Infrastructre as Ccodeの実現 - Ansibleの基本 -
0 likes177 views
The document discusses using Ansible for infrastructure as code, detailing playbooks and inventory configurations to manage Linux and Windows servers, specifically focusing on installing and managing the httpd service. It includes commands and examples for running Ansible playbooks, managing SSH configurations, and necessary file permissions. Various modules and operational commands illustrate how to automate deployments and configurations in different environments, including CentOS and Ubuntu.
![Ansible
$> ansible -i ./hosts all -m shell -a “ipconfig”
“shell”
-a
192.168.0.[1-3] ipconfig
or](https://image.slidesharecdn.com/infrastructreascodeperforming20171129-181128023116/85/Infrastructre-as-Ccode-Ansible-35-320.jpg)
![Ansible
$> ansible-playbook -i ./hosts all ./deploy-
httpd.yml
ansible-playbook Inventory Playbook
192.168.0.[1-3]
httpd
on](https://image.slidesharecdn.com/infrastructreascodeperforming20171129-181128023116/85/Infrastructre-as-Ccode-Ansible-41-320.jpg)
![- lineinfile:
dest=~/.ssh/authorized_keys
line=[ ]
lineinfile](https://image.slidesharecdn.com/infrastructreascodeperforming20171129-181128023116/85/Infrastructre-as-Ccode-Ansible-49-320.jpg)
![$> cat ./hosts
[slave1]
172.16.0.1
[slave2]
172.16.0.2
[slave1:vars]
target_sshd_conf=./sshd_config_for_slave1
[slave2:vars]
target_sshd_conf=./sshd_config_for_slave2](https://image.slidesharecdn.com/infrastructreascodeperforming20171129-181128023116/85/Infrastructre-as-Ccode-Ansible-56-320.jpg)
Infrastructre as Ccodeの実現 - Ansibleの基本 -
- 1. Infrastructre as Code - Ansible - 2017/11/29
- 3. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 5. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 6. Infrastructure as Code • = • • DNS VM • •
- 7. Infrastructure as Code • • 30 30 • • 1 •
- 9. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 11. Chef / Puppet / Ansible Linux Windows NW ◆ ◆ httpd httpd
- 12. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 13. • • Chef • • • Ruby • Puppet • Chef • Chef • Puppet • Ansible • • •
- 14. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 15. • • / • NIC • sshd • • • sudo • • iptables / firewalld 100
- 16. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 17. • • • • • VM VM => =>
- 18. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 19. Ansible • Chef Puppet • • Chef / Puppet • • Chef / Puppet Ruby • • •
- 20. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 21. Ansible Ansbile Playbook Inventory Linux RHEL 7.x Linux CentOS 6.x Windows Windows 2012R2 Linux Ubuntu 17.x NW Cisco IOS 15.x PUSH SSH
- 22. Ansible • Ansible SSH sudo • sshd_config sudoers • sudo • • ssh • sudo su –
- 23. Ansible Ansbile Playbook Inventory Linux RHEL 7.x Linux CentOS 6.x Windows Windows 2012R2 Linux Ubuntu 17.x NW Cisco IOS 15.x PUSH or sudo or su
- 24. Ansible • Playbook Inventory 2 • Inventory Playbook Inventory ※ Playbook ※
- 25. Ansible • Playbook Inventory 2 • Inventory Playbook - hosts: all become: yes tasks: - name: check install httpd yum: name=httpd state=latest - name: check running and enabled httpd service: name=httpd state=running enabled=yes 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5 192.168.0.6 Playbook ./deploy-httpd.yml Inventory ./hosts
- 26. Ansible • Playbook / OS Ansible( ) • CentOS6 7 • • Ubuntu yum install • CentOS6 systemd • OS
- 27. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 28. Ansible ※
- 29. Ansible • • CentOS 7.x or RHEL 7.x $> yum install epel-release $> yum install ansible
- 30. Ansible $> pwd /home/user01/workspace/ansible $> cat ./hosts 192.168.0.1 192.168.0.2 192.168.0.3
- 31. Ansible $> ansible -i ./hosts all -m ping –k 192.168.0.1 | SUCCESS => { "changed": false, "ping": "pong" } …
- 32. Ansible -i inventory -m -k $> ansible -i ./hosts all -m ping –k 192.168.0.1 | SUCCESS => { "changed": false, "ping": "pong" } …
- 33. Ansible OK $> ansible -i ./hosts all -m ping 192.168.0.1 | SUCCESS => { "changed": false, "ping": "pong" } …
- 34. Ansible ※ ~/.ssh OK $> ansible -i ./hosts all -m ping -i ~/.ssh/id_rsa 192.168.0.1 | SUCCESS => { "changed": false, "ping": "pong" }
- 35. Ansible $> ansible -i ./hosts all -m shell -a “ipconfig” “shell” -a 192.168.0.[1-3] ipconfig or
- 36. Ansible • Playbook YAML • YAML Wikipedia • https://ja.wikipedia.org/wiki/YAML • • hosts • become • tasks • handlers
- 37. Ansible • hosts • Inventory • ”all” • become • • sudo su • tasks • • • handlers • tasks • Ansible
- 38. $> cat ./deploy-httpd.yml - hosts: all - become: yes tasks: - name: check install httpd yum: name=httpd state=latest - name: check running and enabled httpd service: name=httpd state=running enabled=yes
- 39. $> cat ./deploy-httpd.yml - hosts: all - become: yes tasks: - name: check install httpd yum: name=httpd state=latest - name: check running and enabled httpd service: name=httpd state=running enabled=yes sudo tasks
- 40. $> cat ./deploy-httpd.yml - hosts: all - become: yes tasks: - name: check install httpd yum: name=httpd state=latest - name: check running and enabled httpd service: name=httpd state=running enabled=yes yum httpd
- 41. Ansible $> ansible-playbook -i ./hosts all ./deploy- httpd.yml ansible-playbook Inventory Playbook 192.168.0.[1-3] httpd on
- 42. Ansible $> ansible-playbook -i ./hosts all ./deploy- httpd.yml —check --check dry-run Playbook ※ --check
- 43. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 50. - replace: dest=/etc/ssh/sshd_config regexp=“PermitRootLogin yes” replace=“PermitRootLogin no” replace
- 51. • Ansible • Linux Windows Cisco IOS, FortiGate, AWS, Azure • 1400 • http://docs.ansible.com/ansible/latest/list_of_all_modules.html • •
- 54. • Infrastructure as a Code • • • • • Ansible • Ansible • Ansible • • Ansible
- 57. - name: deploy sshd_conf copy: src={{ target_sshd_conf }} dest=/etc/ssh/sshd_config owner=root group=root mode=0640
- 60. Ansible $> ansible-playbook -i ./hosts all ./deploy- httpd.yml --become-method=su --become-ask-pass root SSH root sudo --become-method: root --become-ask-pass: root
- 61. Ansible $> ansible-playbook -i ./hosts all ./deploy- httpd.yml --become-method=sudo --become-ask-pass sudo --become-method sudo
- 63. • Playbook • • Playbook • • Playbook ansible-playbook • • Playbook /