構成管理ツール Ansible 実践 / ansible-seminar-20160715

by Taro Hirose

Slide 1

Slide 1 text

2016.07.15 (Fri) ߏ੒؅ཧπʔϧ Ansible ࣮ફ CyberZɹኍ੉ ଠ࿠

Slide 2

Slide 2 text

ࣗݾ঺հ ኍ੉ ଠ࿠ @ CyberZ ‣ גࣜձࣾ CyberZ - OPENRECࣄۀ෦ ‣ Πϯϑϥ & αʔόαΠυ ΤϯδχΞ ‣ ܦྺ ‣ ಠཱܥITίϯαϧςΟϯάϑΝʔϜ R&D ‣ גࣜձࣾCyberZ ΞυςΫϊϩδʔࣄۀ෦ / Πϯϑϥہ ‣ גࣜձࣾCyberZ OPENRECࣄۀ෦ (ݱ৬) ‣ ಘҙྖҬ ‣ ӡ༻؂ࢹɺߏ੒؅ཧ/ࣗಈԽ ‣ Contents ‣ http://uorat.hatenablog.com/

Slide 3

Slide 3 text

໨࣍ 1. Ansible ֓ཁ ‣ Ansible ͱ͸ ‣ Ansible ͷಛ௃ ‣ σϞʢ୅දతͳ࢖͍ํͱߏ੒આ໌ʣ 2. Ansible ೖ໳ ‣ ༻ޠઆ໌ ‣ Playbook ͷॻ͖ํ ‣ σϞʢPlaybookαϯϓϧઆ໌ͱ࣮ߦʣ 3. Ansible ࣮ફ ‣ σΟϨΫτϦߏ੒ / Best Practice ‣ Playbook ࡞੒ͷ ίπ ‣ ฐࣾͰͷࣄྫ

Slide 4

Slide 4 text

1. Ansible ֓ཁ

Slide 5

Slide 5 text

1. Ansible ֓ཁ - Ansible ͱ͸

Slide 6

Slide 6 text

Ansibleͱ͸ “Ansible is Simple IT Automation” SIMPLE AGENTLESS POWERFUL Automate in hours - not weeks - with Ansible's human-readable IT automation language. Ansible uses SSH instead of agents. More efﬁcient, more secure and less to manage. App deployment, conﬁguration management and orchestration - all from one system. qt: http://www.ansible.com/home

Slide 7

Slide 7 text

ߏ੒؅ཧͷ͢ʍΊ (1) - ߏ੒؅ཧ ‣ ಉظ͞Εͳ͍υΩϡϝϯτ ‣ هࡌ಺༰͕ݹ͍ ‣ ίϚϯυ͕ؒҧ͍ͬͯΔ ‣ ൿ఻ͷλϨͱԽͨ͠Snapshot ‣ ΫϦʔϯΠϯετʔϧ͞Εͨαʔό ͔Βಉ༷ͷ؀ڥΛߏஙͰ͖ͳ͍ ‣ νϡʔχϯά಺༰͕ෆ໌ ‣ Ṗͷdaemon͕ಈ͍͍ͯΔ ߏ੒؅ཧΛߦ͍ɺαʔόͷʮ͋Δ ΂͖࢟ʯΛ؅ཧ͠Α͏

Slide 8

Slide 8 text

ߏ੒؅ཧͷ͢ʍΊ (2) - ࣗಈԽ ‣ Ճ଎͢ΔϏδωεεϐʔυ ‣ ܹԽ͢Δάϩʔόϧڝ૪ ‣ Ϋϥ΢υͷ୆಄ʹΑΓɺϦιʔεͷௐ ୡʹ͔͔ΔϦʔυλΠϜ͕ܹݮ ‣ Մೳͳ͔͗Γ଎͘ੈʹग़͢ ‣ ෇ՃՁ஋ΛߴΊΔۀ຿ʹूத ‣ ఆৗۀ຿͸௿ίετͰ ‣ αʔό / ϛυϧ΢ΣΞ ηοτΞοϓ ‣ ΞϓϦέʔγϣϯσϓϩΠ ‣ ੬ऑੑରԠ ਓґଘͳ࡞ۀΛࣗಈԽ͠ɺߴ଎ͳ σϦόϦΛ࣮ݱ͠Α͏

Slide 9

Slide 9 text

બ୒ࢶ Fabric

Slide 10

Slide 10 text

ͦΕͧΕͷಛԽྖҬ Fabric Conﬁguration Orchestration

Slide 11

Slide 11 text

AnsibleͷҐஔ͚ͮ Fabric Conﬁguration Orchestration

Slide 12

Slide 12 text

1. Ansible ֓ཁ - Ansible ͷಛ௃

Slide 13

Slide 13 text

࠶ܝ “Ansible is Simple IT Automation” SIMPLE AGENTLESS POWERFUL Automate in hours - not weeks - with Ansible's human-readable IT automation language. Ansible uses SSH instead of agents. More efﬁcient, more secure and less to manage. App deployment, conﬁguration management and orchestration - all from one system. qt: http://www.ansible.com/home

Slide 14

Slide 14 text

Ansibleͷಛ௃ “Ansible is Simple IT Automation” ‣ ఆٛ͸YAMLʢ㲈ઃఆϑΝΠϧʣ ‣ ϓϩάϥϜͰ͢Βແ͍ͨΊֶशোน͕গͳ͍ SIMPLE Automate in hours - not weeks - with Ansible's human-readable IT automation language. --- - hosts: webservers tasks: - name: yum install nginx yum: pkg=nginx state=installed

Slide 15

Slide 15 text

Ansibleͷಛ௃ “Ansible is Simple IT Automation” ‣ agentΠϯετʔϧෆཁ ‣ ӡ༻؅ཧαʔόͰansible*ίϚϯυ͕࢖͑Ε͹OK ‣ Python͕ೖ͍ͬͯΕ͹ಋೖՄೳ ‣ ઐ༻ͷserver΍agentͷӡ༻؅ཧෆཁ ‣ ৗற͢Δϓϩηε͸ͳ͠ AGENTLESS Ansible uses SSH instead of agents. More efﬁcient, more secure and less to manage.

Slide 16

Slide 16 text

Ansibleͷಛ௃ “Ansible is Simple IT Automation” ‣ ߏ੒؅ཧ͚ͩͰͳ͘Orchestrationͱͯ͠΋࢖͑ΔͷͰɺͪΐͬͱ͠ ͨૢ࡞΍ௐࠪͷࢧԉπʔϧʹ΋ͳΔ ‣ ߴػೳ͕ͩɺεϞʔϧελʔτͰ࢝ΊΔ͜ͱ΋Մೳ POWERFUL App deployment, conﬁguration management and orchestration - all from one system. ॊೈͳ࣮ߦํ๏ ‣ ࢦఆͨ͠λΠϛϯάͰ࣮ߦ ‣ ෳ਺ฒྻ࣮ߦ ‣ ඞཁͳॲཧ͚ͩΛone-linerͰadhocʹ࣮ߦ ‣ Pushܕ͚ͩͰͳ͘Pullܕ΋αϙʔτ (ansible-pull)

Slide 17

Slide 17 text

Ansibleͷಛ௃ “Ansible is Simple IT Automation” ႈ౳ੑ ‣ هࡌͨ͠DSLͷఆٛͷঢ়ଶʹऩଋͯ͘͠ΕΔ ‣ ͋Δૢ࡞ΛԿճߦͬͯ΋݁Ռ͸ಉ͡ ‣ มߋ͕ͳ͚Ε͹ॲཧΛεΩοϓ͢Δ ҎԼ͕Πϯετʔϧ͞Ε͍ͯΔ͜ͱ ɾnginx ɾjava ɾzabbix_agentd αʔϏε͕ىಈ͍ͯ͠Δ͜ͱ ɾnginx ɾzabbix_agentd

Slide 18

Slide 18 text

Chef ͱͷൺֱ ‣ ػೳ໘ͷࠩ͸΄΅ແ͍ɻ ‣ ߏ੒ͱఆٛܗࣜ/ςϯϓϨʔτΤϯδϯʹ͕ࠩ͋Δ Ansible Chef Agent Agent ෆཁ ؅ཧର৅΁ͷ Agent Πϯετʔϧඞཁ Pull / Push Pushܕ ʢಛఆͷαʔό͔ΒSSHͰૢ࡞ʣ Pullܕ ʢChef server͔Βߏ੒৘ใΛऔಘ࣮ͯ͠ߦʣ ఆٛܗࣜ YAML Ruby DSL ςϯϓϨʔτ Τϯδϯ Jinja2 eRuby ڞ༗ϦϙδτϦ Ansible Galaxy Chef Supermarket ։ൃݴޠ Python Ruby

Slide 19

Slide 19 text

Demo

Slide 20

Slide 20 text

ߏ੒ ‣ Ansible࣮ߦαʔό 1୆ ‣ ansible01 [172.30.221.] ‣ Targetαʔό 3୆ ‣ test01 [172.30.221.] ‣ test02 [172.30.222.]

Slide 21

Slide 21 text

2. Ansible ೖ໳

Slide 22

Slide 22 text

2. Ansible ೖ໳ - ༻ޠઆ໌

Slide 23

Slide 23 text

Installation ‣ http://docs.ansible.com/ansible/intro_installation.html ‣ ެ։͞Ε͍ͯΔύοέʔδΛར༻͢Δʢrpm, debύοέʔδͳͲʣ ‣ pip Λར༻͢Δ ‣ ιʔείʔυ͔ΒΠϯετʔϧ͢Δ

Slide 24

Slide 24 text

Ansibleख࢝Ί 1. Inventory HostΛهࡌ 2. AnsibleίϚϯυΛࢼ͠ଧͪ ✤ `ansible TARGET -m 'ping'` ✤ `ansible TARGET -m 'setup'` # /etc/ansible/hosts [webservers] ansible-target0x

Slide 25

Slide 25 text

ओͳίϚϯυ ‣ ansible ‣ Adhoc ʹ࣮ߦ͢Δ ‣ ansible-playbook ‣ ࣄલʹ࡞੒ͨ͠ॲཧ܈ (Playbook) Λ࣮ߦ͢Δ # ίϚϯυ࣮ߦྫ $ ansible -m 'ping' webservers ansible-test02 | success >> { "changed": false, "ping": "pong" } # dry-run $ ansible-playbook hands-on00.yml --check --diff … PLAY RECAP ******************************************************************** ansible-test02 : ok=2 changed=0 unreachable=0 failed=0 # execute $ ansible-playbook hands-on00.yml … PLAY RECAP ******************************************************************** ansible-test02 : ok=2 changed=0 unreachable=0 failed=0

Slide 26

Slide 26 text

Inventory File ‣ Ansible Ͱ؅ཧ͢ΔϗετΛ ini ܗࣜͰهड़͢Δ ‣ ϗετͷάϧʔϐϯά͕Մೳ ‣ εΫϦϓτͷ࣮ߦ݁ՌΛInventoryʹར༻͢Δ͜ͱ΋Մೳ (Dynamic Inventory) ‣ ׆༻γʔϯ ‣ AWS΍OpenstackͷΑ͏ͳΫϥ΢υ؀ڥΛར༻͍ͯ͠Δ ‣ αʔό͕ಈతʹ૿ݮ͢ΔͨΊɺϦιʔεʹ͚ͭͨTag Ͱ؅ཧ͍ͨ͠ # ྫ: example.com αΠτΛAnsibleͰ؅ཧ͢Δ mail.example.com [webservers] foo.example.com bar.example.com [dbservers] one.example.com two.example.com three.example.com

Slide 27

Slide 27 text

Playbook ࣮ߦ͢Δॲཧͷ಺༰ΛYAMLܗࣜͰهࡌ͢Δ ‣ PlaybookͱInventry File͑͞ἧ͑͹ɺऔΓ׶࣮͑ͣߦͰ͖Δ --- - hosts: webservers tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache conﬁg ﬁle template: src=templates/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted

Slide 28

Slide 28 text

2. Ansible ೖ໳ - Playbookͷॻ͖ํ

Slide 29

Slide 29 text

YAML ‣ ߏ଄Խ͞ΕͨσʔλΛදݱ͢ΔϑΥʔϚοτ ‣ “YAML ain't markup language“ ‣ Ruby, Python, Java, PHP͸͡Ί֤छݴޠͰར༻Մೳ ‣ ઃఆϑΝΠϧͰར༻͞ΕΔ͜ͱ͕ଟ͍ ‣ ߏ଄Խ͞ΕͨσʔλΛදݱ͢ΔϑΥʔϚοτ ‣ γʔέϯε (഑ྻܗࣜ): “- “ (ϋΠϑϯ + ۭന) ‣ Ϛοϐϯά (ϋογϡܗࣜ): “: “ (ίϩϯ + ۭന) - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache conﬁg ﬁle template: src=templates/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes ഑ྻ ϋογϡ ϋογϡ ϋογϡ ഑ྻ

Slide 30

Slide 30 text

Task (Tasks lists) ۩ମతͳॲཧΛɺ࣮ߦ͢Δॱʹ഑ྻͰهࡌ͢Δ ‣ جຊ͸ name ͱ module ͷηοτΛهࡌ͢Δ ‣ ࣮ߦ৚݅΍τϦΨʔ (notify/handler) ΛՃ͑Δ͜ͱ΋Մೳ ‣ ࣮ߦ৚݅: [when, changed_when, ignore_errors, always_runͳͲ] ‣ τϦΨʔ: handlers Ͱهࡌͨ͠ॲཧͷ໊લΛnotifyͰࢦఆ --- - hosts: webservers tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache conﬁg ﬁle template: src=templates/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted

Slide 31

Slide 31 text

Module TasksͰࢦఆͨ͠ॲཧΛ࣮ߦ͢Δ൚༻ϥΠϒϥϦ ‣ Modules are “idempotent” (ႈ౳ੑ) ‣ Core ModulesͰඞཁͳ࡞ۀ͸େମΧόʔͰ͖Δ --- - hosts: webservers tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache conﬁg ﬁle template: src=templates/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted

Slide 32

Slide 32 text

୅දతͳModule ‣ yum / apt : ύοέʔδ؅ཧ (Πϯετʔϧ, ࡟আͳͲ) ‣ service : αʔϏεૢ࡞ (ىಈ, ఀࢭ, ࠶ىಈͳͲ) ‣ ﬁle : ϑΝΠϧૢ࡞ (࡞੒, ࡟আ, ଐੑมߋͳͲ) ‣ copy : ϑΝΠϧΛίϐʔ ‣ get_url: ࢦఆURL͔ΒϑΝΠϧΛμ΢ϯϩʔυ ‣ template : ϑΝΠϧΛ਽ܗͱͯ͠ϑΝΠϧੜ੒ (ޙड़) ‣ shell : ೚ҙͷshellίϚϯυΛ࣮ߦʢ˞ႈ౳ੑ͸ࣗ෼Ͱ୲อʣ ‣ ۩ମతͳૢ࡞ͷଞɺ“register” Λซ༻ͯ͠৚݅෼ذʹར༻͢Δ౳ͷ࢖͍ํ΋͋Δ ެࣜυΩϡϝϯτʹModuleͷҰཡͱઆ໌͕͋ΔͷͰɺৄ͘͠͸ҎԼΛࢀর͍ͩ͘͞ɻ http://docs.ansible.com/ansible/modules_by_category.html

Slide 33

Slide 33 text

ڞ௨Խ (Template / Variable) ‣ Template: ‣ ਽ܗͷϑΝΠϧʹม਺Λల։ͯ͠ੜ੒ͨ͠ϑΝΠϧΛ഑෍Ͱ͖Δ ‣ IP΍hostnameɺenvͳͲ؀ڥ΍ϗετຖʹҟͳΔϑΝΠϧΛ഑෍͢Δ࣌ͳͲʹ׆༻ ‣ ॻࣜ͸ “Jinja2” (Python੡ςϯϓϨʔτΤϯδϯ) ‣ ม਺ͷຒΊࠐΈ͸ 2ॏதׅހ “{{ hogefuga }}“ ‣ ifจ΍forจͳͲͷ੍ޚจ΋ར༻Մೳ # ﬁles/etc/motd.j2 ################################################## !!! Production server {{ ansible_hostname }} !!! ################################################## __| __|_ ) _| ( / Amazon Linux AMI ___|\___|___| https://aws.amazon.com/amazon-linux-ami/2015.03-release-notes/

Slide 34

Slide 34 text

ڞ௨Խ (Template / Variable) ‣ Variable: ‣ ৚݅෼ذ΍TemplateͰར༻͢Δม਺Λఆٛ͠ݺग़Մೳ ‣ ॻࣜ͸YAML ‣ playbook, inventry host, varsͳͲ༷ʑͳՕॴͰࢦఆՄೳ ‣ OS૚ͷԼճΓͷ৘ใ͸ansible͕ࣗಈͰऔಘ͠ݺग़Մೳ (Gathering Facts) ‣ ར༻Մೳͳม਺͸ `ansible hostname -m setup` Ͱ֬ೝՄೳ ‣ ChefͰݴ͏ ohai # Variables innodb_buffer_pool_size: 6144M innodb_log_ﬁle_size: 2048M max_connections: 1000 … $ ansible ansible-test02 -m 'setup' ansible-test02 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "172.31.xx.xx" ], "ansible_all_ipv6_addresses": [], "ansible_architecture": "x86_64", "ansible_bios_date": "NA", "ansible_bios_version": "NA", "ansible_cmdline": { "KEYTABLE": "us", "LANG": "ja-JP.UTF-8",

Slide 35

Slide 35 text

ڞ௨Խ (Include / Role) ‣ Include: ‣ tasks΍handerls౳ΛผϑΝΠϧͱͯ͠੾Γग़͠ɺҰͭͷRoleͱͯ͠·ͱΊ͓ͯ͘͜ͱͰ࠶ར༻ ͠΍͘͢͢Δ --- - hosts: webservers tasks: - include: apache.yml - include: deploy.yml site=service_A - include: deploy.yml site=service_B

Slide 36

Slide 36 text

ڞ௨Խ (Include / Role) ‣ Role: ‣ task, vars, ﬁles, templates, handlersҰࣜΛڞ௨Խ ‣ playbook͔Β͸ roles ҰൃͰݺͼग़͠Ͱ͖Δ ‣ ෳ਺αʔόʹద༻͢Δɺ൚Խͤ͞ΔͳͲͷ༻్Ͱ׆༻ # playbook --- - hosts: webservers roles: - common - webserver # σΟϨΫτϦߏ੒ hosts webservers.yml roles/ common/ ﬁles/ templates/ tasks/ handlers/ vars/ defaults/ meta/ webservers/ …

Slide 37

Slide 37 text

Demo WebαʔόΛSet upͯ͠ΈΑ͏

Slide 38

Slide 38 text

ɹ Webαʔό setup 1. ӡ༻πʔϧΛΠϯετʔϧ ‣ epel-release, telnet, wget, rsync, tree, tcpdump, sysstat, dstat, vim- enhanced, git 2. όφʔΛ഑ஔ ‣ /etc/motd 3. Nginx install ‣ yum install ‣ ࣗಈىಈ༗ޮ 4. Deploy ‣ page upload (ద౰ͳhtml)

Slide 39

Slide 39 text

ɹ Webαʔό setup 1. ࣮૷ྫ1) 1ͭͷPlaybook ‣ αϯϓϧPlaybook (Github) 2. ࣮૷ྫ2) RoleΛ׆༻ ‣ αϯϓϧPlaybook (Github)

Slide 40

Slide 40 text

3. Ansible ࣮ફ

Slide 41

Slide 41 text

BestPractice Best Practices Directory Layout - Ansible Documentation ެࣜυΩϡϝϯτʹ঺հ͞Ε ͍ͯΔσΟϨΫτϦߏ੒ͷϕ ετϓϥΫςΟεɻ ͜Εʹ४ͯ͡࡞੒͢Δͱɺ pathΛҙࣝͤͣʹRole΍Vars ΛࢀরͰ͖Δɻ production # Inventory Host͸άϧʔϓ͝ͱʹ࡞੒ staging # ʏ group_vars/ # άϧʔϓ༻ͷม਺ͷ֨ೲ৔ॴ group1 # group2 # host_vars/ # ϗετ༻ͷม਺ͷ֨ೲ৔ॴ hostname1 # hostname2 # library/ # ࣗ࡞Moduleͷ֨ೲ৔ॴ (optional) filter_plugins/ # ࣗ࡞Filter Pluginͷ֨ೲ৔ॴ (optional) site.yml # master Playbook webservers.yml # Playbook dbservers.yml # Playbook roles/ # ϩʔϧ (Role) ͷ֨ೲ৔ॴ common/ # “common” ϩʔϧ tasks/ # Taskͷ֨ೲ৔ॴ main.yml # <-- Task͕΋͠ଟ͘ͳΔ৔߹͸খ͘͞෼͚Δ handlers/ # Handlerͷ֨ೲ৔ॴ main.yml # <-- ʏ templates/ # Templateͷ֨ೲ৔ॴ ntp.conf.j2 # <------- TemplateϑΝΠϧ໊͸ *.j2 files/ # Fileͷ֨ೲ৔ॴ bar.txt # foo.sh # vars/ # Varsͷ֨ೲ৔ॴ main.yml # defaults/ # main.yml # VarsͷσϑΥ஋ (group/host_varsͰ্ॻ͖Մ) meta/ # ϩʔϧͷґଘؔ܎͕͋Ε͹ఆٛ main.yml # webtier/ # “webtier” ϩʔϧ monitoring/ # “monitiring" ϩʔϧ fooapp/ # “fooapp” ϩʔϧ

Slide 42

Slide 42 text

Playbook ࡞੒/࣮ߦͷίπ 1. shell ϞδϡʔϧΛۃྗ࢖Θͳ͍ ‣ ࣮ݱ͍ͨ͜͠ͱ͸େ఍ModuleԽ͞Ε͍ͯΔ ‣ ࣗ࡞ͨ͠ϩδοΫͷɺႈ౳ੑͷ୲อ͕ࠔ೉ʹͳΔ 2. AnsibleͰϏϧυ͠ͳ͍ ‣ Shell ModuleͰϏϧυΛͤͣɺRPMύοέʔδΛ࡞Δํʹ଩Λ੾Δ͜ͱ ‣ ͦͷ্ͰύοέʔδϚωʔδϟʔΛAnsibleͰݺͼग़͢ʢYum, Apt, pip, nvm, …etcʣ 3. ม਺Λ׆༻ͯ͠RoleΛ൚Խ͢Δ ‣ σϑΥϧτ஋: $ROLE/defaults/main.yml ‣ ϗετ/άϧʔϓຖʹՄมͳ஋: group_vars, host_vars ‣ ϗετݻ༗ͷ஋: Gathering Facts 4. Roleͷ൚Խʹͩ͜ΘΓ͗͢ͳ͍ ‣ Multi OSରԠͳͲͩ͜ΘΓա͗ΔͱɺPlaybook͕٫ͬͯಡΈͮΒ͘ͳΔ͜ͱ΋ ‣ ඞཁ࠷খݶͷॲཧʹͱͲΊ͓ͯ͘ 5. όʔδϣϯ؅ཧ͢Δʢgit౳ʣ ‣ ίϛοτϩά͕ͦͷ··ߏ੒มߋͷഎܠͷઆ໌ʹͳΔ ‣ ޙʑӾཡͯ͠Ձ஋ͷ͋ΔʮಡΈ෺ʯͱͯ͠ॻ͘͜ͱ

Slide 43

Slide 43 text

Playbook ࡞੒/࣮ߦͷίπ 6. ڞ௨ॲཧΛूΊͨRoleΛ༻ҙ͢Δ ‣ roles/common ͳͲ ‣ ӡ༻ʹඞཁͳύοέʔδͷΠϯετʔϧɺ؂ࢹΤʔδΣϯτͷઃఆͳͲΛೖΕ͓ͯ͘ 7. ႈ౳ੑΛ׶ࣺ͑ͯͯΔɺׂΓ͖Γ΋ඞཁ ‣ OS update, kernel tuning, ੬ऑੑରԠͳͲɺӡ༻தͷαʔόʹྲྀͨ͘͠ͳ͍ॲཧ ‣ ΫϦʔϯΠϯετʔϧ࣌ʹ࣮ߦ͍ͨ͠ॲཧΛ roles/init ʹ·ͱΊ͓ͯ͘ ‣ Snapshotӡ༻ͩͱɺߦͬͨ࡞ۀ͕ൿ఻ͷλϨԽ͢ΔͷͰɻ ‣ kickstart΍cloud-initΛطʹ࢖͍ͬͯΕ͹ɺͦͪΒʹدͤΔͰ΋ྑ͍ɻ 8. Roleͷ਽ܗΛ༻ҙ͓ͯ͘͠ ‣ Role͸ྔ࢈͢Δ͜ͱʹͳΔ ‣ ຖ౓ಉ͡σΟϨΫτϦΛ༻ҙ͢Δͷ͸खؒ ‣ ӈਤͷΑ͏ͳۭRoleΛ࡞͓ͬͯ͘ ‣ ۭRoleΛίϐʔ͢Ε͹ɺ௚͙ʹRole࡞੒ʹྭΊΔ 9. ࣮ߦલʹඞͣdry-run͢Δ ‣ --check ΦϓγϣϯͰ dry-run ࣮ߦ͞ΕΔ ‣ ࣮ߦର৅ͷϗετͷ࠶֬ೝɺॲཧͷ࠶֬ೝ ‣ --diff ΦϓγϣϯΛ͚ͭΔͱɺϑΝΠϧߋ৽࣌diffදࣔ͞ΕΔͷͰ֬ೝʹศར ‣ ࣮ߦ͢Δ·Ͱ -s (sudoϞʔυ) Ͱansible-playbookίϚϯυ࣮ߦ͠ͳ͍͜ͱ ‣ ͳΔ΂͘ࣄނΛ๷͙Α͏ʹ ‣ root ϢʔβͰ͸ग़དྷΔݶΓansible࣮ߦ͠ͳ͍ $ tree -a roles/__model/ roles/__model/ ᵓᴷᴷ defaults ᴹ ᵋᴷᴷ .gitkeep ᵓᴷᴷ ﬁles ᴹ ᵋᴷᴷ .gitkeep ᵓᴷᴷ handlers ᴹ ᵋᴷᴷ .gitkeep ᵓᴷᴷ meta ᴹ ᵋᴷᴷ .gitkeep ᵓᴷᴷ tasks ᴹ ᵋᴷᴷ .gitkeep ᵓᴷᴷ templates ᴹ ᵋᴷᴷ .gitkeep ᵋᴷᴷ vars ᵋᴷᴷ .gitkeep

Slide 44

Slide 44 text

ฐࣾͷࣄྫ ‣ OS਽ܗ࡞੒ ‣ ڞ௨ॲཧྲྀ͠ࠐΈ ‣ ϛυϧ΢ΣΞΠϯετʔϧ ‣ ઃఆϑΝΠϧ഑෍ ‣ OSϢʔβ௥Ճ/࡟আ ‣ ੬ऑੑରԠ ‣ ͏Δ͏ඵରԠ ‣ ΞυϗοΫௐࠪ

Slide 45

Slide 45 text

4. ࣭ٙԠ౴

Slide 46

Slide 46 text

5. ՝୊

Slide 47

Slide 47 text

Hands On OpenSSLͷ੬ऑੑ͕ใࠂ͞Ε ͨʂར༻தͷશαʔόͷ OpenSSLͷόʔδϣϯΛ֬ೝ͠ Α͏ɻ ✤ ansibleίϚϯυҰൃͰ֬ೝ͢ Δ͜ͱ

Slide 48

Slide 48 text

Hands On 1. SwapﬁleΛ࡞੒ ✤ 512MBͷswapﬁleΛ࡞੒ ✤ swaponͰεϫοϓ௥Ճ ✤ boot࣌ʹࣗಈϚ΢ϯτ ✤ ※ႈ౳ੑ͸୲อ͢Δ͜ͱ 2. ӡ༻πʔϧΛ௥Ճ ✤ htop, glances ✤ ag (the-silver-searcher) 3. Deploy (from github) ✤ yteraoka/ansible-tutorial ✤ /var/www/ ҎԼʹdeploy ✤ NginxઃఆϑΝΠϧฤूˠrestart

Slide 49

Slide 49 text

ղ౴ྫ ✤ ղ౴ྫ (P.48) ✤ https://github.com/uorat/ansible- handson/blob/master/hands-on02.sh ✤ ղ౴ྫ (P.49) ✤ Playbook ✤ https://github.com/uorat/ansible- handson/blob/master/hands- on03.yml ✤ Role ✤ https://github.com/uorat/ansible- handson/tree/master/roles/hands- on3