LoginSignup
1

More than 5 years have passed since last update.

備忘録 今日からAnsibleをはじめる

Posted at

もろもろの事情により、Ansibleもはじめることに。

1. 環境の準備

今回は、ConoHaクラウドに2台のサーバーを準備しました。
 ・Ansibleサーバーともう一台

2. Ansibleのインストール

見よう見まねで。

# yum install -y epel-release

# yum install -y epel-release
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.jaist.ac.jp
 * epel: ftp.jaist.ac.jp
 * epel-debuginfo: ftp.jaist.ac.jp
 * epel-source: ftp.jaist.ac.jp
 * extras: ftp.jaist.ac.jp
 * updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-9 will be updated
---> Package epel-release.noarch 0:7-11 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================
 Package                          Arch                       Version                   Repository                Size
======================================================================================================================
Updating:
 epel-release                     noarch                     7-11                      epel                      15 k

Transaction Summary
======================================================================================================================
Upgrade  1 Package

Total download size: 15 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/epel/packages/epel-release-7-11.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for epel-release-7-11.noarch.rpm is not installed
epel-release-7-11.noarch.rpm                                                                   |  15 kB  00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-9.noarch (@extras)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : epel-release-7-11.noarch                                                                           1/2
warning: /etc/yum.repos.d/epel.repo created as /etc/yum.repos.d/epel.repo.rpmnew
  Cleanup    : epel-release-7-9.noarch                                                                            2/2
  Verifying  : epel-release-7-11.noarch                                                                           1/2
  Verifying  : epel-release-7-9.noarch                                                                            2/2

Updated:
  epel-release.noarch 0:7-11

Complete!

つづいて
# yum install -y sshpass

# yum install -y sshpass
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.jaist.ac.jp
 * epel: ftp.jaist.ac.jp
 * epel-debuginfo: ftp.jaist.ac.jp
 * epel-source: ftp.jaist.ac.jp
 * extras: ftp.jaist.ac.jp
 * updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================
 Package                    Arch                      Version                         Repository                 Size
======================================================================================================================
Installing:
 sshpass                    x86_64                    1.06-2.el7                      extras                     21 k

Transaction Summary
======================================================================================================================
Install  1 Package

Total download size: 21 k
Installed size: 38 k
Downloading packages:
sshpass-1.06-2.el7.x86_64.rpm                                                                  |  21 kB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : sshpass-1.06-2.el7.x86_64                                                                          1/1
  Verifying  : sshpass-1.06-2.el7.x86_64                                                                          1/1

Installed:
  sshpass.x86_64 0:1.06-2.el7

Complete!

さいごに
# yum install -y ansible

[root@brighton001 ~]# yum install -y ansible
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.jaist.ac.jp
 * epel: ftp.jaist.ac.jp
 * epel-debuginfo: ftp.jaist.ac.jp
 * epel-source: ftp.jaist.ac.jp
 * extras: ftp.jaist.ac.jp
 * updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.4.1.0-1.el7 will be installed
--> Processing Dependency: python2-jmespath for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-passlib for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-cryptography for package: ansible-2.4.1.0-1.el7.noarch
--> Running transaction check
---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed
---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch
--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch
---> Package python-paramiko.noarch 0:2.1.1-2.el7 will be installed
---> Package python-passlib.noarch 0:1.6.5-2.el7 will be installed
---> Package python2-cryptography.x86_64 0:1.7.2-1.el7_4.1 will be installed
--> Processing Dependency: python-pyasn1 >= 0.1.8 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-ipaddress for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed
--> Running transaction check
---> Package openssl-libs.x86_64 1:1.0.1e-60.el7_3.1 will be updated
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-60.el7_3.1 for package: 1:openssl-1.0.1e-60.el7_3.1.x86_64
---> Package openssl-libs.x86_64 1:1.0.2k-8.el7 will be an update
---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed
---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed
--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64
---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed
---> Package python-idna.noarch 0:2.4-1.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed
---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed
--> Running transaction check
---> Package openssl.x86_64 1:1.0.1e-60.el7_3.1 will be updated
---> Package openssl.x86_64 1:1.0.2k-8.el7 will be an update
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch

3. ユーザー/グループ作成

Ansibleサーバーとターゲットノードにansibleユーザー/グループを作成する。

# groupadd -g 9001 ansible
# useradd -g 9001 -u 9001 ansible
# passwd ansible
Changing password for user ansible.                 
New password:                   
Retype new password:                    
passwd: all authentication tokens updated successfully.                 

4. hostsファイルの編集

AnsibleサーバーとターゲットノードのhostsにそれぞれにIPアドレスとホスト名を記入する。

5. ssh公開鍵認証の登録

1. Ansibileサーバー側で実施

# su - ansible
$ ssh-keygen -t rsa                                         
Generating public/private rsa key pair.                                         
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):                                            
Created directory '/home/ansible/.ssh'.                                         
Enter passphrase (empty for no passphrase):                                         
Enter same passphrase again:                                            
Your identification has been saved in /home/ansible/.ssh/id_rsa.                                            
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.                                            
The key fingerprint is:                                         
14:00:ca:ee:e8:40:b1:97:0d:0f:0d:44:12:8a:53:55 ansible@brighton001                                         
The key's randomart image is:           

2. ターゲットノード側でも実施

# su - ansible
$ ssh-keygen -t rsa                                         
Generating public/private rsa key pair.                                         
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):                                            
Created directory '/home/ansible/.ssh'.                                         
Enter passphrase (empty for no passphrase):                                         
Enter same passphrase again:                                            
Your identification has been saved in /home/ansible/.ssh/id_rsa.                                            
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.                                            
The key fingerprint is:                                         
14:00:ca:ee:e8:40:b1:97:0d:0f:0d:44:12:8a:53:55 ansible@brighton002                                     
The key's randomart image is:           

Ansibleサーバーの id_rsa.pub の中身をターゲットノードの authorized_keysに追記する。

6. ansibleホストの変更

/etc/ansible/hostsファイルに以下記述する。

[root@brighton001 ansible]# cp -p hosts hosts.20171219                      
[root@brighton001 ansible]# ls -l                       
total 32                        
-rw-r--r-- 1 root root 19179 Nov 14 22:27 ansible.cfg                       
-rw-r--r-- 1 root root  1016 Nov 14 22:27 hosts                     
-rw-r--r-- 1 root root  1016 Nov 14 22:27 hosts.20171219                        
drwxr-xr-x 2 root root  4096 Nov 14 22:27 roles                     


[kobatest]                      
    brighton002

7. ansibleテスト

ansibleテストを実施

[ansible@brighton001 ~]$ ansible kobatest -m ping
brighton002 | SUCCESS => {
    "changed": false,
    "failed": false,
    "ping": "pong"
}

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1