現代 IT 人一定要知道的 Ansible 自動化組態技巧 Ⅱ - Roles & Windows

Transcript

1. [ chusiang@study-area ~ ] $ cat .profile # Author: 㲺Ռᗼ

   / chusiang.lai (at) gmail.com # Blog: http://note.drx.tw # Modified: 2016-07-16 01:23 Ⅱ

2. ౯ฎ抑牫 • 㲺Ռᗼ (@chusiang_lai)牐 • 4 ଙ犥Ӥ IT 妿涢牐 •

   Ansible 䋿䜗拻璤 4e. 䋊㹓牐 • ෝ Galaxy 獤Ձጱ Roles物 • php7 (php-fpm) • vim-and-vi-mode • win_vim • zabbix-agent 2

3. ࣖ绐㾏 ᥝ樄তԧ牦 3

4. Outline I. Roles ฎՋ讕牫 4

5. Outline I. Roles ฎՋ讕牫 II. ெ讕ֵአ Roles牫 5

6. Outline I. Roles ฎՋ讕牫 II. ெ讕ֵአ Roles牫 III. Windows Support

   ฎՋ讕牫 6

7. Outline I. Roles ฎՋ讕牫 II. ெ讕ֵአ Roles牫 III. Windows Support

   ฎՋ讕牫 IV. ெ讕蟂ᗟ Ansible ᓕ Windows 絑ह牫 7

8. Outline I. Roles ฎՋ讕牫 II. ெ讕ֵአ Roles牫 III. Windows Support

   ฎՋ讕牫 IV. ெ讕蟂ᗟ Ansible ᓕ Windows 絑ह牫 V. ெ讕አ Ansible ᓕ Windows牫 8

9. Outline I. Roles ฎՋ讕牫 II. ெ讕ֵአ Roles牫 III. Windows Support

   ฎՋ讕牫 IV. ெ讕蟂ᗟ Ansible ᓕ Windows 絑ह牫 V. ெ讕አ Ansible ᓕ Windows牫 VI. Q & A 9

10. Ⅰ. Roles ฎՋ讕牫 10

11. Scaling Up Your Playbooks -̽Ansible: Up and Running̾ Safari Books

    Online - https://goo.gl/dxoGSb

12. – chusiang ̿ Roles ݢ犥褔犵 Playbooks ጱ蕦褾௔ 牧ๅݢ犥ीے Playbooks ጱݢአ௔牐̀

13. Roles ฎՋ讕牫 • ਁᶎӤጱ఺௏ฎ薫ᜋ牧ٌ獊ݷ 傶 Playbook Roles牐 • 疥 Playbook

    獤獹౮ग़㮆෈կ ጱ (ು虡玕) ੗蕕戔懯牐 • অ穉 Python ጱ Packages牐ֵ አ Roles ౯㮉ݢ፜݄᯿蝨斪ৼ ጱ碻樌牧簁盅൉෱ӥ紑牦 Ansible Docs - http://goo.gl/mV6ToX 13

14. Playbooks ฎՋ讕牫 • Ӟ棎蟂ᗟጱ䔶य़ྎ瑊牧穉 Shell Script ๅٍ奾䯤玕ጱ脻๜承 ᥺牐 • ֵአ

    YAML ໒ୗ牧䌃 code 疰 ইݶ䌃෈կ牧墋㻌ฃ捝牐 • ݢֵአ Jinja2 (template 羬翄) 蔭螈ୗ牧㪔ඪൔ虋碍牏ڣ䥁ୗ
 牏蝅瑹 ... 缛承ဩ牐 Baby Playbook Onesie - http://goo.gl/GKJvXn 14

15. 15 Playbook Roles Playbooks v.s. [ jonny@sa ~/playbook-role ]$ tree

    -L 3 . !"" LICENSE !"" README.md !"" ...... !"" ansible.cfg !"" group_vars # %"" windows.yml !"" requirements.yml !"" roles # %"" chusiang.win_vim # !"" LICENSE # !"" README.md # !"" ...... # !"" tasks # %"" templates !"" setup.yml !"" staging %"" templates %"" check_vim_version.bat.j2 [ jonny@sa ~/playbook ]$ tree -L 3 . !"" LICENSE !"" README.md !"" ...... !"" ansible.cfg !"" defaults # %"" main.yml !"" group_vars # %"" windows.yml !"" setup.yml !"" staging !"" tasks # !"" main.yml # %"" use-msi.yml %"" templates %"" check_vim_version.bat.j2

16. Ⅱ. ெ讕ֵአ Roles牫 矾疨牏ਞ蕕牏ڡত玕 16

17. Terminal and 17 Galaxy

18. Galaxy 18

19. https://galaxy.ansible.com

20. None
21. None
22. None

23. 23 $ ansible-galaxy ̍

24. ெ讕矾疨 Roles牫 24 # ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options] ... $

    ansible-galaxy search win_vim Found 11 roles matching your search: Name Description ---- ----------- chusiang.win_vim Install Vim and on Windows. mingraham.win_import_pfx_cert Imports pfx certs to windows machine with pr alban.andrieu.windows A role for installing windows ypid.wine Setup and manage Wine for running MS Windows trondhindenes.win_reboot A role to manage reboots on Windows nodes. T kafecho.windows-couchdb Ansible role to deploy Apache CouchDB 1.6.1 cchurch.win-ec2 Create and destroy Windows instances on EC2. shrikeh.pagerduty-maintenance-windows Ansible role to create PagerDuty scheduled m peterszatmary.xfce Installs the XFCE window manager and lightdm JamesSmaldon.xfce Installs the XFCE window manager and lightdm deekayen.tls Host more secure communications for services (END)

25. ெ讕ਞ蕕 Roles牫 25 $ ansible-galaxy install chusiang.win_vim - downloading role

    'win_vim', owned by chusiang - downloading role from https://github.com/chusiang/win_vim.ansible.role/ archive/1.0.5.tar.gz - extracting chusiang.win_vim to /usr/local/etc/ansible/roles/chusiang.win_vim - chusiang.win_vim was installed successfully $ ansible-galaxy install -f -p roles chusiang.win_vim - downloading role 'win_vim', owned by chusiang - downloading role from https://github.com/chusiang/win_vim.ansible.role/ archive/1.0.5.tar.gz - extracting chusiang.win_vim to roles/chusiang.win_vim - chusiang.win_vim was installed successfully ெ讕螲ਞ蕕 Roles 螲ᛔ懪 Roles ֖ᗝ牫

26. ெ讕ڡত玕 Roles牫 26 $ ansible-galaxy init new_role - new_role was

    created successfully $ tree new_role/ new_role/ !"" README.md !"" defaults # %"" main.yml !"" files !"" handlers # %"" main.yml !"" meta # %"" main.yml !"" tasks # %"" main.yml !"" templates !"" tests # !"" inventory # %"" test.yml %"" vars %"" main.yml https://galaxy.ansible.com/intro

27. Ⅲ. Windows Support ฎՋ讕牫 27

28. Ansible Docs - http://goo.gl/jm8lpl 28 ࣁਥො෈կӾ牧 磪㮆ᒍ℄䌕槹ࣁ藯 ...

29. Ansible Docs - http://goo.gl/jm8lpl 29 ࣁਥො෈կӾ牧 磪㮆ᒍ℄䌕槹ࣁ藯 ... ெ讕አ Ansible

    ᓕ Windows牦

30. Ansible ℂ 1.7 樄তඪൔ Windows Managed node牐 Ansible Docs -

    http://goo.gl/jm8lpl 30

31. Ansible 2.0 䌘 Windows Managed node ጱඪൔଶ य़ଏ൉܋牐 jhawkesworth -

    http://goo.gl/5C4mrc 31

32. Ansible ெ讕ᓕ Windows牫 蝚螂 inventory ਧ嬝 Managed node牧㪔萞ኧ WinRM (౲

    SSH) 膏 PowerShell 蝱ᤈ传蝢牐 32

33. Ansible ெ讕ᓕ Unix-like牫 蝚螂 inventory ਧ嬝 Managed node牧㪔萞ኧ SSH 膏

    Python 蝱ᤈ传蝢牐 33

34. Unix-like node SSH Python Windows node WinRM, SSH PowerShell

35. Unix-like node SSH Python Windows node WinRM, SSH PowerShell

36. Unix-like node SSH Python Windows node WinRM, SSH PowerShell

37. Unix-like node SSH Python Windows node WinRM, SSH PowerShell

38. Ⅳ. ெ讕蟂ᗟ Ansible ᓕ Windows 絑ह牫 ਞ蕕牏戔ਧ

39. ெ讕蟂ᗟ Control Machine牫 • ਞ蕕 ansible ޾ pywinrm牐 39 #

    Reference:
 # 
 # http://docs.ansible.com/ansible/intro_windows.html#installing-on-the- control-machine
 
 # Debian & Ubuntu (propose). $ sudo apt-get install ansible # Mac OS X (propose). $ sudo brew install ansible # Python. $ sudo pip install ansible # pywinrm (need). $ sudo pip install "pywinrm>=0.1.1"

40. ெ讕蟂ᗟ Managed node牫 珸አ WinRM ๐率牏ਞ蕕 PowerShell 3.0+牏橕樂 UAC

41. 1. 獮ஃ Windows Support ෈կ殷ᶎ牐

42. 2. 讨䢗 Windows System Prep 蝫奾牐

43. 3. 讨䢗 this PowerShell script 蝫奾牐

44. 4. 讨䢗 Raw 蝫奾牐

45. 5. ݚਂ ConfigureRemotingForAnsible.ps1 ౮碝䲆牐

46. 6. ֵአᓕቘᘏ稗褖樄珸 PowerShell牐

47. 7. ֵአᓕቘᘏ稗褖䁆ᤈ ConfigureRemotingForAnsible.ps1牐 R

48. 8. 舙 Script 磪 UAC 稗褖㺔氂牧藶ض薹森 (Unblock) ٚ䁆ᤈ牐

49. 9. 舙翕᪠磪㺔氂牧藶硬አᐺՈ翕᪠ (Private network)牐

50. $ winrm quickconfig -q $ winrm set winrm/config/winrs @{MaxMemoryPerShellMB="512"} $

    winrm set winrm/config @{MaxTimeoutms="1800000"} $ winrm set winrm/config/service @{AllowUnencrypted="true"} $ winrm set winrm/config/service/auth @{Basic="true"} $ sc config WinRM start= auto 10. 螭磪㺔氂牫藶አᓕቘᘏ稗褖樄珸޸ڜ൉纈ਁز牧㪔䁆ᤈ犥Ӥ 6 ᤈ牐 C:\ ̍

51. ெ讕蟂ᗟ Managed node牫 珸አ WinRM ๐率牏ਞ蕕 PowerShell 3.0+牏橕樂 UAC

52. Windows 8, 10牏Server 2012 ૪獉ୌ PowerShell 3.0+牐

53. Windows 7牏Server 2008 R2 襑ಋ㵕ਞ蕕 PowerShell 3.0牐

54. ெ讕蟂ᗟ Managed node牫 珸አ WinRM ๐率牏ਞ蕕 PowerShell 3.0+牏橕樂 UAC

55. (螡殻) 舙๚؊አ UAC牧ݢ胼䨝蝨౮蟂犩 tasks ᤩӾ䥁牐

56. ெ讕戔ਧ Ansible牫 • 萞ኧ ansible.cfg 㬵戔ਧ inventory (host file) 䲆礯᪠䕩牏

    Managed node (ᤩ矒ᒒ) ֵአᘏݷ圸牏SSH ᰂ槄 … 缛牐 56 $ vim ansible.cfg [defaults] # 瞲ਧ inventory 䲆礯᪠䕩牐 hostfile = staging # 螐ᒒֵአᘏݷ圸 remote_user = vagrant # host_key_checking: 犋扇㺔ے獈 ssh ᰂ槄 #host_key_checking = False

57. inventory ฎՋ讕牫 • Ԇᥝአ㬵ਧ嬝 Managed node (ᤩ矒ᒒ) Ԇ秚֖࣎膏ᗭ奲牧 犖ݢአ㬵戔ਧ WinRM

    蝫娄虻懱牐 57 $ vim staging # ansible_host: 螐ᒒԆ秚֖࣎牐 # ansible_port: 螐ᒒओݗ (Port)牐 # ansible_user: 螐ᒒֵአᘏݷ圸牐 # ansible_pass: 螐ᒒੂ嘨 (ୌ捍硬አᐺ槄)牐 [local] win10.local ansible_host=127.0.0.1 ansible_user=IEUser ansible_password=Passw0rd! ansible_port=55986

58. inventory ฎՋ讕牫 • ࣁ矒ᓕ Windows Managed node 獮牧౯㮉螭襑戔ਧ蝡犚 inventory 虋碍牐

    58 $ vim group_vars/windows.yml --- # windows support ################# ansible_connection: winrm ansible_port: 5986 # The following is necessary for Python 2.7.9+ when using \ # default WinRM self-signed certificates: ansible_winrm_server_cert_validation: ignore

59. Ⅴ. ெ讕አ Ansible ᓕ Windows牫 Ad-Hoc command, Playbooks x Roles

60. Ad-Hoc command 60 Playbooks x Roles

61. ெ讕አ Ad-Hoc command ᓕ Windows牫 • -m 盅ጱݱ殻㷢碍藶㷢ᘍਥො෈կ ҆ Windows

    Modules
 牧ඪൔ Windows ጱ Module य़ग़傶 win 樄毣牐 61 # ansible <Ԇ秚ݷ圸> -m <秇奲> -a <㷢碍1> -a <㷢碍2> $ ansible all -m win_ping win10.local | SUCCESS => { "changed": false, "ping": "pong" } $ ansible all -m raw -a "echo Hello World" win10.local | SUCCESS | rc=0 >> Hello World

62. ெ讕አ Playbooks ޾ Roles ᓕ Windows牫 62 $ vim setup.yml

    --- - hosts: all roles: - chusiang.win_vim tasks: - name: copy check vim version file win_template: src: 'templates/check_vim_version.bat.j2' dest: '{{ tmp_path }}\check_vim_version.bat' when: ansible_os_family == "Windows" - name: check vim version raw: '{{ tmp_path }}\check_vim_version.bat' register: vim_version when: ansible_os_family == "Windows" - name: print vim version debug: msg: "{{ vim_version }}" when: ansible_os_family == "Windows"

63. ெ讕አ Playbooks ޾ Roles ᓕ Windows牫 63 $ vim setup.yml

    --- - hosts: all roles: - chusiang.win_vim tasks: - name: copy check vim version file win_template: src: 'templates/check_vim_version.bat.j2' dest: '{{ tmp_path }}\check_vim_version.bat' when: ansible_os_family == "Windows" - name: check vim version raw: '{{ tmp_path }}\check_vim_version.bat' register: vim_version when: ansible_os_family == "Windows" - name: print vim version debug: msg: "{{ vim_version }}" when: ansible_os_family == "Windows" Play

64. ெ讕አ Playbooks ޾ Roles ᓕ Windows牫 64 $ vim setup.yml

    --- - hosts: all roles: - chusiang.win_vim tasks: - name: copy check vim version file win_template: src: 'templates/check_vim_version.bat.j2' dest: '{{ tmp_path }}\check_vim_version.bat' when: ansible_os_family == "Windows" - name: check vim version raw: '{{ tmp_path }}\check_vim_version.bat' register: vim_version when: ansible_os_family == "Windows" - name: print vim version debug: msg: "{{ vim_version }}" when: ansible_os_family == "Windows" role1: chusiang.win_vim task1: copy script to remote. task2: run script. task3: print stdout.

65. ெ讕አ Playbooks ޾ Roles ᓕ Windows牫 65 $ vim setup.yml

    --- - hosts: all roles: - chusiang.win_vim tasks: - name: copy check vim version file win_template: src: 'templates/check_vim_version.bat.j2' dest: '{{ tmp_path }}\check_vim_version.bat' when: ansible_os_family == "Windows" - name: check vim version raw: '{{ tmp_path }}\check_vim_version.bat' register: vim_version when: ansible_os_family == "Windows" - name: print vim version debug: msg: "{{ vim_version }}" when: ansible_os_family == "Windows" Module

66. ெ讕አ Playbooks ޾ Roles ᓕ Windows牫 66 $ ansible-playbook setup.yml

    PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [win10.local] TASK [chusiang.win_vim : Create temp directory] ******************************** ok: [win10.local] TASK [chusiang.win_vim : delegate to 'msi' system for installation] ************ included: /Users/jonny/vcs/9.demo/studyarea1607-ansible-demo/roles/ chusiang.win_vim/tasks/use-msi.yml for win10.local TASK [chusiang.win_vim : get vim.msi on windows] ******************************* changed: [win10.local] TASK [chusiang.win_vim : install vim with msi] ********************************* changed: [win10.local]

67. ெ讕አ Playbooks ޾ Roles ᓕ Windows牫 67 TASK [copy check

    vim version file] ********************************************* changed: [win10.local] TASK [check vim version] ******************************************************* ok: [win10.local] TASK [print vim version] ******************************************************* ok: [win10.local] => { "msg": { "changed": false, "rc": 0, "stderr": "", "stdout": "\r\nC:\\Users\\IEUser>\"C:\\Program Files (x86)\\vim\\vim74\ \vim.exe\" --version \r\nVIM - Vi IMproved 7.4 (2013 Aug 1 ...... ] } } PLAY RECAP ********************************************************************* win10.local : ok=8 changed=3 unreachable=0 failed=0

68. ெ讕አ Playbooks ޾ Roles ᓕ Windows牫 68 TASK [copy check

    vim version file] ********************************************* changed: [win10.local] TASK [check vim version] ******************************************************* ok: [win10.local] TASK [print vim version] ******************************************************* ok: [win10.local] => { "msg": { "changed": false, "rc": 0, "stderr": "", "stdout": "\r\nC:\\Users\\IEUser>\"C:\\Program Files (x86)\\vim\\vim74\ \vim.exe\" --version \r\nVIM - Vi IMproved 7.4 (2013 Aug 1 ...... ] } } PLAY RECAP ********************************************************************* win10.local : ok=8 changed=3 unreachable=0 failed=0 者奾

69. 箛 ێ 疻 纈 Live Demo 69

70. https://youtu.be/wZLT1B_uh9Q

71. https://github.com/chusiang/studyarea1607-ansible-demo

72. ெ讕螨樄 Windows Playbooks ᪠䕩瑿襊牫 1. ֵአ key:value 䌃ဩ䨝穉 key=value ੝᪴讨襊牧盅ᘏ犋碻䨝蝽

    ک᪠䕩 (PATH) 篷ဩ蜣蘷㺔氂牐 2. 螨عࣁྯᤈጱ奾ੲֵአ \牐 3. 舙蝽ک \ ݢֵአ \\ 㬵磦դ牧ࢩ傶 Windows ܻض疰䨝蝡䰬薹ຉ ᪠䕩牐 4. 粬ྛᒧ蒈薹ຉ磪藮牫藶ض䌃অ瞙稞䲆牧㯽䲆盅 (win_copy, win_template) ٚ䁆ᤈ (raw)牐ֺ物`C:\Program Files (x86)`牐 5. ࣁ Playbooks 愊牧/ 狶傶᪠䕩ጱ獤ᵍᒧ蒈ฎ磪硳ጱ牐

73. 73 ଉአጱ Windows Module 磪ߺ犚牫

74. ଉአጱ Windows Module 磪ߺ犚牫 1. raw: Executes a low-down and

    dirty SSH command. 2. win_copy: Copies files to remote locations on windows hosts. 3. win_file: Creates, touches or removes files or directories. 4. win_get_url: Fetches a file from a given URL. 5. win_lineinfile: Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression.

75. ଉአጱ Windows Module 磪ߺ犚牫 6. win_msi: Installs and uninstalls Windows

    MSI files. 7. win_ping: A windows version of the classic ping module. 8. win_reboot: Reboot a windows machine. 9. win_stat: returns information about a Windows file. 10.win_template: Templates a file out to a remote server.

76. Q & A 瑥纔ೌ಑訤觬 76

77. 㷢ᘍ෈糽 A. ̽Ansible: Up and Running̾- https://www.ansible.com/ansible-book B. Windows Support

    | Ansible Docs - http://docs.ansible.com/ansible/intro_windows.html C. Ansible 2.0 and Windows | AnsibleFest London 2016 - https://goo.gl/OmScaQ D. Ansible 䋿䜗拻璤 - http://get.soft-arch.net/ansible/ E. 亮藳 Ansible by sakana / Max - https://goo.gl/gR0dox F. 匍դ IT ՈӞਧᥝᎣ螇ጱ Ansible ᛔ㵕玕奲眲ದૣ | 㲺Ռጱ執懿 - http://goo.gl/JXqlez G. 樄তአ Ansible ᓕቘ Windows | @metavige - https://goo.gl/F79v1N H. Create A Vagrant Windows Base Box | Smalltown Tech Blog - https://goo.gl/rcy3tT I. Issues · ansible/ansible | GitHub - https://github.com/ansible/ansible/issues 77 Free

78. 瑽粙㬵რ a. Blasts Off Space Rocket From Cosmodrom In The

    Clouds, Polygonal Stock Illustration | dreamstime - http://goo.gl/6FAuiQ b. 㾴疑瑿ቘ褾扮 - http://www.ngtaiwan.com c. Avatar, business, company, group, manager, people, users icon | Icon search engine
 - https://goo.gl/Hm6ScX d. A Galaxy Just Appeared Out of Nowhere - http://goo.gl/ND2Jwb e. PowerShell Gallery | azure-sdk - https://goo.gl/bES4Ba f. Brown Book Icon - someBooks Icons - SoftIcons.com - http://goo.gl/IDb4jp g. Deployment of Symfony2 applications with Ansible - ServerGroveServerGrove
 - http://blog.servergrove.com/2014/04/01/deployment-symfony2-applications-ansible/ 78

79. ૡ珶๐率 79

80. 80 .tw

81. http://mopcon.org

82. https://gitter.im/DevOpsTW/ https://devopstaiwan.slack.com/ DevOps Taiwan https://www.facebook.com/groups/DevOpsTaiwan/

83. http://www.vim.tw

84. COSCUP 2016 珶ߝ毆搳

85. ੜ珵揳℅罏 茴褸揳 (ДЫХ) ℅ (ЕЦ) ጱᐟً牦

86. ੜ珵 VR 縄椷 誢涢 VR 蒅硈䋿हጱڥ瑊牦

87. 藶ੂ獥ဳ఺ COSCUP 2016牦 http://coscup.org/2016/

88. 88 END