Ansible playbook 개요
| Info |
|---|
- 원문
- Ansible Playbook
- Playbook은 Ansible의 구성, 배포 및 오케이스레이션 언어 입니다.
- YAML 문법을 사용하여 정의
- Linux기반 권한관리 (user, group) 지원
- 하나의 Playbook은 N개의 'play'를 정의하며, play의 목적은 여러 호스트들에 잘 정의된 'role'과 'task'를 매핑하는 역할을 맡음
- 그 외의 기능 들
- 반복 (with_item, whth nested, until, ...))
- 조건 분기 (when, register, ...)
- 다른 playbook 참조 (include, role, ...)
- 외부 정보 참조
- 환경 변수, 파일 등 (environment, lookup, vars_prompt, ...)
- 커스텀 모듈을 이용한 확장
 Image Added
|
Playbook httpd설치 작성
| Info |
|---|
[devops@work-vm devops-lab]$ cat web-httpd-install.yml | Code Block |
|---|
| ---
- hosts: web
vars:
http_port: 80
max_clients: 200
become: true
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: write the apache config file
template:
src: /home/devops/devops-lab/httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify:
- restart apache
- name: ensure apache is running
service:
name: httpd
state: started
handlers:
- name: restart apache
service:
name: httpd
state: restarted
|
|
httpd.conf Template 작성
| Info |
|---|
[devops@work-vm devops-lab]$ cat httpd.conf.j2 | Code Block |
|---|
| ServerRoot "/etc/httpd"
Listen {{http_port}}
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
|
|
Playbook 실행
| Info |
|---|
[devops@work-vm devops-lab]$ ansible-playbook web-httpd-install.yml |
[devops@work-vm devops-lab]$ cat httpd.conf.j2
| Code Block |
|---|
|
ServerRoot "/etc/httpd"
Listen {{http_port}}
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
|
| Info |
|---|
[devops@work-vm devops-lab]$ ansible-playbook web-httpd-install.yml | Code Block |
|---|
PLAY [web] ****************************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [web01-vm]
ok: [web03-vm]
ok: [web02-vm]
TASK [ensure apache is at the latest version] *****************************************************************************************************************
ok: [web01-vm]
ok: [web02-vm]
ok: [web03-vm]
TASK [write the apache config file] ***************************************************************************************************************************
changed: [web02-vm]
changed: [web01-vm]
changed: [web03-vm]
TASK [ensure apache is running] *************************************
TASK [Gathering Facts] ***********************************************************************************************************************************
changed: [web02*****
ok: [web01-vm]
changedok: [web03-vm]
changedok: [web01web02-vm]
RUNNINGTASK HANDLER [restartensure apache is at the latest version] ******************************************************************************************************************************
changed
ok: [web01-vm]
changedok: [web02-vm]
changedok: [web03-vm]
PLAYTASK RECAP [write the apache config file] ***************************************************************************************************************************
changed: [web02-vm]
changed: [web01-vm]
changed: [web03-vm]
TASK [ensure apache is running] *******************************************************************************************************************************
changed: [web02-vm]
changed: [web03-vm]
changed: [web01-vm]
RUNNING HANDLER [restart apache] ******************************************************************************************************************************
changed: [web01-vm]
changed: [web02-vm]
changed: [web03-vm]
PLAY RECAP ****************************************************************************************************************************************************
web01-vm : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web02-vm : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web03-vm : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
|
Playbook 결과 검증
| Info |
|---|
[devops@work-vm devops-lab]$ ansible web -m shell -a "netstat -nltp | grep httpd" | Code Block |
|---|
| web01-vm | CHANGED | rc=0 >>
tcp6 0 0 :::80 :::* LISTEN 66600/httpd
web02-vm | CHANGED | rc=0 >>
tcp6 0 0 :::80 :::* LISTEN 67703/httpd
web03-vm | CHANGED | rc=0 >>
tcp6 0 0 :::80 :::* LISTEN 66306/httpd |
|
httpd 설정 변경 및 검증
| Info |
|---|
[devops@work-vm devops-lab]$ cat web-httpd-install.yml
| Code Block |
|---|
| title | web-httpd-install.yml |
|---|
| linenumbers | true |
|---|
| ---
- hosts: web
vars:
http_port: 81
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: write the apache config file
template:
src: /home/devops/devops-lab/httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify:
- restart apache
- name: ensure apache is running
service:
name: httpd
state: started
handlers:
- name: restart apache
service:
name: httpd
state: restarted
|
[devops@work-vm devops-lab]$ ansible-playbook web-httpd-install.yml | Code Block |
|---|
| title | 실행 및 검증 결과 |
|---|
| linenumbers | true |
|---|
| PLAY [web] ****************************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [web01-vm]
ok: [web02-vm]
ok: [web03-vm]
TASK [ensure apache is at the latest version] *****************************************************************************************************************
ok: [web01-vm]
ok: [web03-vm]
ok: [web02-vm]
TASK [write the apache config file] ***************************************************************************************************************************
changed: [web01-vm]
changed: [web03-vm]
changed: [web02-vm]
TASK [ensure apache is running] *******************************************************************************************************************************
ok: [web01-vm]
ok: [web02-vm]
ok: [web03-vm]
RUNNING HANDLER [restart apache] ******************************************************************************************************************************
changed: [web02-vm]
changed: [web01-vm]
changed: [web03-vm]
PLAY RECAP ****************************************************************************************************************************************************
web01-vm : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web02-vm : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web03-vm : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[devops@work-vm devops-lab]$ ansible web -m shell -a "netstat -nltp | grep httpd"
web01-vm | CHANGED | rc=0 >>
tcp6 0 0 :::81 :::* LISTEN 67642/httpd
web02-vm | CHANGED | rc=0 >>
tcp6***********
web01-vm :0 ok=5 changed=3 0 :::81 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web02-vm :::* : ok=5 LISTEN changed=3 unreachable=0 failed68748/httpd
web03-vm | CHANGED | rc=0 >>
tcp6 skipped=0 rescued=0 ignored=0
web03-vm 0 :::81 :::* ok=5 changed=3 unreachable=0 failed=0 skipped=0 LISTEN rescued=0 ignored=067347/httpd
|
|