtin.unarchive:
        src: https://ko.wordpress.org/wordpress-4.8.2-ko_KR.zip
        dest: /var/www/html
        remote_src: yes

    - name: chown # chown -R apache:apache /var/www/html/wordpress
      file:
        path: /var/www/html/wordpress
        owner: "apache"
        group: "apache"
        recurse: "yes"

    - name: web service restart
      service:
        name: httpd
        state: restarted

- name: Setup for dbserver
  hosts: dbserver

  tasks:
    - name: Install mariadb
      apt:
        pkg: mariadb-server
        state: present
        update_cache: yes

    - name: Install pymysql # 파이썬을 위한 mysql 연동 모듈 
      apt:
        pkg: python-pymysql
        state: present

    - name: Install pymysql
      apt:
        pkg: python3-pymysql
        state: present

    - name: set root password
      mysql_user:
        name: 'root'
        password: '{{ mysql_root_password }}'
        login_unix_socket: /var/run/mysqld/mysqld.sock
        state: present

    - name: edit file
      replace:
        path: /etc/mysql/mariadb.conf.d/50-server.cnf
        regexp: "bind-address"
        replace: "#bind-address"

    - name: db service restart
      service:
        name: mysql
        state: restarted

    - name: Create database
      mysql_db:
        db: wordpress
        login_unix_socket: /var/run/mysqld/mysqld.sock
        state: present

    - name: Create database user
      mysql_user:
        user: wpuser
        password: wppass
        priv: "wordpress.*:ALL,GRANT"
        host: '%'
        login_unix_socket: /var/run/mysqld/mysqld.sock
        state: present

# anp wordpress.yml --extra-vars "mysql_root_password=root"
  • 192.168.1.172/wordpress

  • 데이터페이스 호스트 : ubuntu ip

docker

docker용 centos.ovi 가져오기

시대가 바껴서 별도의 컴퓨터를 구하지 않아도 내 자리에 있는 컴퓨터 가상화머신을 이용해서 virtualbox, vmware설치하고 window가 아닌 centos , ubuntu 등등의 운영체제를 설치할수 있다.

vm과 많이 닮았지만 다른부분도 있다.

0개의 댓글