Ansible 란 ?

Ansible

• 여러 개의 서버를 효율적으로 관리하기 위해 고안된 환경 구성 자동화 도구
• 리눅스에서 동일한 환경을 구성하기 위해 가장 기초적인 방법은 Bash Shell Script 이며 분명 한계점을 가지며 Ansible을 통하여 좀 더 쉽게 자동화 구현이 가능
• IaC(Infrastruture as a Code) 개념을 가지고 자동화를 구현
• 특정 환경을 동일하게 배포 및 유지 할 수 있도록 구현

 

[구조]

• ansible 은 서버와 클라이언트 구조로 되어 있다
• Agent가 없는 구조이며, 별도의 Agent 설치가 필요 없다
• 기존의 Agent 역할을 SSH 데몬이 대체하여 SSH 접속만 가능한 서버라면 앤서블의 제어 대상이 될 수 있다

[설치 및 사용법]

• 테스트는 AWS EC2 로 진행

 

# yum 기본설치 시 설치 되지 않음

[root@ip-10-10-1-200 ~]# yum -y install ansible

Loaded plugins: priorities, update-motd, upgrade-helper

amzn-main                                                                                                                                     | 2.1 kB  00:00:00    

amzn-updates                                                                                                                                  | 2.5 kB  00:00:00    

No package ansible available.

Error: Nothing to do

 

 

# EC2(amazon) 경우 레포지토리 추가 필요

[Install Ansible on AWSLinux]
vim /etc/yum.repos.d/epel.repo
or
sudo yum-config-manager --enable epel

 

# 위 방법을 참고하고 아래와 같은 방법으로 진행

[root@ip-10-10-1-200 ~]# yum-config-manager --enable epel

Loaded plugins: priorities, update-motd, upgrade-helper

============================================================================ repo: epel =============================================================================

[epel]

async = True

bandwidth = 0

base_persistdir = /var/lib/yum/repos/x86_64/latest

baseurl =

cache = 0

cachedir = /var/cache/yum/x86_64/latest/epel

check_config_file_age = True

compare_providers_priority = 80

cost = 1000

deltarpm_metadata_percentage = 100

deltarpm_percentage =

enabled = 1

enablegroups = True

exclude =

failovermethod = priority

ftp_disable_epsv = False

gpgcadir = /var/lib/yum/repos/x86_64/latest/epel/gpgcadir

gpgcakey =

gpgcheck = True

gpgdir = /var/lib/yum/repos/x86_64/latest/epel/gpgdir

gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

hdrdir = /var/cache/yum/x86_64/latest/epel/headers

http_caching = all

includepkgs =

ip_resolve =

keepalive = True

keepcache = False

mddownloadpolicy = sqlite

mdpolicy = group:small

mediaid =

metadata_expire = 21600

metadata_expire_filter = read-only:present

metalink =

minrate = 0

mirrorlist = https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64

mirrorlist_expire = 86400

name = Extra Packages for Enterprise Linux 6 - x86_64

old_base_cache_dir =

password =

persistdir = /var/lib/yum/repos/x86_64/latest/epel

pkgdir = /var/cache/yum/x86_64/latest/epel/packages

priority = 99

proxy = False

proxy_dict =

proxy_password =

proxy_username =

repo_gpgcheck = False

report_instanceid = False

retries = 3

skip_if_unavailable = False

ssl_check_cert_permissions = True

sslcacert =

sslclientcert =

sslclientkey =

sslverify = True

throttle = 0

timeout = 5.0

ui_id = epel/x86_64

ui_repoid_vars = releasever,

   basearch

username =

 

 

# 설치 확인

[root@ip-10-10-1-200 ~]# yum -y install ansible

Loaded plugins: priorities, update-motd, upgrade-helper

epel/x86_64/metalink                                                                                                                          | 7.8 kB  00:00:00    

epel                                                                                                                                          | 5.3 kB  00:00:00    

(1/3): epel/x86_64/group_gz                                                                                                                   |  71 kB  00:00:00    

(2/3): epel/x86_64/updateinfo                                                                                                                 | 790 kB  00:00:01    

(3/3): epel/x86_64/primary_db                                                                                                                 | 6.1 MB  00:00:01    

1063 packages excluded due to repository priority protections

Resolving Dependencies

--> Running transaction check

 

 

# host파일에 테스트 서버 등록

vi /etc/ansible/hosts 파일 맨 마지막에 아래와 같이 등록 (호스트명 , IP , 포트 , user ID, Pemkey)

 

testserver ansible_host=10.10.30.5 ansible_port=22 ansible_ssh_user=ec2-user ansible_ssh_private_key_file=/tmp/mh-key.pem

 

 

# Ping 테스트

[root@ip-10-10-10-183 ansible]# ansible -m ping all

testserver | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

 

 

# 호스트의 uname , 디스크 정보 확인
# all 을 붙일 경우 호스트 파일에 등록 된 모든 호스트 정보를 가져온다 

[root@ip-10-10-10-183 ansible]# ansible all -m shell -a "uname -a;df -h"

testserver | SUCCESS | rc=0 >>

Linux ip-10-10-30-5 4.14.128-87.105.amzn1.x86_64 #1 SMP Thu Jun 20 00:43:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Filesystem      Size  Used Avail Use% Mounted on

devtmpfs        987M   60K  987M   1% /dev

tmpfs           997M     0  997M   0% /dev/shm

/dev/xvda1       20G  1.3G   19G   7% /

# 특정 호스트에 대한 정보만 확인

[root@ip-10-10-10-183 ansible]# ansible testserver -m shell -a "uname -a;df -h"

testserver | SUCCESS | rc=0 >>

Linux ip-10-10-30-5 4.14.128-87.105.amzn1.x86_64 #1 SMP Thu Jun 20 00:43:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Filesystem      Size  Used Avail Use% Mounted on

devtmpfs        987M   60K  987M   1% /dev

tmpfs           997M     0  997M   0% /dev/shm

/dev/xvda1       20G  1.3G   19G   7% /