Commit 2de06aa8 authored by JooHan Hong's avatar JooHan Hong

ansible, 2021-03-08, update7

parent 758c29db
Pipeline #5116 passed with stages
in 2 seconds
[![logo](https://www.hongsnet.net/images/logo.gif)](https://www.hongsnet.net)
# Ansible의 shell,template를 이용한 OS Package 설치
> OS를 Minimal 설치한 후의 기본적인 환경을 구성한다.
## 주요 기능
- 수행 후 APT_PACKAGES/*IP주소*/*일자*/dpkg_result.txt 파일을 남기도록 한다.
## Inventory 설정
```bash
# cat hosts
[ALL_HOSTS]
172.16.0.100 managed_ip=172.16.0.100 des="2020-12-03"
[ALL_HOSTS_OK]
```
대상 호스트는 172.16.0.100이며, 추가는 2020-12-03에 수행한다. 참고적으로 **ALL_HOSTS_OK** 호스트 그룹은 작업이 완료된 호스트의 history를 위한 그룹이다.
## Host Variables 설정
```bash
# cat host_vars/172.16.0.100
ansible_ssh_host: 172.16.0.100
ansible_ssh_port: SSH_포트번호
ansible_ssh_user: 사용자 아이디
ansible_ssh_pass: "사용자 패스워드"
ansible_become: yes
ansible_become_method: su
ansible_become_user: root
ansible_become_pass: "!root_패스워드"
ansible_python_interpreter: python2.7
```
## Playbook 설정
```python
---
- name: Debian(Minimal Install) Basic APT Package Install
hosts: DEPLOY
vars:
time: "{{lookup('pipe','date \"+%Y%m%d_%H%M\"')}}"
environment:
LANG: ko_KR.UTF-8
tasks:
- name: Copy the banner issue file in remote node
copy:
src: templates/issue.j2
dest: /etc/issue
owner: root
group: root
mode: 0644
- name: Copy the banner issue.net file in remote node
copy:
src: templates/issue.net.j2
dest: /etc/issue.net
owner: root
group: root
mode: 0644
- name: Copy the banner issue.net file in remote node
copy:
src: templates/motd.j2
dest: /etc/motd
owner: root
group: root
mode: 0644
- name: Timezone Setting(Asia/Seoul) Force Linking
shell: ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
register: timezone_result
- debug: var=timezone_result
- name: /etc/apt/sources.list_src file copy check
stat:
path: /etc/apt/sources.list_src
register: apt_sourcelist_backup
- name: /etc/apt/sources.list_src file backup
command: cp -rf /etc/apt/sources.list /etc/apt/sources.list_src
when: apt_sourcelist_backup.stat.exists == False
- name: APT source sources.list file copy
copy:
src: "{{ item }}"
dest: /etc/apt/sources.list
owner: 'root'
group: 'root'
mode: 0644
#attr: i
with_items:
['sources.list_9_130']
- name: Install a list of packages
apt:
pkg:
- binutils
- net-tools
- dnsutils
- vim
- gcc
- g++
- cmake
- smartmontools
- sysstat
- lsb-core
- rdate
- ntp
- rsync
- ntpdate
- ftp
- ethtool
- tcpdump
- lvm2
- parted
- libpam-cracklib
- mdadm
- nfs-common
update_cache: yes
- name: Stop & Disabled Serivces
systemd:
name: "{{ item }}"
state: stopped
enabled: no
with_items:
- exim4
```
`Debian 계열의 APT 매니지`에 대한 Playbook 분석
* [ ] 콘솔/원격 접속 시 출력되는 Banner를 배포한다.
* [ ] Minimal 설치 후 필요한 최소한의 패키지를 설치한다.
* [ ] 불필요한 서비스를 중지하고, 비활성화한다.
## playbook 실행
```bash
# ansible-playbook -i hosts debian_minimal.yml
```
...@@ -9,5 +9,6 @@ ...@@ -9,5 +9,6 @@
| NO | ITEM | Content | 비고 | | NO | ITEM | Content | 비고 |
| ------ | ------ | ------ | ------ | | ------ | ------ | ------ | ------ |
| 1 | OS Version Fetch | [OS](./VERSIONS/) | | | 1 | OS Version Fetch | [OS](./VERSIONS/) | |
| 2 | OS Package Installing(apt) | [GO](./APT/) | | | 2 | OS Package Installing (apt) | [GO](./APT/) | |
| 3 | OS Package Installing(yum) | [GO](./YUM/) | | | 3 | OS Minimal Packages Installing (apt) | [GO](./APT/MINIMAL/) | |
| 4 | OS Package Installing (yum) | [GO](./YUM/) | |
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
| NO | ITEM | Content | 비고 | | NO | ITEM | Content | 비고 |
| ------ | ------ | ------ | ------ | | ------ | ------ | ------ | ------ |
| 1 | OS Maintenance ITEMs | [OS](./OS/) | | | 1 | OS Maintenance ITEMs | [GO](./OS/) | |
| 2 | INFRA Maintenance ITEMs | [GO](./INFRA/) | | | 2 | INFRA Maintenance ITEMs | [GO](./INFRA/) | |
| 3 | WEB Server Maintenance ITEMs | [GO](./WEB/) | | | 3 | WEB Server Maintenance ITEMs | [GO](./WEB/) | |
| 4 | Users Management ITEMs | [GO](./USER/) | | | 4 | Users Management ITEMs | [GO](./USER/) | |
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment