ubuntu で Ansible を使う

1. 構成

server ---> client

役割	IP	OS	ホスト名
server	10.0.0.204	ubuntu 18.04	develop01
client	10.0.1.217	ubuntu 16.04	develop02

2. Ansibleの導入

インストール

ubuntu@develop01:~$ sudo apt-get update
ubuntu@develop01:~$ sudo apt-get install software-properties-common
ubuntu@develop01:~$ sudo apt-add-repository --yes --update ppa:ansible/ansible
ubuntu@develop01:~$ sudo apt-get install ansible

バージョン確認

$ ansible --version

ansible 2.7.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ubuntu/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15rc1 (default, Nov 12 2018, 14:31:15) [GCC 7.3.0]

3. 秘密鍵、公開鍵の作成

ubuntu@develop01:~$ mkdir .ssh
ubuntu@develop01:~$ cd .ssh
ubuntu@develop01:~/.ssh$ ssh-keygen -t rsa -b 4096 -C "your-email@example.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ubuntu/.ssh/id_rsa.
Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fMv/Wvlb/igct568ePTx4HeyMkANomdxEvA3xqqCQ7Q your-email@example.com
The key's randomart image is:
+---[RSA 4096]----+
|      ....       |
|       .+.o      |
|  .    ..==o     |
| . .  ..o+...    |
|  E    oS..      |
| . .   . o... +o |
|  o . .   oo =o++|
|   . .     .=+==*|
|            +OO*B|
+----[SHA256]-----+
ubuntu@develop01:~/.ssh$

作成した秘密鍵、公開鍵を確認。

ubuntu@develop01:~/.ssh$ ll
合計 16
drwxrwxr-x 2 ubuntu ubuntu 4096 12月 14 15:19 ./
drwxr-xr-x 3 ubuntu ubuntu 4096 12月 14 15:18 ../
-rw------- 1 ubuntu ubuntu 3326 12月 14 15:19 id_rsa
-rw-r--r-- 1 ubuntu ubuntu  748 12月 14 15:19 id_rsa.pub
ubuntu@develop01:~/.ssh$

ansible の playbook を実行するとデフォルトでrootに対してSSHを行う。今回はrootに対するSSH接続を許可する。

server で作成した公開鍵を client の~/.ssh/authorized_keysに追記。

/etc/ssh/sshd_configに以下を設定。

PermitRootLogin prohibit-password

playbookの実行を許可するホストの管理を行う。

/etc/ansible/hostsの末尾に接続先の情報を追記。

# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.

## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10

# Ex 2: A collection of hosts belonging to the 'webservers' group

## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110

# If you have multiple hosts following a pattern you can specify
# them like this:

## www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group

## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57

# Here's another example of host ranges, this time there are no
# leading 0s:

## db-[99:101]-node.example.com

[client]
10.0.1.217

Ansibleで client のタイムゾーンと言語設定を変更する。以下のファイルを用意。

/etc/ansible/common.yml

---
- hosts: all
  become: yes
  roles:
    - system
    - lang

/etc/ansible/roles/lang/tasks/main.yml

 name: install language-pack-ja
  apt:
    name: language-pack-ja
    update_cache: yes
- name: create locale ja_JP.UTF-8
  locale_gen:
    name: ja_JP.UTF-8
- name: change locale
  command: update-locale LANG=ja_JP.UTF-8

/etc/ansible/roles/system/tasks/main.yml

- name: set timezone to Asia/Tokyo
  timezone:
    name: Asia/Tokyo

まずは--checkを付与しドライランする。

ubuntu@develop01:/etc/ansible$ ansible-playbook -i hosts common.yml --check

PLAY [all] *************************************************************************************************

TASK [Gathering Facts] *************************************************************************************
Enter passphrase for key '/home/ubuntu/.ssh/id_rsa':
ok: [10.0.1.217]

TASK [system : set timezone to Asia/Tokyo] *****************************************************************
changed: [10.0.1.217]

TASK [lang : install language-pack-ja] *********************************************************************
changed: [10.0.1.217]

TASK [lang : create locale ja_JP.UTF-8] ********************************************************************
changed: [10.0.1.217]

TASK [lang : change locale] ********************************************************************************
skipping: [10.0.1.217]

PLAY RECAP *************************************************************************************************
10.0.1.217                 : ok=4    changed=3    unreachable=0    failed=0

ubuntu@develop01:/etc/ansible$

-i: ホストリストのパスを指定(デフォルトは /etc/anonymous/hosts)
--check: ドライラン実行

client の状態

root@develop02:~/.ssh# loclae
No command 'loclae' found, did you mean:
 Command 'locale' from package 'libc-bin' (main)
loclae: command not found
root@develop02:~/.ssh# locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=
root@develop02:~/.ssh#
root@develop02:~/.ssh#
root@develop02:~/.ssh# echo $TIMEZONE

root@develop02:~/.ssh#
root@develop02:~/.ssh#
root@develop02:~/.ssh# timedatectl
      Local time: Mon 2018-12-17 05:03:53 UTC
  Universal time: Mon 2018-12-17 05:03:53 UTC
        RTC time: Mon 2018-12-17 05:03:53
       Time zone: Etc/UTC (UTC, +0000)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no
root@develop02:~/.ssh#

変更実行

$ ansible-playbook -i hosts common.yml

再ログイン後に設定確認

ubuntu@develop01:~$ locale
LANG=ja_JP.utf8
LANGUAGE=
LC_CTYPE="ja_JP.utf8"
LC_NUMERIC="ja_JP.utf8"
LC_TIME="ja_JP.utf8"
LC_COLLATE="ja_JP.utf8"
LC_MONETARY="ja_JP.utf8"
LC_MESSAGES="ja_JP.utf8"
LC_PAPER="ja_JP.utf8"
LC_NAME="ja_JP.utf8"
LC_ADDRESS="ja_JP.utf8"
LC_TELEPHONE="ja_JP.utf8"
LC_MEASUREMENT="ja_JP.utf8"
LC_IDENTIFICATION="ja_JP.utf8"
LC_ALL=
ubuntu@develop01:~$
ubuntu@develop01:~$ timedatactl
      Local time: Mon 2018-12-17 14:06:21 JST
  Universal time: Mon 2018-12-17 05:06:21 UTC
        RTC time: Mon 2018-12-17 05:06:21
       Time zone: Asia/Tokyo (JST, +0900)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no
ubuntu@develop01:~$

変更の反映を確認。

ユーザansibleを作成してplaybook commandを実行するといくつかエラーが出たので、対処と併せて記録。

"module_stdout": "sudo: unable to resolve host" 接続先サーバの /etc/hosts にホスト名を設定。

"module_stdout": "sudo: a password is required\r\n"

username と ansible_sudo_pass を指定する

$ ansible-playbook -i hosts common.yml --user=username --extra-vars "ansible_sudo_pass=yourpassword" --check