Ansible †
copy module¤Îcontent¤Ç²þ¹Ô¤¬¾Ã¤¨¤ë¡£ †
- ansible 2.9.6
- playbook.test.yml
- hosts: localhost
connection: local
vars:
var1:
- key: key1
val: val1
var2: "{{ var1 | to_nice_json(indent=2) }}"
tasks:
- copy:
content: "{{ var1 | to_nice_json(indent=2) }}"
dest: /tmp/example1.json
- copy:
content: "{{ var2 }}"
dest: /tmp/example2.json
- ¼Â¹Ô·ë²Ì
cat /tmp/example1.json
[
{
"key": "key1",
"val": "val1"
}
]
cat /tmp/example2.json
[{"key": "key1", "val": "val1"}]
¥³¥Þ¥ó¥É¤Î¸ºß¥Á¥§¥Ã¥¯ †
¥Í¥Ã¥È¥ï¡¼¥¯µ¡´ï¤Î´ÉÍý †
- telnetÀܳ¤ò»È¤¦¡£°Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢ssh¤¬Ë¾¤Þ¤·¤¤¡£
terraform.tfstate¤ÎÃͤò»²¾È †
defaultÃͤòÄêµÁ¤¹¤ë †
- ¥á¥¸¥ã¡¼¥Ð¡¼¥¸¥ç¥óËè¤Ë¥Ç¥Õ¥©¥ë¥ÈÃͤ¬Â礤¯ÊѤï¤ë¾ì¹ç¡£
- group_vars/°Ê²¼¤ÇÃͤò¥³¥ó¥È¥í¡¼¥ë¤·¤¿¤¤¡£
- "{{ var1 | default(omit) }}" ¤Ç¤Ï¡¢var1¤¬Ì¤ÄêµÄ¤Î¾ì¹ç¡¢²¿¤â¤·¤Ê¤¤¡£
¥È¥ì¡¼¥Ë¥ó¥°/¥µ¥ó¥×¥ë †
¥Ç¥Õ¥©¥ë¥È¤Î¸¡º÷¥Ñ¥¹ †
vars_prompt, vars_files, --extra-vars ¤ÇÇÛÎóÅù¤òÅϤ¹ †
- ÇÛÎó¤È¤·¤Ætest_list: ["a", "b", "c"] ¤òÅϤ¹
ansible-playbook playbook.yml -e '{"test_list": ["a","b","c"]}'
...
TASK [debug] ****************************************************************************************************************************************************************************
ok: [localhost] => {
"test_list": [
"a",
"b",
"c"
]
}
¹½Ê¸¥Á¥§¥Ã¥¯ †
patch: ¥Ñ¥Ã¥Á¤òŬÍѤ¹¤ë †
WSL´Ä¶ †
- DrvFs¾å¤Ë control_path¤òÀßÄꤹ¤ë¤È¡Ömuxclient: master hello exchange failed¡×¤Ç¼ºÇÔ¤¹¤ë¡£VolFs¾å¤Î¥Ñ¥¹¤ò»È¤¦¡£
parse_cli/parse_cli_textfsm: ¥³¥Þ¥ó¥É¤Î·ë²Ì¤ò²òÀϤ·¤ÆÊÑ¿ô¤Ë¼è¤ê¹þ¤à †
JSON¤Ç½ÐÎϤǤ¤Ê¤¤¥³¥Þ¥ó¥É¤Î·ë²Ì¤ò²òÀϤ·¤Æ¡¢ÊÑ¿ô¤ËÊÑ´¹¤·¤Æ¤¯¤ì¤ë¡£
²òÀÏÍѥƥó¥×¥ì¡¼¥È¤òÍÑ°Õ¤¹¤ë¤¬¡¢¥á¥¸¥ã¡¼¤Êµ¡´ïÍѤΥƥó¥×¥ì¡¼¥È¤Ï´û¤Ë¤¢¤ë¡£
local¼Â¹Ô»þ¤Îlocal user¤Î¼èÆÀ †
- fact¤Ç¼èÆÀ¤Ç¤¤ëÃͤËlocal user¤Ï̵¤·
ansible -i hosts.ini -m setup <remote-host>
...
"ansible_env": {
...
"USER": "/home/remote-user01",
...
"ansible_user_id": "remote-user01",
...
"ansible_user_uid": 1000,
- ¡Öwhoami¡×¥³¥Þ¥ó¥É¤Çuser¼èÆÀ
- ¡Öid¡×¥³¥Þ¥ó¥É¤Çuid,gid,groupsÅù¼èÆÀ¤Ç¤¤ë
package: OSËè¤Î¥Ñ¥Ã¥±¡¼¥¸´ÉÍý¤ò°ì¸µ²½ †
run_once: ¥Û¥¹¥È¤¬Ê£¿ôÂ椢¤Ã¤Æ¤â1²ó¤·¤«¼Â¹Ô¤·¤Ê¤¤ †
ini_file: ini¥Õ¥¡¥¤¥ë¤Î½ñ¤´¹¤¨ †
Terraform¤È¤ÎÏ¢·È †
Memo/Terraform¤ÇAWS EC2¤òµ¯Æ°¤·¤Æ¡¢ansible-playbook¤ò¼Â¹Ô¤·¤¿¤¤»þ¤Ê¤É¡£
apt: Debian/UbuntuÅù¤Î¥Ñ¥Ã¥±¡¼¥¸´ÉÍý †
apt:
name: "{{ apt_packages }}"
state: "{{ item.state }}"
update_cache: yes
cache_valid_time: 3600
vars_prompt¤Ç¥«¥ó¥Þ¶èÀÚ¤êʸ»úÎó¤òÇÛÎó¤ËŸ³«¤¹¤ë †
- ¼Â¹Ô·ë²Ì: ansible 2.4.2.0
ansible-playbook playbook.yml
Please enter csv: aaa, bbb
ok: [localhost] => (item=aaa) => {
"changed": false,
"item": "aaa",
"msg": "aaa"
}
ok: [localhost] => (item= bbb ) => {
"changed": false,
"item": " bbb ",
"msg": "bbb"
}
include¤ÎÂå¤ï¤ê¤Ëimport_tasks, include_tasks¤ò»È¤¦ †
- ansible 2.4.2.0¤Çinclude¤ò»È¤Ã¤¿¾ì¹ç¤Î·Ù¹ð¡£ÀÅŪ¤ÈưŪ¤ÇÌÀ¼¨Åª¤Ëʬ¤±¤Æµ½Ò¤¹¤ë¤è¤¦¤Ë¡£
[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks' for static inclusions or 'include_tasks' for
dynamic inclusions. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False
in ansible.cfg.
Including and Importing — Ansible Documentation
- import_tasks
- ÀÅŪ¤Êinclude¡£¼Â¹ÔÁ°¤Ëɾ²Á¤µ¤ì¤ë¡£
- include_tasks
- ưŪ¤Êinclude¡£¼Â¹Ô»þ¤Ëɾ²Á¤µ¤ì¤ë
- include¤Î¥Õ¥¡¥¤¥ë̾¤ËÊÑ¿ô¤ò´Þ¤à¾ì¹ç
- include»þ¤ËÊÑ¿ô¤òÍѤ¤¤Æloop¤¹¤ë¾ì¹ç
- handler¤Ë¤Ïnotify¤Ç¤¤Ê¤¤
- list-tags ¤Ç½ÐÎϤµ¤ì¤Ê¤¤
- list-tasks ¤Ç½ÐÎϤµ¤ì¤Ê¤¤
pause: »ØÄꤷ¤¿ÉÃ/ʬ¤À¤±ÂԤġ¢ÃæÃǤä³¹Ô¤òÁªÂò †
- ¼Â¹Ô·ë²Ì: 60ÉÃÂÔµ¡¤¹¤ë
time ansible-playbook -i test/hosts.ini -l localhost playbook.ping.yml -e 'pause_seconds=60'
...
TASK [ping] ***************************************************************************************************************************************
ok: [localhost]
TASK [pause] **************************************************************************************************************************************
Pausing for 60 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [localhost]
PLAY RECAP ****************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0
real 1m7.318s
user 0m4.149s
sys 0m0.548s
yum_repository: yum¥ê¥Ý¥¸¥È¥ê¤ÎÄɲÃ/ºï½ü †
- name: Remove repository from a specific repo file
yum_repository:
name: epel
file: external_repos
state: absent
include_role: roleÆâ¤ÎÊÌtask¤òload¤¹¤ë †
tasks/main.yml ¤È¤ÏÊ̤Îyaml¤òload¤Ç¤¤ë¡£
tasks¤òʬ³ä¤·¤Æ¡¢ÉáÃʤϼ¹Ԥµ¤ì¤Ê¤¤½èÍý¤òʬ¤±¤é¤ì¤ë¡£
¥Æ¥¥¹¥È¤ÎÃÖ´¹ †
ansible-container: docker image¤ÎºîÀ® †
docker¤ÎÁàºî †
- ²ÝÂê
- remote host¾å¤Îdocker¥³¥ó¥Æ¥ÊÆâ¤Ëansible role¤òŬÍѤ·¤¿¤¤¤¬¥³¥ó¥Æ¥Ê¤ÎÀܳ¤Ë¼ºÇÔ¤¹¤ë¡£¡Öconnection: docker¡×¤À¤±¤Ç¤Ï¡Ödocker command not found in PATH¡×¤¬½Ð¤ë¤Î¤Ç¡¢localhost¤Îdocker¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤è¤¦¤È¤·¤Æ¤¤¤ë
playbookÃæ¤ËºÆµ¯Æ° †
¥µ¥ó¥×¥ë¥³¡¼¥É¤Ï¤¤¤¯¤Ä¤â¤¢¤ë¤¬¡¢¤¦¤Þ¤¯Æ°ºî¤·¤Ê¤¤
hosts: all
become: True
gather_facts: True
tasks:
- name: debug
debug:
msg: "ansible_host={{ ansible_host }}"
- name: test connection (before reboot)
ping:
- name: reboot
shell: sleep 2 && shutdown -r now "Ansible reboot"
async: 1
poll: 0
ignore_errors: "{{ ansible_check_mode }}"
- name: wait for SSH port down
wait_for:
host: "{{ ansible_host }}"
port: 22
state: stopped
delay: 1
timeout: 60
delegate_to: 127.0.0.1
become: no
- name: wait for SSH port up
wait_for:
host: "{{ ansible_host }}"
port: 22
state: started
delay: 30
timeout: 300
delegate_to: 127.0.0.1
become: no
- name: test connection (after reboot)
ping:
block: Ê£¿ô¤Î¥¿¥¹¥¯¤Î¥Ö¥í¥Ã¥¯²½ †
fact¤ÎºÆ¼èÆÀ †
¡Ösetup¡×¤ÎºÆ¼Â¹Ô¤ÇÎɤ¤
ưŪ¤ËNIC¤òÄɲä·¤¿¸å¤Ë¡¢fact¤Ë¤âÈ¿±Ç¤µ¤»¤¿¤¤¾ì¹ç¤Ê¤É¡£
group_by: ưŪ¤Ëgroup¤òÊѹ¹¤¹¤ë †
Î㤨¤Ð¡Öconnection: local¡×¤À¤¬¡¢Ê£¿ô¤Î¡Ögroup_vars/env.yml¡×¤ò´Ä¶Ëè¤ËÀÚ¤êÂؤ¨¤¿¤¤»þ¤Ë»È¤¨¤ë¡£
»ØÄꤷ¤¿group_varsÆâ¤ÎÊÑ¿ô¤¬»²¾È¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£
vars_prompt:
- name: "inventory_group"
prompt: "Please enter inventory_group"
private: no
tasks:
- group_by: key="{{ inventory_group }}"
changed_when: False
assemble: Ê£¿ô¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤«¤é°ì¤Ä¤ÎÀßÄê¤òºî¤ë †
assemble - Assembles a configuration file from fragments ¡½ Ansible Documentation
- /etc/app/conf.d/*.conf ¤«¤é /etc/app.conf ¤òºîÀ®¤¹¤ë
- ¥¢¥×¥ê¤¬conf.d/·Á¼°¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ë»È¤¦
uri: HTTP¥ê¥¯¥¨¥¹¥È¤ÎÁ÷¿® †
jenkins¤«¤éansible¤Î¼Â¹Ô †
no_log: ¥í¥°¤ò½ÐÎϤ·¤Ê¤¤ †
¡Ö-v¡×¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤¿¤È¤¤Ë¤â¥Ñ¥¹¥ï¡¼¥ÉÅù¤Ï¥³¥ó¥½¡¼¥ë¤Ëɽ¼¨¤·¤¿¤¯¤Ê¤¤¾ì¹çÅù¡£
- How do I keep secret data in my playbook?
- Ê£»¨¤ÊÊÑ¿ô¤òwith_item¤Ç½èÍý¤¹¤ë¤È¤¡¢Á´¤Æɽ¼¨¤·¤¿¤¯¤Ê¤¤¾ì¹ç
- set_fact¤Çɽ¼¨¤·¤¿¤¤ÊÑ¿ô¤À¤±with_items¤Çºî¤ë»þ¤Ë¤â»È¤¨¤ë
- ¥í¥°¤Îɽ¼¨: ¥³¥Þ¥ó¥É¥ª¥×¥·¥ç¥ó¤Ë ¡Ö-e 'show_log=true'¡×
- playbook.yml
vars:
- show_log: false
tasks:
- debug: msg="{{ item }}"
with_items: "{{ huge_var }}"
no_log: "{{ not show_log|bool }}"
fetch: ¥ê¥â¡¼¥È¥Õ¥¡¥¤¥ë¤ò¥í¡¼¥«¥ë¤Ë¥³¥Ô¡¼ †
- "msg": "unable to calculate the checksum of the remote file" ¤Î¾ì¹ç¡¢Àܳ¤Ë¼ºÇÔ¤·¤Æ¤¤¤ë¤Î¤Ç¡¢-m pingÅù¤Ç³Îǧ¤¹¤ë¡£
expect: ÂÐÏýèÍý¤Î¼«Æ°²½ †
wait_for: ½èÍý¤¬´°Î»¤¹¤ë¤Þ¤ÇÂÔµ¡¤¹¤ë †
local¤Ë¤¢¤ërpm¥Õ¥¡¥¤¥ë¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë †
- ´Ä¶¡§ansible 2.1.1.0
- yum name=/tmp/example-1.0.0-1.rpm state=present or installed¤Ç¤Ï¡¢rpm¥Õ¥¡¥¤¥ë¤Î¥Ð¡¼¥¸¥ç¥ó¤¬ÊѤï¤Ã¤Æ¤â¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Ê¤¤¡£
- state=latest¤À¤È¡¢¥ê¥Ý¥¸¥È¥ê¤ò¸¡º÷¤·¤Ë¹Ô¤¯¤Î¤Ç»È¤¨¤Ê¤¤¡£(yum¥É¥¥å¥á¥ó¥ÈÄ̤ê)
´û¸¥Õ¥¡¥¤¥ë¤ò¶õ(¥µ¥¤¥º0)¤Ë¤¹¤ë †
¶õ¥Õ¥¡¥¤¥ë¤ÎºîÀ® †
LDAP¤Î´ÉÍý †
- ldap_users.yml
ldap_users:
- cn: user01
dn: cn=user01,ou=users,dc=example,dc=com
sshPublicKey: ssh-rsa ...
description:
- dev
- stg
- prod
- ldapsearch, ldapmodify ¤ò»È¤¦¥µ¥ó¥×¥ë
SSH¤Î¥í¥°¤«¤é¥¢¥¯¥»¥¹IP¤òÎóµó¤¹¤ë †
¥¤¥ó¥¹¥È¡¼¥ëºÑ¤ß¥Ñ¥Ã¥±¡¼¥¸°ìÍ÷ †
yum¥â¥¸¥å¡¼¥ë¤Ç¤Ï¥¤¥ó¥¹¥È¡¼¥ëºÑ¤ß°ìÍ÷¤Ï¼èÆÀ¤Ç¤¤ë¤¬¡¢°ìÉô¤Î¥Ñ¥Ã¥±¡¼¥¸¤À¤±¤Ï»ØÄê¤Ç¤¤Ê¤¤¡£(name¤Èlist¤¬ÇÓ¾»ØÄê)
- ¼Â¹Ô·ë²Ì:
ok: [127.0.0.1] => {
"result": {
"changed": false,
"results": [
{
"arch": "x86_64",
"epoch": "0",
"name": "MAKEDEV",
"nevra": "0:MAKEDEV-3.24-6.el6.x86_64",
"release": "6.el6",
"repo": "installed",
"version": "3.24",
"yumstate": "installed"
},
...
ssh¸ø³«¸°¤ÎÅÐÏ¿ †
¸½ºß¤Înameserver¤ò¼èÆÀ †
/etc/resolv.conf¤Înameserver¤ÎÃͤò»²¾È¤·¤¿¤¤¡£
- v1.9.4 ̤Âбþ¡£
- /usr/lib/python2.6/site-packages/ansible/module_utils/facts.py ¤ÎÃæ¤Ë¤Ïself.get_dns_facts()¤Ï̵¤¤¤Î¤Ç̤Âбþ¡£
- ansibleËÜÂΤˤϥޡ¼¥¸ºÑ¤ß
Ansible2.0 †
Prompts: ¥æ¡¼¥¶ÆþÎϤòÂÔ¤Ä †
Ǥ°Õ¤Îssh¥ª¥×¥·¥ç¥ó¤Ä¤±¤Æ¼Â¹Ô †
ansible.cfgÆâ¤Ç¡Össh_args = ¡×¤ÇǤ°Õ¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄê¤Ç¤¤ë¡£
¥Ç¥Õ¥©¥ë¥È¤Î¥ª¥×¥·¥ç¥ó¤Ï¾å½ñ¤¤µ¤ì¤ë¤¿¤á¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥ª¥×¥·¥ç¥ó+ÄɲäΥª¥×¥·¥ç¥ó¤È½ñ¤¤¤¿Êý¤¬Îɤµ¤½¤¦¡£
´Ä¶ÊÑ¿ô¤Ë ANSIBLE_SSH_ARGS ¤¬¤¢¤ë¤È¡¢ansible.cfg¤è¤ê¤âÍ¥À褵¤ì¤ë¡£
³ÈÄ¥»Ò¤ò½ü¤¤¤¿¥Õ¥¡¥¤¥ë̾¤Î¼èÆÀ †
tarball ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë †
- ´Ä¶
- CentOS 6.x 64bit
- ansible v1.9.4
- Î㡧phantomjs
- bitbucket¤Î¥Õ¥¡¥¤¥ë¼ÂÂΤÏAWS S3¤Ë¤¢¤ë¤è¤¦¤Ç¡¢¥ê¥ó¥¯¤òƧ¤à¤È¡ÖLocation: https://xxxx.s3.amazonaws.com/...¡×¤Î¤è¤¦¤ËÊ֤äƤ¯¤ë¡£¤·¤«¤·¡¢unarchive¥â¥¸¥å¡¼¥ë¤Ï¤½¤ì¤ò¥À¥¦¥ó¥í¡¼¥É¤Ç¤¤Ê¤«¤Ã¤¿¡£get_url¥â¥¸¥å¡¼¥ë¤À¤ÈOK
- ¤¤¤Þ¤¤¤Á¤ÊÅÀ¡§/tmp/phantomjs.tar.bz2 ¤ò¥Ð¡¼¥¸¥ç¥ó¤ÎȽÃǤ˻ȤäƤ¤¤ë¤Î¤Ç¡¢»Ä¤Ã¤¿¤Þ¤Þ¤Ë¤Ê¤ë¡£ºï½ü¤¹¤ë¤ÈºÆ¥À¥¦¥ó¥í¡¼¥É¤«¤é»Ï¤Þ¤ë
- roles/phantomjs/tasks/main.yml
- name: Download PhantomJS
get_url: url={{ phantomjs_url[0].url }} sha256sum={{ phantomjs_url[0].sha256sum }} dest=/tmp/phantomjs.tar.bz2 force=no
register: new_archive
tags:
- phantomjs
- name: Unarchive PhantomJS
unarchive: src=/tmp/phantomjs.tar.bz2 dest=/tmp copy=no creates=yes
when: new_archive|changed
tags:
- phantomjs
- name: Install PhantomJS
shell: cp -f /tmp/{{ phantomjs_url[0].url | basename | regex_replace('\.tar\.bz2|\.tar\.gz$', '') }}/bin/phantomjs {{ phantomjs_install_dir }}/
when: new_archive|changed
tags:
- phantomjs
register¤Î·ë²Ì¤ò»È¤Ã¤ÆÊ£¿ô²ó¥ë¡¼¥×¤¹¤ë †
1.9¤«¤ésudo¤¬É¬Íפʻþ¤Ïbecome¤ò»È¤¦ †
root¸¢¸Â¤¬É¬Íפʾì¹ç¡¢1.9¤«¤é¡Öbecome: yes¡×¤¬¿ä¾©¡£
¡Ösudo: true¡×¤ÏÈó¿ä¾©¤Ë¤Ê¤Ã¤¿¡£
Ť¤¹Ô¤ò²þ¹Ô¤¹¤ë †
YAML¹½Ê¸¤ò»È¤Ã¤Æʬ³ä¤¹¤ë¡£
¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¥Á¥å¡¼¥Ë¥ó¥° †
- SSH
- OpenSSH 5.5°Ê²¼¤Î¾ì¹ç(CentOS6/openssh-5.3p1-118.1.el6_8.x86_64)
- paramiko¥é¥¤¥Ö¥é¥ê¤¬»ÈÍѤµ¤ì¤ë¡£ansible_connection¥ª¥×¥·¥ç¥ó¤Çssh¤òÌÀ¼¨Åª¤Ë»ØÄê¤Ç¤¤ë¡£
- record_host_keys=False ¤Ë¤¹¤ë¡£ record_host_keys
- OpenSSH 5.6°Ê¾å(CentOS7/openssh-6.6.1p1-25.el7_2.x86_64)
- OpenSSH 6.7°Ê¹ß:
- copy¥â¥¸¥å¡¼¥ë¤ÎÂå¤ï¤ê¤Ë¡¢synchronize¥â¥¸¥å¡¼¥ë¤ò»È¤¦
- Ê£¿ô¥Õ¥¡¥¤¥ë»þ¡¢CentOS6¤À¤Èparamiko¥é¥¤¥Ö¥é¥ê¤¬»È¤ï¤ìÈó¾ï¤ËÃÙ¤¤¤«¥¿¥¤¥à¥¢¥¦¥È¤¹¤ë¡£
- synchronize¥â¥¸¥å¡¼¥ë¤Ï¡¢ÆâÉô¤Çrsync¤ò»È¤¦¤¿¤á¿ôÉäǤ¹¤à¡£
- copy¥â¥¸¥å¡¼¥ë¤È°ã¤¤¡¢owner¤ägroup¤¬ÊѤï¤é¤Ê¤¤¤Î¤Ç¡¢file¥â¥¸¥å¡¼¥ë¤ÇÊѤ¨¤ë
- ansible.cfg¤Çssh_args¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¡Öuse_ssh_args=yes¡×¤Ë¤¹¤ë
validate:ÀßÄê¥Õ¥¡¥¤¥ëÅù¤Î¸¡¾Ú¤·¤Æ¤«¤é¹¹¿· †
- template, lineinfile, blockinfile¤Ïvalidate='command %s'¤Ç¸¡¾Ú¤ò¹Ô¤Ã¤Æ¡¢À®¸ù¤·¤¿¾ì¹ç(exit code=0)¤Î¤ß¹¹¿·¤¹¤ë»ö¤¬¤Ç¤¤ë¡£
- sshd_config¤ÎÎã
validate='sshd -t -f %s'
- visudo¤ÎÎã
validate='visudo -cf %s'
- php¤ÎÎã
alidate='php -l %s'
yum groupinstallÁêÅö †
Extras Modules¤ò»È¤¦ †
- Extras Modules
- stable¤Ç¤Ï¤Ê¤¤¥â¥¸¥å¡¼¥ë¤¬Æþ¤Ã¤Æ¤¤¤ë¡£¤¦¤Þ¤¯Æ°ºî¤·¤Ê¤¤²ÄǽÀ¤¬¤¢¤ë¡£
- Æȼ«¥é¥¤¥Ö¥é¥ê¤Î»ØÄê¤Ï¤¤¤¯¤Ä¤«¤¢¤ë
- playbook.yml¤ÈƱ¤¸³¬ÁØ¤Ë library ¥Ç¥£¥ì¥¯¥È¥ê¤òºîÀ®¤¹¤ë
- export ANSIBLE_LIBRARY=...
- --module-path=...
ssh¤Ç·Ò¤¬¤ºlocal¤Ç¼Â¹Ô †
¥Ñ¥Ã¥±¡¼¥¸¤¬¥¤¥ó¥¹¥È¡¼¥ëºÑ¤ß¤«¤Î¥Á¥§¥Ã¥¯ †
- rpm¥³¥Þ¥ó¥É¤ò»È¤¦¤È¡Ö[WARNING]: Consider using yum, dnf or zypper module rather than running rpm¡×¤¬½Ð¤ë¤Î¤Ç¡¢¡Öwarn: no¡×¤Ç̵»ë¤·¤Æ¤¤¤ë¡£
Êѹ¹°·¤¤¤Ë¤·¤Ê¤¤ †
handlers †
- Intro to Playbooks
- °ìÈֺǸå¤Ë¼Â¹Ô¤µ¤ì¤ë
- ÀßÄê¥Õ¥¡¥¤¥ë¤òÊ£¿ô½ñ¤´¹¤¨¤¿¸å¤Ë¥µ¡¼¥Ó¥¹¤ÎºÆµ¯Æ°¤¬É¬Íפʻþ¤Ê¤É¤Ë»È¤¨¤ë
- when¤Î¾ò·ï¤ËÃí°Õ¡£¥µ¡¼¥Ó¥¹¤ò»ß¤á¤¿¤Þ¤Þ¤Ë¤·¤¿¤¯¤È¤â¡¢notify¤¬È¯À¸¤¹¤ë¤Èhandler¤¬¼Â¹Ô¤µ¤ì¤ë¤¿¤á¡¢ÀßÄê¥Õ¥¡¥¤¥ë¤¬½ñ¤´¹¤ï¤Ã¤¿¾ì¹ç¤Ê¤É¡¢Í½´ü¤»¤º¥µ¡¼¥Ó¥¹¤¬µ¯Æ°¤¹¤ë»ö¤¬¤¢¤ë¡£¤½¤Î¤¿¤áÊÑ¿ô(Î㡧iptables_state)¤òÍÑ°Õ¤·¤Æ¾ò·ï¤ËÆþ¤ì¤Æ¤ª¤¯¡£
roles †
³«È¯ †
°Í¸´Ø·¸ †
¼«ºî¥â¥¸¥å¡¼¥ë †
Developing Modules — Ansible Documentation
¥³¥Þ¥ó¥É¤Îjson½ÐÎϤòÊÑ¿ô¤È¤·¤Æ¼è¤ê¹þ¤à †
´Ä¶ÊÑ¿ô¤Î»ØÄê †
shell:/command: ¥³¥Þ¥ó¥É¤Î¼Â¹Ô †
- command
- ´Ä¶ÊÑ¿ô¤Ï̵¸ú
- ¥Ñ¥¤¥×"|", ¥ê¥À¥¤¥ì¥¯¥È"><"¤Ï»ÈÍÑÉÔǽ
- shell
- shell(¥Ç¥Õ¥©¥ë¥È:/bin/sh)¤ò·Ðͳ¤·¤Æ¼Â¹Ô¤µ¤ì¤ë
- ¥Ñ¥¤¥×"|", ¥ê¥À¥¤¥ì¥¯¥È"><"¤¬»ÈÍѲÄǽ
- ´Ä¶ÊÑ¿ô¤Ï͸ú
- Ê£¿ô¹Ô¤Î¾ì¹ç¡¢";"¤Ç¶èÀÚ¤ë»ö¤¬¤Ç¤¤ë
- shell: >
echo foo;
echo var;
/.bashrcÅù¤ÏÆɤ߹þ¤Þ¤ì¤Ê¤¤¡£~/.bashrc ¤ÎÃæ¤ÇPATH¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢1¹Ô¤Ç¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤Ã¤¿¡£
# À®¸ù
shell:
cmd: "/bin/bash -l -c 'tfenv install latest'"
# ¼ºÇÔ
shell:
cmd: "tfenv install latest"
executable: "/bin/bash -l"
shell:¤äcommand:Æâ¤ÇÊ£»¨¤Ê½èÍý †
- jinja2¥Æ¥ó¥×¥ì¡¼¥È¹½Ê¸¤¬»È¤¨¤ë¤Î¤Ç¡¢Ê£»¨¤Ê»ö¤¬¤Ç¤¤ë¡£¤·¤«¤·¡¢¸«Æñ¤¯¤Ê¤ë¤Î¤Ç¤ª´«¤á¤Ï¤·¤Ê¤¤
- Î㡧dict_var1.option2.value¤¬¶õ¤Î¾ì¹ç¡¢command¼Â¹Ô»þ¤Î¥ª¥×¥·¥ç¥ó¤ò¾Êά¤¹¤ë
- File not found: "playbook.jinja2-example1.zip" at page "Memo/Ansible"[źÉÕ]
shell:Ãæ¤Çread¥³¥Þ¥ó¥É¤¬¤¢¤Ã¤Æ¤âÂÔµ¡¤·¤Ê¤¤ †
localhost¤Ç¼Â¹Ô¤¹¤ë †
- --sudo ¤òÉÕ¤±¤Æ¼Â¹Ô¤·¤¿¾ì¹ç¡¢local_action ¤Î·ë²Ì¤âroot¥æ¡¼¥¶¤Ç¼Â¹Ô¤·¤¿»ö¤Ë¤Ê¤ë
- Î㤨¤Ð¼Â¹Ô»þ¤Î¥æ¡¼¥¶¤ÎÀßÄê¥Õ¥¡¥¤¥ë(/home/user01/.aws/config) ¤ò»²¾È¤¹¤ë¤¬¡¢--sudo¤òÉÕ¤±¤¿¤¤¾ì¹ç¤ËÌäÂ꤬µ¯¤¤ë¡£/root/.aws/config¤òõ¤½¤¦¤È¤¹¤ë
- ¡Ölocal_action:¡×¤À¤±local user¤ò»È¤¤¤¿¤¤¾ì¹ç¡¢task¤Ë¡Öbecome: false¡×¤òÉÕ¤±¤ë
- playbook.yml
- hosts: localhost
gather_facts: False
tasks:
- name: pwd
local_action: shell echo $HOME
register: result
- debug: var=result.stdout
- --sudo ¤òÉÕ¤±¤Æ¼Â¹Ô¤·¤¿¾ì¹ç
ansible-playbook -i hosts.ini -l localhost --sudo playbook.yml
...
TASK: [debug var=result.stdout] ***********************************************
ok: [127.0.0.1] => {
"result.stdout": "/root"
}
SELinux †
- ɸ½à¤Ç selinux ¥â¥¸¥å¡¼¥ë¤¬¤¢¤ë
- state=disabled¤ËÀßÄê¸å¡¢getenforce¤¹¤ë¤È"Enforcing(͸ú)"¤À¤Ã¤¿¡£ (ansible-1.7-1.el6.noarch¤Ç³Îǧ)
- "setenforce 0" ¤¹¤ë¤«¡¢ºÆµ¯Æ°¤¹¤ëɬÍפ¬¤¢¤Ã¤¿
target uses selinux but python bindings (libselinux-python) aren't installed! †
- /etc/hosts¤òÊѹ¹¤·¤è¤¦¤È¤·¤¿¤È¤³¤í°Ê²¼¤Î¥¨¥é¡¼¤¬½Ð¤¿
msg: Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!
- Âоݥۥ¹¥È¤Ë¥í¥°¥¤¥ó¤·¤ÆSElinux¤ò³Îǧ¤¹¤ë¤È Permissive ¤À¤Ã¤¿
getenforce
Permissive
- CentOS 6/7: libselinux-python¤ò¥¤¥ó¥¹¥È¡¼¥ë¸å¡¢Àµ¾ï¤ËÆ°ºî¤·¤¿
sudo yum install libselinux-python -y
- Ubuntu
sudo apt install python-selinux
split: ʸ»úÎó¤Îʬ³ä †
- ansible-1.7-1.el6.noarch
- test.yml
- hosts: 127.0.0.1
gather_facts: False
vars:
keys: ""
tasks:
- name: split
debug: var="{{ item }}"
with_items: "{{ keys.split(',') }}"
- ¼Â¹Ô
ansible-playbook -i hosts.ini test.yaml --extra-vars 'pub_keys=aaa,bbb,ccc'
TASK: [split] *****************************************************************
ok: [127.0.0.1] => (item=aaa) => {
"aaa": "{{ aaa }}",
"item": "aaa"
}
ok: [127.0.0.1] => (item=bbb) => {
"bbb": "{{ bbb }}",
"item": "bbb"
}
ok: [127.0.0.1] => (item=ccc) => {
"ccc": "{{ ccc }}",
"item": "ccc"
}
--check»þ¤ËµóÆ°¤òÊѹ¹¤¹¤ë †
°Ê²¼¤Î¤è¤¦¤Ë¡¢shell: ¤Î·ë²Ì¤ò¸µ¤ËȽÄꤹ¤ë¤è¤¦¤Ê¾ì¹ç¡¢¡Ö--check¡×¤Ç¤Ï¡¢¥Á¥§¥Ã¥¯task¤¬¼Â¹Ô¤µ¤ì¤Ê¤¤¤¿¤á¡¢¥¨¥é¡¼¤È¤Ê¤ë¤Î¤ò²óÈò¤¹¤ë¡£
ansible-playbook¥ª¥×¥·¥ç¥ó †
- --check: dry-run¥â¡¼¥É
- --diff: Êѹ¹ÅÀ¤òɽ¼¨¡£--check¤ÈƱ»þ¤Ë»ØÄꤹ¤ë¤ÈÎɤ¤
- -v: verbose mode, Î㤨¤Ðcommand¤¬À®¸ù¤·¤¿»þ¤Î¥í¥°¤ÏÄ̾ï¤Ç¤Æ¤³¤Ê¤¤¤¬¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤ë¤È¸«¤¨¤ë
- e, --extra-vars 'var1=val1 var2=val2': ÊÑ¿ô̾¤ÈÃͤò¥³¥Þ¥ó¥É¥é¥¤¥ó¤«¤éÅϤ¹¡£vars_prompt¤ÎÊÑ¿ô̾¤ò»ØÄꤹ¤ì¤Ð¡¢prompt¤Îɽ¼¨¤¬Ìµ¤¯¤Ê¤ë¤¿¤áÊØÍø
¥Õ¥¡¥¤¥ë/¥Ç¥£¥ì¥¯¥È¥ê¤Î¥³¥Ô¡¼ †
¼Â¹Ô½ç½ø †
- ´ðËÜŪ¤Ë¤Ï¾å¤«¤é²¼¤À¤¬¡¢pre_tasks > roles > tasks > handlers > post_tasks ½ç½ø¤Ç¼Â¹Ô¤µ¤ì¤ë
- ¥Û¥¹¥È¤¬Ê£¿ô¤¢¤ë¾ì¹ç¤Ï¡¢1¥¿¥¹¥¯¤ò¤¹¤Ù¤Æ¤Î¥Û¥¹¥È¤Ë¼Â¹Ô¤·¤Æ¤«¤é¡¢¼¡¤Î¥¿¥¹¥¯¤Ø¡£
- Á´¤Æ¤Î¥Û¥¹¥È¤Ç¼ºÇÔ¤·¤¿¾ì¹ç¡¢ÃæÃǤ¹¤ë
- Îã: ansible 1.9.4
- hosts.ini
[web]
web01.example.com
web02.example.com
- test.yml
- hosts: web
gather_facts: True
vars:
pre_tasks:
- debug: msg="pre_tasks01"
roles:
- role01
tasks:
- name: task01
file: path=/tmp/task01 state=touch
notify: handler01
handlers:
- name: handler01
debug: msg="handler01"
post_tasks:
- debug: msg="post_tasks01"
- ¼Â¹Ô
ansible-playbook -i hosts.ini test.yml
...
TASK: [debug msg="pre_tasks01"] ***********************************************
ok: [web01.example.com] => {
"msg": "pre_tasks01"
}
ok: [web02.example.com] => {
"msg": "pre_tasks01"
}
TASK: [role01 | debug msg="role01"] *******************************************
ok: [web02.example.com] => {
"msg": "role01"
}
ok: [web01.example.com] => {
"msg": "role01"
}
TASK: [task01] ****************************************************************
changed: [web02.example.com]
changed: [web01.example.com]
NOTIFIED: [handler01] *********************************************************
ok: [web01.example.com] => {
"msg": "handler01"
}
ok: [web02.example.com] => {
"msg": "handler01"
}
TASK: [debug msg="post_tasks01"] **********************************************
ok: [web01.example.com] => {
"msg": "post_tasks01"
}
ok: [web02.example.com] => {
"msg": "post_tasks01"
}
PLAY RECAP ********************************************************************
web01.example.com : ok=6 changed=1 unreachable=0 failed=0
web02.example.com : ok=6 changed=1 unreachable=0 failed=0
Module ¥â¥¸¥å¡¼¥ë †
file †
Conditionals: ¾ò·ïʬ´ô †
- ÊÑ¿ô¤¬Ì¤ÄêµÁ¤Î¾ì¹ç: var1 is not defined
- ÊÑ¿ô¤¬¶õ("")¤Î¾ì¹ç: var1 == None
- 'yes', 'no', 'True', 'False'¤òboolÃͤȤ·¤ÆÈæ³Ó¤·¤¿¤¤¾ì¹ç
when: is_enabled|bool
Error Handling ¥¨¥é¡¼¥Ï¥ó¥É¥ê¥ó¥° †
- ¥Ç¥Õ¥©¥ë¥È(v1.7.1)¤Ç¤Ï¡¢Æ±¤¸¥³¥Þ¥ó¥É¤¬Á´¤Æ¤Î¥Û¥¹¥È¤Ç¼ºÇÔ¤·¤¿¾ì¹ç¤ËÄä»ß¤¹¤ë¤è¤¦¤À
- failed_when: ¥³¥Þ¥ó¥É¤¬¼ºÇÔ¤·¤¿»þ¤Ë²¿¤«¤¹¤ë
¿·µ¬¥Õ¥¡¥¤¥ë¤òºî¤ë †
ÆÃÄê¥æ¡¼¥¶¤À¤±¥ê¥â¡¼¥Èssh¤«¤ésudo¤Ç¤¤ë¤è¤¦¤Ë †
¥Ç¥Õ¥©¥ë¥È¤Ç¤Ïtty¤Ê¤·¤Îssh¤Ç¤Ï¡¢sudo¤Ç¤¤Ê¤¤¤è¤¦¤ËÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤¬Â¿¤¤¡£
- ÆÃÄê¤Îuser, group¤À¤±¤ò»ØÄꤹ¤ë¾ì¹ç
ping module¤ÇÀܳ¥Æ¥¹¥È †
¿ÃÊssh´Ä¶¤Ç¼Â¹Ô †
Àܳ¤Ëssh¤ò»È¤¦¤è¤¦¤Ë¤·¡¢ssh¦¤Ç¿ÃÊÀßÄê¤ò¤¹¤ë¡£
¥Û¥¹¥È¤ÎÀܳ¤Ë¤Ï̾Á°¤ò»È¤¦¡£DNS¤ÏÉÕ¤±¤Ê¤¯¤Æ¤âÎɤ¤¡£
- ¿ÃÊssh¤Ï°Ê²¼¤Î¤è¤¦¤ËÀßÄêºÑ¤ß¤Ç¡¢client.host¤«¤éľÀÜssh¤Çother.host¤ØÀܳ¤Ç¤¤ë¤â¤Î¤È¤¹¤ë¡£
- client.host¤«¤é other.host ¤Ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤µ¤»¤¿¤¤¾ì¹ç
- CentOS 6.x, ansible 1.9.4
- ´Ä¶ÊÑ¿ô¤Ë ANSIBLE_SSH_ARGS="-F $HOME/.ssh/config" ¤¬¤¢¤ë¤È¡¢ansible.cfg¤è¤ê¤âÍ¥À褵¤ì¤ë¤Î¤Ç¡Öunset ANSIBLE_SSH_ARGS¡×¤Ç̵¸ú¤Ë¤·¤Æ¤ª¤¯
- ¥«¥ì¥ó¥È¥Ç¥£¥ì¥¯¥È¥ê¤Ë ansible.cfg ¤òÍÑ°Õ
- ssh-config
Host *
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
LogLevel ERROR
ForwardAgent yes
Host gateway.host
HostName 192.168.1.10
User gw_user
IdentityFile ~/.ssh/id_rsa
ProxyCommand none
Host other.host
HostName 192.168.1.11
User other_user
IdentityFile /.ssh/id_rsa
ProxyCommand ssh -F ssh-config -W %h:%p gateway.host
- ssh¥³¥Þ¥ó¥É¤ÇÀܳ³Îǧ
ssh -F ssh-config other.host
- ansible ping¤ÇÀܳ³Îǧ
ansible hosts.ini -m ping other.host
- ssh-agent¤ÇÈëÌ©¸°¤òÊ£¿ôÅÐÏ¿¤Ç¤¤ë¡£¤½¤Î¾ì¹ç¤Ïssh-config¡ÖIdentityFile¡×¤Î»ØÄê¤ÏÉÔÍפˤʤ롣
ssh-agent bash
ssh-add ~/.ssh/id_rsa
Ê£¿ô¥µ¡¼¥Ð¤Îrpm¥Ð¡¼¥¸¥ç¥ó¤ÎÄ´ºº¤È¹¹¿· †
- Îã: bash¤Î¥Ð¡¼¥¸¥ç¥óÄ´ºº¤È¹¹¿·
- Ä´ºº
ansible -i stg.hosts -m shell -a 'rpm -qv bash' stg
stg-web-01.example.com | success | rc=0 >>
bash-4.1.2-9.el6_2.x86_64
stg-web-02.example.com | success | rc=0 >>
bash-4.1.2-15.el6_5.2.x86_64
- ¹¹¿·
ansible --sudo -i stg.hosts -m shell -a 'yum -y update bash' stg
YAMLÃæ¤Ç¥³¥í¥ó(:)¤òÆþ¤ì¤ë¤È Syntax Error †
YAMLÃæ¤Ç"foo: bar"¤Îʸ»úÎó¤À¤ÈSyntax Error¤¬È¯À¸¤¹¤ë¡£"foo:bar"¤ÏÌäÂê¤Ê¤¤¡£
- ansible 1.9.4
- colon.yml
- hosts: 127.0.0.1
vars:
colon: ':'
tasks:
# - debug: msg="foo: bar" # Syntax Error
- debug: msg="foo:bar" # OK
- debug: msg="foo{{ colon }} bar" # OK
- debug: msg="foo"":"" bar" # OK(1.9) / NG(2.0)
- debug: msg="foo{{':'}} bar" # OK(1.9) / OK(2.0)
- ¼Â¹Ô
ansible-playbook colon.yml
TASK: [debug msg="foo:bar"] ***************************************************
ok: [127.0.0.1] => {
"msg": "foo:bar"
}
TASK: [debug msg="foo{{ colon }} bar"] ****************************************
ok: [127.0.0.1] => {
"msg": "foo: bar"
}
TASK: [debug msg="foo"":"" bar"] **********************************************
ok: [127.0.0.1] => {
"msg": "foo\"\":\"\" bar"
}
TASK: [debug msg="foo: bar"] **************************************************
ok: [127.0.0.1] => {
"msg": "foo: bar"
}
debug : ¥Ç¥Ð¥Ã¥°¥á¥Ã¥»¡¼¥¸¤Î½ÐÎÏ †
- µ»ö
- ¥³¥Þ¥ó¥É¼Â¹Ô·ë²Ì¤òdebug¥â¥¸¥å¡¼¥ë¤Çɽ¼¨¤¹¤ë¾ì¹ç¡¢²þ¹Ô¤¬\n¤ËÃÖ´¹¤µ¤ì¤Æ¡¢1¹Ôɽ¼¨¤Ë¤Ê¤ë¤¿¤á¸«Æñ¤¤¡£¡Öresult.stdout_lines¡×¤À¤È²þ¹Ô¤¬¤½¤Î¤Þ¤Þ¤Ê¤Î¤Ç¸«¤ä¤¹¤¤¡£
- playbook.yml
---
- hosts: localhost
connection: local
gather_facts: false
become: false
vars:
- msg1: |
first line.
second line, inventory_hostname: {{ inventory_hostname }}
- users:
- user: user1
email: user1@example.com
- user: user2
email: user2@example.com
tasks:
- debug:
var: msg1
- debug:
msg:
- first line
- second line
- debug:
msg: "{{ msg1.split('\n') }}"
- debug:
msg: "{{ _msg.split('\n') }}"
with_items: "{{ users }}"
vars:
_msg: |
User: {{ item.user }}
Email: {{ item.email }}
- ¼Â¹Ô
ansible-playbook playbook.yml
...
TASK [debug] *******************************************************************************************************************************************************
ok: [localhost] => {
"msg1": "first line.\nsecond line, inventory_hostname: localhost\n"
}
TASK [debug] *******************************************************************************************************************************************************
ok: [localhost] => {
"msg": [
"first line",
"second line"
]
}
TASK [debug] *******************************************************************************************************************************************************
ok: [localhost] => {
"msg": [
"first line.",
"second line, inventory_hostname: localhost",
""
]
}
TASK [debug] *******************************************************************************************************************************************************
ok: [localhost] => (item={u'user': u'user1', u'email': u'user1@example.com'}) => {
"msg": [
"User: user1",
"Email: user1@example.com",
""
]
}
ok: [localhost] => (item={u'user': u'user2', u'email': u'user2@example.com'}) => {
"msg": [
"User: user2",
"Email: user2@example.com",
""
]
}
...
tags : ¥¿¥°¤òÉÕ¤±¤Æ¼Â¹Ô¤¹¤ë¥¿¥¹¥¯¤ò»ØÄꤹ¤ë †
- tags.yml
- hosts: 127.0.0.1
tasks:
- name: job1
debug: msg="job1"
tags:
- job1
- name: job2
debug: msg="job2"
tags:
- job2
- name: job2
debug: msg="job3"
tags:
- job3
- ¼Â¹Ô
# job1, job2¤À¤±¼Â¹Ô
ansible-playbook -t job1,job2 tags.yml
# job2 °Ê³°¤ò¼Â¹Ô
ansible-playbook --skip-tags job2 tags.yml
ÆÃÊ̤ʥ¿¥° †
Î㤨¤Ðpre_task:¤Ç¥Á¥§¥Ã¥¯½èÍý¤ò¤·¤Æ¤¤¤ë¾ì¹ç¡¢-t ¤Ç¥¿¥°»ØÄꤷ¤¿¾ì¹ç¼Â¹Ô¤µ¤ì¤Ê¤¤¡£
Inventory ¥Õ¥¡¥¤¥ë †
- ini·Á¼°¤Î¾ì¹ç
- ¥³¥á¥ó¥È¹Ô¤Ï¡¢¹ÔƬ '#'
- ¥Û¥¹¥È̾ñÂΡ¢¥°¥ë¡¼¥×̾¤ò¥³¥Þ¥ó¥É¤«¤é»ØÄê¤Ç¤¤ë
- ¥Û¥¹¥È̾¤¬Ï¢È֤ξì¹ç¤Ï [01:50], [a:f] Åù»ØÄê¤Ç¤¤ë
- ¼Â¹Ô»þ¤Ë¤Ï web* Åù¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤â»È¤¨¤ë
¥Û¥¹¥È¤ò»ØÄꤷ¤Æ¼Â¹Ô †
- Patterns Ansible Documentation
- ¤¹¤Ù¤Æ
ansible -i hosts.ini -m ping all
- Ê£¿ô¤Î¥°¥ë¡¼¥×»ØÄê¡£':'¶èÀÚ¤ê¤ÇÊ£¿ô»ØÄê
ansible -i hosts.ini -m ping webservers:dbservers
- webservers¥°¥ë¡¼¥×¤Îweb03¤À¤±½ü³°
ansible -i hosts.ini -m ping webservers:\!web03
IP¥¢¥É¥ì¥¹¤Ë̾Á°¤òÉÕ¤±¤ë †
- DNS¤òÉÕ¤±¤Æ¤¤¤Ê¤¯¤È¤â̾Á°¤Ç¥¢¥¯¥»¥¹¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë
vim hosts.ini
----
[web]
web01 ansible_ssh_host=192.168.61.101
----
ansible -i hosts.ini -m ping web01
¥°¥ë¡¼¥×Ëè¤Ë°Û¤Ê¤ëÊÑ¿ô¤ò»È¤¦ †
¥Û¥¹¥È¤Î¥°¥ë¡¼¥×²½ †
- [prod:children] ¤Î¤è¤¦¤Ë ":children"¤òÉÕ¤±¤ë
- hosts
[stg:children]
stg_web
stg_DB
[prod:children]
prod_web
prod_db
[stg_web]
stg_web_01
[stg_DB]
stg_db_01
[prod_web]
prod_web_01
[prod_db]
prod_db_01
- stg_web_01 ¥Û¥¹¥ÈñÂΤ˥³¥Þ¥ó¥É¤ò¼Â¹Ô
ansible stg_web_01 -i hosts -m shell -a 'uname -a'
- stg_web¥°¥ë¡¼¥×¤Ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô
ansible stg_web -i hosts -m shell -a 'uname -a'
- prod¥°¥ë¡¼¥×¤Ëplaybook¤ò¼Â¹Ô
ansible-playbook -l prod -i hosts playbook.yml
- ¥ï¥¤¥ë¥É¥«¡¼¥É¤Ç»ØÄê
ansible-playbook *_web_01 -i hosts playbook.yml
¼Â¹Ô¾ò·ï¤ò»ØÄꤹ¤ë †
- ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥óËè¤Ë¥¤¥ó¥¹¥È¡¼¥ëÊýË¡¤ò»ØÄꤹ¤ë(ansible_os_family, ansible_distribution)
tasks:
# OS¥Õ¥¡¥ß¥ê¡¼Ëè¤Ë»ØÄê
- include: RedHat.yml
when: ansible_os_family in [ "RedHat" ]
- include: Debian.yml
when: ansible_os_family in [ "Debian" ]
# ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥óËè¤Ë»ØÄê
- yum: name=ntp state=installed
when: ansible_distribution in [ 'CentOS', 'Red Hat Enterprise Linux' ]
- apt: name=ntp state=installed
when: ansible_distribution in [ 'Debian', 'Ubuntu' ]
- service: name=ntpd state=started enabled=yes
Vault: ÊÑ¿ô¤Îyaml¥Õ¥¡¥¤¥ë¤ò°Å¹æ²½ †
- °Å¹æ²½
ansible-vault encrypt foo.yml bar.yml baz.yml
- Ê£¹ç²½
ansible-vault decrypt foo.yml bar.yml baz.yml
- playbook¤«¤é¼Â¹Ô¤¹¤ë¾ì¹ç¤Ë¡¢¥Ñ¥¹¥ï¡¼¥É¤òʹ¤¯
ansible-playbook site.yml --ask-vault-pass
ÆÃÄê¹Ô¤Î¥³¥á¥ó¥È¥¢¥¦¥È †
![[PukiWiki]](image/owl.png "[PukiWiki]")
