LoginSignup
2
2

More than 3 years have passed since last update.

@hiroyuki_onodera(小野寺 洋之)

Ansible Playbook検証環境構築 (MAC + KitchenCI + Docker)

Last updated at Posted at 2019-10-23

目的

Ansible Playbook検証環境構築 (2019版)では、ローカルに色々導入したので、ローカルにあまり多くを導入しない様に内容を更新した。
ansible controllerもdockerコンテナとし、検証環境もdockerとしてKitchenCIを回す

Windows10環境に関してはこちら

環境

MAC

  • macOS 10.14.6

ローカルに以下を導入

MAC:

環境変数設定

MAC:

$ echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
$ . ~/.bash_profile

ローカルに導入するgem

  • kitchen-ansible (0.50.0)
  • kitchen-docker (2.9.0)
$ gem install kitchen-ansible
$ gem install kitchen-docker

環境構築

ansible controllerもkitchenCIで導入する
(なお、DockerFileでも可能と思える)

$ mkdir ansible_controller
$ cd ansible_controller
$ vi kitchen.yml
...
$ vi site.yml
...
kitchen.yml
---
driver:
  name: docker
  run_options: -v /var/run/docker.sock:/var/run/docker.sock -v /usr/local/bin/docker:/bin/docker

provisioner:
  name: ansible_playbook
  chef_bootstrap_url: false
  hosts: ansible-controller
  playbook: site.yml

platforms:
- name: centos-7

suites:
- name: ansible-controller
  • /var/run/docker.sockを共有することで、dockerコンテナからdockerの操作を可能とする。
    • この場合、コンテナで制御を奪われるとベースOSも制御を奪われるので要注意
  • kitchen-ansible は対象にansibleを導入し、ローカルモードで実行する。
    • この導入されたansibleをそのまま利用する。

  • -v を追加し、ローカルのansible repoをansible controllerコンテナと共有させることも可能

  • centos-7を対象としている。ubuntu-16.04 とした場合、幾つか修正が必要となる可能性がある。

site.yml
---
- hosts: all
  gather_facts: false
  tasks:

  - name: install the chef-workstation rpm from a remote repo
    yum:
      name: https://packages.chef.io/files/stable/chef-workstation/0.11.21/el/7/chef-workstation-0.11.21-1.el7.x86_64.rpm

  - name: add 'eval "$(chef shell-init bash)"' to ~/.bash_profile
    lineinfile:
      dest: ~kitchen/.bash_profile
      line: eval "$(chef shell-init bash)"
    become: true
    become_user: kitchen

  - name: gem install
    shell: |
      set -e
      eval "$(chef shell-init bash)"
      gem install kitchen-ansiblepush
      gem install kitchen-docker
    become: true
    become_user: kitchen

ansible controllerのdockerコンテナ起動、作成

$ kitchen test -d never
-----> Starting Kitchen (v1.25.0)
-----> Cleaning up any prior instances of <ansible-controller-centos-7>

...

       PLAY [all] *********************************************************************

       TASK [install the chef-workstation rpm from a remote repo] *********************
       ok: [localhost]

       TASK [add 'eval "$(chef shell-init bash)"' to ~/.bash_profile] *****************
       changed: [localhost]

       TASK [gem install] *************************************************************
       changed: [localhost]

       PLAY RECAP *********************************************************************
       localhost                  : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

       Downloading files from <ansible-controller-centos-7>
       Finished converging <ansible-controller-centos-7> (5m22.82s).
-----> Setting up <ansible-controller-centos-7>...
       Finished setting up <ansible-controller-centos-7> (0m0.00s).
-----> Verifying <ansible-controller-centos-7>...
       Preparing files for transfer
       Transferring files to <ansible-controller-centos-7>
       Finished verifying <ansible-controller-centos-7> (0m0.00s).
       Finished testing <ansible-controller-centos-7> (5m28.24s).
-----> Kitchen is finished. (5m29.68s)

これでansible controllerコンテナが起動する。
削除は、kitchen destroyで可能。
kitchenコマンドからdocker stopやstartなど細かい操作は出来ないので、必要があればdockerコマンドを使用。

ansible controllerにログインして利用

$ kitchen login
Last login: Wed Oct 23 07:44:58 2019 from 172.17.0.1

[kitchen@7b012ce1d2a9 ~]$ id
uid=1000(kitchen) gid=1000(kitchen) groups=1000(kitchen)

[kitchen@7b012ce1d2a9 ~]$ pwd
/home/kitchen

[kitchen@7b012ce1d2a9 ~]$ ansible --version
ansible 2.8.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/kitchen/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

[kitchen@7b012ce1d2a9 ~]$ kitchen --version
Test Kitchen version 2.3.3

[kitchen@7b012ce1d2a9 ~]$ gem list | grep kitchen
kitchen-ansiblepush (0.10.1)
kitchen-azurerm (0.14.9)
kitchen-digitalocean (0.10.4)
kitchen-docker (2.9.0)
kitchen-dokken (2.7.0)
kitchen-ec2 (3.2.0)
kitchen-google (2.0.1)
kitchen-hyperv (0.5.3)
kitchen-inspec (1.2.0)
kitchen-vagrant (1.6.0)
kitchen-vcenter (2.5.2)
test-kitchen (2.3.3)

[kitchen@7b012ce1d2a9 ~]$ mkdir roles                

[kitchen@7b012ce1d2a9 ~]$ cd roles/

[kitchen@7b012ce1d2a9 roles]$ ansible-galaxy init role01 
- role01 was created successfully

[kitchen@7b012ce1d2a9 roles]$ cd role01/

[kitchen@7b012ce1d2a9 role01]$ vi kitchen.yml
...

[kitchen@7b012ce1d2a9 role01]$ vi site.yml
...

[kitchen@7b012ce1d2a9 role01]$ vi tasks/main.yml
...

# 以下はInSpecの設定
[kitchen@7b012ce1d2a9 role01]$ mkdir -p test/integration/default

[kitchen@7b012ce1d2a9 role01]$ vi test/integration/default/default_test.rb
...

KitchenCI設定

kitchen.yml
---
driver:
  name: docker
  use_sudo: true
  use_internal_docker_network: true

provisioner:
  name: ansible_push
  chef_bootstrap_url: nil

platforms:
- name: centos-7

suites:
- name: ansiblepush
  provisioner:
    playbook: ./site.yml

verifier:
  name: inspec
  inspec_tests:
  - test/integration/default

kitchen-dockerとkitchen-ansiblepushを使用。
kitchen-ansiblepushは、ターゲットにansibleを導入せずにcontrollerのansibleを使用する。

プレイブック (site.yml)

site.yml

---
- hosts: all
  #gather_facts: false
  become: true
  tasks:
    - name: include_role 
      include_role:
        name: "../{{ lookup('env', 'PWD') | basename }}"

ここではテスト実行時のカレントディレクトリーをロール名としてincludeしている。

ロールのtasks (tasks/main.yml)

tasks/main.yml
---
- debug:
    msg: hello world!

InSpecテスト

test/integration/default/default_test.rb
# # encoding: utf-8

# This is an example test, replace it with your own test.
describe port(80) do
  it { should_not be_listening }
end

テスト実施 (kitchen test -d never)

[kitchen@7b012ce1d2a9 role01]$ kitchen test -d never 
-----> Starting Kitchen (v2.3.3)
-----> Cleaning up any prior instances of <ansiblepush-centos-7>
-----> Destroying <ansiblepush-centos-7>...
       Finished destroying <ansiblepush-centos-7> (0m0.00s).
-----> Testing <ansiblepush-centos-7>
-----> Creating <ansiblepush-centos-7>...
...

PLAY [all] *********************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************
ok: [centos-7]

TASK [include_role] ************************************************************************************************************

TASK [../role01 : debug] *******************************************************************************************************
ok: [centos-7] => {
    "msg": "hello world!"
}

PLAY RECAP *********************************************************************************************************************
centos-7                   : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

       *************** AnsiblePush end run *******************
       Downloading files from <ansiblepush-centos-7>
       Finished converging <ansiblepush-centos-7> (0m6.98s).
-----> Setting up <ansiblepush-centos-7>...
       Finished setting up <ansiblepush-centos-7> (0m0.00s).
-----> Verifying <ansiblepush-centos-7>...
       Loaded tests from {:path=>".home.kitchen.roles.role01.test.integration.default"} 

Profile: tests from {:path=>"/home/kitchen/roles/role01/test/integration/default"} (tests from {:path=>".home.kitchen.roles.role01.test.integration.default"})
Version: (not specified)
Target:  ssh://kitchen@172.17.0.3:22

  Port 80
     ✔  should not be listening

Test Summary: 1 successful, 0 failures, 0 skipped
       Finished verifying <ansiblepush-centos-7> (0m1.13s).
       Finished testing <ansiblepush-centos-7> (0m9.58s).
-----> Kitchen is finished. (0m13.83s)

ターゲットとなる別のdockerコンテナを立ち上げ、playbook適用、およびInSpecテスト実施

kitchen list, login, destroy

[kitchen@7b012ce1d2a9 role01]$ kitchen list 
Instance              Driver  Provisioner  Verifier  Transport  Last Action  Last Error
ansiblepush-centos-7  Docker  AnsiblePush  Inspec    Ssh        Verified     <None>

[kitchen@7b012ce1d2a9 role01]$ kitchen login
Last login: Wed Oct 23 08:23:19 2019 from 172.17.0.2
[kitchen@b72f869eae28 ~]$ id
uid=1000(kitchen) gid=1000(kitchen) groups=1000(kitchen)
[kitchen@b72f869eae28 ~]$ ls
[kitchen@b72f869eae28 ~]$ logout
Connection to 172.17.0.3 closed.

[kitchen@7b012ce1d2a9 role01]$ kitchen destroy
-----> Starting Kitchen (v2.3.3)
-----> Destroying <ansiblepush-centos-7>...
       PID                 USER                TIME                COMMAND
       72332               root                0:00                /usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes -o UsePrivilegeSeparation=no -o PidFile=/tmp/sshd.pid
       b72f869eae282ebcdff9c1a20a03b85e94bd1aa709e8e750202f5265ef7c81d4
       b72f869eae282ebcdff9c1a20a03b85e94bd1aa709e8e750202f5265ef7c81d4
       Finished destroying <ansiblepush-centos-7> (0m0.84s).
-----> Kitchen is finished. (0m5.17s)

[kitchen@7b012ce1d2a9 role01]$ kitchen list
Instance              Driver  Provisioner  Verifier  Transport  Last Action    Last Error
ansiblepush-centos-7  Docker  AnsiblePush  Inspec    Ssh        <Not Created>  <None>
2
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
2