現代 IT 人一定要知道的 Ansible 自動化組態技巧

Transcript

1. [ chusiang@kalug ~ ] $ cat .profile # Author: 㲺Ռᗼ

   / chusiang.lai (at) gmail.com # Blog: http://note.drx.tw # Modified: 2016-05-31 16:30

2. 橕ෝ㲺Ռᗼ • 4 ଙ犥Ӥ IT 妿涢牐 • 匍肬 DrSays IT

   ૡ纷䒍牐 • Ansible 䋿䜗拻璤 4e. 䋊㹓牐 • ෝ Ansible Galaxy 獤Ձ Roles物 • php7 (php-fpm) • switch-apt-mirror • vim-and-vi-mode • zabbix-agent • CVE-2016-3714 2

3. ࣖ绐㾏 ᥝ樄তԧ牦 3

4. Outline I. 匍դ IT ՈฎՋ讕牫 4

5. Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 5

6. Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫

   6

7. Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫

   IV. ெ讕蟂ᗟ Ansible 絑ह牫 7

8. Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫

   IV. ெ讕蟂ᗟ Ansible 絑ह牫 V. ெ讕砺֢ Ansible牫 8

9. Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫

   IV. ெ讕蟂ᗟ Ansible 絑ह牫 V. ெ讕砺֢ Ansible牫 VI. Q & A 9

10. Ⅰ. 匍դ IT ՈฎՋ讕牫 10 DevOps

11. 匍դ IT ՈฎՋ讕牫 11 犥獮ጱ IT Ո 匍դጱ IT Ո

    ℂ蕕秚ک礍ᒊ 襑聻揲碍ੜ碻 (hr) 犋አ 30 獤 (min) Ӥ紑 ྯॠළළ瞲犤牏蕕蕕秚瑊牧 ଉଉ盛ԧ硬螂Ջ讕 䌃 code 吚者翄 䌃 code ᓕ秚瑊 ӥ紑 䌃犋ਠጱૡ֢෭懿 䒻ᛔ૩䌃ૡٍ (傶ԧ൉෱ӥ紑)

12. Ⅱ. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 12 ※ 戢物奲眲 = Configuration management (CM)

13. 疩獈 Ansible ᛔ㵕玕奲眲牧 ౯㮉ᴻԧݢ犥仂੝๐率Ӿ䥁 碻樌牏介手च器ୌ戔牏褔犵 ఺क़觓檺牧ๅݢ犥虏樄咳牏 介手޾ྋୗ絑ह篷翿矑敍牐 瑽粙㬵რ - Ansible

    as Automation Glue 13

14. "ૡՈ" 奲眲 ᛔ㵕玕奲眲 ᯿蕦奲眲ጱՈێ౮๜ ṛ 犵 Ո傶०藮觓檺 ṛ 犵 ݢ介手௔

    櫞 ฃ 秇奲玕 櫞 ฃ ൉෱ӥ紑 櫞 ฃ 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 14

15. Ⅲ. Ansible ฎՋ讕牫 15

16. Ansible 玲ݷᛔᎣݷੜ藯
 ̽䜗凗蝿瞁̾牧ฎӞ稠胼 ᪜᩼碻绚ጱܨ碻蝢懱ૡٍ牐 襎୽ၹ䁭 - https://goo.gl/4xftZT 16

17. Ansible ฎ蜱ଙ㬵Ꭳݷଶ犋 䥁Ӥ܋ጱ DevOps ᛔ㵕玕 敟誢牧櫒簁ᛔ 2013 ଙ獺缏ᛗ 犡犋ک 3

    ଙ牧֕ኧෝٌ䟖አ
 篷դቘ纷ୗጱ礍䯤牧蟂ᗟ 覄ၚ牧纷ୗ嘨ฃ捝牧ࢩᘒ 蜫蝧౮傶ݑ喠ፓጱ DevOps ૡٍ牐 iThome - http://goo.gl/yJbWtz 17

18. Ansible ฎՋ讕牫 • 膏 Puppet, Salt, Chef 㪔ڜٌࢥጱᛔ㵕玕奲眲戔ਧૡٍ (Infrastructure as

    Code)牧ٌ墋㻌ฃአጱ粬௔虏ՈӞአ疰 眢Ӥ牧ࣁ DevOps ኴ犖㬟磪Ӟଅԏ瑿牐 • ֵአ Push 礍䯤牧ݝ襑 Python ޾ SSH ܨݢ砺֢牧犋አ氃 क़蕕 Angent牐
 
 • Python 檋籧ጱ奲眲戔ਧૡٍ牐 18

19. Ⅳ. ெ讕蟂ᗟ Ansible 絑ह牫 19 薪盢牏ਞ蕕牏戔ਧ

20. Ansible ฎெ讕螀֢ጱ牫 蝚螂 inventory ਧ嬝 Managed node牧㪔萞ኧ SSH 膏 Python

    蝱ᤈ传蝢牐 20

21. ெ讕ਞ蕕 Ansible牫 • ݝ襑ࣁ Control Machine ਞ蕕 Ansible牪Managed node 㳷ᥝ磪

    Python 2.5+ ޾ SSH牐 21 # Debian & Ubuntu (apt). $ sudo apt-get install ansible # Mac OS X (homebrew). $ sudo brew install ansible # Python (pip). $ sudo pip install ansible

22. ெ讕戔ਧ Ansible牫 • 萞ኧ ansible.cfg 㬵戔ਧ inventory (host file) 䲆礯᪠䕩牏

    Managed node (ᤩ矒ᒒ) ֵአᘏݷ圸牏SSH ᰂ槄 … 缛牐 22 $ vim ansible.cfg [defaults] # 瞲ਧ inventory 䲆礯᪠䕩牐 hostfile = hosts # 螐ᒒֵአᘏݷ圸 remote_user = vagrant #private_key_file = ~/.ssh/id_rsa # host_key_checking: 犋扇㺔ے獈 ssh ᰂ槄 host_key_checking = False

23. inventory ฎՋ讕牫 • Ԇᥝአ㬵ਧ嬝 Managed node (ᤩ矒ᒒ) Ԇ秚֖࣎膏ᗭ奲牧 犖ݢአ㬵戔ਧ ssh

    蝫娄虻懱牐 23 $ vim hosts # ansible_ssh_host: 螐ᒒ SSH Ԇ秚֖࣎牐 # ansible_ssh_port: 螐ᒒ SSH ओݗ (Port)牐 # ansible_ssh_user: 螐ᒒ SSH ֵአᘏݷ圸牐 # ansible_ssh_private_key_file: ๜秚 SSH ᐺ槄䲆᪠䕩牐 # ansible_ssh_pass: 螐ᒒ SSH ੂ嘨 (ୌ捍硬አᐺ槄)牐 [dev] ansible-demo.local ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 [test] ansible-test.local ansible_ssh_host=10.10.1.1 ansible_ssh_user=adeliae [prod] ansible-prod.local ansible_ssh_host=demo.drx.tw ansible_ssh_port=22

24. Ⅴ. ெ讕砺֢ Ansible牫 24 Ad-Hoc command, Playbook* (Module, Galaxy), Ansible

    Tower

25. Ad-Hoc command and 25 Playbook

26. Ad-Hoc command ฎՋ讕牫 • 墋Ꭸ (屷碻௔) ጱ瞲犤牧膏Ӟ膢ጱ command line 砺֢秇ୗ

    襊ݶ牧Ӟ稞ݝ蝚螂Ӟᤈ瞲犤蝱ᤈ砺֢牐 26 # Ӟ膢ጱ command line $ ping ansible-demo.local PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.037 ms --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.037/0.037/0.037/0.000 ms $ echo Hello World Hello World

27. Ad-Hoc command ฎՋ讕牫 • Ansible -m 盅ጱݱ殻㷢碍藶㷢ᘍਥො෈կ ҆
 Module Index牐

    27 # ansible <Ԇ秚ݷ圸> -m <ݱ殻㷢碍> $ ansible all -m ping ansible-demo.local | SUCCESS => { "changed": false, "ping": "pong" } $ ansible all -m command -a "echo Hello World" ansible-demo.local | SUCCESS | rc=0 >> Hello World

28. Playbooks ฎՋ讕牫 • Ӟ棎蟂ᗟጱ䔶य़ྎ瑊牧穉 Shell Script ๅٍ奾䯤玕ጱ脻๜承 ᥺牐 • ֵአ

    YAML ໒ୗ牧䌃 code 疰 ইݶ䌃෈կ牧墋㻌ฃ捝牐 • ݢֵአ Jinja2 (template 羬翄) 蔭螈ୗ牧㪔ඪൔ虋碍牏ڣ䥁ୗ
 牏蝅瑹 ... 缛承ဩ牐 Baby Playbook Onesie - http://goo.gl/GKJvXn 28

29. Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐

    • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 29 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi"

30. Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐

    • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 30 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi" Play

31. Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐

    • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 31 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi" Task 1 Task 2 Task 3

32. Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐

    • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 32 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi" Module

33. Playbooks ฎՋ讕牫 • 䁆ᤈ example.yml playbook牐 33 $ ansible-playbook example.yml

    PLAY [This is a Super-basic playbook.] ***************************************** TASK [setup] ******************************************************************* ok: [ansible-demo.local] TASK [Hello World] ************************************************************* changed: [ansible-demo.local] TASK [Install Vim & Emacs] ***************************************************** changed: [ansible-demo.local] => (item=[u'vim', u'emacs']) TASK [use vi-mode in readline] ************************************************* changed: [ansible-demo.local] PLAY RECAP ********************************************************************* ansible-demo.local : ok=4 changed=3 unreachable=0 failed=0

34. Playbooks ฎՋ讕牫 • 䁆ᤈ example.yml playbook牐 34 $ ansible-playbook example.yml

    PLAY [This is a Super-basic playbook.] ***************************************** TASK [setup] ******************************************************************* ok: [ansible-demo.local] TASK [Hello World] ************************************************************* changed: [ansible-demo.local] TASK [Install Vim & Emacs] ***************************************************** changed: [ansible-demo.local] => (item=[u'vim', u'emacs']) TASK [use vi-mode in readline] ************************************************* changed: [ansible-demo.local] PLAY RECAP ********************************************************************* ansible-demo.local : ok=4 changed=3 unreachable=0 failed=0 Setup 者奾 (Recap)

35. 箛 ێ 疻 纈 Live Demo 35

36. http://s.drx.tw/ansible1.kalug

37. https://youtu.be/L4UDVP1lJQQ

38. Module 38

39. http://docs.ansible.com/ansible/list_of_commands_modules.html

40. None

41. Docs » commands Modules 磪 yes 疰Ӟਧᥝአ

42. Galaxy 42

43. https://galaxy.ansible.com

44. None
45. None

46. 汜ݻਜਦ牧ၴᅁ篷璒牦 – ૬ේطଙ (Debian Buzz) 46

47. 㷢ᘍ෈糽 • Ansible Docs - http://docs.ansible.com/ansible/intro_installation.html • ̽Ansible: Up and

    Running̾- https://www.ansible.com/ansible-book • 犊獤楮ഩൎ Ansible ໐ஞ薪盢 (7:15) | Software Architecture School - http://goo.gl/nhykzE • Ansible 䋿䜗拻璤 - http://get.soft-arch.net/ansible/ • 襎脲ኴጱ褲琔物奲眲ᓕቘ | 敟誢礍䯤ɾᔵ承 - http://school.soft-arch.net/blog/90699/ metaphor-in-cm • 亮藳 Ansible by sakana / Max - https://goo.gl/e9RwhE • ̿Ansible ᛔ㵕玕奲眲ᓕቘ䋿䜗拻璤̀膏̿ᛔ౯䋿匍̀| 㲺Ռጱ執懿 - http://goo.gl/5gs1q9 • 匍դ IT ՈӞਧᥝᎣ螇ጱ Ansible ᛔ㵕玕奲眲ದૣ | 㲺Ռጱ執懿 - http://goo.gl/daAtVi 47 Free

48. 瑽粙㬵რ • Blasts Off Space Rocket From Cosmodrom In The

    Clouds, Polygonal Stock Illustration | dreamstime - http://goo.gl/6FAuiQ • 㾴疑瑿ቘ褾扮 - http://www.ngtaiwan.com • Using cloud-init and uvtool to initialize cloud instances | Rui - https://goo.gl/CbdvTH • Books icon (PSD) | GraphicsFuel - http://www.graphicsfuel.com/2012/07/books- icon-psd/ • Avatar, business, company, group, manager, people, users icon | Icon search engine - https://goo.gl/Hm6ScX • A Galaxy Just Appeared Out of Nowhere - http://chirpnews.com/2016/04/17/new- galaxy-appeared/ 48

49. ૡ珶๐率 49

50. 50 http://苢࿜ፘ蝪.tw

51. DevOps Taiwan https://www.facebook.com/groups/DevOpsTaiwan/ https://devopstaiwan.slack.com/ https://gitter.im/DevOpsTW/

52. http://www.vim.tw

53. http://coscup.org

54. http://mopcon.org

55. Q & A 瑥纔ೌ಑訤觬 55

56. E N D