+1-1+1-1+1-1+1-1...
[서버관리 자동화] Ansible 설치 및 초기 세팅 본문
728x90
1. Ansible 설치
[root@test-mgmt01 ~]# yum list installed | grep ansible
[root@test-mgmt01 ~]# yum install epel-release -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be updated
---> Package epel-release.noarch 0:7-13 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================================================================
Updating:
epel-release noarch 7-13 epel 15 k
Transaction Summary
=================================================================================================================================================================================================
Upgrade 1 Package
Total download size: 15 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
epel-release-7-13.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : epel-release-7-13.noarch 1/2
Cleanup : epel-release-7-11.noarch 2/2
Verifying : epel-release-7-13.noarch 1/2
Verifying : epel-release-7-11.noarch 2/2
Updated:
epel-release.noarch 0:7-13
Complete!
[root@test-mgmt01 ~]# yum install ansible -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.9.17-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================================================================
Installing:
ansible noarch 2.9.17-1.el7 epel 17 M
Transaction Summary
=================================================================================================================================================================================================
Install 1 Package
Total download size: 17 M
Installed size: 105 M
Downloading packages:
ansible-2.9.17-1.el7.noarch.rpm | 17 MB 00:00:35
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ansible-2.9.17-1.el7.noarch 1/1
Verifying : ansible-2.9.17-1.el7.noarch 1/1
Installed:
ansible.noarch 0:2.9.17-1.el7
Complete!2. 관리 대상 서버에 인벤토리 등록
#search 구문에 명시된 도메인이름은 호스트이름을 서버로 보내기 전에 확장하는데에 사용됨.
#아래 세팅에서 서브 도메인을 이용해서 TEST-WEB01.testlab.net이라는 이름으로
#DNS 서버를 운영하고 있다면 TEST-WEB01만 입력하더라도 linux.testlab.net의 IP를 찾을수 있음
[root@test-mgmt01 ~]# cat /etc/resolv.conf
nameserver 192.168.60.10
search testlab.net
[root@test-mgmt01 ~]# mkdir -p inventory/hosts
[root@test-mgmt01 ~]# ls
hello.js inventory learning_ansible
[root@test-mgmt01 ~]# vi inventory/hosts/admin
[web]
TEST-WEB01
TEST-WEB02
[db]
TEST-SQL01
TEST-SQL02
3. SSH Key 생성 - Ansible은 ssh 통신을 기반으로 함, 서버 접속시 암호 전달을 생략하기위한 Key 생성 (보안 강화)
[root@test-mgmt01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
73:90:da:6a:c6:a2:ad:05:6a:3f:12:fd:6d:fa:9d:f9 root@test-mgmt01.testlab.net
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| o |
| o . |
| o . S . |
| o o . . o |
|... + * |
|...= = o. o |
| +oo.+. +.E |
+-----------------+
[root@test-mgmt01 ~]# cd /root/.ssh/
[root@test-mgmt01 .ssh]# ls
id_rsa id_rsa.pub
[root@test-mgmt01 .ssh]#4. Ansible 기본 설정 - 인벤토리 디렉토리 지정, ssh 통신시 호스트 검사 제외 설정
[root@test-mgmt01]# mkdir -p /inventory/hosts
[root@test-mgmt01]# mkdir -p /inventory/playbooks
[root@test-mgmt01]# mkdir playbooks
[root@test-mgmt01 ~]# ls inventory/
hosts playbooks
[root@test-mgmt01 inventory]# vi /etc/ansible/ansible.cfg
[defaults]
# some basic default values...
#인벤토리 폴더 지정
inventory = /root/inventory/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
# 프로세스 fork 수 지정
forks = 50
#poll_interval = 15
.....
# uncomment this to disable SSH key host checking
# ssh 체크시 known host 검사 제외
host_key_checking = False
....5. ssh-cossh-copy-id (관리대상 서버 공개키 복사) 자동 실행을 위한 Playbook 만들기
[root@test-mgmt01 ~]# vi inventory/playbooks/add_authorized_keys.yml
---
- hosts: all
gather_facts: no
tasks:
- name: import id_rsa.pub
connection: local
command: "cat /root/.ssh/id_rsa.pub"
register: id_pub
run_once: true
- name: add ansible-node authorized keys
lineinfile:
dest: /root/.ssh/authorized_keys
line: "{{ id_pub.stdout }}"
6. 생성한 Playbook 실행 > 적용이 되면 SSH Key를 공유하는 서버간에는 신뢰성이 보장되어 암호 입력이 필요없게됨
[root@test-mgmt01 ~]# ansible-playbook inventory/playbooks/add_authorized_keys.yml -k
SSH password:
PLAY [all] **************************************************************************************************************************************************************************************
TASK [import id_rsa.pub] ************************************************************************************************************************************************************************
changed: [TEST-WEB01]
TASK [add ansible-node authorized keys] *********************************************************************************************************************************************************
changed: [TEST-SQL02]
changed: [TEST-SQL01]
changed: [TEST-WEB01]
changed: [TEST-WEB02]
PLAY RECAP **************************************************************************************************************************************************************************************
TEST-SQL01 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
TEST-SQL02 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
TEST-WEB01 : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
TEST-WEB02 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=07. 암호없이 SSH 통신 테스트 - 성공
[root@test-mgmt01 ~]# ssh test-sql01
Last login: Sat Feb 27 15:28:22 2021 from 192.168.60.10
[root@localhost ~]#
8. ansible로 Ping 테스트 하기
[root@test-mgmt01 ~]# ansible all -m ping
TEST-WEB01 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
TEST-SQL01 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
TEST-SQL02 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
TEST-WEB02 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"참고링크
Ossian Story :: [Ansible] Authorized_keys 등록하기(SSH Key) (tistory.com)
[Ansible] Authorized_keys 등록하기(SSH Key)
[Ansible] Authorized_keys 등록하기(SSH Key) Authorized Keys란? Ansible Server(Source)에서 Ansible Node(Destination) 접속 시도 시 계정에 대한 암호를 입력해야 합니다. 이러한 암호를 매번 입력하면 Ansi..
ossian.tistory.com
[Ansible/엔시블/엔서블] Ansible 교육 자료 - 01. Introduction (tistory.com)
[Ansible/엔시블/엔서블] Ansible 교육 자료 - 01. Introduction
2개의 세션으로 나누어져 있습니다. Ansible 교육 자료 - 01. Introduction: http://mcpaint.tistory.com/277 Ansible 교육 자료 - 02. Playbooks: http://mcpaint.tistory.com/278 https://github.com/mcpaint/le..
mcpaint.tistory.com
반응형
'Linux > Sever Mangement' 카테고리의 다른 글
| Vagrant - CentOS 환경 구성 실습 (0) | 2021.03.01 |
|---|---|
| [서버관리 자동화] Ansible 기초 명령 (0) | 2021.02.27 |
| DNS 서버 구성 (bind) (0) | 2021.02.27 |
| 파일 확장자 일괄 변경 (0) | 2021.02.16 |
| 리눅스 awk 명령어 사용법 (0) | 2021.02.02 |