[ chusiang@kalug ~ ] $ cat .profile # Author: 㲺Ռᗼ / chusiang.lai (at) gmail.com # Blog: http://note.drx.tw # Modified: 2016-05-31 16:30 

橕ෝ㲺Ռᗼ • 4 ଙ犥Ӥ IT 妿涢牐 • 匍肬 DrSays IT ૡ纷䒍牐 • Ansible 䋿䜗拻璤 4e. 䋊㹓牐 • ෝ Ansible Galaxy 獤Ձ Roles物 • php7 (php-fpm) • switch-apt-mirror • vim-and-vi-mode • zabbix-agent • CVE-2016-3714 2 

ࣖ绐㾏 ᥝ樄তԧ牦 3 

Outline I. 匍դ IT ՈฎՋ讕牫 4 

Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 5 

Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫 6 

Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫 IV. ெ讕蟂ᗟ Ansible 絑ह牫 7 

Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫 IV. ெ讕蟂ᗟ Ansible 絑ह牫 V. ெ讕砺֢ Ansible牫 8 

Outline I. 匍դ IT ՈฎՋ讕牫 II. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 III. Ansible ฎՋ讕牫 IV. ெ讕蟂ᗟ Ansible 絑ह牫 V. ெ讕砺֢ Ansible牫 VI. Q & A 9 

Ⅰ. 匍դ IT ՈฎՋ讕牫 10 DevOps 

匍դ IT ՈฎՋ讕牫 11 犥獮ጱ IT Ո 匍դጱ IT Ո ℂ蕕秚ک礍ᒊ 襑聻揲碍ੜ碻 (hr) 犋አ 30 獤 (min) Ӥ紑 ྯॠළළ瞲犤牏蕕蕕秚瑊牧 ଉଉ盛ԧ硬螂Ջ讕 䌃 code 吚者翄 䌃 code ᓕ秚瑊 ӥ紑 䌃犋ਠጱૡ֢෭懿 䒻ᛔ૩䌃ૡٍ (傶ԧ൉෱ӥ紑) 

Ⅱ. 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 12 ※ 戢物奲眲 = Configuration management (CM) 

疩獈 Ansible ᛔ㵕玕奲眲牧 ౯㮉ᴻԧݢ犥仂੝๐率Ӿ䥁 碻樌牏介手च器ୌ戔牏褔犵 ఺क़觓檺牧ๅݢ犥虏樄咳牏 介手޾ྋୗ絑ह篷翿矑敍牐 瑽粙㬵რ - Ansible as Automation Glue 13 

"ૡՈ" 奲眲 ᛔ㵕玕奲眲 ᯿蕦奲眲ጱՈێ౮๜ ṛ 犵 Ո傶०藮觓檺 ṛ 犵 ݢ介手௔ 櫞 ฃ 秇奲玕 櫞 ฃ ൉෱ӥ紑 櫞 ฃ 疩獈ᛔ㵕玕奲眲ጱঅ蒂ฎՋ讕牫 14 

Ⅲ. Ansible ฎՋ讕牫 15 

Ansible 玲ݷᛔᎣݷੜ藯
 ̽䜗凗蝿瞁̾牧ฎӞ稠胼 ᪜᩼碻绚ጱܨ碻蝢懱ૡٍ牐 襎୽ၹ䁭 - https://goo.gl/4xftZT 16 

Ansible ฎ蜱ଙ㬵Ꭳݷଶ犋 䥁Ӥ܋ጱ DevOps ᛔ㵕玕 敟誢牧櫒簁ᛔ 2013 ଙ獺缏ᛗ 犡犋ک 3 ଙ牧֕ኧෝٌ䟖አ
 篷դቘ纷ୗጱ礍䯤牧蟂ᗟ 覄ၚ牧纷ୗ嘨ฃ捝牧ࢩᘒ 蜫蝧౮傶ݑ喠ፓጱ DevOps ૡٍ牐 iThome - http://goo.gl/yJbWtz 17 

Ansible ฎՋ讕牫 • 膏 Puppet, Salt, Chef 㪔ڜٌࢥጱᛔ㵕玕奲眲戔ਧૡٍ (Infrastructure as Code)牧ٌ墋㻌ฃአጱ粬௔虏ՈӞአ疰 眢Ӥ牧ࣁ DevOps ኴ犖㬟磪Ӟଅԏ瑿牐 • ֵአ Push 礍䯤牧ݝ襑 Python ޾ SSH ܨݢ砺֢牧犋አ氃 क़蕕 Angent牐
 
 • Python 檋籧ጱ奲眲戔ਧૡٍ牐 18 

Ⅳ. ெ讕蟂ᗟ Ansible 絑ह牫 19 薪盢牏ਞ蕕牏戔ਧ 

Ansible ฎெ讕螀֢ጱ牫 蝚螂 inventory ਧ嬝 Managed node牧㪔萞ኧ SSH 膏 Python 蝱ᤈ传蝢牐 20 

ெ讕ਞ蕕 Ansible牫 • ݝ襑ࣁ Control Machine ਞ蕕 Ansible牪Managed node 㳷ᥝ磪 Python 2.5+ ޾ SSH牐 21 # Debian & Ubuntu (apt). $ sudo apt-get install ansible # Mac OS X (homebrew). $ sudo brew install ansible # Python (pip). $ sudo pip install ansible 

ெ讕戔ਧ Ansible牫 • 萞ኧ ansible.cfg 㬵戔ਧ inventory (host file) 䲆礯᪠䕩牏 Managed node (ᤩ矒ᒒ) ֵአᘏݷ圸牏SSH ᰂ槄 … 缛牐 22 $ vim ansible.cfg [defaults] # 瞲ਧ inventory 䲆礯᪠䕩牐 hostfile = hosts # 螐ᒒֵአᘏݷ圸 remote_user = vagrant #private_key_file = ~/.ssh/id_rsa # host_key_checking: 犋扇㺔ے獈 ssh ᰂ槄 host_key_checking = False 

inventory ฎՋ讕牫 • Ԇᥝአ㬵ਧ嬝 Managed node (ᤩ矒ᒒ) Ԇ秚֖࣎膏ᗭ奲牧 犖ݢአ㬵戔ਧ ssh 蝫娄虻懱牐 23 $ vim hosts # ansible_ssh_host: 螐ᒒ SSH Ԇ秚֖࣎牐 # ansible_ssh_port: 螐ᒒ SSH ओݗ (Port)牐 # ansible_ssh_user: 螐ᒒ SSH ֵአᘏݷ圸牐 # ansible_ssh_private_key_file: ๜秚 SSH ᐺ槄䲆᪠䕩牐 # ansible_ssh_pass: 螐ᒒ SSH ੂ嘨 (ୌ捍硬አᐺ槄)牐 [dev] ansible-demo.local ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 [test] ansible-test.local ansible_ssh_host=10.10.1.1 ansible_ssh_user=adeliae [prod] ansible-prod.local ansible_ssh_host=demo.drx.tw ansible_ssh_port=22 

Ⅴ. ெ讕砺֢ Ansible牫 24 Ad-Hoc command, Playbook* (Module, Galaxy), Ansible Tower 

Ad-Hoc command and 25 Playbook 

Ad-Hoc command ฎՋ讕牫 • 墋Ꭸ (屷碻௔) ጱ瞲犤牧膏Ӟ膢ጱ command line 砺֢秇ୗ 襊ݶ牧Ӟ稞ݝ蝚螂Ӟᤈ瞲犤蝱ᤈ砺֢牐 26 # Ӟ膢ጱ command line $ ping ansible-demo.local PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.037 ms --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.037/0.037/0.037/0.000 ms $ echo Hello World Hello World 

Ad-Hoc command ฎՋ讕牫 • Ansible -m 盅ጱݱ殻㷢碍藶㷢ᘍਥො෈կ ҆
 Module Index牐 27 # ansible <Ԇ秚ݷ圸> -m <ݱ殻㷢碍> $ ansible all -m ping ansible-demo.local | SUCCESS => { "changed": false, "ping": "pong" } $ ansible all -m command -a "echo Hello World" ansible-demo.local | SUCCESS | rc=0 >> Hello World 

Playbooks ฎՋ讕牫 • Ӟ棎蟂ᗟጱ䔶य़ྎ瑊牧穉 Shell Script ๅٍ奾䯤玕ጱ脻๜承 ᥺牐 • ֵአ YAML ໒ୗ牧䌃 code 疰 ইݶ䌃෈կ牧墋㻌ฃ捝牐 • ݢֵአ Jinja2 (template 羬翄) 蔭螈ୗ牧㪔ඪൔ虋碍牏ڣ䥁ୗ
 牏蝅瑹 ... 缛承ဩ牐 Baby Playbook Onesie - http://goo.gl/GKJvXn 28 

Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐 • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 29 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi" 

Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐 • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 30 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi" Play 

Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐 • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 31 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi" Task 1 Task 2 Task 3 

Playbooks ฎՋ讕牫 • Ӟ犩 Playbook ݢ犥磪ग़㮆 Play ޾ ग़㮆 Tasks牐 • 種ֺአکԧ Play*1, Task*3 ޾ Module*3 (command, apt, lineinfile)牐
 
 
 
 
 
 
 
 
 
 
 
 
 32 $ vim example.yml --- - name: This is a Super-basic playbook. hosts: all tasks: - name: Hello World command: echo "Hello World" - name: Install Vim & Emacs become: yes apt: name={{ item }} state=present with_items: - vim - emacs # ݄݄牧emacs 蚎牐 - name: use vi-mode in readline become: yes lineinfile: dest=/etc/inputrc line="set editing-mode vi" Module 

Playbooks ฎՋ讕牫 • 䁆ᤈ example.yml playbook牐 33 $ ansible-playbook example.yml PLAY [This is a Super-basic playbook.] ***************************************** TASK [setup] ******************************************************************* ok: [ansible-demo.local] TASK [Hello World] ************************************************************* changed: [ansible-demo.local] TASK [Install Vim & Emacs] ***************************************************** changed: [ansible-demo.local] => (item=[u'vim', u'emacs']) TASK [use vi-mode in readline] ************************************************* changed: [ansible-demo.local] PLAY RECAP ********************************************************************* ansible-demo.local : ok=4 changed=3 unreachable=0 failed=0 

Playbooks ฎՋ讕牫 • 䁆ᤈ example.yml playbook牐 34 $ ansible-playbook example.yml PLAY [This is a Super-basic playbook.] ***************************************** TASK [setup] ******************************************************************* ok: [ansible-demo.local] TASK [Hello World] ************************************************************* changed: [ansible-demo.local] TASK [Install Vim & Emacs] ***************************************************** changed: [ansible-demo.local] => (item=[u'vim', u'emacs']) TASK [use vi-mode in readline] ************************************************* changed: [ansible-demo.local] PLAY RECAP ********************************************************************* ansible-demo.local : ok=4 changed=3 unreachable=0 failed=0 Setup 者奾 (Recap) 

箛 ێ 疻 纈 Live Demo 35 

http://s.drx.tw/ansible1.kalug 

https://youtu.be/L4UDVP1lJQQ 

Module 38 

http://docs.ansible.com/ansible/list_of_commands_modules.html 

No content

Docs » commands Modules 磪 yes 疰Ӟਧᥝአ 

Galaxy 42 

https://galaxy.ansible.com 

No content

No content

汜ݻਜਦ牧ၴᅁ篷璒牦 – ૬ේطଙ (Debian Buzz) 46 

㷢ᘍ෈糽 • Ansible Docs - http://docs.ansible.com/ansible/intro_installation.html • ̽Ansible: Up and Running̾- https://www.ansible.com/ansible-book • 犊獤楮ഩൎ Ansible ໐ஞ薪盢 (7:15) | Software Architecture School - http://goo.gl/nhykzE • Ansible 䋿䜗拻璤 - http://get.soft-arch.net/ansible/ • 襎脲ኴጱ褲琔物奲眲ᓕቘ | 敟誢礍䯤ɾᔵ承 - http://school.soft-arch.net/blog/90699/ metaphor-in-cm • 亮藳 Ansible by sakana / Max - https://goo.gl/e9RwhE • ̿Ansible ᛔ㵕玕奲眲ᓕቘ䋿䜗拻璤̀膏̿ᛔ౯䋿匍̀| 㲺Ռጱ執懿 - http://goo.gl/5gs1q9 • 匍դ IT ՈӞਧᥝᎣ螇ጱ Ansible ᛔ㵕玕奲眲ದૣ | 㲺Ռጱ執懿 - http://goo.gl/daAtVi 47 Free 

瑽粙㬵რ • Blasts Off Space Rocket From Cosmodrom In The Clouds, Polygonal Stock Illustration | dreamstime - http://goo.gl/6FAuiQ • 㾴疑瑿ቘ褾扮 - http://www.ngtaiwan.com • Using cloud-init and uvtool to initialize cloud instances | Rui - https://goo.gl/CbdvTH • Books icon (PSD) | GraphicsFuel - http://www.graphicsfuel.com/2012/07/books- icon-psd/ • Avatar, business, company, group, manager, people, users icon | Icon search engine - https://goo.gl/Hm6ScX • A Galaxy Just Appeared Out of Nowhere - http://chirpnews.com/2016/04/17/new- galaxy-appeared/ 48 

ૡ珶๐率 49 

50 http://苢࿜ፘ蝪.tw 

DevOps Taiwan https://www.facebook.com/groups/DevOpsTaiwan/ https://devopstaiwan.slack.com/ https://gitter.im/DevOpsTW/ 

http://www.vim.tw 

http://coscup.org 

http://mopcon.org 

Q & A 瑥纔ೌ಑訤觬 55 

E N D