목차


참고

Ansible playbook 개요

  • 원문
  • Ansible Playbook
    • Playbook은 Ansible의 구성, 배포 및 오케이스레이션 언어 입니다.
    • YAML 문법을 사용하여 정의
    • Linux기반 권한관리 (user, group) 지원
    • 하나의 Playbook은 N개의 'play'를 정의하며, play의 목적은 여러 호스트들에 잘 정의된 'role'과 'task'를 매핑하는 역할을 맡음
    • 그 외의 기능 들
      • 반복 (with_item, whth nested, until, ...))
      • 조건 분기 (when, register, ...)
      • 다른 playbook 참조 (include, role, ...)
      • 외부 정보 참조
      • 환경 변수, 파일 등 (environment, lookup, vars_prompt, ...)
      • 커스텀 모듈을 이용한 확장

Playbook httpd설치 작성

[devops@work-vm devops-lab]$ cat web-httpd-install.yml

---
- hosts: web
  vars:
    http_port: 80
    max_clients: 200
  become: true
  tasks:
  - name: ensure apache is at the latest version
    yum:
      name: httpd
      state: latest
  - name: write the apache config file
    template:
      src: /home/devops/devops-lab/httpd.conf.j2
      dest: /etc/httpd/conf/httpd.conf
    notify:
    - restart apache
  - name: ensure apache is running
    service:
      name: httpd
      state: started
  handlers:
    - name: restart apache
      service:
        name: httpd
        state: restarted

httpd.conf Template 작성

[devops@work-vm devops-lab]$ cat httpd.conf.j2

ServerRoot "/etc/httpd"

Listen {{http_port}}

Include conf.modules.d/*.conf

User apache
Group apache

ServerAdmin root@localhost

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn


<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>

EnableSendfile on

IncludeOptional conf.d/*.conf

Playbook 실행

[devops@work-vm devops-lab]$ ansible-playbook web-httpd-install.yml

PLAY [web] ****************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [web01-vm]
ok: [web03-vm]
ok: [web02-vm]

TASK [ensure apache is at the latest version] *****************************************************************************************************************
ok: [web01-vm]
ok: [web02-vm]
ok: [web03-vm]

TASK [write the apache config file] ***************************************************************************************************************************
changed: [web02-vm]
changed: [web01-vm]
changed: [web03-vm]

TASK [ensure apache is running] *******************************************************************************************************************************
changed: [web02-vm]
changed: [web03-vm]
changed: [web01-vm]

RUNNING HANDLER [restart apache] ******************************************************************************************************************************
changed: [web01-vm]
changed: [web02-vm]
changed: [web03-vm]

PLAY RECAP ****************************************************************************************************************************************************
web01-vm                   : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
web02-vm                   : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
web03-vm                   : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Playbook 결과 검증

[devops@work-vm devops-lab]$ ansible web -m shell -a "netstat -nltp | grep httpd"

web01-vm | CHANGED | rc=0 >>
tcp6       0      0 :::80                   :::*                    LISTEN      66600/httpd

web02-vm | CHANGED | rc=0 >>
tcp6       0      0 :::80                   :::*                    LISTEN      67703/httpd

web03-vm | CHANGED | rc=0 >>
tcp6       0      0 :::80                   :::*                    LISTEN      66306/httpd

httpd 설정 변경 및 검증

[devops@work-vm devops-lab]$ cat web-httpd-install.yml

변경한 설정정보

vars:
    http_port: 81


web-httpd-install.yml
---
- hosts: web
  vars:
    http_port: 81
  tasks:
  - name: ensure apache is at the latest version
    yum:
      name: httpd
      state: latest
  - name: write the apache config file
    template:
      src: /home/devops/devops-lab/httpd.conf.j2
      dest: /etc/httpd/conf/httpd.conf
    notify:
    - restart apache
  - name: ensure apache is running
    service:
      name: httpd
      state: started
  handlers:
    - name: restart apache
      service:
        name: httpd
        state: restarted


[devops@work-vm devops-lab]$ ansible-playbook web-httpd-install.yml

실행 및 검증 결과
PLAY [web] ****************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [web01-vm]
ok: [web02-vm]
ok: [web03-vm]

TASK [ensure apache is at the latest version] *****************************************************************************************************************
ok: [web01-vm]
ok: [web03-vm]
ok: [web02-vm]

TASK [write the apache config file] ***************************************************************************************************************************
changed: [web01-vm]
changed: [web03-vm]
changed: [web02-vm]

TASK [ensure apache is running] *******************************************************************************************************************************
ok: [web01-vm]
ok: [web02-vm]
ok: [web03-vm]

RUNNING HANDLER [restart apache] ******************************************************************************************************************************
changed: [web02-vm]
changed: [web01-vm]
changed: [web03-vm]

PLAY RECAP ****************************************************************************************************************************************************
web01-vm                   : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
web02-vm                   : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
web03-vm                   : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[devops@work-vm devops-lab]$ ansible web -m shell -a "netstat -nltp | grep httpd"
web01-vm | CHANGED | rc=0 >>
tcp6       0      0 :::81                   :::*                    LISTEN      67642/httpd

web02-vm | CHANGED | rc=0 >>
tcp6       0      0 :::81                   :::*                    LISTEN      68748/httpd

web03-vm | CHANGED | rc=0 >>
tcp6       0      0 :::81                   :::*                    LISTEN      67347/httpd
  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.
CAPTCHA image