실습환경 구성
VM : 4대
Ansible-Server에만 Ansible을 설치
Ansible을 지원하는 운영체제
- 대부분의 OS가 Ansible을 지원하고 있습니다.
- Windows는 앤서블을 통해 관리는 할 수 있지만, 앤서블을 설치하여 다른노드를 관리할 수 없습니다.
- Windows위에 가상머신을 설치하여 가능하지만 근본적으로는 안됨.
CentOS를 Ansible테스트 환경으로 구성하여 사용합니다.
- CentOS는 국내시장에서 가장많이 사용되는 RedHat플랫폼을 복제하여 만든 것이므로, 실무를 체험하기 가장 좋은 방법입니다.
VM생성
- Azure Portal에서 VM을 생성합니다.
- vm-ansible-server
- vm-ansible-node01
- vm-ansible-node02
- vm-ansible-node03
- vm-ansible-server에 ansible을 설치 합니다.
DNS서버가 정상 접속되는지 확인
ping google.com
[sanse@vm-ansible-server ~]$ ping google.com PING google.com (172.217.194.113) 56(84) bytes of data. 64 bytes from 172.217.194.113 (172.217.194.113): icmp_seq=1 ttl=42 time=1.67 ms 64 bytes from 172.217.194.113 (172.217.194.113): icmp_seq=2 ttl=42 time=1.84 ms ^C --- google.com ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 16019ms rtt min/avg/max/mdev = 1.623/1.698/1.845/0.080 ms [sanse@vm-ansible-server ~]$
레파지토리 리스트 확인[sanse@vm-ansible-server ~]$ yum repolist Loaded plugins: fastestmirror, langpacks Determining fastest mirrors base | 3.6 kB 00:00 extras | 3.4 kB 00:00 openlogic | 2.9 kB 00:00 updates | 3.4 kB 00:00 (1/5): base/7/x86_64/group_gz | 166 kB 00:00 (2/5): extras/7/x86_64/primary_db | 156 kB 00:00 (3/5): openlogic/7/x86_64/primary_db | 76 kB 00:00 (4/5): updates/7/x86_64/primary_db | 1.3 MB 00:00 (5/5): base/7/x86_64/primary_db | 6.0 MB 00:00 repo id repo name status base/7/x86_64 CentOS-7 - Base 10,019 extras/7/x86_64 CentOS-7 - Extras 321 openlogic/7/x86_64 CentOS-7 - openlogic packages for x86_64 121 updates/7/x86_64 CentOS-7 - Updates 643 repolist: 11,104 [sanse@vm-ansible-server ~]$
Ansible 패키지 레파지 토리 등록
참고: EPEL (Extra Package full Enterprise Linux)
[sanse@vm-ansible-server ~]$ sudo yum install epel-release -y We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for sanse: Loaded plugins: fastestmirror, langpacks Determining fastest mirrors base | 3.6 kB 00:00 extras | 3.4 kB 00:00 openlogic | 2.9 kB 00:00 updates | 3.4 kB 00:00 (1/5): base/7/x86_64/group_gz | 166 kB 00:00 (2/5): openlogic/7/x86_64/primary_db | 76 kB 00:00 (3/5): extras/7/x86_64/primary_db | 156 kB 00:00 (4/5): updates/7/x86_64/primary_db | 1.3 MB 00:00 (5/5): base/7/x86_64/primary_db | 6.0 MB 00:00 Resolving Dependencies --> Running transaction check ---> Package epel-release.noarch 0:7-11 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: epel-release noarch 7-11 extras 15 k Transaction Summary ================================================================================ Install 1 Package Total download size: 15 k Installed size: 24 k Downloading packages: epel-release-7-11.noarch.rpm | 15 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : epel-release-7-11.noarch 1/1 Verifying : epel-release-7-11.noarch 1/1 Installed: epel-release.noarch 0:7-11 Complete! [sanse@vm-ansible-server ~]$
Ansible 설치
[sanse@vm-ansible-server ~]$ sudo yum install ansible -y [sudo] password for sanse: Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile epel/x86_64/metalink | 8.3 kB 00:00 * epel: sg.fedora.ipserverone.com epel | 4.7 kB 00:00 (1/3): epel/x86_64/group_gz | 88 kB 00:00 (2/3): epel/x86_64/updateinfo | 951 kB 00:00 (3/3): epel/x86_64/primary_db | 6.6 MB 00:03 Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.7.5-1.el7 will be installed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 중략 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: ansible noarch 2.7.5-1.el7 epel 11 M Installing for dependencies: libtomcrypt x86_64 1.17-26.el7 extras 224 k libtommath x86_64 0.42.0-6.el7 extras 36 k python-babel noarch 0.9.6-8.el7 base 1.4 M python-backports x86_64 1.0-8.el7 base 5.8 k python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k python-cffi x86_64 1.6.0-5.el7 base 218 k python-enum34 noarch 1.0.4-1.el7 base 52 k python-httplib2 noarch 0.9.2-1.el7 extras 115 k python-idna noarch 2.4-1.el7 base 94 k python-ipaddress noarch 1.0.16-2.el7 base 34 k python-jinja2 noarch 2.7.2-2.el7 base 515 k python-keyczar noarch 0.71c-2.el7 epel 218 k python-markupsafe x86_64 0.11-10.el7 base 25 k python-paramiko noarch 2.1.1-9.el7 updates 269 k python-ply noarch 3.4-11.el7 base 123 k python-pycparser noarch 2.14-1.el7 base 104 k python-setuptools noarch 0.9.8-7.el7 base 397 k python2-crypto x86_64 2.6.1-15.el7 extras 477 k python2-cryptography x86_64 1.7.2-2.el7 base 502 k python2-jmespath noarch 0.9.0-3.el7 extras 39 k sshpass x86_64 1.06-2.el7 extras 21 k Transaction Summary ================================================================================ Install 1 Package (+21 Dependent packages) Total download size: 16 M Installed size: 81 M Downloading packages: (1/22): python-backports-1.0-8.el7.x86_64.rpm | 5.8 kB 00:00 ~~~~~~~~~~~~~~~~~~~~중략~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Complete! [sanse@vm-ansible-server ~]$ ansible Usage: ansible <host-pattern> [options] Define and run a single task 'playbook' against a set of hosts Options: -a MODULE_ARGS, --args=MODULE_ARGS ~~~~~~~~~~~~~~~중략~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Some modules do not make sense in Ad-Hoc (include, meta, etc) ERROR! Missing target hosts
Ansible 설정[root@vm-ansible-server ~]# ansible all -m ping -k SSH password: [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' [root@vm-ansible-server ~]# vi /etc/ansible/hosts ##---------- 맨아래 ------------------------------------------------------------------ [nginx] 10.0.0.5 #가상머신의 private ip 10.0.0.6 #가상머신의 private ip 10.0.0.7 #가상머신의 private ip
Ansible 설정 확인[root@vm-ansible-server ~]# ansible all -m ping The authenticity of host '10.0.0.7 (10.0.0.7)' can't be established. ECDSA key fingerprint is SHA256:okVYtF+DEibaVVIwtRp9cbFx6ynQCCrs39pQnOXqAt4. ECDSA key fingerprint is MD5:e6:9d:08:cc:03:fa:b6:dd:2f:cd:ab:28:9c:f6:f4:af. Are you sure you want to continue connecting (yes/no)? The authenticity of host '10.0.0.6 (10.0.0.6)' can't be established. ECDSA key fingerprint is SHA256:CMVvrraetbRhzBicWllAB3NCkBvUmD5HBtq3S3cwjLg. ECDSA key fingerprint is MD5:81:2d:ba:85:6e:61:bd:37:26:de:1c:d5:36:90:14:63. Are you sure you want to continue connecting (yes/no)? 10.0.0.5 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).\r\n", "unreachable": true } yes 10.0.0.7 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.0.0.7' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).\r\n", "unreachable": true } yes 10.0.0.6 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.0.0.6' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).\r\n", "unreachable": true } [root@vm-ansible-server ~]# ##--------------------------------------------------------------------------------------------------------------------- [root@vm-ansible-server ~]# ansible all -m ping -k SSH password: 10.0.0.5 | SUCCESS => { "changed": false, "ping": "pong" } 10.0.0.6 | SUCCESS => { "changed": false, "ping": "pong" } 10.0.0.7 | SUCCESS => { "changed": false, "ping": "pong" } [root@vm-ansible-server ~]#