ansible 미니 프로젝트 외전
실험용도로 하는 것. 구성을 바꿔서 궁금했던 것을 해결하고, 한번 더 복습해보자
사전구성
control 192.168.110.10 Rocky9 -- python version 3.9
node1 192.168.110.20 CentOS -- python version 2.75
node2 192.168.110.30 Ubuntu -- python version 3.10
으로 하려 했으나... 파이썬 버전 맞추는게 너무 힘들기에
control 192.168.110.10 Rocky9
node1 192.168.110.20 Rocky9
node2 192.168.110.30 Ubuntu
그냥 control과 node1은 rocky9로
node2는 ubuntu로 함.
vagrantfile
Vagrant.configure("2") do |config|
# --- managed node 1 ---
config.vm.define "node1" do |cfg|
cfg.vm.box = "generic/rocky9"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "node1-rocky9"
vb.cpus = 1
vb.memory = 1024
vb.gui = false
end
cfg.vm.host_name = "node1.example.com"
cfg.vm.network "private_network", ip: "192.168.110.20"
cfg.vm.provision "shell", path: "ssh_conf.sh" # ssh(putty) 접속을 위한 설정
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
# --- managed node 2 - ubuntu ---
config.vm.define "node2" do |cfg|
cfg.vm.box = "generic/ubuntu2204"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "node2-ubuntu"
vb.cpus = 1
vb.memory = 2048
vb.gui = false
end
cfg.vm.host_name = "node2.example.com"
cfg.vm.network "private_network", ip: "192.168.110.30"
# cfg.vm.provision "shell", path: "ssh_conf.sh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
# --- Ansible Server ---
config.vm.define "server" do |cfg|
cfg.vm.box = "generic/rocky9"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "server"
vb.cpus = 1
vb.memory = 2048
vb.gui = false
end
cfg.vm.host_name = "control.example.com"
cfg.vm.network "private_network", ip: "192.168.110.10"
cfg.vm.provision "shell", path: "ssh_conf.sh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", inline: "yum -y install epel-release"
cfg.vm.provision "shell", inline: "yum -y install ansible.noarch" #centos 때랑 다름
cfg.vm.provision "shell", inline: "yum install ansible -y" # ansible 설치
cfg.vm.provision "file", source: "ansible_env_ready.yml", # ansible inventory 및 환경설정
destination: "ansible_env_ready.yml"
cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
cfg.vm.provision "file", source: "auto_pass.yml", destination: "auto_pass.yml" # 공개키 및 fingerprint 저장
cfg.vm.provision "shell", inline: "ansible-playbook auto_pass.yml", privileged: false
end
end
ansible_env_ready.yml
더보기
- name: setup for the ansibles environment
hosts: localhost
gather_facts: no
tasks:
- name: add "/etc/hosts"
blockinfile:
path: /etc/hosts
block: |
192.168.110.20 node1.example.com node1
192.168.110.30 node2.example.com node2
- name: add "/etc/ansible/hosts"
blockinfile:
path: /etc/ansible/hosts
block: |
[centos]
node1
[ubuntu]
node2
[nodes:children]
centos
ubuntu
- name: create vim envs directory & files
shell: "{{item}}"
loop:
- "touch /home/vagrant/.vimrc"
- "touch /home/vagrant/.bashrc"
- name: install vim-enhanced and git
yum:
name:
- vim-enhanced
- git
state: present
- name: configure .vimrc
lineinfile:
path: /home/vagrant/.vimrc
line: autocmd FileType yaml setlocal ai ts=2 sw=2 et
- name: configure .bashrc
lineinfile:
path: /home/vagrant/.bashrc
line: "{{item}}"
loop:
- "alias ans='ansible'"
- "alias anp='ansible-playbook'"auto_pass.yml
더보기
- name: Create authority between server and nodes
hosts: nodes
connection: local
serial: 1
gather_facts: no
vars:
ansible_password: vagrant
tasks:
- name: ssh-keyscan for known_hosts file
command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }}
register: keyscan
- name: input key
lineinfile:
path: ~/.ssh/known_hosts
line: "{{ item }}"
create: yes
with_items:
- "{{ keyscan.stdout_lines }}"
- name: ssh-keygen for authorized_keys file
command: "ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ''"
ignore_errors: yes
run_once: true
- name: input key for each node
connection: ssh
authorized_key:
user: vagrant
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"ssh_conf.sh
더보기
#/bin/bash
# allow ssh login with password
time=$(date "+%Y%m%d.%H%M%S")
# backup before overwriting
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$time.backup
sudo sed -i -e 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sudo systemctl restart sshd** Rocky9도 sshd_config를 수정해주어야 한다. ansible 사용 및 Putty 사용을 위해서
내가 궁금한건. python 버전이 안맞아서 오류나는 것(공개키관련)이 있었는데,(CentOS - Ubuntu)
과연 2.x버전과 3.x 버전의 차이인것인지 아예 다 버전이 같아야 오류가 안뜨는 것인지가 궁금했다.
[vagrant@control ~]$ ans all -m ping
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}맞았다. 3.x버전끼리는 호환(?)이 된다.
지난번 control을 CentOS7으로 하고, node를 Ubuntu로 했을 때 안되는 이유가 2.x 버전과 3.x 버전차이가 있어서 였던것이다.
php.yaml
더보기
[vagrant@control work]$ cat php.yaml
- hosts: all
become: yes
tasks:
- name: epel_release, httpd, php, mariadb install to rocky
yum:
name:
- epel-release
- httpd
- php
- mariadb
state: latest
when: ansible_distribution == 'Rocky'
- name: apt repo to ubuntu
shell: add-apt-repository ppa:ondrej/php -y
when: ansible_distribution == 'Ubuntu'
- name: upgrade apt
shell: apt update -y
when: ansible_distribution == 'Ubuntu'
- name: httpd, php install to ubuntu
apt:
name:
- apache2 # ubuntu는 httpd가 아닌 apache2
- php7.4
- php7.4-mysql
- mariadb-server
state: present
when: ansible_distribution == 'Ubuntu'
- name: start firewalld
service:
name: firewalld
state: started
when: ansible_distribution == 'Rocky'
- name: index.php
copy:
src: ~/work/index.php
dest: /var/www/html/index.php
- name: restart apache rocky
service:
name: httpd
state: restarted
when: ansible_distribution == 'Rocky'
- name: restart apache Ubuntu
service:
name: apache2
state: restarted
when: ansible_distribution == 'Ubuntu'
- name: firewall add service
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
when: ansible_distribution == 'Rocky'
- name: enable ufw service
ufw:
state: enabled
when: ansible_distribution == 'Ubuntu'
- name: ufw add ssh
ufw:
rule: allow
name: OpenSSH
when: ansible_distribution == 'Ubuntu'
- name: ufw add apache
ufw:
rule: allow
port: '80'
proto: tcp
when: ansible_distribution == 'Ubuntu'
wordpress.yaml
더보기
[vagrant@control work]$ cat wordpress.yaml
- hosts: all
become: yes
tasks:
- name: mkdir ~/work
file:
path: ~/work
state: directory
- name: download wordpress.tar.gz
get_url:
url: https://ko.wordpress.org/latest-ko_KR.tar.gz
dest: ~/work/wordpress.tar.gz
- name: unzip
unarchive:
src: ~/work/wordpress.tar.gz
dest: /var/www/html/
remote_src: yes
- name: chown
shell: chown apache:apache /var/www/html/wordpress/*
when: ansible_distribution == 'Rocky'
- name: chown ubuntu
shell: chown www-data:www-data /var/www/html/wordpress/*
when: ansible_distribution == 'Ubuntu'
- name: chmod
shell: chmod 755 /var/www/html/wordpress/*
- name: chmod .php
shell: chmod 644 /var/www/html/wordpress/*.php
rocky9에서 mysql php는 php-mysqlnd 임.
ad-hoc으로 설치하던, playbook yum 모듈에 추가로 등록하던 한다면
제대로 wordpress 접속이 가능.
'공부 및 실습' 카테고리의 다른 글
| kubernetes 실습 - pod, service 활용 (0) | 2024.03.07 |
|---|---|
| Docker container - mariadb와 wordpress 연동 (0) | 2024.03.06 |
| PHP MariaDB 연동해서 간단한 Todolist 만들어보기 (0) | 2024.02.10 |
| PHP DB 연동 (0) | 2024.02.08 |
| 컨테이너(Container), 도커(Docker) 개요 (19) | 2024.01.22 |