Ansible의 Fact변수, shell,template를 이용한 OS Package 설치
OS를 Minimal 설치한 후의 기본적인 환경을 구성한다.
주요 기능
- OS Minimal 설치 후 최소한의 Package를 설치한다.
- RedHat/Debian 계열에 따라 조건을 수행한다.
Inventory 설정
# cat hosts
[ALL_HOSTS]
172.16.0.100 managed_ip=172.16.0.100 des="2020-12-03"
[ALL_HOSTS_OK]대상 호스트는 172.16.0.100이며, 추가는 2020-12-03에 수행한다. 참고적으로 ALL_HOSTS_OK 호스트 그룹은 작업이 완료된 호스트의 history를 위한 그룹이다.
Host Variables 설정
# cat host_vars/172.16.0.100
ansible_ssh_host: 172.16.0.100
ansible_ssh_port: SSH_포트번호
ansible_ssh_user: 사용자 아이디
ansible_ssh_pass: "사용자 패스워드"
ansible_become: yes
ansible_become_method: su
ansible_become_user: root
ansible_become_pass: "!root_패스워드"
ansible_python_interpreter: python2.7Playbook 설정
---
- name: Basic OS Package Installing
hosts: ALL_HOSTS
vars:
time: "{{lookup('pipe','date \"+%Y%m%d_%H%M\"')}}"
environment:
LANG: ko_KR.UTF-8
tasks:
- name: Copy the banner issue file in remote node
copy:
src: templates/issue.j2
dest: /etc/issue
owner: root
group: root
mode: 0644
- name: Copy the banner issue.net file in remote node
copy:
src: templates/issue.net.j2
dest: /etc/issue.net
owner: root
group: root
mode: 0644
- name: Copy the banner issue.net file in remote node
copy:
src: templates/motd.j2
dest: /etc/motd
owner: root
group: root
mode: 0644
- name: Timezone Setting(Asia/Seoul) Force Linking
shell: ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
register: timezone_result
- debug: var=timezone_result
- name: /etc/apt/sources.list_src file copy check
stat:
path: /etc/apt/sources.list_src
register: apt_sourcelist_backup
when: ansible_os_family == "Debian"
- name: /etc/apt/sources.list_src file backup
command: cp -rf /etc/apt/sources.list /etc/apt/sources.list_src
when:
- apt_sourcelist_backup.stat.exists == False
- ansible_os_family == "Debian"
- name: APT source sources.list file copy
copy:
src: "{{ item }}"
dest: /etc/apt/sources.list
owner: 'root'
group: 'root'
mode: 0644
with_items:
['sources.list']
when: ansible_os_family == "Debian"
- name: Install a list of packages
apt:
pkg:
- binutils
- net-tools
- dnsutils
- vim
- gcc
- g++
- cmake
- smartmontools
- sysstat
- lsb-core
- rdate
- ntp
- rsync
- ntpdate
- ftp
- ethtool
- tcpdump
- lvm2
- parted
- libpam-cracklib
- mdadm
- nfs-common
update_cache: yes
when: ansible_os_family == "Debian"
- name: Stop & Disabled Serivces
systemd:
name: "{{ item }}"
state: stopped
enabled: no
with_items:
- exim4
when: ansible_os_family == "Debian"
- name: Install a list of packages
yum: name={{ item }} update_cache=yes
with_items:
- vim
- telnet
- lvm2
- sysstat
- ftp
- device-mapper-multipath
- device-mapper-multipath-lib
- setuptool
- sysfsutils
- sg3_utils
- dos2unix
- lsof
- iptstate
- ipmitool
- lrzsz
- zlib-devel
- tcl
- tcl-devel
- cmake
- nmap
- iptraf
- tcpdump
- net-tools
- psmisc
- tree
- rdate
- bash-completion
- wget
- gcc
- gcc-c++
- openssl
- openssl-devel
- zip
- unzip
- autoconf
- smartmontools
- ncurses-devel
- rsync
- bind-utils
- ntp
- chrony
when: ansible_os_family == "CentOS"
- name: Stop & Disabled Serivces
systemd:
name: "{{ item }}"
state: stopped
enabled: no
with_items:
- postfix
when: ansible_os_family == "CentOS"
OS Package Manager에 대한 Playbook 분석
-
OS Version의 조건을 수행하기 위해 Facts 변수인
ansible_os_family를 사용한다. -
Facts 변수를 수집하기 위해서는 반드시
gather_fact:no가 설정되면 안된다. -
외부 네트워크가 불가능한 환경에서는 각각 파일을 배포해야 한다.
- Debian 계열 : /etc/sources.list
- RedHat 계열 : /etc/yum.respo.d/*.repo
playbook 실행
# ansible-playbook -i hosts os_minimal.yml