파일, 일부 텍스트를 암호화
Vault Password: AES
ansible-vault <SUB-COMMAND> <FILE>
ansible-vault encrypt_string
hello world[ctrl-d][ctrl-d]
hello world[enter]
[ctrl-d]
--ask-vault-password
: 기본 옵션(Vault 패스워드 물음)
--vault-password-file
: Vault 패스워드 파일 지정
.vaultpass
P@ssw0rd
chmod 600 .vaultpass
ansible.cfg
[defaults]
vault_password_file = ./.vaultpass
ansible-playbook <Playbook> --ask-vault-pass
ansible-playbook <Playbook> --vault-password-file <Vault_Password_File>
--vault-id 옵션 사용
--vault-id ID@source
source
test.yaml
- hosts: 192.168.100.11
vars_files:
- var1.yaml
- var2.yaml
tasks:
- debug:
msg: "{{ message1 }} {{ message2 }}"
echo "message1: hello" > var1.yaml
echo "message2: world" > var2.yaml
ansible-vault encrypt var1.yaml --vault-id user1@prompt
ansible-vault encrypt var2.yaml --vault-id user2@prompt
ansible-playbook test.yaml --vault-id user1@prompt --vault-id user2@prompt
echo "message1: hello" > var1.yaml
echo "message2: world" > var2.yaml
echo "P@ssw0rd1" > user1pass
echo "P@ssw0rd2" > user2pass
chmod 600 user1pass
chmod 600 user2pass
ansible-vault encrypt var1.yaml --vault-id user1@user1pass
ansible-vault encrypt var2.yaml --vault-id user1@user2pass
ansible-playbook test.yaml --vault-id user1@user1pass --vault-id user1@user2pass
ansible.cfg
[defaults]
vault_identity_list = user1@user1pass, user2@user2pass
복호화
ansible-vault view var2.yaml
ansible-playbook test.yaml
암호화
ansible-vault create var3.yaml --encrypt-vault-id user1
absible-vault encrypt var3.yaml --encrypt-vault-id user1
Ansible 위에 구축된 웹 기반의 인터페이스
목적: 실행 / 모니터링
AWX: RedHat Ansible Tower 제품의 Upstream
CentOS --up--> RHEL --up--> Fedora
RHEL --> CentOS Stream --> Fedora
Ansible Tower --> AWX
Ubuntu --> Debian
AnsibleWorks -> AWX
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl enable --now docker
docker --version
sudo yum install -y python3 python3-pip
sudo pip3 install -U -I pip wheel setuptools
sudo pip3 install docker-compose
docker-compose --version
sudo yum -y install git
cd ~
git clone --branch 17.1.0 --single-branch https://github.com/ansible/awx.git
cd ~/awx/installer
~/awx/installer/inventory
108 admin_password=password
141 project_data_dir=/var/lib/awx/projects
sudo yum -y install libselinux-python3
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
ansible-playbook -i inventory install.yml -b
sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1ea4d852e694 ansible/awx:17.1.0 "/usr/bin/tini -- /u…" 11 minutes ago Up 11 minutes 8052/tcp awx_task
9c527c75a323 ansible/awx:17.1.0 "/usr/bin/tini -- /b…" 20 minutes ago Up 11 minutes 0.0.0.0:80->8052/tcp, :::80->8052/tcp awx_web
f6775cad37ab redis "docker-entrypoint.s…" 20 minutes ago Up 11 minutes 6379/tcp awx_redis
16d33e864106 postgres:12 "docker-entrypoint.s…" 20 minutes ago Up 11 minutes 5432/tcp awx_postgres
Create Preload data
작업에서 오류 발생시 확인
sudo docker exec awx_task bash -c "/usr/bin/awx-manage create_preload_data"
An organization is already in the system, exiting.
(changed: False)
웹브라우저
http://192.168.100.10
sudo mkdir /var/lib/awx/projects/test-awx
sudo vi /var/lib/awx/projects/test-awx/debug.yaml
- hosts: all
tasks:
- debug:
msg: Hello AWX World
[test-awx-group]
192.168.100.11
Resouces -> Projects -> Add
Save
Resources -> Inventories -> Add -> Add Inventory
Create new inventory
- Name: test-awx-inventory
- Save
Details -> Groups 탭 -> Add
- Name: test-awx-group
- 'Save'
Group details -> Hosts 탭 -> Add -> Add new host
- Name: 192.168.100.11
- Save
Resources -> Credentials -> Add
Save
Resources -> Templates -> Add -> Add job template
Save
Resources -> Templates -> test-awx-template -> 로켓 버튼