220413 Today I Learned
일지
특이사항없음
특이사항없음
주요 키워드
오늘의 할일
- 220413 TIL 작성
- AWS Study W2 제출자료 완성하기
- Ansible 강의 한바퀴돌려보기, 정리는 나중에
추가로 정리해야할 부분
LAMP; Linux, Apache, MySQL/MariaDB, Php
오 몰랏당..
jinja2?
수업 정리
- Introduction To Ansible
- YAML Overview
-
How To Access Your Working Files
여기까진 다른내용으로 충분 —
- Setting Up A Test Environment Ansible
- Installing Ansible
vagrant 사용
ctrl1 ubuntu/trusty64
ctrl22 centos7
nodes > Amazon EC2
대충 Ansible 우분투랑 센트OS에 깐다는내용 대충 인스턴스 접속에 사용할 ssh를 준비한다는내용
앤서블이 사용할 기본 pem키를 설정하고, ssh 접속 여부를 확인하기
cd /etc/ansible
cat ansible.cfg | grep private_key
vi ansible.cfg
/private_key_file
private_key_file = ~/.ssh/220331_key.pem
ssh -i ~/.ssh/220331_key.pem ec2-user@54.180.156.90
실습할 폴더를 생성하고 host 파일?inventory? 생성하기
mkdir ~/pjt | cd~/pjt
vi hosts
cat hosts
[testserver]
EC2publicIP
컨트롤 머신과 ec2머신 통신 확인하기
ansible testserver -i hosts -u ec2-user -m ping
54.180.156.90 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
> EC2 머신에게 핑? 하니까 퐁! 함. 귀여워
---
6. Manual Inventory
ASB 설치시 /etc/ansible에 hosts파일이 생성됨
But Presenter prefer to make own hosts file in the pjt directory
그렇게함으로써 플레이북을 작동시킬시 별도의 hosts파일의 경로를 잡아주지않아도 같은 디렉토리내의 hosts를 읽고 수행
하지만 참고할만한 예시들이 들어있기때문에 기본 파일을 살펴볼 가치는 있음.
인벤토리파일은 .ini 또는 다른형식으로 작성됨
#그룹밖에 입력하면 전체대상
rainbows.unicorns.com
[testserver]
52.36.167.137
test1.example.com:5555 #hostname:port nu
[webservers]
apache[01:50].example.com #50 apache serv
nginx[50:100].example.com #50 nginx serv
[appservers]
app[a:f].example.com
one of the big common use cases w/invt.
> specify connection and and user info hostname
[testservers:vars]
ansible_user=ec2-user
best practice; don't set variables in invt.
- break out group-host pairs into own files
7. Getting Started With Configuration
23:15
default location: /etc/ansible
like host, put in the same dir. make it precedent over any ASB config files
config 파일은 7개의 항목으로 구성됨
defaults, invt, privilege_esc, paramiko_connection,ssh_connection,persistent_connection, accelerate
+selinux, colors, diff,
introduction of some parameters
25:25
ask_pass >
forks > how many parallel processes are spawned against remote hosts
library
nocows
which is favorites
private_key_file
remote_user
timeout maximum time to try ssh connet
transport ssh based conn, version ctrl
8. Ansible Configuration File Ansible
ad hoc
ping is a good start
and also manage packages services users grps etccccccccc.
ansible testserver -i hosts -u ec2-user -m setup
command/targets/-i which hostfile to use. mush provide path if not in the same dir./-u which user that connecting now/ -m which module?
ansible testserver -i hosts -u ec2-user -m yum -a "name=httpd state=latest" -b
-a는 모엿지
-b become root.
https://gruuuuu.github.io/error/ansible-py-err/
[testserver:vars]
ansible_python_interpreter=/usr/bin/python2.7
ansible testserver -i hosts -u ec2-user -m service -a "name=httpd state=started" -b
ansible localhost -m ping
ansible localhost -m setup
ansible localhost -m uptime
9. Where To Go For Help On The CLI
ansible-doc -h
gives me of option
ansible-doc -l | grep ec2 > ec2 관련 모듈정보
ansible-doc -l | grep win > windows 관련 모듈정보
ansible-doc ec2_eni | /security_group으로 parameter 찾기 가능
10. Ad-Hoc Commands
11. Intro To Playbooks
playbooks are building blocks of ansible command
```yaml
---
- name: install and configure mariadb
hosts: testserver
remote_user: ec2-user
become: yes
vars:
mysql_port: 3306
tasks:
- name: install mariadb
yum: name=mariadb-server state=latest
- name: create mysql configuration file
template: src=my.cnf.j2 dest=/etc/my.cnf
notify: restart mariadb
- name: create mariadb log file
file: path=/var/log/mysqld.log state=touch owner=mysql group=mysql mode=0775
- name: start mariadb service
service: name=mariadb state=started enabled=yes
handlers: #핸들러부분은 아직 이해안간당 notify랑 연결되는거 같은뎅
- name: restart mariadb
service: name=mariadb state=restarted
- Variables
vars_files:
- maria_vars.yml
ansible-playbook -i hosts mariadb.yml –extra-vars “hosts=testserver”
registered variables
vi ver_cases.yml
---
- name: testing variable stuff
hosts: testserver
remote_user: ec2-user
tasks:
- name: get date on the server
shell: date
register: output
- debug: msg="the date is {output.stdout}"
variables gatherd from fact data
- debug: var=ansible_distribution_version
- name: group some machines together temporarily
- group_by: key=rhel_{ansible_distribution_version}
register: group_result
- debug: var=group_result
:wq!
ansible-playbook -i hosts var_cases.yml
- Conditionals
---
vi conditionals.yml
- name: testing conditionals
hosts: testserver
remote_user: ec2-user
become: yes
vars:
unicorn: true
tasks:
- name: don't install on debian machines
yum: name=httpd state=latest
when: (ansible_os_family=="RedHat" and ansible_distribution_major_version=="6")
- name: are unicorns real or fake
shell: echo "unicorns are fake"
when: not unicorn
- fail: msg="unicorns require rainbow variable to be set"
when: rainbow is undefined
- name: test to see if selinux is running
shell: genenforce
register: sestatus
- name: configure selinux if not enforcing
seboolean: name=mysql_connect_any state=true persistent=yes
when: sestatus.rc !=0
- name: checking systemd
shell: cat /var/log/messages
register: log_output
- name: next task
shell: echo "systemd knows when we're doing ansible stuff"
when: log_output.stdout.find('ansible') !=0
register: shell_echo
- debug: var=shell_echo
register variables and conditional statements tend to go hand in hand
- Loops
shorthand way to do multiple tasks in one
tasks:
- name: install mariadb
yum: name={item} state=installed
with_items:
- mariadb-server
- MySQL-python
- libselinux-python
vi loops.yml
- name: testing loops
hosts: testserver
remote_user: ec2-user
become: yes
tasks:
- name: looping over environment facts
debug: msg={item.key}={item.value}
with_dict: ansible_env
- name: looping over files and then copy
copy: src= dest=/tmp/loops
with_fileglob: "/tmp/*.conf"
- name: do until someting
shell: echo hello
register: output
retries: 5
delay: 5
until: output.stdout.find('hello') !=-1
- Blocks blocks r new as a versio 2.0 and allow logically group tasks and apply certain directrives to them
this is useful when cond. statement & privilege esc. section
- name: testing blocks
hosts: testserver
remote_user: ec2-user
become: yes
tasks:
- block:
- name: copying in a block
copy: src=/tmp/test1.txt dest=/tmp/loops
rescue:
- debug: msg="Stop. Error time."
always:
- debug: msg="This message will always display."
copiny in a block is showing example of error handling prompt rescue message when there was something wrong
- block:
- block:
- block:
- block: msg="nesting some blocks"
ansible-playbook -i hosts blocks.yml
- Templates
templates and ansible are processed by jinja2 templating language
아니이거 예제나 첨부파일이 따로있나? 왜 뭐만하면 쑥쑥나오지?
---
- name: testing templates
hosts: testserver
remote_user: ec2-user
become: yes
vars:
listenport: 8888
tasks:
- name: insert iptables template
template: src=iptables.j2 dets=/etc/sysconfig/iptables
notify: restart iptables
handlers:
- name: restart iptables
sevice: name=iptables state=restarted
-
Jinja2 Filters various filters just like variables, loops jinja.poku.org
-
Playbook Best Practices
- Include Statements
- Role Directory Structure
- Breaking A Playbook Into A Role Part - 1
- Breaking A Playbook Into A Role Part - 2
- Declaring Roles In Main Playbook
- Role Dependencies
- Privilege Escalation
- Delegation And Local Actions Ansible
- Error Handling
- Check Mode And Debugging Playbooks Part - 1
- Check Mode And Debugging Playbooks Part - 2
- Windows Support Part - 1
- Windows Support Part - 2
- EC2 Dynamic Inventory Part - 1
- EC2 Dynamic Inventory Part - 2
- Ansible Vault
Leave a comment