ansibleでdeploy

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes
    - name: change owner
      file: dest=/var/www/html owner=vagrant recurse=yes
    - name: copy zabbix.php
      copy: src=./zabbix.php dest=/var/www/html/zabbix.php owner=vagrant

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

PLAY [web] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]

TASK [install apache] **********************************************************
ok: [192.168.43.52]

TASK [start apache and enabled] ************************************************
ok: [192.168.43.52]

TASK [change owner] ************************************************************
changed: [192.168.43.52]

TASK [copy zabbix.php] *********************************************************
changed: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=7 changed=2 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0

1ファイルではcapistranoやgitpullの方がいいに決まってますが、まあ、こういうこともできるということですね。知りたいのはansibleをどう使っているのかというところか。。

ansibleで他のipを動かしてみよう

pbook.yml

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=hpscript

- hosts: web
  sudo: yes
  tasks:
    - name: install apache
      yum: name=httpd state=latest
    - name: start apache and enabled
      service: name=httpd state=started enabled=yes

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
ok: [192.168.43.53]
ok: [192.168.43.52]

PLAY [web] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]

TASK [install apache] **********************************************************
changed: [192.168.43.52]

TASK [start apache and enabled] ************************************************
ok: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=5 changed=1 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0

playbook.ymlで変数を使う

---
- hosts: all
  sudo: yes
  vars:
    username: hpscript
  tasks:
    - name: add a new user
      user: name={{username}}

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
changed: [192.168.43.52]
changed: [192.168.43.53]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0

なんか冷房の真下にいると寒いわ。場所を変えましょう。

ansible-playbookでオプションを使おう

–syntax-checkでチェックする

[vagrant@host ~]$ ansible-playbook playbook.yml –syntax-check
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

playbook: playbook.yml

–list-task でタスク一覧を表示

[vagrant@host ~]$ ansible-playbook pbook.yml –list-task
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

playbook: pbook.yml

play #1 (all): all TAGS: []
tasks:
add a new user TAGS: []

playbook: playbook.yml

play #1 (all): all TAGS: []
tasks:
add a new user TAGS: []
install libselinux-python TAGS: []

play #2 (web): web TAGS: []
tasks:
install apache TAGS: []
start apache and enabled TAGS: []
change owner TAGS: []
copy index.html TAGS: []
install php packages TAGS: []
copy hello.php TAGS: []

play #3 (db): db TAGS: []
tasks:
install mysql TAGS: []
start mysql and enabled TAGS: []
create a database TAGS: []
create a user for mydb TAGS: []

playbook.ymlを編集する

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=hpscript state=absent

Whether the account should exist or not, taking action if the state is different from what is stated.

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
changed: [192.168.43.53]
changed: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0

ssh接続する
[vagrant@host ~]$ ssh web
Last login: Tue Oct 2 18:17:56 2018 from 192.168.43.51
[vagrant@web ~]$ cat /etc/passwd

ぬお、hpscriptが居なくなっている! すげーーーーーーーー

ssh接続してcatしよう

ユーザー一覧を表示する

[vagrant@web ~]$ cat /etc/passwd

apache:x:48:48:Apache:/var/www:/sbin/nologin
hpscript:x:503:503::/home/hpscript:/bin/bash

/etc/passwd とは?
>このファイルには、ユーザがログインする際に必要なユーザ名や、ホームディレクトリなど、各種の設定が書かれています。以前は、パスワードを暗号化したものが、このファイルに一緒に書かれていましたが、セキュリティを強化するため、パスワードを暗号化したものは、/etc/shadow ファイルに書かれるようになりました。

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin

なるほど~ 色々なユーザーがおりますな。

ansible document
https://docs.ansible.com/
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html

sytem moduleのuserを見る。
https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module

ERROR! playbooks must be a list of plays

---
- hosts: all
  sudo: yes
  tasks:
    - name: add a new user
      user: name=hpscript

[vagrant@host ~]$ ansible-playbook pbook.yml
ERROR! playbooks must be a list of plays

なに!?

[vagrant@host ~]$ ansible-playbook pbook.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and
make sure become_method is ‘sudo’ (default).
This feature will be removed in a
future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.43.52]
ok: [192.168.43.53]

TASK [add a new user] **********************************************************
changed: [192.168.43.53]
changed: [192.168.43.52]

PLAY RECAP *********************************************************************
192.168.43.52 : ok=2 changed=1 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=1 unreachable=0 failed=0

おお、インデントを直したら通った

同じコマンドをもう一回打つと、
PLAY RECAP *********************************************************************
192.168.43.52 : ok=2 changed=0 unreachable=0 failed=0
192.168.43.53 : ok=2 changed=0 unreachable=0 failed=0

ほう、changed=0になりましたね♪

ansibleを触っていこう

[vagrant@host ~]$ ansible –version
ansible 2.2.0.0
config file = /home/vagrant/ansible.cfg
configured module search path = Default w/o overrides

ansibleってレッドハットが所有してるんだ。どうりで。
https://www.ansible.com/

[vagrant@host ~]$ ssh web
Last login: Wed Nov 23 22:41:13 2016 from 192.168.43.51
[vagrant@web ~]$ exit
logout
Connection to 192.168.43.52 closed.
[vagrant@host ~]$ ssh db
Last login: Wed Nov 23 22:41:12 2016 from 192.168.43.51
[vagrant@db ~]$ exit
logout
Connection to 192.168.43.53 closed.

なんじゃこりゃー

inventry file

[web]
192.168.43.52

[db]
192.168.43.53

[vagrant@host ~]$ ansible all -i hosts -m ping
192.168.43.53 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
192.168.43.52 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

ansible.cfg

[defaults]
hostfile = ./hosts

[vagrant@host ~]$ ansible all -m ping
192.168.43.53 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
192.168.43.52 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}