👩‍💻0707[ansibl앤서블 환경설정 자동화,docker]

망지·2022년 7월 7일

📌 Ansible

📙 스냅샷 복원하기

📙 앤서블 설치 및 초기설정

# yum install epel-release -y
# yum --enablerepo=epel -y install ansible
# ansible --version

📙 keyscan 설정

접속 known호스트 등록 해결하기. (일일이 yes하지 않도록)

[root@ansible-server ~]# mkdir env && cd $_

# vi keyscan.yml
- name: Setup for the Ansible's Environment
  hosts: localhost
  gather_facts: no
  
  tasks:
    - name: keyscan
      shell: "{{ item }}"
      with_items:
        - "ssh-keyscan 192.168.1.44 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.1.45 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.1.46 >> ~/.ssh/known_hosts"
        - "ssh-keyscan 192.168.1.47 >> ~/.ssh/known_hosts"

# ansible-playbook keyscan.yml -k

📙 앤서블 환경 설정 자동화

[root@ansible-server env]# vi ansible_env.yml
- name: Setup for the Ansible's Environment
  hosts: localhost //자기 자신 서버 자동화
  gather_facts: no

  tasks:
    - name: Add "/etc/ansible/hosts"
      blockinfile:
        path: /etc/ansible/hosts
        block: | //개행을 주기 위한 파이프
          [centos]
          192.168.1.44
          192.168.1.45

          [ubuntu]
          192.168.1.46 ansible_python_interpreter=/usr/local/python3
          192.168.1.47 ansible_python_interpreter=/usr/local/python3

    - name: Configure Bashrc
      lineinfile:
        path: /root/.bashrc
        line: "{{ item }}" // 반복분 안에 item넣고
      with_items: // lineinfile과 같은 줄에 withitems 넣고 아래 명령어 넣으면 item안에 아래문구들이 들어감.
        - "alias ans='ansible'" // 별칭 
        - "alias anp='ansible-playbook'"

✔️ 우분투18버전부터는 파이썬3를 사용해야함.

# ansible-playbook ansible_env.yml

✔️ 확인


[root@ansible-server ~]# cat /etc/ansible/hosts

[root@ansible-server ~]# ans all -m ping -k
 // yes 안물어봄.

📙 keypair 설정

# vi keypair_new.yml
- name: Create known_hosts between server and nodes
  hosts: all
  connection: local
  serial: 1
  gather_facts: no

  tasks:
    - name: ssh-keyscan for known_hosts file
      command: /usr/bin/ssh-keyscan -t ecdsa {{ ansible_host }} # 매직 변수 ansible_host 활용하여 hosts ip 호출
      register: keyscan //이라는 메모리 공간생성해서 위 내용을 여기에 저장하겠다.

    - name: input key
      lineinfile:
        path: ~/.ssh/known_hosts
        line: "{{ item }}"
        create: yes
      with_items:
        - "{{ keyscan.stdout_lines }}"

- name: Create authorized_keys between server and nodes
  hosts: all
  connection: local
  gather_facts: no
  vars:
    ansible_password: kosa0401

  tasks:
    - name: ssh-keygen for authorized_keys file
      openssh_keypair: 
        path: ~/.ssh/id_rsa
        size: 2048
        type: rsa
        force: False # overwrite하지 않는다는 False라고 값을 넣거나 아니면 삭제하거나 하면 되겠습니다.

    - name: input key for each node
      connection: ssh
      authorized_key:
        user: root
        state: present
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

# anp keypair.yml

📙 센토스, 우분투 엔진엑스 설치 플레이북

# vi nginx_install.yml
- name: Install nginx on centos
  hosts: centos
  gather_facts: no

  tasks:
    - name: install epel-release
      yum: 
        name: epel-release
        state: latest
    - name: install nginx web server
      yum: name=nginx state=present
    - name: upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/usr/share/nginx/html/ mode=0644
    - name: start nginx web server
      service: name=nginx state=started

- name: Install nginx on ubuntu
  hosts: ubuntu
  gather_facts: no

  tasks:
    - name: install nginx web server
      apt: pkg=nginx state=present update_cache=yes
    - name: Upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/var/www/html/
               mode=0644 validate_certs=no

# ansible-playbook nginx_install.yml

📙 센토스, 우분투 엔진엑스 삭제 플레이북


# vi nginx_remove.yml
- name: Remove nginx on centos
  hosts: centos
  gather_facts: no

  tasks:
    - name: remove nginx web server
      yum: name=nginx state=absent

- name: Remove nginx on ubuntu
  hosts: ubuntu
  gather_facts: no

  tasks:
    - name: remove nginx web server
      apt: pkg=nginx* state=absent

# ansible-playbook nginx_remove.yml

📙 센토스, 우분투 NFS 설치 플레이북

[root@ansible-server ~]# mkdir nfs && cd $_


# vi nfs.yml

- name: Setup for nfs server
  hosts: localhost
  gather_facts: no

  tasks:
    - name: make nfs_shared directory
      file:
        path: /root/nfs_shared
        state: directory
        mode: 0777

    - name: configure /etc/exports
      lineinfile:
        path: /etc/exports
        line: /root/nfs_shared 192.168.0.0/20(rw,sync)

    - name: Install NFS
      yum:
        name: nfs-utils
        state: present

    - name: nfs service start
      service:
        name: nfs-server
        state: restarted
        enabled: yes

- name: Setup for nfs clients
  hosts: centos
  gather_facts: no

  tasks:
    - name: make nfs_client directory
      file:
        path: /root/nfs
        state: directory

    - name: Install NFS
      yum:
        name: nfs-utils
        state: present

    - name: mount point directory as client
      mount:
        path: /root/nfs
        src: 192.168.0.196:/root/nfs_shared // ansible server IP
        fstype: nfs
        state: mounted

- name: Setup for nfs clients U
  hosts: ubuntu
  gather_facts: no

  tasks:
    - name: make nfs_client directory
      file:
        path: /root/nfs
        state: directory

    - name: Install NFS-U
      apt:
        pkg: nfs-common
        state: present
        update_cache: yes

    - name: mount point directory as client
      mount:
        path: /root/nfs
        src: 192.168.0.196:/root/nfs_shared // ansible server IP
        fstype: nfs
        opts: nfsvers=3
        state: mounted

# ansible-playbook nfs.yml -k

📙 워드프레스 만들기

✔️~/env/ansible_env.yml수정

# vi wordpress.yml
- name: Setup for webserver
  hosts: 192.168.1.44
  gather_facts: no

  tasks:
    - name: Install http
      yum:
        name: "{{ item }}"
        state: present
      with_items:
        - httpd
        - php
        - php-mysql
        - php-gd
        - php-mbstring
        - wget
        - unzip

    - name: Unarchive a file that needs to be downloaded (added in 2.0)
      ansible.builtin.unarchive:
        src: https://ko.wordpress.org/wordpress-4.8.2-ko_KR.zip
        dest: /var/www/html
        remote_src: yes

    - name: chown
      file:
        path: /var/www/html/wordpress
        owner: "apache"
        group: "apache"
        recurse: "yes"

    - name: web service restart
      service:
        name: httpd
        state: restarted

- name: Setup for dbserver
  hosts: dbserver
  gather_facts: no

  tasks:
    - name: Install mariadb
      apt:
        pkg: mariadb-server
        state: present
        update_cache: yes

    - name: Install pymysql
      apt:
        pkg: python-pymysql
        state: present

    - name: Install pymysql
      apt:
        pkg: python3-pymysql
        state: present

    - name: set root password
      mysql_user:
        name: 'root'
        password: '{{ mysql_root_password }}'
        login_unix_socket: /var/run/mysqld/mysqld.sock
        state: present

    - name: edit file
      replace:
        path: /etc/mysql/mariadb.conf.d/50-server.cnf
        regexp: "bind-address"
        replace: "#bind-address"

    - name: db service restart
      service:
        name: mysql
        state: restarted

    - name: Create database
      mysql_db:
        db: wordpress
        login_unix_socket: /var/run/mysqld/mysqld.sock
        state: present

    - name: Create database user
      mysql_user:
        user: wpuser
        password: wppass
        priv: "wordpress.*:ALL,GRANT"
        host: '%'
        login_unix_socket: /var/run/mysqld/mysqld.sock
        state: present

# anp wordpress.yml --extra-vars "mysql_root_password=kosa0401"

브라우저에서 192.168.1.45/wordpress 진입,
데이터베이스 호스트 192.168.1.47(db서버 ip넣기)

✏️ 실습을 통해 온프레미스 서버를 구성관리 해보았다!!

📌 Docker & Container 이론

Dock : 항구
Docker : 항구에서 일하는 사람들
도커가 설치된 장치를 도커 엔진이라고 함.
경량으로 만든 가상화 도구

도커에 사용되는 이미지 파일 자체도 크기가 작다.
일반 vm보다 빠르다. 작기 때문에. 성능은 같거나 좋다.
도커 이미지가 있고 도커 컨테이너가 있다.
우리가 알고 있는 vm을 도커 컨테이너처럼 생각해도 됨.

push; upload
pull; download
run; 배포 실행. => 컨테이너로 구동. 실행시키면 웹서버 작동.
=> 컨테이너는 곧 서버다.

📙✔️✏️📢⭐️📌

📌 기타

⭐️ '📙keyscan 설정' 트러블 슈팅

=> .ssh/known_hosts폴더가 없어서 불가.

[root@ansible-server ~]# ssh root@192.168.1.44

The authenticity of host '192.168.1.44 (192.168.1.44)' can't be established.
ECDSA key fingerprint is SHA256:UyPJ/WrMoKKgfyreluHWprW0lWE9hRkn+sgKCIMql+o.
ECDSA key fingerprint is MD5:42:9a:ee:79:8e:ed:99:fc:76:56:88:89:a4:83:ce:df.
Are you sure you want to continue connecting (yes/no)? ^C

이렇게 한번 해주면 생김.