Ansible Part 2
Sync VirtualBox Guest Additions
$ vagrant plugin install vagrant-vaguest
$ vagrant plugin install vagrant-vbguest查看機器狀態
$ vagrant status
Current machine states:
mgmt running (virtualbox)
lb running (virtualbox)
web1 running (virtualbox)
web2 running (virtualbox)
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.登入 mgmt
$ vagrant ssh mgmt
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-79-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information disabled due to load higher than 1.0
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
vagrant@mgmt:~$查看 linux 版本
vagrant@mgmt:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
vagrant@mgmt:~$列出檔案, 因為執行 bootstrap-mgmt.sh, 可看到 /vagrant/examples/ 的檔案被複製過來
vagrant@mgmt:~$ ls -l
total 68
-rw-r--r-- 1 vagrant vagrant 50 Mar 13 02:24 ansible.cfg
-rw-r--r-- 1 vagrant vagrant 410 Mar 13 02:24 e45-ntp-install.yml
-rw-r--r-- 1 vagrant vagrant 111 Mar 13 02:24 e45-ntp-remove.yml
-rw-r--r-- 1 vagrant vagrant 471 Mar 13 02:24 e45-ntp-template.yml
-rw-r--r-- 1 vagrant vagrant 257 Mar 13 02:24 e45-ssh-addkey.yml
-rw-r--r-- 1 vagrant vagrant 81 Mar 13 02:24 e46-role-common.yml
-rw-r--r-- 1 vagrant vagrant 107 Mar 13 02:24 e46-role-lb.yml
-rw-r--r-- 1 vagrant vagrant 184 Mar 13 02:24 e46-role-site.yml
-rw-r--r-- 1 vagrant vagrant 133 Mar 13 02:24 e46-role-web.yml
-rw-r--r-- 1 vagrant vagrant 1236 Mar 13 02:24 e46-site.yml
-rw-r--r-- 1 vagrant vagrant 103 Mar 13 02:24 e47-parallel.yml
-rw-r--r-- 1 vagrant vagrant 2015 Mar 13 02:24 e47-rolling.yml
-rw-r--r-- 1 vagrant vagrant 115 Mar 13 02:24 e47-serial.yml
drwxr-xr-x 2 vagrant vagrant 4096 Mar 13 02:24 files
-rw-r--r-- 1 vagrant vagrant 67 Mar 13 02:24 inventory.ini
drwxr-xr-x 5 vagrant vagrant 4096 Mar 13 02:24 roles
drwxr-xr-x 2 vagrant vagrant 4096 Mar 13 02:24 templates
vagrant@mgmt:~$觀察 /vagrant 與系統為共享資料夾
vagrant@mgmt:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 115M 12K 115M 1% /dev
tmpfs 24M 368K 24M 2% /run
/dev/sda1 40G 1.5G 37G 4% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
none 5.0M 0 5.0M 0% /run/lock
none 119M 0 119M 0% /run/shm
none 100M 0 100M 0% /run/user
none 111G 104G 7.5G 94% /vagrant
vagrant@mgmt:~$列出 /vagrant 檔案內容
vagrant@mgmt:~$ ls -l /vagrant
total 8
-rw-r--r-- 1 vagrant vagrant 676 Mar 13 19:41 bootstrap-mgmt.sh
drwxr-xr-x 1 vagrant vagrant 306 Mar 13 02:55 episode-45
drwxr-xr-x 1 vagrant vagrant 680 Mar 13 02:55 examples
-rw-r--r-- 1 vagrant vagrant 1374 Mar 13 19:54 Vagrantfile
vagrant@mgmt:~$ansible 版本
vagrant@mgmt:~$ ansible --version
ansible 2.0.1.0
config file = /home/vagrant/ansible.cfg
configured module search path = Default w/o overrides
vagrant@mgmt:~$查看 mgmt 裡的 inventory 設定檔
vagrant@mgmt:~$ cat ansible.cfg
[defaults]
hostfile = /home/vagrant/inventory.ini查看主機清單
vagrant@mgmt:~$ cat inventory.ini
[lb]
lb
[web]
web1
web2
#web3
#web4
#web5
#web6
#web7
#web8
#web9
vagrant@mgmt:~$inventory.ini 是如何認得主機名稱, 乃是因為 /etc/hosts 中已經儲存主機位址與名稱的對應表
vagrant@mgmt:~$ cat /etc/hosts
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.1.1 mgmt mgmt
# vagrant environment nodes
10.0.15.10 mgmt
10.0.15.11 lb
10.0.15.21 web1
10.0.15.22 web2
10.0.15.23 web3
10.0.15.24 web4
10.0.15.25 web5
10.0.15.26 web6
10.0.15.27 web7
10.0.15.28 web8
10.0.15.29 web9
vagrant@mgmt:~$測試一下 mgmt 是否能與其他 node 溝通
vagrant@mgmt:~$ ping web1
PING web1 (10.0.15.21) 56(84) bytes of data.
64 bytes from web1 (10.0.15.21): icmp_seq=1 ttl=64 time=1.94 ms
64 bytes from web1 (10.0.15.21): icmp_seq=2 ttl=64 time=2.93 ms
^C
--- web1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1004ms
rtt min/avg/max/mdev = 1.946/2.441/2.937/0.497 ms
vagrant@mgmt:~$
事實上, ansible.cfg 是 override 系統 ansible.cfg 的設定檔,
vagrant@mgmt:~$ cd /etc/ansible/
vagrant@mgmt:/etc/ansible$ ls -l
total 20
-rw-r--r-- 1 root root 10301 Feb 25 03:01 ansible.cfg
-rw-r--r-- 1 root root 1016 Feb 25 03:01 hosts
drwxr-xr-x 2 root root 4096 Feb 25 03:03 roles
vagrant@mgmt:/etc/ansible$系統 ansible.cfg 的設定檔
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#remote_tmp = $HOME/.ansible/tmp
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C由於 ansible 是透過 ssh 與其他主機溝通, 試試看 ssh web1, 發現 ansible 要與主機溝通前, 必須建立安全連線及認證, 可以手動同意接受, 但是若有 100 台主機要控制呢? 抑或關掉認證?
vagrant@mgmt:~$ ssh web1
The authenticity of host 'web1 (10.0.15.21)' can't be established.
ECDSA key fingerprint is df:84:e4:e4:fd:07:56:b8:19:a6:0c:37:96:c9:f2:dd.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.ansible 提供 module 來操作機器, 這裡使用 ping module, 利用 -m 選項, 同樣會告知無法建立通訊
vagrant@mgmt:~$ ansible web1 -m ping
The authenticity of host 'web1 (10.0.15.21)' can't be established.
ECDSA key fingerprint is df:84:e4:e4:fd:07:56:b8:19:a6:0c:37:96:c9:f2:dd.
Are you sure you want to continue connecting (yes/no)? no
web1 | UNREACHABLE! => {
"changed": false,
"msg": "SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue",
"unreachable": true
}利用 ssh-keyscan 可以知道主機的公鑰, 例如要存取 web1 的公鑰
vagrant@mgmt:~$ ssh-keyscan web1
# web1 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
web1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPMj8p4orJkSxuqqsHx+yyWgOO67PcQGMut5FOKRO/1O1fhi8MI86dNmlegsdZH4xVYXGT/CcYQZLU0VwU+TBJo=
# web1 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
web1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxNDaMMY/zJF3KFegyqciPQK6tV4kRnv5evZMbITUxju9q+AOKhsXCfRiesKZ6F9h0umL1fxT3BOQTBFhDnzOvFi7eZM5CWW43EgzcRTVtS8xluOxiVCFbJoR+7H/jQm4Yu5aKbuackLIv2X/UGgJkdvuTeqr6sXMKP9IZNK66Rif/MqKvQc1A0z7S//ljA/T4hc0bFhzGLKM98wmQ9YRMHJ9rF8I4HiRuvMm+4rKHK/GKjLYy0LICEcHYDFODXq0AkFXHNwoiBR9h3w8fUnFvIWk9LVWcFrFDnUEZD7Skcyy6WxtWUVJuCXV8nr9cynCgbLoCJT8G7a95kotGwD8/因此, 透過 ssh-keyscan, 我們可將主機清單中的主機公鑰, 一次加入到 .ssh/known_hosts 中
vagrant@mgmt:~$ ssh-keyscan lb web1 web2 >> .ssh/known_hosts
# web2 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
# lb SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
# lb SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
# web1 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
# web1 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
# web2 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6再次 ping 所有主機, 但這次我們要求輸入密碼, 密碼是 vagrant
vagrant@mgmt:~$ ansible all -m ping --ask-pass
SSH password:
lb | SUCCESS => {
"changed": false,
"ping": "pong"
}
web2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
web1 | SUCCESS => {
"changed": false,
"ping": "pong"
}在執行完上步後, 會有一短暫時間, 我們不需要再次輸入密碼
vagrant@mgmt:~$ ansible all -m ping
web1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
web2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
lb | SUCCESS => {
"changed": false,
"ping": "pong"
}通過 ps 觀察, 目前的 process 中, 含有 ansible-ssh 其他主機的程序
vagrant@mgmt:~$ ps x
PID TTY STAT TIME COMMAND
1702 ? S 0:00 sshd: vagrant@pts/0
1703 pts/0 Ss 0:00 -bash
1880 ? Ss 0:00 ssh: /home/vagrant/.ansible/cp/ansible-ssh-web2-22-vagrant [mux]
1884 ? Ss 0:00 ssh: /home/vagrant/.ansible/cp/ansible-ssh-web1-22-vagrant [mux]
1887 ? Ss 0:00 ssh: /home/vagrant/.ansible/cp/ansible-ssh-lb-22-vagrant [mux]
1935 pts/0 R+ 0:00 ps x同理, 網路狀態如下
vagrant@mgmt:~$ netstat -nap | grep EST
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 10.0.15.10:52952 10.0.15.11:22 ESTABLISHED 1887/ansible-ssh-lb
tcp 0 0 10.0.15.10:50542 10.0.15.22:22 ESTABLISHED 1880/ansible-ssh-we
tcp 0 0 10.0.15.10:34020 10.0.15.21:22 ESTABLISHED 1884/ansible-ssh-we
tcp 0 36 10.0.2.15:22 10.0.2.2:53497 ESTABLISHED -
vagrant@mgmt:~$接著要利用 playbook 來進行 ssh-addkey 的動作
- 對於所有主機
- 使用 sudo
- user 為 vagrant
- 動作為 install ssh key
vagrant@mgmt:~$ cat e45-ssh-addkey.yml
---
- hosts: all
sudo: yes
gather_facts: no
remote_user: vagrant
tasks:
- name: install ssh key
authorized_key: user=vagrant
key="{{ lookup('file', '/home/vagrant/.ssh/id_rsa.pub') }}"
state=present先產生一組公私鑰
vagrant@mgmt:~$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
4a:4f:d4:0c:09:4c:d7:b0:fd:30:07:67:77:1d:04:de vagrant@mgmt
The key's randomart image is:
+--[ RSA 2048]----+
| oo.++. o.+o+|
| ...*.+.....|
| o * .. E |
| . = |
| . S . |
| . + |
| . . |
| |
| |
+-----------------+查看 .ssh 目錄
vagrant@mgmt:~$ ls -l .ssh
total 16
-rw------- 1 vagrant vagrant 466 Mar 13 19:39 authorized_keys
-rw------- 1 vagrant vagrant 1679 Mar 13 21:03 id_rsa
-rw-r--r-- 1 vagrant vagrant 394 Mar 13 21:03 id_rsa.pub
-rw-rw-r-- 1 vagrant vagrant 2318 Mar 13 20:43 known_hosts執行 e45-ssh-addkey.yml playbook, 但因為目前還未建立安全連線, 需要加上 --ask-pass 選項
vagrant@mgmt:~$ ansible-playbook e45-ssh-addkey.yml --ask-pass
SSH password:
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method
is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be
disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY ***************************************************************************
TASK [install ssh key] *********************************************************
changed: [web2]
changed: [web1]
changed: [lb]
PLAY RECAP *********************************************************************
lb : ok=1 changed=1 unreachable=0 failed=0
web1 : ok=1 changed=1 unreachable=0 failed=0
web2 : ok=1 changed=1 unreachable=0 failed=0
vagrant@mgmt:~$再執行一次, task 沒有改變
vagrant@mgmt:~$ ansible-playbook e45-ssh-addkey.yml
PLAY ***************************************************************************
TASK [install ssh key] *********************************************************
ok: [web1]
ok: [web2]
ok: [lb]
PLAY RECAP *********************************************************************
lb : ok=1 changed=0 unreachable=0 failed=0
web1 : ok=1 changed=0 unreachable=0 failed=0
web2 : ok=1 changed=0 unreachable=0 failed=0
vagrant@mgmt:~$Ansible is Idempotent: 可執行多次, 但結果不會改變
之後 ansible 與其他主機之間就不需要再輸入密碼認證
安裝 ntp, 我們可利用 -m 指定使用 apt, -a 表示參數為 ntp, 但是因為安裝套件必須為 root, 因為權限限制會有錯誤
vagrant@mgmt:~$ ansible web1 -m apt -a "name=ntp state=installed"
web1 | FAILED! => {
"cache_update_time": 0,
"cache_updated": false,
"changed": false,
"failed": true,
"msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'ntp'' failed: E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n",
"stderr": "E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n",
"stdout": "",
"stdout_lines": []
}
vagrant@mgmt:~$利用 --sudo 選項進行安裝
vagrant@mgmt:~$ ansible web1 -m apt -a "name=ntp state=installed" --sudo
web1 | SUCCESS => {
"cache_update_time": 0,
"cache_updated": false,
"changed": true,
"stderr": "",
"stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following extra packages will be installed:\n libopts25\nSuggested packages:\n ntp-doc\nThe following NEW packages will be installed:\n libopts25 ntp\n0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.\nNeed to get 474 kB of archives.\nAfter this operation, 1677 kB of additional disk space will be used.\nGet:1 http://archive.ubuntu.com/ubuntu/ trusty/main libopts25 amd64 1:5.18-2ubuntu2 [55.3 kB]\nGet:2 http://archive.ubuntu.com/ubuntu/ trusty-updates/main ntp amd64 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 [419 kB]\nFetched 474 kB in 0s (536 kB/s)\nSelecting previously unselected package libopts25:amd64.\n(Reading database ... 62975 files and directories currently installed.)\nPreparing to unpack .../libopts25_1%3a5.18-2ubuntu2_amd64.deb ...\nUnpacking libopts25:amd64 (1:5.18-2ubuntu2) ...\nSelecting previously unselected package ntp.\nPreparing to unpack .../ntp_1%3a4.2.6.p5+dfsg-3ubuntu2.14.04.8_amd64.deb ...\nUnpacking ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.8) ...\nProcessing triggers for ureadahead (0.100.0-16) ...\nProcessing triggers for man-db (2.6.7.1-1ubuntu1) ...\nSetting up libopts25:amd64 (1:5.18-2ubuntu2) ...\nSetting up ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.8) ...\n * Starting NTP server ntpd\n ...done.\nProcessing triggers for libc-bin (2.19-0ubuntu6.7) ...\nProcessing triggers for ureadahead (0.100.0-16) ...\n",
"stdout_lines": [
"Reading package lists...",
"Building dependency tree...",
"Reading state information...",
"The following extra packages will be installed:",
" libopts25",
"Suggested packages:",
" ntp-doc",
"The following NEW packages will be installed:",
" libopts25 ntp",
"0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.",
"Need to get 474 kB of archives.",
"After this operation, 1677 kB of additional disk space will be used.",
"Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libopts25 amd64 1:5.18-2ubuntu2 [55.3 kB]",
"Get:2 http://archive.ubuntu.com/ubuntu/ trusty-updates/main ntp amd64 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 [419 kB]",
"Fetched 474 kB in 0s (536 kB/s)",
"Selecting previously unselected package libopts25:amd64.",
"(Reading database ... 62975 files and directories currently installed.)",
"Preparing to unpack .../libopts25_1%3a5.18-2ubuntu2_amd64.deb ...",
"Unpacking libopts25:amd64 (1:5.18-2ubuntu2) ...",
"Selecting previously unselected package ntp.",
"Preparing to unpack .../ntp_1%3a4.2.6.p5+dfsg-3ubuntu2.14.04.8_amd64.deb ...",
"Unpacking ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.8) ...",
"Processing triggers for ureadahead (0.100.0-16) ...",
"Processing triggers for man-db (2.6.7.1-1ubuntu1) ...",
"Setting up libopts25:amd64 (1:5.18-2ubuntu2) ...",
"Setting up ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.8) ...",
" * Starting NTP server ntpd",
" ...done.",
"Processing triggers for libc-bin (2.19-0ubuntu6.7) ...",
"Processing triggers for ureadahead (0.100.0-16) ..."
]
}
vagrant@mgmt:~$有個在 files/ 目錄下的檔案, 叫做 ntp.conf
vagrant@mgmt:~$ ls -l files
total 8
-rw-r--r-- 1 vagrant vagrant 504 Mar 13 02:24 ntp.conf
-rw-r--r-- 1 vagrant vagrant 417 Mar 13 02:24 ntp.conf.j2
vagrant@mgmt:~$
內容如下
vagrant@mgmt:~$ cat files/ntp.conf
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org
server ntp.ubuntu.com
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
vagrant@mgmt:~$利用 module 將檔案複製到 web1 的目標位址下
vagrant@mgmt:~$ ansible web1 -m copy -a "src=/home/vagrant/files/ntp.conf dest=/etc/ntp.conf mode=644 owner=root group=root" --sudo
web1 | SUCCESS => {
"changed": true,
"checksum": "f1f51d84bd084c9acbc1a1827b70860db2117ae4",
"dest": "/etc/ntp.conf",
"gid": 0,
"group": "root",
"md5sum": "5b7b1e1e54f33c6948335335ab03f423",
"mode": "0644",
"owner": "root",
"size": 504,
"src": "/home/vagrant/.ansible/tmp/ansible-tmp-1457904441.86-135622599683700/source",
"state": "file",
"uid": 0
}
vagrant@mgmt:~$重啟 ntp sever
vagrant@mgmt:~$ ansible web1 -m service -a "name=ntp state=restarted"
web1 | SUCCESS => {
"changed": true,
"name": "ntp",
"state": "started"
}
vagrant@mgmt:~$查看所有主機的上線時間
vagrant@mgmt:~$ ansible all -m shell -a "uptime"
web1 | SUCCESS | rc=0 >>
21:31:10 up 53 min, 1 user, load average: 0.14, 0.05, 0.05
web2 | SUCCESS | rc=0 >>
21:31:10 up 51 min, 1 user, load average: 0.08, 0.03, 0.05
lb | SUCCESS | rc=0 >>
21:31:11 up 55 min, 1 user, load average: 0.00, 0.01, 0.05對所有主機執行 uname -a
vagrant@mgmt:~$ ansible all -m shell -a "uname -a"
web1 | SUCCESS | rc=0 >>
Linux web1 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
web2 | SUCCESS | rc=0 >>
Linux web2 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
lb | SUCCESS | rc=0 >>
Linux lb 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
vagrant@mgmt:~$看看 e45-ntp-install.yml playbook 的內容
vagrant@mgmt:~$ cat e45-ntp-install.yml
---
- hosts: all
become: yes
become_method: sudo
gather_facts: no
tasks:
- name: install ntp
apt: name=ntp state=installed update_cache=yes
- name: write our ntp.conf
copy: src=/home/vagrant/files/ntp.conf dest=/etc/ntp.conf mode=644 owner=root group=root
notify: restart ntp
- name: start ntp
service: name=ntp state=started
handlers:
- name: restart ntp
service: name=ntp state=restarted
vagrant@mgmt:~$playbook 中, 將剛剛在 web1 中的步驟合併一起執行, 安裝 ntp, 複製設定檔, 另外還能定義 handler, 當狀態改變時, notify 會去呼叫定義的 handler, 讓服務重啟, 另外, ntp start 是一種 playbook 撰寫模式, 為了再次確認 ntp 是否啟動.
執行 playbook, 由於 web1 之前已經安裝 ntp, 可看到它的狀態並無改變
vagrant@mgmt:~$ ansible-playbook e45-ntp-install.yml
PLAY ***************************************************************************
TASK [install ntp] *************************************************************
ok: [web1]
changed: [web2]
changed: [lb]
TASK [write our ntp.conf] ******************************************************
ok: [web1]
changed: [web2]
changed: [lb]
TASK [start ntp] ***************************************************************
ok: [web1]
ok: [web2]
ok: [lb]
RUNNING HANDLER [restart ntp] **************************************************
changed: [web2]
changed: [lb]
PLAY RECAP *********************************************************************
lb : ok=4 changed=3 unreachable=0 failed=0
web1 : ok=3 changed=0 unreachable=0 failed=0
web2 : ok=4 changed=3 unreachable=0 failed=0
vagrant@mgmt:~$假設修改 ntp.conf, 原始的設定檔
vagrant@mgmt:~$ cat files/ntp.conf
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org
server ntp.ubuntu.com
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
vagrant@mgmt:~$編輯如下, 使用北美的 ntp 服務器
vagrant@mgmt:~$ vim files/ntp.conf
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
server ntp.ubuntu.com
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1再次執行 ntp-playbook, 因為設定檔內容已改變, 所以當再次安裝時, 狀態也改變
vagrant@mgmt:~$ ansible-playbook e45-ntp-install.yml
PLAY ***************************************************************************
TASK [install ntp] *************************************************************
ok: [web2]
ok: [lb]
ok: [web1]
TASK [write our ntp.conf] ******************************************************
changed: [web1]
changed: [web2]
changed: [lb]
TASK [start ntp] ***************************************************************
ok: [web2]
ok: [web1]
ok: [lb]
RUNNING HANDLER [restart ntp] **************************************************
changed: [web1]
changed: [web2]
changed: [lb]
PLAY RECAP *********************************************************************
lb : ok=4 changed=2 unreachable=0 failed=0
web1 : ok=4 changed=2 unreachable=0 failed=0
web2 : ok=4 changed=2 unreachable=0 failed=0
vagrant@mgmt:~$查看 web1 的設定資訊
vagrant@mgmt:~$ ansible web1 -m setup | less
web1 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"10.0.2.15",
"10.0.15.21"
],
"ansible_all_ipv6_addresses": [
"fe80::a00:27ff:feb6:ee51",
"fe80::a00:27ff:fea2:ec0f"
],
"ansible_architecture": "x86_64",
"ansible_bios_date": "12/01/2006",
"ansible_bios_version": "VirtualBox",
"ansible_cmdline": {
"BOOT_IMAGE": "/boot/vmlinuz-3.13.0-79-generic",
"console": "ttyS0",
"ro": true,
"root": "UUID=f52637a4-7af9-40de-9f41-f0eb65140a32"
},
"ansible_date_time": {
"date": "2016-03-13",
"day": "13",
"epoch": "1457905829",
"hour": "21",
:利用 filter 來取出 web1 主機的版本資訊
vagrant@mgmt:~$ ansible web1 -m setup -a "filter=ansible_distribution"
web1 | SUCCESS => {
"ansible_facts": {
"ansible_distribution": "Ubuntu"
},
"changed": false
}
vagrant@mgmt:~$利用萬用字元 * 找出資訊
vagrant@mgmt:~$ ansible web1 -m setup -a "filter=ansible_distribution*"
web1 | SUCCESS => {
"ansible_facts": {
"ansible_distribution": "Ubuntu",
"ansible_distribution_major_version": "14",
"ansible_distribution_release": "trusty",
"ansible_distribution_version": "14.04"
},
"changed": false
}
vagrant@mgmt:~$取出 ip address
vagrant@mgmt:~$ ansible web1 -m setup -a "filter=ansible_all_ipv4_addresses"
web1 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"10.0.2.15",
"10.0.15.21"
]
},
"changed": false
}
vagrant@mgmt:~$
來看 template, 可看到定義了變數 noc_ntpserver, 值為 server 0.ca.pool.ntp.org, 利用在 ntp.conf 設定時, 會參考 ntp.conf.j2 模版
vagrant@mgmt:~$ cat e45-ntp-template.yml
---
- hosts: all
sudo: yes
gather_facts: no
vars:
noc_ntpserver: 0.ca.pool.ntp.org
tasks:
- name: install ntp
apt: name=ntp state=installed update_cache=yes
- name: write our ntp.conf
template: src=/home/vagrant/files/ntp.conf.j2 dest=/etc/ntp.conf mode=644 owner=root group=root
notify: restart ntp
- name: start ntp
service: name=ntp state=started
handlers:
- name: restart ntp
service: name=ntp state=restarted
vagrant@mgmt:~$查看 files/ntp.conf.j2 內容
vagrant@mgmt:~$ cat files/ntp.conf.j2
# {{ ansible_managed }}
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server {{ noc_ntpserver }}
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
vagrant@mgmt:~$在 jinja2, 可定義控制變數, 例如 server {{ noc_ntpserver }}, 則可由 playbook 中定義的值來取代
執行 template 的 playbook
vagrant@mgmt:~$ ansible-playbook e45-ntp-template.yml
PLAY ***************************************************************************
TASK [install ntp] *************************************************************
ok: [web1]
ok: [web2]
ok: [lb]
TASK [write our ntp.conf] ******************************************************
changed: [web1]
changed: [web2]
changed: [lb]
TASK [start ntp] ***************************************************************
ok: [web1]
ok: [web2]
ok: [lb]
RUNNING HANDLER [restart ntp] **************************************************
changed: [web2]
changed: [web1]
changed: [lb]
PLAY RECAP *********************************************************************
lb : ok=4 changed=2 unreachable=0 failed=0
web1 : ok=4 changed=2 unreachable=0 failed=0
web2 : ok=4 changed=2 unreachable=0 failed=0
vagrant@mgmt:~$ssh 進入 web1
vagrant@mgmt:~$ ssh web1
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-79-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information as of Sun Mar 13 22:01:32 UTC 2016
System load: 0.08 Processes: 75
Usage of /: 3.5% of 39.34GB Users logged in: 0
Memory usage: 49% IP address for eth0: 10.0.2.15
Swap usage: 0% IP address for eth1: 10.0.15.21
Graph this data and manage this system at:
https://landscape.canonical.com/
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Last login: Sun Mar 13 22:02:31 2016 from 10.0.15.10
vagrant@web1:~$查看 /etc/ntp.conf 內容, 註解說明修改的時間, 另外 server 的值也被替代
vagrant@web1:~$ cat /etc/ntp.conf
# Ansible managed: /home/vagrant/files/ntp.conf.j2 modified on 2016-03-13 02:24:48 by vagrant on mgmt
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 0.ca.pool.ntp.org
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
vagrant@web1:~$查看 remove playbook
vagrant@mgmt:~$ cat e45-ntp-remove.yml
---
- hosts: all
become: yes
become_method: sudo
gather_facts: no
tasks:
- name: remove ntp
apt: name=ntp state=absent
vagrant@mgmt:~$執行 remove playbook
vagrant@mgmt:~$ ansible-playbook e45-ntp-remove.yml
PLAY ***************************************************************************
TASK [remove ntp] **************************************************************
changed: [lb]
changed: [web2]
changed: [web1]
PLAY RECAP *********************************************************************
lb : ok=1 changed=1 unreachable=0 failed=0
web1 : ok=1 changed=1 unreachable=0 failed=0
web2 : ok=1 changed=1 unreachable=0 failed=0
vagrant@mgmt:~$ ansible-playbook e45-ntp-remove.yml
PLAY ***************************************************************************
TASK [remove ntp] **************************************************************
ok: [lb]
ok: [web2]
ok: [web1]
PLAY RECAP *********************************************************************
lb : ok=1 changed=0 unreachable=0 failed=0
web1 : ok=1 changed=0 unreachable=0 failed=0
web2 : ok=1 changed=0 unreachable=0 failed=0
vagrant@mgmt:~$