Nasir

We, are our choices.

4 minute read

일지

최악의 일주일이였다

내 스타일은 너무 명확하고
현재 강사님은 그 스타일과 맞지 않으니
뭘 해야하나 어떻게해야하나하면서
좀 방황하면서 공부 동력도 좀 잃어버린느낌?

내일은 주말이고 멘토님 특강도 있으니까
복구좀하자..💪

앤서블사용해서 LAMP 서버구축하고 Wordpress 까지 구축하는 Playbook을 생성하면 되려나?
아마존 ec2 인스턴스 자동생성 task도 찾아서 붙이고
web 인스턴스랑 db인스턴스 구분해서 할수있으려나

그러면 그사이에 mysql 연동설정같은것도 할수있나?
그거까지 할 수 있으면 다다음주 미니 프로젝트 진행할건 다한거겠지. 화이팅

흠 근데 저 ppt 그냥 회사자료가져와서 하는건줄 알았는데 분량 추가되고 내용 좀 보니까 강사님이 직접 만드신거 같긴하네 음.. 그래도 아예 노력을 안하시는건 아닌가 보구나. 살짝 평가 정정

주요 키워드

오늘의 할일

  • 220415 TIL 작성
  • Ansible 공식문서읽어보기

추가로 정리해야할 부분

ansible 개념 단어들 정리 fact, template, loop, conditionals, blocks, handlers, role….

수업 정리

  1. Breaking A Playbook Into A Role Part - 1

  2. Breaking A Playbook Into A Role Part - 2 (1:26:00)

ansible-galaxy init common
vi ntp.yml
---
- name: install ntp
  yum: name=ntp state=present

- name: configure ntp file
  template: src=ntp.conf.j2 dest=/etc/ntp.conf
  notify: restart ntp

- name: start the ntp service
  sevice: name=ntpd state=started enabled=yes

---
- name: restart ntp 
sevice: name=ntpd state=restarted

끝나고나면 ~/pjt/roles/common/tasks에 main, ntp, selinux YAML파일생성

---
- include: selinux.yml
- include: ntp.yml
  1. Declaring Roles In Main Playbook(1:29:53)
~/pjt
vi site.yml
---
- name:deploy common and mariadb role
  hosts: testserver
  remote_user: ec2-user
  become: yes

  roles: 
  - common
  - mariadb

ansible-playbook -i hosts site.yml
  1. Role Dependencies (1:32:33)
---
- name: install httpd and firewalld
  yum: name={item} state=present
  with_items:
  - httpd
  - firewalld

- name: start firewalld
  service: name=firewalld state=started enabled=yes

- name: insert firewalld rule for httpd
  firewalld: port={httpd_port}/tcp permanent=true state=enabled immediate=yes

- name: start httpd
  service: name=httpd state=started enabled=yes
...
  1. Privilege Escalation (1:36:50)

idea of becoming another user

vi ansible.cfg

[privilege_escalation]
  1. become is the new syntax as of 2.0 if 1.9, pseudo
  2. make your user is privileged
  3. can’t limit to certain commands
  4. become can’t be chained
vi site.yml

- name:deploy common and mariadb role
  hosts: testserver
  remote_user: ec2-user
  become: yes
  become_user: postgres
  become_method: pbrun
> 만약 데이터베이스작업이있고, 해당유저만필요하다면
or
  become_user: michelle

ansible-playbook -i hosts site.yml -vvvv # 4v > debug level verbosity, can see actuall user change
  1. Delegation And Local Actions Ansible (1:42:10)

delegatimg a task to specific server

~/pjt vi testdelegate.yml

---
- name: test delegate
  hosts: testserver
  remote_user: ec2-user
  become: yes

  task:
  - name: restart machine
    shell: sleep 2 && shutdown -r now "Ansible updates have happend"
    async: 1
    poll: 0
    ignore_errors: True

  - name: waiting for server to come back
    wait_for: host={inventory_hostname} state=started delay=30 timeout=300
    become: no
    delegate_to 127.0.0.1

  - name: waiting for server to come back
    local_action: wait_for host={inventory_hostname} state=started delay=30 timeout=300
    become: no
    
why use delegate?
In 1st tasks, we'll lose connection to host, but wanna keep playbook going

by local action, we can shorten

---
- name: test delegate facts
  hosts: testserver
  remote_user: ec2-user
  become: yes

  task:
  - name: gather local facts
    setup: 
    delegate_to: 127.0.0.1
    delegate_facts: true
    
ansible-playbook -i host testdelegate.yml
  1. Error Handling (1:48:15) error handling is a broad term to cover ways to handle potential failures in ur ansible
~pjt vi testerrors.yml

---
- name: testing error handling
  hosts: testserver
  remote_user: ec2-user
  become: yes

  task:
  - name: testing ignore errors
    user: name=michelleP password={uPassword}
    ignore_errors: yes 

  - name: next task
    shell: echo hello world

  - name: quick echo
    shell: echo $PATH
    register: result

  - debug: msg="Stop running playbook if the play failed"
    failed_when: result|failed

  - name: echo failed
    shell: echo I failed
    register: output

  - debug: msg="Okay really stop the playbook"
    failed_when: output.stdout.find('failed')!=-1

  - name: just adding another task in here to show you that it will stop
    shell: echo hello world

ansible-playbook -i host testerrors.yml
  1. Check Mode And Debugging Playbooks Part - 1 (1:53:05)

checkrun by drydun



29. Check Mode And Debugging Playbooks Part - 2 (1:58:15)

전반적으로 영상보면서 오류 메시지랑 수정방법 체크하면댈듯

30. Windows Support Part - 1 (2:03:10)

윈도우 host서버 준비과정
인벤토리 변수와 호스트파일 설정
win_ping으로 연결상태 확인

윈도우에서는 ssh 사용못함. winrm

  • name: testing windows module hosts: windows

    vars: uPassword: w!ndowS

    task:

    • name: run ipconfig raw: ipconfig register: ipconfig

    • debug: var=ipconfig

    • name: test stat module on file win_stat: path=”C:/Windows/win.ini” register: stat_file

    • debug: var=stat_file

    • name: add a local group win_group: name=TestWindowsGroup description=”My Windows group” state=present

    • name: add a local user win_user: name=TestUser password={uPassword} groups=TestWindowsGroup group_action=add

    • name: give my local user some permissons win_acl: path: “C:\User\Public” user: TestUser rights: FullControl type: allow



31. Windows Support Part - 2 (2:09:00)
 Part1에서 생성한 플레이북 작동 및 결과 설명

vi windows.yml


32. EC2 Dynamic Inventory Part - 1

host 파일에서 인벤토리를 관리했지만,
aws ec2에 적용할 경우 ex2 외부 인벤토리 스크립트

ec2 file 생성하기

ec2 폴더를 생성하고, keypair.yml와 라이브러리 폴더 생성 
ec2.py
ec2.ini  inventory for ec2
chmod +x ec2.py
pip install boto

iam, get security credential and down access&secret access key

in part2, write a playbook to utilize some ec2

33. EC2 Dynamic Inventory Part - 2 (2:19:25)

In part1, set up process, confirm connectivity w/amz by ./ec2.py --list

vi playbook.yml

  • name: launching an ec2 instance hosts: localhost connection: local gather_facts: false

    vars_files:

    • keypair.yml

    task:

    • name: search for the latest rhel 7 ami ec2_ami_find: region: us-east-1 owner: “309956199498” name: “RHEL-7.2*” register: find_results

    • debug: var=find_results

    • name: find a subnet id ec2_vpc_subnet_facts: aws_access_key: “{ec2_access_key}” aws_secret_key: “{ec2_secret_key}” region: us-east-1 registe: subnet_ids

    • debug: subnet_ids

    • name: launch an ec2 instance ec2: aws_access_key: “{ec2_access_key}” aws_secret_key: “{ec2_secret_key}” instance_type: t2.micro region: us-east-1 image: “{find_resultes.results[0].ami_id}” instance_tags: Name: mperz wait: yes vpc_subnet_id: “{subnet_ids.subnets[0].id}” assign_public_ip: yes

```

  1. Ansible Vault (2:27:35)

vault is a feature that encrypts files w/sensitive data

이전강의에서 키들이 암호화되어있지않았기때문에 매우 취약한 상황.

ansible-vault encrypt keypair.yml
cat keypair.yml

ansible-playbook playbook.yml –ask-vault-pass

best practice for variables in vault

create a dir. underneath my group_vars

cd windows vi vault ansible-vault enctypr vault

만약에 암호화 해야 할 대상이 많다면 pip install cryptography

Categories:

Updated:

Leave a comment