#centos
#Ansible

備忘録 今日からAnsibleをはじめる

もろもろの事情により、Ansibleもはじめることに。

1. 環境の準備

今回は、ConoHaクラウドに2台のサーバーを準備しました。
 ・Ansibleサーバーともう一台

2. Ansibleのインストール

見よう見まねで。

# yum install -y epel-release

# yum install -y epel-release
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.jaist.ac.jp
 * epel: ftp.jaist.ac.jp
 * epel-debuginfo: ftp.jaist.ac.jp
 * epel-source: ftp.jaist.ac.jp
 * extras: ftp.jaist.ac.jp
 * updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-9 will be updated
---> Package epel-release.noarch 0:7-11 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================
 Package                          Arch                       Version                   Repository                Size
======================================================================================================================
Updating:
 epel-release                     noarch                     7-11                      epel                      15 k

Transaction Summary
======================================================================================================================
Upgrade  1 Package

Total download size: 15 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/epel/packages/epel-release-7-11.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for epel-release-7-11.noarch.rpm is not installed
epel-release-7-11.noarch.rpm                                                                   |  15 kB  00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-9.noarch (@extras)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : epel-release-7-11.noarch                                                                           1/2
warning: /etc/yum.repos.d/epel.repo created as /etc/yum.repos.d/epel.repo.rpmnew
  Cleanup    : epel-release-7-9.noarch                                                                            2/2
  Verifying  : epel-release-7-11.noarch                                                                           1/2
  Verifying  : epel-release-7-9.noarch                                                                            2/2

Updated:
  epel-release.noarch 0:7-11

Complete!

つづいて
# yum install -y sshpass

# yum install -y sshpass
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.jaist.ac.jp
 * epel: ftp.jaist.ac.jp
 * epel-debuginfo: ftp.jaist.ac.jp
 * epel-source: ftp.jaist.ac.jp
 * extras: ftp.jaist.ac.jp
 * updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================
 Package                    Arch                      Version                         Repository                 Size
======================================================================================================================
Installing:
 sshpass                    x86_64                    1.06-2.el7                      extras                     21 k

Transaction Summary
======================================================================================================================
Install  1 Package

Total download size: 21 k
Installed size: 38 k
Downloading packages:
sshpass-1.06-2.el7.x86_64.rpm                                                                  |  21 kB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : sshpass-1.06-2.el7.x86_64                                                                          1/1
  Verifying  : sshpass-1.06-2.el7.x86_64                                                                          1/1

Installed:
  sshpass.x86_64 0:1.06-2.el7

Complete!

さいごに
# yum install -y ansible

[root@brighton001 ~]# yum install -y ansible
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.jaist.ac.jp
 * epel: ftp.jaist.ac.jp
 * epel-debuginfo: ftp.jaist.ac.jp
 * epel-source: ftp.jaist.ac.jp
 * extras: ftp.jaist.ac.jp
 * updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.4.1.0-1.el7 will be installed
--> Processing Dependency: python2-jmespath for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-passlib for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-cryptography for package: ansible-2.4.1.0-1.el7.noarch
--> Running transaction check
---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed
---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch
--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch
---> Package python-paramiko.noarch 0:2.1.1-2.el7 will be installed
---> Package python-passlib.noarch 0:1.6.5-2.el7 will be installed
---> Package python2-cryptography.x86_64 0:1.7.2-1.el7_4.1 will be installed
--> Processing Dependency: python-pyasn1 >= 0.1.8 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-ipaddress for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed
--> Running transaction check
---> Package openssl-libs.x86_64 1:1.0.1e-60.el7_3.1 will be updated
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-60.el7_3.1 for package: 1:openssl-1.0.1e-60.el7_3.1.x86_64
---> Package openssl-libs.x86_64 1:1.0.2k-8.el7 will be an update
---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed
---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed
--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64
---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed
---> Package python-idna.noarch 0:2.4-1.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed
---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed
--> Running transaction check
---> Package openssl.x86_64 1:1.0.1e-60.el7_3.1 will be updated
---> Package openssl.x86_64 1:1.0.2k-8.el7 will be an update
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch

3. ユーザー/グループ作成

Ansibleサーバーとターゲットノードにansibleユーザー/グループを作成する。

# groupadd -g 9001 ansible
# useradd -g 9001 -u 9001 ansible
# passwd ansible
Changing password for user ansible.                 
New password:                   
Retype new password:                    
passwd: all authentication tokens updated successfully.                 

4. hostsファイルの編集

AnsibleサーバーとターゲットノードのhostsにそれぞれにIPアドレスとホスト名を記入する。

5. ssh公開鍵認証の登録

1. Ansibileサーバー側で実施

# su - ansible
$ ssh-keygen -t rsa                                         
Generating public/private rsa key pair.                                         
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):                                            
Created directory '/home/ansible/.ssh'.                                         
Enter passphrase (empty for no passphrase):                                         
Enter same passphrase again:                                            
Your identification has been saved in /home/ansible/.ssh/id_rsa.                                            
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.                                            
The key fingerprint is:                                         
14:00:ca:ee:e8:40:b1:97:0d:0f:0d:44:12:8a:53:55 ansible@brighton001                                         
The key's randomart image is:           

2. ターゲットノード側でも実施

# su - ansible
$ ssh-keygen -t rsa                                         
Generating public/private rsa key pair.                                         
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):                                            
Created directory '/home/ansible/.ssh'.                                         
Enter passphrase (empty for no passphrase):                                         
Enter same passphrase again:                                            
Your identification has been saved in /home/ansible/.ssh/id_rsa.                                            
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.                                            
The key fingerprint is:                                         
14:00:ca:ee:e8:40:b1:97:0d:0f:0d:44:12:8a:53:55 ansible@brighton002                                     
The key's randomart image is:           

Ansibleサーバーの id_rsa.pub の中身をターゲットノードの authorized_keysに追記する。

6. ansibleホストの変更

/etc/ansible/hostsファイルに以下記述する。

[root@brighton001 ansible]# cp -p hosts hosts.20171219                      
[root@brighton001 ansible]# ls -l                       
total 32                        
-rw-r--r-- 1 root root 19179 Nov 14 22:27 ansible.cfg                       
-rw-r--r-- 1 root root  1016 Nov 14 22:27 hosts                     
-rw-r--r-- 1 root root  1016 Nov 14 22:27 hosts.20171219                        
drwxr-xr-x 2 root root  4096 Nov 14 22:27 roles                     


[kobatest]                      
    brighton002

7. ansibleテスト

ansibleテストを実施

[ansible@brighton001 ~]$ ansible kobatest -m ping
brighton002 | SUCCESS => {
    "changed": false,
    "failed": false,
    "ping": "pong"
}