Anableによる自動化構成管理(22.04.14)

8200 ワード

モジュール


https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html
モジュールリスト
ansible-doc -l
モジュール詳細
ansible-doc <MODULE_NAME>

ad hocコマンド

ansible <HOST_PATTERN> -m <MODULE> -a <PARAMETER>
https://docs.ansible.com/ansible/latest/user_guide/intro_patterns.html

Wordpressの構成に必要なアクション


インストールパッケージ:yum
≪サービス制御|Service Control|ldap≫:≪サービス|Services|ldap≫
テキストの変更:lineInfile、blockInfile、replace
圧縮:archive,unarchive
ファイアウォール:ファイアウォール、ufw、iptables
コピーファイル:copy,fetch
ファイルのダウンロード:get url
データベース管理:mysql db、mysql user
ファイル管理:file

Ansible Jump Host with Bastion Host


https://www.jeffgeerling.com/blog/2022/using-ansible-playbook-ssh-bastion-jump-host aws-ec2.ini
[ec2]
ip-172-31-69-42.ap-northeast-2.compute.internal

[ec2:vars]
ansible_user=ec2-user
ansible_ssh_common_args='-o ProxyCommand="ssh -p 22 -W %h:%p -q [email protected]"'
ansible ec2 -i aws-ec2.ini -m command -a hostname

Ad-hocコマンドを使用してWordpressを構成

ansible wp -m yum -a "name=https://rpms.remirepo.net/enterprise/remi-release-7.rpm state=present validate_certs=no" -b
ansible wp -m yum_repository -a 'name=remi-safe file=remi-safe mirrorlist=http://cdn.remirepo.net/enterprise/7/safe/mirror description=remi-safe enabled=no' -b
ansible wp -m yum_repository -a 'name=remi-php74 file=remi-php74 mirrorlist=http://cdn.remirepo.net/enterprise/7/php74/mirror description=remi-php74 enabled=yes' -b
ansible wp -m yum -a 'name=httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL state=installed' -b
ansible wp -m service -a 'name=httpd state=started enabled=yes' -b
ansible wp -m service -a 'name=mariadb state=started enabled=yes' -b
ansible wp -m get_url -a 'url=https://wordpress.org/wordpress-5.9.3.tar.gz dest=/home/vagrant'
ansible wp -m unarchive -a 'src=/home/vagrant/wordpress-5.9.3.tar.gz remote_src=yes dest=/var/www/html owner=apache group=apache' -b
ansible wp -m mysql_db -a 'name=wordpress state=present login_user=root'
ansible wp -m mysql_user -a 'name=wpadm password=P@ssw0rd state=present login_user=root priv="wordpress.*:ALL"'
ansible wp -m copy -a 'src=/var/www/html/wordpress/wp-config-sample.php remote_src=yes dest=/var/www/html/wordpress/wp-config.php owner=apache group=apache' -b
ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=database_name_here replace=wordpress' -b
ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=username_here replace=wpadm' -b
ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=password_here replace=P@ssw0rd' -b

Revertコマンド

ansible wp -m service -a 'name=httpd state=stopped' -b
ansible wp -m service -a 'name=mariadb state=stopped' -b
ansible wp -m file -a 'path=/var/www/html/wordpress state=absent' -b
ansible wp -m file -a 'path=/home/vagrant/wordpress-5.9.3.tar.gz state=absent' -b
ansible wp -m yum -a 'name=httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL autoremove=yes state=absent' -b
ansible wp -m file -a 'name=/var/lib/mysql state=absent' -b
ansible wp -m yum -a 'name=remi-release autoremove=yes state=absent' -b

return value


https://docs.ansible.com/ansible/2.9/reference_appendices/common_return_values.html

Playbook

  • playbook:Yamlファイル
    - .yaml , .yml
  • play
  • task
  • test.yaml
    # Play
    - hosts: host1
      tasks:
        # Task
        - yum:
            name: httpd
            state: installed
        # Task
        - service
            name: httpd
            state: started
            enabled: yes
    
    リファレンスansible host1 -m yum -a 'name=httpd state=installed'`ansible host1 -m service -a 'name=httpd state=started enabled=yes'
    ansible-playbook test.yaml

    vim

    yum -y install vim-enhanced
    ~/.vimrc
    syntax on
    autocmd FileType yaml setlocal ts=2 sts=2 sw=2 et ai
    set cursorline
    vim test.yaml

    シナリオの実行

    ansible-playbook <PLAYBOOK>.yaml
    Yaml構文の確認
    ansible-playbook wordpress.yaml --syntax-check
    ゲームマニュアルシミュレーション
    ansible-playbook wordpress.yaml --check
    テキストの変更を確認
    ansible-playbook wordpress.yaml --diff
    --checkオプションとともに使用されることが多いです.
    実行するシステムの制限
    ansible-playbook wordpress.yaml --limit 192.168.100.12
    適用するホストのリスト
    ansible-playbook wordpress.yaml --list-hosts
    ゲームマニュアルのタスクリスト
    ansible-playbook wordpress.yaml --list-tasks
    ゲームマニュアルのラベルリスト
    ansible-playbook wordpress.yaml --list-tags