📌 SAA 준비
📙 EBS, 인스턴스 스토어
시험준비 - ebs와 인스턴스 스토어.
인스턴스 스토어는 성능위주. ebs는 가용영역 안에서만 사용 가능.
📙 s3 수명주기 전환 정책 표
📌 ansible CI/CD
📌 ansible
📙 인스턴스 생성
이름 : ansible-server
이미지 : amazon linux 2
유형 : t2.micro
키페어 선택
네트워크 : MY-VPC, PUB2A
보안그룹 : DEV-SG
사용자데이터 :
#!/bin/bash
timedatectl set-timezone Asia/Seoul
hostnamectl set-hostname ansible-server
amazon-linux-extras install -y ansible2
amazon-linux-extras install docker -y
systemctl enable --now docker
curl https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker -o /etc/bash_completion.d/docker.sh
usermod -a -G docker ec2-user
📙 route53 레코드 생성으로 도메인 할당
📙 mobaxterm으로 진입하여 설치 확인
[ec2-user@ansible-server ~]$ ansible --version
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ec2-user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.18 (default, May 25 2022, 14:30:51) [GCC 7.3.1 20180712 (Red Hat 7.3.1-15)]
[ec2-user@ansible-server ~]$ docker version
Client:
Version: 20.10.13
API version: 1.41
📙 젠킨스가 패스워드로 앤서블에 접속할 수 있게하기
sudo passwd ec2-user
sudo vi /etc/ssh/sshd_config
PasswordAuthentication yes
#PermitEmptyPasswords no
#PasswordAuthentication no
sudo systemctl restart sshd
📙 도커와 앤서블 연결하기 위해 인벤토리 편집
도커호스트의 내부 IP를 앤서블 인벤토리에 넣어주기
# sudo vi /etc/ansible/hosts
10.14.40.211
📙도커와 앤서블 연결을 위한 키 생성
키 만들기 전에는 진입하려면 비밀번호를 수동으로 쳐줘야함.
[ec2-user@ansible-server ~]$ ansible all -m ping -k
SSH password:
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
키 생성
[ec2-user@ansible-server ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ec2-user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
카피명령어로 연결, 다시 ping으로 키진입해보기.
# ssh-copy-id 10.14.40.211
# ansible all -m pingcommand 모듈(연결된 도커서버 명령어 실행시킬 수 있는 모듈), uptime 사용으로도 확인가능.
[ec2-user@ansible-server ~]$ ansible all -m command -a uptime
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | CHANGED | rc=0 >>
10:39:19 up 1:01, 2 users, load average: 0.00, 0.00, 0.00
command 활용 2
[ec2-user@ansible-server ~]$ ansible all -m command -a "docker ps -a"
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | CHANGED | rc=0 >>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b2a6a53c08e6 mj030kk/mytomcat:v1.0 "catalina.sh run" 22 hours ago Exited (143) 21 hours ago docker-container
->이런모습으로 도커호스트를 앤서블로 컨트롤 할 것.
command, shell 에서 아쉬운 것은 멱등성이 없음.
📌 jenkins와 앤서블 연결
📙 ansible server
[ec2-user@ansible-server ~]$ sudo mkdir /opt/docker
[ec2-user@ansible-server ~]$ sudo chown -R ec2-user:ec2-user /opt/docker
📙 jenkins
젠킨스대시보드 - 젠킨스 관리 - 시스템설정 - 맨 하단 SSH server 추가
고급 - Use password authentication, or use a different key 체크 - Passphrase / Password 에 비밀번호 입력
📌 빌드
📙 ansible item
jenins 대시보드 - 새로운 item - name:Copy_Artifacts_onto_Ansible -
copy from : BuildAndDeployOnContainer - OK
설명 : 메이븐으로 코드를 빌드하고 앤서블을 활용해서 도커호스트로 배포하자
git 경로 : https://github.com/mangjini/hello-world.git
빌드유발 - poll SCM 체크 해제 (자동화 해제) ; test
빌드 후 조치 - SSh server name : ansible-server로 선택 (기존 : docekr host)
exec command에 있던 내용 삭제 - apply , 저장
- 지금 빌드 클릭
ansible 서버에서 확인
[ec2-user@ansible-server docker]$ ll
total 932
-rw-rw-r-- 1 ec2-user ec2-user 951824 Aug 3 11:18 webapp.war
📙test
[ec2-user@ansible-server docker]$ vi Dockerfile
FROM tomcat:9
RUN cp -R /usr/local/tomcat/webapps.dist/* /usr/local/tomcat/webapps
COPY ./*.war /usr/local/tomcat/webapps
[ec2-user@ansible-server docker]$ docker build -t mj030kk/mytomcat:v1.0 .
[ec2-user@ansible-server docker]$ docker run -d -p 8080:8080 --name test-container mj030kk/mytomcat:v1.0
51003a858bb4147a3b2e98c964629daf09232ff308efcba7967a2e55024a5571
test 했던 것들 정리
[ec2-user@ansible-server docker]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mj030kk/mytomcat v1.0 7cf717785c7f 5 minutes ago 502MB
tomcat 9 07bcfa45c644 5 days ago 496MB
[ec2-user@ansible-server docker]$ docker rm -f test-container
test-container
[ec2-user@ansible-server docker]$ docker rmi -f mj030kk/mytomcat:v1.0
[ec2-user@ansible-server docker]$ docker rmi -f tomcat:9
📙 앤서블과 도커서버 관리
맨 하단에 인벤토리 IP 정리, 그룹화
[ec2-user@ansible-server docker]$ sudo vi /etc/ansible/hosts
[docker-host]
10.14.40.211
[ansible-server]
10.14.9.46
-> 자기자신도 키 등록해주고, 권한 설정 해줘야 핑 나감.
[ec2-user@ansible-server docker]$ ssh-copy-id 10.14.9.46
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ec2-user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ec2-user@10.14.9.46's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.14.9.46'"
and check to make sure that only the key(s) you wanted were added.
완료
[ec2-user@ansible-server docker]$ ansible all -m ping
[WARNING]: Invalid characters were found in group names but not replaced, use
-vvvv to see details
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[WARNING]: Platform linux on host 10.14.9.46 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.9.46 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
📙 앤서블로 빌드
[ec2-user@ansible-server docker]$ vi build.yml
- hosts: ansible-server
tasks:
- name: create docker image
command: docker build -t mj030kk/mytomcat:v1.0 .
args:
chdir: /opt/docker
- name: push docker image
command: docker push mj030kk/mytomcat:v1.0
[ec2-user@ansible-server docker]$ docker login
[ec2-user@ansible-server docker]$ ansible-playbook build.yml
도커허브에 업로드 완료
이미지도 잘 들어옴
[ec2-user@ansible-server docker]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mj030kk/mytomcat v1.0 67835a86bcda 15 minutes ago 502MB
tomcat 9 07bcfa45c644 5 days ago 496MB
📙 구성수정
젠킨스 - Copy_Artifacts_onto_Ansible -구성 - 빌드 후 조치 - exec command :
cd /opt/docker;
ansible-playbook build.yml-apply,저장 - 지금빌드
방금 업로드라고 바뀐 모습 ( 구성 수정 정상작동 확인 )
제대로 확인하기 위해 docker hub에서 mytomcat 리포 삭제 .
ansible 서버에서도 이미지 삭제.
[ec2-user@ansible-server docker]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mj030kk/mytomcat <none> 67835a86bcda 23 minutes ago 502MB
tomcat 9 07bcfa45c644 5 days ago 496MB
[ec2-user@ansible-server docker]$ docker rmi -f 67835a86bcda
다시 젠킨스에서 지금 빌드 클릭
도커허브에 올라온 모습
ansible에서 확인한 모습
[ec2-user@ansible-server docker]$ docker images ## 지금 빌드 전
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat 9 07bcfa45c644 5 days ago 496MB
[ec2-user@ansible-server docker]$ docker images ##지금 빌드 후
REPOSITORY TAG IMAGE ID CREATED SIZE
mj030kk/mytomcat v1.0 537aa9b06cc8 52 seconds ago 502MB
tomcat 9 07bcfa45c644 5 days ago 496MB
📙 test
[ec2-user@ansible-server docker]$ vi deploy.yml
- hosts: docker-host
tasks:
- name: remove container
command: docker rm -f docker-container
- name: remove image
command: docker rmi -f mj030kk/mytomcat:v1.0
- name: create container
command: docker run -d -p 8080:8080 --name docker-container mj030kk/mytomcat:v1.0
[ec2-user@ansible-server docker]$ ansible-playbook deploy.yml
📙 자동으로 업데이트 되게 하기 [CI/CD]
[ec2-user@docker-host ~]$ docker rm -f docker-container
docker-container
젠킨스 - 대시보드 - 포르젝트 - 구성 - 빌드유발 - Poll SCM 스케줄 '* * * * *' - exec command
cd /opt/docker;
ansible-playbook build.yml;
sleep 10;
ansible-playbook deploy.yml
- apply, 저장 - 지금 빌드
📙 업데이트 확인
git bash에서,
r2com@DESKTOP-DD3FU43 MINGW64 ~
$ rm -rf hello-world/
r2com@DESKTOP-DD3FU43 MINGW64 ~
$ git clone https://github.com/mangjini/hello-world.git
Cloning into 'hello-world'...
remote: Enumerating objects: 565, done.
remote: Total 565 (delta 0), reused 0 (delta 0), pack-reused 565
Receiving objects: 100% (565/565), 826.48 KiB | 917.00 KiB/s, done.
Resolving deltas: 100% (154/154), done.
r2com@DESKTOP-DD3FU43 MINGW64 ~
$ cd hello-world
r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world (master)
$ ls
Dockerfile README.md pom.xml regapp-deploy.yml regapp-service.yml server/ test.tml webapp/
r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world (master)
$ cd webapp/src/main/webapp/
r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ ls
WEB-INF/ assets/ css/ gcp.tar images/ index.jsp index.jsp.bak index.jsp.old js/ test.txt
r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ vi index.jsp
r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ git add .
r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ git commit -m "edit index.jsp"
[master 8a0b4f1] edit index.jsp
1 file changed, 1 insertion(+), 1 deletion(-)
r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ git push origin master
-> 자동업데이트 확인 완료
📙 ✔️✏️📢⭐️📌
꾸준히, 차근차근