Ansible on CentOS6.7 - Setting up PandoraFMS sytems #0


Overview

 PandoraFMSを使って監視システムを作ることになった。
PandoraFMSはクラスタ構成(作り方による)が組めるほか、
監視システムという構成上、複数サーバ作ることが予見されるため、
設定ファイルの一元管理なども見据え、構築にAnsibleを用いることにした

Installation

Ansible server

 CentOS6.7でAnsible serverを作る。他の記事も記載の通りyumで入れるだけ


# yum install epel-release
# yum install ansible

hostの登録


# vi /etc/ansible/hosts
 # Ex 1: Ungrouped hosts, specify before any group headers.
 192.168.240.200
 192.168.240.201
 # Ex 2: A collection of hosts belonging to the 'webservers' group
 [PandoraFMS]
 192.168.240.200
 192.168.240.201

ssh鍵の登録

 省略。ssh-agentを使っても良いし、pubkeyを転送してauthorized_keysにaddしても良い。

Ansible Playbookの作成

 ベストプラクティスに従ってファイル配置を行う
まだ、中身やコピーするファイルが記載されていないが、概ねこんな感じで配置。


.
├── ansible.cfg
├── group_vars
├── hosts
├── hosts.org
├── host_vars
├── pandoraFMS.yml
├── roles
│   ├── common
│   │   ├── defaults
│   │   ├── files
│   │   ├── handlers
│   │   ├── meta
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   └── vars
│   └── pandoraFMS
│       ├── defaults
│       ├── files
│       │   └── etc
│       │       └── yum.repos.d
│       │           └── pandorafms.repo
│       ├── handlers
│       ├── meta
│       ├── tasks
│       │   └── main.yml
│       ├── templates
│       └── vars
└── site.yml

Server - Client Connection test

ansible ping

成功例


$ ansible all -m ping
 192.168.240.201 | success >> {
     "changed": false,
     "ping": "pong"
 }

192.168.240.200 | success >> {
     "changed": false,
     "ping": "pong"
 }

失敗例: ssh鍵を登録しないで実行した場合


$ ansible all -m ping
192.168.240.200 | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    while connecting to 192.168.240.200:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
192.168.240.201 | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    while connecting to 192.168.240.201:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue

Configuration for Ansible server

Configure

  • Install PandoraFMSの項で記述

Config check


 $ ansible-playbook site.yml --syntax-check
 $ ansible-playbook site.yml -C

Installation PandoraFMS from Ansible

Configuration for ansible

Inventory, playbook files

  • hosts (inventory)
    記載済み

  • site.yml


---
# file: site.yml
- include: pandoraFMS.yml
  • pandoraFMS.yml

---
# file: pandoraFMS.yml
- hosts: pandoraFMS
  roles:
    - common
    - pandoraFMS

role files

common
  • common/tasks/main.yml

# Add epel-release repo
- name: install the latest version of epel-release
  yum: name=epel-release state=latest
  tags: prod
pandoraFMS
  • pandoraFMS/tasks/main.yml

# Add pandoraFMS repo
- copy: src=/etc/ansible/roles/pandoraFMS/files/etc/yum.repos.d/pandorafms.repo dest=/etc/yum.repos.d/pandorafms.repo owner=root group=root mode=0644
  tags: prod
  sudo: yes

# Install pandoraFMS console (with MySQL)
- name: install the latest version of MySQL
  yum: name={{ item }} state=latest
  with_items:
    - mysql-server
    - mysql-connector-python
    - MySQL-python
  tags: prod
  sudo: yes

# Install pandoraFMS console (with MySQL)
- name: install the latest version of pandorafms_console pandorafms_server mysql-server
  yum: name={{ item }} state=latest
  with_items:
    - pandorafms_console
    - pandorafms_server
  tags: prod
  sudo: yes
# Dependent packages
- name: install the latest version of other packages
  yum: name={{ item }} state=latest
  with_items:
    - php
    - php-gd
    - graphviz
    - php-mysql
    - php-pear-DB
    - php-mbstring
    - php-ldap
    - php-snmp
    - php-ldap
    - php-common
    - php-zip
    - perl-HTML-Tree
    - perl-DBI
    - perl-DBD-mysql
    - perl-libwww-perl
    - perl-XML-Simple
    - perl-XML-SAX
    - perl-NetAddr-IP
    - net-snmp
    - net-tools
    - perl-IO-Socket-INET6
    - perl-Socket6
    - nmap
    - wmic
    - sudo
    - xprobe2
    - make
    - perl-CPAN
    - perl-JSON
    - net-snmp-perl
    - perl-Time-HiRes
    - perl-XML-Twig
    - perl-Encode-Locale
    - httpd
  tags: prod
  sudo: yes

# Starting & chkconfig
- name: chkconfig on mysqld
  service:
    name: mysqld
    state: started
    enabled: yes
  tags: prod
  sudo: yes

- name: stop iptables
  service:
    name: iptables
    state: stopped
    enabled: no
  tags: prod
  sudo: yes

- name: chkconfig on httpd
  service:
    name: httpd
    state: started
    enabled: yes
  tags: prod
  sudo: yes

## Setup MySQL
- name: create root password
  mysql_user:
    name: root
    host: localhost
    password: "password"
  tags: prod
  sudo: yes

Installation

Syntax Check


$ ansible-playbook -i hosts -vvv site.yml --syntax-check

参考記事(続編)