Ansible 入門 #01 (初心者向け) / ansible-entry

Transcript

1. 2015.09.10 (Thu) Ansible ೖ໳ #01 (ॳ৺ऀ޲͚) CyberZɹኍ੉ ଠ࿠

2. Ansibleઆ໌ձ 1. Ansibleͱ͸ 2. Ansibleͷಛ௃ 3. Ansibleͷ༻ޠղઆ ※͜ͷࢿྉ͸ҎԼͷΑ͏ͳAnsibleॳ৺ऀΛର৅ͱ͍ͯ͠·͢ ✤ AnsibleΛ৮ͬͯΈ͍ͨɺಋೖ͍ͨ͠ͱߟ͍͑ͯΔํ

   ✤ αʔόʔߏஙͱ͔΍ͬͯΔํ ✤ αʔόʔσϓϩΠΛޮ཰Խ͍ͨ͠ํ ✤ Chef͸ਏ͍ํ ✤ Ansibleͬͯڹ͖͕ؾʹͳΔํ

3. 1. Ansibleͱ͸

4. Ansibleͱ͸ “Ansible is Simple IT Automation” SIMPLE AGENTLESS POWERFUL Automate

   in hours - not weeks - with Ansible's human-readable IT automation language. Ansible uses SSH instead of agents. More efficient, more secure and less to manage. App deployment, configuration management and orchestration - all from one system. qt: http://www.ansible.com/home

5. ͳͥ΍Δͷʁ 1) ߏ੒؅ཧ ✤ υΩϡϝϯτ͕ݹ͍ ✤ ߋ৽΋໘౗ ✤ Snapshot, AMI͕ൿ఻ͷλϨԽ

   ✤ Կ͕ಈ͍͍ͯΔͷ͔෼͔Βͳ͍ ✤ ·ͬ͞ΒͳOS͔Β؀ڥߏஙͰ͖ ͳ͍ ✤ ͜ͷαʔό͸ʮͲ͏͋Δ΂͖ʯͳͷ ͔

6. ͳͥ΍Δͷʁ 2) ࣗಈԽ ✤ Ճ଎͢ΔϏδωε ✤ ॳಈ͸Ͱ͖Δ͚ͩૣ͘ ✤ ෇ՃՁ஋૿ʹूத͍ͨ͠ ✤

   ఆৗۀ຿͸௿ίετͰ ✤ ΞϓϦέʔγϣϯσϓϩΠ ✤ ੬ऑੑରԠ

7. ੈʹ͋Δπʔϧ Fabric Configuration Orchestration

8. ੈʹ͋Δπʔϧ Fabric Configuration Orchestration

9. ੈʹ͋Δπʔϧ Fabric Configuration Orchestration

10. 2. Ansibleͷಛ௃

11. Ansibleͷಛ௃ “Ansible is Simple IT Automation” SIMPLE AGENTLESS POWERFUL Automate

    in hours - not weeks - with Ansible's human-readable IT automation language. Ansible uses SSH instead of agents. More efficient, more secure and less to manage. App deployment, configuration management and orchestration - all from one system. qt: http://www.ansible.com/home

12. Ansibleͷಛ௃ “Ansible is Simple IT Automation” ✤ ఆٛ͸YAMLʢ㲈ઃఆϑΝΠϧʣ ✤ ϓϩάϥϜͰ͢Βແ͍ͨΊֶशোน͕গͳ͍

    SIMPLE Automate in hours - not weeks - with Ansible's human-readable IT automation language. --- - hosts: webservers tasks: - name: yum install nginx yum: pkg=nginx state=installed

13. Ansibleͷಛ௃ “Ansible is Simple IT Automation” ✤ agentΠϯετʔϧෆཁ ✤ ӡ༻؅ཧαʔόͰansible*ίϚϯυ͕࢖͑Ε͹OK

    ✤ Python͕ೖ͍ͬͯΕ͹ಋೖՄೳ ✤ ઐ༻ͷserver΍agentͷӡ༻؅ཧෆཁ ✤ ৗற͢Δϓϩηε͸ͳ͠ AGENTLESS Ansible uses SSH instead of agents. More efficient, more secure and less to manage.

14. Ansibleͷಛ௃ “Ansible is Simple IT Automation” ✤ ߏ੒؅ཧ͚ͩͰͳ͘Orchestrationͱͯ͠΋࢖͑ΔͷͰɺ ͪΐͬͱͨ͠ૢ࡞΍ௐࠪͷࢧԉπʔϧʹ΋ͳΔ ✤

    ߴػೳ͕ͩɺεϞʔϧελʔτͰ࢝ΊΔ͜ͱ΋Մೳ POWERFUL App deployment, configuration management and orchestration - all from one system. ॊೈͳ࣮ߦํ๏ ✤ ࢦఆͨ͠λΠϛϯάͰ࣮ߦ ✤ ෳ਺ฒྻ࣮ߦ ✤ ඞཁͳॲཧ͚ͩΛone-linerͰadhocʹ࣮ߦ ✤ Pushܕ͚ͩͰͳ͘Pullܕ΋αϙʔτ (ansible-pull)

15. Ansibleͷಛ௃ “Ansible is Simple IT Automation” ႈ౳ੑ ✤ هࡌͨ͠DSLͷఆٛͷঢ়ଶʹऩଋͯ͘͠ΕΔ ✤

    ͋Δૢ࡞ΛԿճߦͬͯ΋݁Ռ͸ಉ͡ ✤ มߋ͕ͳ͚Ε͹ॲཧΛεΩοϓ͢Δ ҎԼ͕Πϯετʔϧ͞Ε͍ͯΔ͜ͱ ɾnginx ɾjava ɾzabbix_agentd αʔϏε͕ىಈ͍ͯ͠Δ͜ͱ ɾnginx ɾzabbix_agentd

16. 3. Ansibleͷ༻ޠղઆ

17. ओͳίϚϯυ ✤ ansible ✤ Adhocʹ࣮ߦ͢Δ ✤ ansible-playbook ✤ ࡞੒ͨ͠ఆٛ (playbook)

    Λ࣮ߦ͢Δ # ίϚϯυ࣮ߦྫ $ ansible -m 'ping' webservers ansible-test02 | success >> { "changed": false, "ping": "pong" } # dry-run $ ansible-playbook hands-on00.yml --check --diff … PLAY RECAP ******************************************************************** ansible-test02 : ok=2 changed=0 unreachable=0 failed=0 # execute $ ansible-playbook hands-on00.yml … PLAY RECAP ******************************************************************** ansible-test02 : ok=2 changed=0 unreachable=0 failed=0

18. Inventory Host AnsibleͰ؅ཧ͢ΔϗετΛiniܗࣜͰهࡌ͢Δ ✤ ϗετͷάϧʔϐϯά͕Մೳ # ྫ: example.com αΠτΛAnsibleͰ؅ཧ͢Δ mail.example.com

    [webservers] foo.example.com bar.example.com

19. Playbook ࣮ߦ͢Δॲཧͷ಺༰ΛYAMLܗࣜͰهࡌ͢Δ ✤ ࠷ॳ͸playbookͱinventry host͑͋͞Ε͹OK --- - hosts: webservers tasks:

    - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=templates/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted

20. Task (Tasks lists) ۩ମతͳॲཧΛɺ࣮ߦ͢Δॱʹ഑ྻͰهࡌ͢Δ ✤ جຊ͸ name ͱ module ͷηοτΛهࡌ͢Δ

    ✤ ࣮ߦ৚݅΍τϦΨʔ (notify/handler) ΛՃ͑Δ͜ͱ΋Մೳ ✤ ࣮ߦ৚݅: [when, changed_when, ignore_errors, always_runͳͲ] ✤ τϦΨʔ: handlers Ͱهࡌͨ͠ॲཧͷ໊લΛnotifyͰࢦఆ --- - hosts: webservers tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=templates/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted

21. Module TasksͰࢦఆͨ͠ॲཧΛ࣮ߦ͢Δ൚༻ϥΠϒϥϦ ✤ Modules are “idempotent” (ႈ౳ੑ) ✤ Core Modules͚ͩͰ΋ඞཁͳ࡞ۀ͸େମΧόʔͰ͖Δ

    --- - hosts: webservers tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=templates/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted

22. ୅දతͳModule ✤ yum / apt : ύοέʔδ؅ཧ (Πϯετʔϧ, ࡟আͳͲ) ✤

    service : αʔϏεૢ࡞ (ىಈ, ఀࢭ, ࠶ىಈͳͲ) ✤ file : ϑΝΠϧૢ࡞ (࡞੒, ࡟আ, ଐੑมߋͳͲ) ✤ copy : ϑΝΠϧΛίϐʔ ✤ template : ϑΝΠϧΛ਽ܗͱͯ͠ϑΝΠϧੜ੒ (ޙड़) ✤ shell : ೚ҙͷshellίϚϯυΛ࣮ߦʢ˞ႈ౳ੑ͸ࣗ෼Ͱ୲อʣ ✤ ۩ମతͳૢ࡞ͷଞɺ“register” Λซ༻ͯ͠৚݅෼ذʹར༻͢Δ౳ͷ࢖͍ํ΋͋Δ ެࣜυΩϡϝϯτʹModuleͷҰཡͱઆ໌͕͋ΔͷͰɺৄ͘͠͸ҎԼΛࢀর͍ͩ͘͞ɻ http://docs.ansible.com/ansible/modules_by_category.html

23. ڞ௨Խ (Include / Role) ✤ Include: ✤ tasks΍handerls౳ΛผϑΝΠϧͱͯ͠੾Γग़͠ɺҰͭͷRole ͱͯ͠·ͱΊ͓ͯ͘͜ͱͰ࠶ར༻͠΍͘͢͢Δ ---

    - hosts: webservers tasks: - include: apache.yml - include: deploy.yml site=service_A - include: deploy.yml site=service_B

24. ڞ௨Խ (Include / Role) ✤ Role: ✤ task, vars, files,

    templates, handlersҰࣜΛڞ௨Խ ✤ playbook͔Β͸ roles ҰൃͰݺͼग़͠Ͱ͖Δ ✤ ෳ਺αʔόʹద༻͢Δɺ൚Խͤ͞ΔͳͲͷ༻్Ͱ׆༻ # playbook --- - hosts: webservers roles: - common - webserver # σΟϨΫτϦߏ੒ hosts webservers.yml roles/ common/ files/ templates/ tasks/ handlers/ vars/ defaults/ meta/ webservers/ …

25. ڞ௨Խ (Template / Variable) ✤ Template: ✤ ม਺Λbindͯ͠഑෍Ͱ͖Δ ✤ ϗετຖʹҟͳΔΑ͏ͳϑΝΠϧΛ഑෍͢Δͱ͖ʹ׆༻

    ✤ ॻࣜ͸ “Jinja2” # files/etc/motd.j2 ################################################## !!! Production server {{ ansible_hostname }} !!! ################################################## __| __|_ ) _| ( / Amazon Linux AMI ___|\___|___| https://aws.amazon.com/amazon-linux-ami/2015.03-release-notes/

26. ڞ௨Խ (Template / Variable) ✤ Variable: ✤ ৚݅෼ذ΍TemplateͰར༻͢Δม਺Λఆٛ͠ݺग़Մೳ ✤ ॻࣜ͸YAML

    ✤ playbook, inventry host, varsͳͲ༷ʑͳՕॴͰࢦఆՄೳ ✤ OS૚ͷԼճΓͷ৘ใ͸ansible͕ࣗಈͰऔಘ͠ݺग़Մೳ (Facts) ✤ ར༻Մೳͳม਺͸ `ansible hostname -m setup` Ͱ֬ೝՄೳ ✤ ChefͰݴ͏ ohai # Variables innodb_buffer_pool_size: 6144M innodb_log_file_size: 2048M max_connections: 1000 … $ ansible ansible-test02 -m 'setup' ansible-test02 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "172.31.xx.xx" ], "ansible_all_ipv6_addresses": [], "ansible_architecture": "x86_64", "ansible_bios_date": "NA", "ansible_bios_version": "NA", "ansible_cmdline": { "KEYTABLE": "us", "LANG": "ja-JP.UTF-8",

27. Hands On!

28. Installation 1. αʔόϩάΠϯ 1. αʔό (Ansible: 1, Target: 1) ΁ͷSSH઀ଓ

    ✤ ઀ଓ৘ใ͸ݸผʹ͓౉͠͠·͢ 2. Ansible࣮ߦ༻ͷ伴࡞੒ͱ഑෍ 1. Ansibleαʔό্Ͱ`ssh-keygen` Ͱ࡞੒ (ύεϑϨʔζͳ͠) 2. ec2-user@target:/home/ec2-user/.ssh/authorized_keys ʹ ެ։伴 (id_rsa.pub) Λcopy 3. Ansibleαʔόͷ /etc/hosts ʹ TargetαʔόΛ PrivateIP Ͱهࡌ ( `sudo vim /etc/hosts` ) 4. Ansible → Target ΁ͷssh઀ଓ֬ೝ 3. AnsibleΠϯετʔϧ 1. `sudo pip install ansible` 2. `sudo mkdir /etc/ansible && sudo chown ec2-user:ec2-user /etc/ansible && cd /etc/ ansible` 3. `touch hosts` 4. `wget https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg `

29. Ansibleख࢝Ί 1. Inventory HostΛهࡌ 2. AnsibleίϚϯυΛࢼ͠ଧͪ ✤ `ansible TARGET -m

    'ping'` ✤ `ansible TARGET -m 'setup'` # /etc/ansible/hosts [webservers] ansible-target0x

30. 4. σΟϨΫτϦߏ੒ (Best Practice)

31. BestPractice Best Practices Directory Layout - Ansible Documentation production #

    Inventory Host͸άϧʔϓ͝ͱʹ࡞੒ staging # ʏ group_vars/ # άϧʔϓ༻ͷม਺ͷ֨ೲ৔ॴ group1 # group2 # host_vars/ # ϗετ༻ͷม਺ͷ֨ೲ৔ॴ hostname1 # hostname2 # library/ # ࣗ࡞Moduleͷ֨ೲ৔ॴ (optional) filter_plugins/ # ࣗ࡞Filter Pluginͷ֨ೲ৔ॴ (optional) site.yml # master Playbook webservers.yml # Playbook dbservers.yml # Playbook roles/ # ϩʔϧ (Role) ͷ֨ೲ৔ॴ common/ # “common” ϩʔϧ tasks/ # Taskͷ֨ೲ৔ॴ main.yml # <-- Task͕΋͠ଟ͘ͳΔ৔߹͸খ͘͞෼͚Δ handlers/ # Handlerͷ֨ೲ৔ॴ main.yml # <-- ʏ templates/ # Templateͷ֨ೲ৔ॴ ntp.conf.j2 # <------- TemplateϑΝΠϧ໊͸ *.j2 files/ # Fileͷ֨ೲ৔ॴ bar.txt # foo.sh # vars/ # Varsͷ֨ೲ৔ॴ main.yml # defaults/ # main.yml # VarsͷσϑΥ஋ (group/host_varsͰ্ॻ͖Մ) meta/ # ϩʔϧͷґଘؔ܎͕͋Ε͹ఆٛ

32. Hands On1(20min) 1. ӡ༻πʔϧΛΠϯετʔϧ ✤ telnet, wget, rsync, tree, tcpdump,

    sysstat, dstat, vim-enhanced, git, htop 2. όφʔΛ഑ஔ ✤ /etc/motd 3. Nginx install ✤ yum install ✤ ࣗಈىಈ༗ޮ 4. Deploy ✤ page upload (ద౰ͳhtml)

33. Hands On2(10min) OpenSSLͷ੬ऑੑ͕ใࠂ͞Ε ͨʂར༻தͷશαʔόͷ OpenSSLͷόʔδϣϯΛ֬ೝ͠ Α͏ɻ ✤ ansibleίϚϯυҰൃͰ֬ೝ͢ Δ͜ͱ

34. Hands On3(30min) 1. SwapfileΛ࡞੒ ✤ 512MBͷswapfileΛ࡞੒ ✤ swaponͰεϫοϓ௥Ճ ✤ boot࣌ʹࣗಈϚ΢ϯτ

    ✤ ※ႈ౳ੑ͸୲อ͢Δ͜ͱ 2. ӡ༻πʔϧΛ௥Ճ ✤ htop, glances, tmux ✤ ag (the-silver-searcher) 3. Deploy (from github) ✤ yteraoka/ansible-tutorial ✤ /var/www/ ҎԼʹdeploy ✤ NginxઃఆϑΝΠϧฤूˠrestart