Month: October 2018

var/local/ansible
vi .ssh/config

Host sakura1
  HostName 182.xx.xx.xx
Host sakura2
  HostName 49.xxx.xxx.xxx

公開鍵を作成する
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /var/local/ansible/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/local/ansible/.ssh/id_rsa.
Your public key has been saved in /var/local/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
c8:43:16:c5:69:5e:ad:d9:bb:0c:0e:22:7e:06:9a:46 root@hoge.vs.sakura.ne.jp
The key’s randomart image is:
+–[ RSA 2048]—-+
| .o.. . |
| .+ . . |
| oo . + |
| + .. o . |
| + S . |
| E o … . . |
| . + o . o o . |
| + . o . o |
| . o |
+—————–+

# ssh-copy-id sakura1
あれ？　なんかうまくいかない。

# ansible all -i hosts -m ping
The authenticity of host ‘hoge’ can’t be established.
RSA key fingerprint is 0c:3.
Are you sure you want to continue connecting (yes/no)? The authenticity of host ‘1hoge)’ can’t be established.
RSA key fingerprint is 1f:3c:fa.
Are you sure you want to continue connecting (yes/no)? yes
hoge | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Warning: Permanently added ‘hoge’ (RSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n”,
“unreachable”: true
}

Please type ‘yes’ or ‘no’: yes
hoge | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Warning: Permanently added ‘1hoge’ (RSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n”,
“unreachable”: true
}

やはりRSA接続が上手くいっていない
インベントリファイルにパスワードを書く方法を模索か

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=hpscript

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy zabbix.php
      copy: src=./zabbix.php dest=/var/www/html/zabbix.php owner=vagrant
  #   - name: install php packages
  #     yum: name={{item}} state=latest
  #     with_items:
  #       - php
  #       - php-dev
  #       - php-mbstring
  #       - php-mysql
  #     notify:
  #       - restart apache
  # handlers: 
    - name: restart apache
      service: name=httpd state=restarted

- hosts: db
  sudo: yes
  tasks:
    - name: install mysql
      yum: name={{item}} state=latest
      with_items:
        - mysql-server
        - MySQL-python
    - name: start mysql and enabled
      service: name=mysqld state=started enabled=yes
    # - name: create a database
    #   mysql_db: name=mydb state=prsent

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

TASK [add a new user] **********************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

PLAY [web] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]

TASK [install apache] **********************************************************
ok: [192.168.43.52]

TASK [start apache and enabled] ************************************************
ok: [192.168.43.52]

TASK [change owner] ************************************************************
ok: [192.168.43.52]

TASK [copy zabbix.php] *********************************************************
ok: [192.168.43.52]

TASK [restart apache] **********************************************************
changed: [192.168.43.52]

PLAY [db] **********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.53]

TASK [install mysql] ***********************************************************
ok: [192.168.43.53] => (item=[u’mysql-server’, u’MySQL-python’])

TASK [start mysql and enabled] *************************************************
ok: [192.168.43.53]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=8 changed=1 unreachable=0 failed=0
192.168.43.53 : ok=5 changed=0 unreachable=0 failed=0

ok
さくらvpsにansibleを入れて、共有サーバーにコマンドを実行していきたい。
まず、ssh接続するために、ipアドレスからか。

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy zabbix.php
      copy: src=./zabbix.php dest=/var/www/html/zabbix.php owner=vagrant
    - name: install php packages
      yum: name={{item}} state=latest
      with_items:
        - php
        - php-dev
        - php-mbstring
        - php-mysql
      notify:
        - restart apache
  handlers: 
    - name: restart apache
      service: name=httpd state=restarted

なるほど～～

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy zabbix.php
      copy: src=./zabbix.php dest=/var/www/html/zabbix.php owner=vagrant

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

PLAY [web] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]

TASK [install apache] **********************************************************
ok: [192.168.43.52]

TASK [start apache and enabled] ************************************************
ok: [192.168.43.52]

TASK [change owner] ************************************************************
changed: [192.168.43.52]

TASK [copy zabbix.php] *********************************************************
changed: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=7 changed=2 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0

1ファイルではcapistranoやgitpullの方がいいに決まってますが、まあ、こういうこともできるということですね。知りたいのはansibleをどう使っているのかというところか。。

pbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=hpscript

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

PLAY [web] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]

TASK [install apache] **********************************************************
changed: [192.168.43.52]

TASK [start apache and enabled] ************************************************
ok: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=5 changed=1 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0

---
- hosts: all
  sudo: yes
  vars:
    username: hpscript
  tasks:
    - name: add a new user
      user: name={{username}}

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
changed: [192.168.43.52]
changed: [192.168.43.53]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0

なんか冷房の真下にいると寒いわ。場所を変えましょう。