- how to learn ansible
- what is ansible
- let's use ansible command
- let's create simple playbook
- advanced for playbook
- let's create large playbook
- oreore best practice
- IT automation tool
- made python
- latest version 1.9.1
- sequential execution
- parallel processing
- module → task
- task → Playbooks.yml
- Inventory / hosts
- roles / component
- handler
- Jinja2 /template
$ yum install ansible
$ ansible --version
ansible 1.9.1
it's easy :)
kakeru@PC-kakeru:$ cat ansible/inventory/vagrant/kakeru_vagrant.yml
[test]
kakeru_vagrant1
kakeru_vagrant2
kakeru_vagrant3
ex) kakeru_vagrant[1:3]
[stg:children]
test
Usage: ansible <host-pattern> [options]
-m MODULE_NAME, --module-name=MODULE_NAME
module name to execute (default=command)
- ping module
kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant.yml -m ping -f 2
kakeru_vagrant1 | success >> {
"changed": false,
"ping": "pong"
}
kakeru_vagrant2 | success >> {
"changed": false,
"ping": "pong"
}
- bash module
kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml -a "uptime"
kakeru_vagrant1 | success | rc=0 >>
14:55:46 up 51 min, 1 user, load average: 0.00, 0.01, 0.02
- apt module
kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml -m apt -s -a name=varnish
kakeru_vagrant1 | success >> {
"changed": true,
"stderr": "",
"stdout": "Reading package lists...\nBuilding dependency tree...\n hogehoge"
}
kakeru@PC-kakeru:$ cat ansible/vagrant.yml
# vi: set ft=yaml :
- hosts: test
user: vagrant
sudo: yes
tasks:
- name: set kernel parameter
action: >
template src=roles/common/templates/etc/sysctl.conf.j2
dest=/etc/sysctl.conf
owner=root
group=root
mode=0644
notify:
- sysctl_p
handlers:
- name: sysctl_p
command: /sbin/sysctl -q -e -p
vars:
net_ipv4_ip_forward : 0
net_ipv4_conf_default_rp_filter : 1
net_ipv4_conf_default_accept_source_route : 0
kernel_sysrq : 1
kernel_core_uses_pid : 1
net_ipv4_tcp_syncookies : 1
net_bridge_bridge_nf_call_ip6tables : 0
kakeru@PC-kakeru:$ cat ansible/roles/common/templates/etc/sysctl.conf.j2
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = {{ net_ipv4_ip_forward }}
# Controls source route verification
net.ipv4.conf.default.rp_filter = {{net_ipv4_conf_default_rp_filter}}
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = {{ net_ipv4_conf_default_accept_source_route }}
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = {{ kernel_sysrq }}
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = {{ kernel_core_uses_pid }}
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = {{ net_ipv4_tcp_syncookies }}
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = {{ net_bridge_bridge_nf_call_ip6tables }}
kakeru@PC-kakeru:$ ansible-playbook -i ansible/inventory/vagrant/kakeru_vagrant1.yml ansible/vagrant.yml
PLAY [test] *******************************************************************
GATHERING FACTS ***************************************************************
ok: [kakeru_vagrant1]
TASK: [set kernel parameter] **************************************************
ok: [kakeru_vagrant1]
PLAY RECAP ********************************************************************
kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0
So Simple :)
- name: add script for lb_check6
action: >
template src=usr/local/sbin/{{ item }}.j2
dest=/usr/local/sbin/{{ item }}
owner=root
group=root
mode=0755
with_items:
- lb_check6.sh
- lb_check6_var
tasks:
- name: install base_packages
apt: name={{ item }} state=present
with_items:
- "{{ base.packages }}"
vars:
base:
packages:
- figlet
- telnet
- jq
- wget
- heirloom-mailx
- zsh
- screen
- nmap
- netcat-openbsd
- tmux
- lsof
...
- name: check jq's src
action: >
command [ -e /usr/local/src/jq_1.4-1~bpo70+1_amd64.deb ]
register: result
ignore_errors: True
- name: downloadi&install jq
action: >
get_url url="http://ftp.jp.debian.org/debian/pool/main/j/jq/jq_1.4-1~bpo70+1_amd64.deb"
dest=/usr/local/src
mode=0644
notify:
- install_jq
when: result|failed
- template: >
src=etc/apt/sources.list
dest=/etc/apt/sources.list
owner=root
group=root
mode=0644
register: apt_sources_list
- apt: update_cache=yes
when: apt_sources_list|changed
- apt: update_cache=yes cache_valid_time=3600
when: apt_sources_list|skipped
- pleybook option
- --connection=local
- --until
- --vars_prompt
- command option
- --check
- --diff
kakeru@PC-kakeru:$ cat ansible/roles/common/tasks/main.yml
---
# roles/comon/tasks/main.yml
# update source_list
- include: source_list.yml
# add system_users
- include: system_user.yml
site.yml
webservers.yml
fooservers.yml
roles/
common/
files/
templates/
tasks/
main.yml
nginx.yml
handlers/
vars/
defaults/
meta/
webservers/
files/
templates/
---
- hosts: webservers
roles:
- common
- webservers
- define enviroment variables
- create group_vars
- set xxx:children to inventory
- must use role & set playbook to inventory
- role → playbook
- playbook + env → inventory
├── group_vars
│ ├── dev.yml
│ ├── prd.yml
│ ├── stg.yml
│ ├── test.yml
│ └── vagrant.yml
├── inventory
│ ├── cassandra
│ ├── elasticsearch
│ ├── logger
│ ├── sensu
│ ├── uchiwa
│ ├── vagrant
│ └── web
├── web.yml
├── logger.yml
├── README.md
├── roles
│ ├── cassandra
│ ├── common
│ ├── elasticsearch
$ cat inventory/vagrant/kakeru_vagrant.yml
[test]
kakeru_vagrant[1:3]
$ ansible-playbook vagrant.yml
-i inventory/vagrant/kakeru_vagrant.yml -l kakeru_vagrant1
PLAY [test] *******************************************************************
.
GATHERING FACTS ***************************************************************
ok: [kakeru_vagrant1]
.
TASK: [set kernel parameter] **************************************************
ok: [kakeru_vagrant1]
.
PLAY RECAP ********************************************************************
kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0
$ ansible-playbook vagrant.yml
-i inventory/vagrant/kakeru_vagrant.yml -l kakeru_vagrant1 --list-host
playbook: vagrant.yml
play #1 (test): host count=1
kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0