반응형
Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- docker network
- ssh
- 리다이렉션
- pvcreate
- 날짜변경
- lvcreate
- M365필터
- HTTPD
- mount
- vagrant kubernetes
- swapon
- docker image
- 프로세스
- Kubernetes
- chatGPT
- 랜카드인식불량
- firewalld
- nmcli
- newbingai
- ansible
- MSBing
- 같은폴더
- 엑셀파일명변경
- permission
- tar
- docker
- journalctl
- vgcreate
- chmod
- yum
Archives
- Today
- Total
becool
20210805 (목) ansible structure, priority, strategy, throttle 본문
반응형
09:33 review
플레이북 재사용
include 모듈
import 모듈
Jinja2 Template
Python 기반의 template engine 으로 동적인 컨텐츠를 작성할 수 있도록 도와줌
Jinja2 Template 문법
{{ VARIABLE or EXPRESSION }}
{% CONTROL_STATEMENT %}
{# COMMENT #}
Role
변수, 파일, 핸들러, 작업 등을 한번에 배포하기 위한 구조
경로: /etc/ansbie/roles 또는 ~/.ansible/roles. 또는 ./roles
Playbook 구조 및 우선순위
실행순서 : pre_tasks → roles → tasks → handlers(roles) → handlers(playbook) → post_tasks
pre_tasks: tasks 실행 전 초기화 작업을 작성하는 부분
roles: 실행할 ansible role 지정
tasks: 일반적으로 실행할 작업
post_tasks: tasks 실행 후 실행할 작업을 작성하는 부분
Ansible 실행 전략
| $ ansible-doc -t strategy -l | |
| debug | Executes tasks in interactive debug session |
| host_pinned | Executes tasks on each host without interruption |
| linear | Executes tasks in a linear fashion |
| free | Executes tasks without waiting for all hosts |
| 선형전략 (linear) | 모든 호스트에 대해 Play작업을 실행하고 실행작업이 완료되면 다음 작업을 실행하는 전략 |
| 자유전략 (free) | 특정 작업을 실행하는 호스트 들이 모든 호스트의 작업이 끝나기까지 작업을 기다리지 않고 후속작업을 대기열에 추가하는 전략 |
| 호스트 핀 전략(host pinned) | 자유 전략과 유사하지만 다음 플레이가 있는 경우 기존 플레이가 완료될 때까지 대기하는 전략 |
| 디버그전략(debug) | 선형 전략과 유사하지만 대화형 디버그 세션으로 제어 하는 전략 |
fork: 작업을 한번에 실행할 호스트의 갯수
serial: 플레이를 한번에 실행할 호스트의 갯수
▶ ansible.cfg 에 원하는 값으로 설정가능
[defaults]
inventory = ./inventory/hosts
remote_user = ansible_user
ask_pass = no
strategy = linear
forks = 10
The throttle keyword limits the number of workers for a particular task. It can be set at the block and task level. Use throttle to restrict tasks that may be CPU-intensive or interact with a rate-limiting API:
If you have already restricted the number of forks or the number of machines to execute against in parallel, you can reduce the number of workers with throttle, but you cannot increase it. In other words, to have an effect, your throttle setting must be lower than your forks or serial setting if you are using them together.
| ##### include_tasks 예제 ##### [user@ansible-server 20210805]$ cat 0805_include1.yaml --- - name: include tasks hosts: all tasks: - name: initial task debug: msg: initial task - name: second task include_tasks: tasks/include_task1.yaml [user@ansible-server 20210805]$ cat tasks/include_task1.yaml --- - name: 1st task include block: - file: path: /etc/hosts.d state: directory owner: ansible_user group: ansible_user mode: "0777" become: true - name: 2nd task include block: - copy: src: /etc/hosts dest: /etc/hosts.d become: true - name: 3rd task include command: id register: result_id - name: print result debug: msg: "{{ result_id.stdout }}" - name: 4th task shell: cat /etc/hosts |wc -l # command: "wc -l /etc/hosts" register: result_hosts - name: 5th task debug: msg: "{{ result_hosts.stdout }}" [user@ansible-server 20210805]$ ansible-playbook 0805_include1.yaml PLAY [include tasks] *************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************* ok: [192.168.56.12] ok: [192.168.56.13] ok: [192.168.56.11] TASK [initial task] **************************************************************************************************** ok: [192.168.56.11] => { "msg": "initial task" } ok: [192.168.56.12] => { "msg": "initial task" } ok: [192.168.56.13] => { "msg": "initial task" } TASK [second task] ***************************************************************************************************** included: /home/user/work/20210805/tasks/include_task1.yaml for 192.168.56.11, 192.168.56.12, 192.168.56.13 TASK [file] ************************************************************************************************************ changed: [192.168.56.11] changed: [192.168.56.12] changed: [192.168.56.13] TASK [copy] ************************************************************************************************************ changed: [192.168.56.12] changed: [192.168.56.13] changed: [192.168.56.11] TASK [3rd task include] ************************************************************************************************ changed: [192.168.56.12] changed: [192.168.56.11] changed: [192.168.56.13] TASK [print result] **************************************************************************************************** ok: [192.168.56.11] => { "msg": "uid=1004(ansible_user) gid=1004(ansible_user) groups=1004(ansible_user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" } ok: [192.168.56.12] => { "msg": "uid=1004(ansible_user) gid=1004(ansible_user) groups=1004(ansible_user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" } ok: [192.168.56.13] => { "msg": "uid=1004(ansible_user) gid=1004(ansible_user) groups=1004(ansible_user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" } TASK [4th task] ******************************************************************************************************** changed: [192.168.56.11] changed: [192.168.56.12] changed: [192.168.56.13] TASK [5th task] ******************************************************************************************************** ok: [192.168.56.11] => { "msg": "2" } ok: [192.168.56.12] => { "msg": "2" } ok: [192.168.56.13] => { "msg": "2" } PLAY RECAP ************************************************************************************************************* 192.168.56.11 : ok=9 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.12 : ok=9 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.13 : ok=9 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [user@ansible-server 20210805]$ |
반응형
| ##### vault 예제 ##### [user@ansible-server 20210805]$ cat 0805_vault1.yaml --- - name: vars_prompt example hosts: all vars_prompt: - name: apps prompt: Enter app name private: no → 입력한 값이 보이게 됨 default: webapp - name: api_key prompt: api_key private: yes → 입력한 값이 보이지 않게 됨 (password 입력할때와 같은기능) encrypt: sha256_crypt tasks: - name: print debug: msg: "{{ apps }}" - name: print encrypted data debug: msg: "{{ api_key }}" [user@ansible-server 20210805]$ ansible-playbook -C 0805_vault1.yaml Enter app name [webapp]: 1234 → private no 이므로 1234입력이 보이게됨. default --> webapp이 기본값설정 api_key: → private yes로 입력값이 보이지 않게됨 PLAY [vars_prompt example] ********************************************************************************************* TASK [Gathering Facts] ************************************************************************************************* ok: [192.168.56.12] ok: [192.168.56.13] ok: [192.168.56.11] TASK [print] *********************************************************************************************************** ok: [192.168.56.11] => { "msg": "1234" } ok: [192.168.56.12] => { "msg": "1234" } ok: [192.168.56.13] => { "msg": "1234" → 똑같이 값을 출력(debug-msg) 했으나 평문으로 보임 } TASK [print encrypted data] ******************************************************************************************** ok: [192.168.56.11] => { "msg": "$5$ytQVM44a9fKy5rfX$7gGpspycHePqwB.3iGN4FD5cauxAe4z.PXALIAyluJ8" } ok: [192.168.56.12] => { "msg": "$5$ytQVM44a9fKy5rfX$7gGpspycHePqwB.3iGN4FD5cauxAe4z.PXALIAyluJ8" } ok: [192.168.56.13] => { "msg": "$5$ytQVM44a9fKy5rfX$7gGpspycHePqwB.3iGN4FD5cauxAe4z.PXALIAyluJ8" } → 똑같이 값을 출력(debug-msg) 했으나 encrypt: sha256_crypt 로 암호문으로 보임 PLAY RECAP ************************************************************************************************************* 192.168.56.11 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.12 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.13 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [user@ansible-server 20210805]$ |
728x90
| ##### 진자2 탬플릿 예제 1 ###### [user@ansible-server 20210805]$ cat 0805_jinja2.yaml --- - name: Jinja2 template example 2 hosts: all vars: count: 10 apple: 1000 money: 10000 tasks: - name: Create template file template: src: example2.j2 dest: /tmp/jinja2_example2.txt owner: ansible_user group: ansible_user mode: "0600" [user@ansible-server 20210805]$ cat example2.j2 Jinja2 Template control example count: {{ count }} {% if count <= 0 %} apple: {{ apple }} {% endif %} [user@ansible-server 20210805]$ ansible all -m shell -a "cat /tmp/jinja2_example2.txt" 192.168.56.13 | CHANGED | rc=0 >> Jinja2 Template control example count: 10 ##### 진자2 탬플릿 예제 2 ###### [user@ansible-server 20210805]$ cat 0805_jinja3.yaml --- - name: Jinja2 template 3 hosts: all vars: - products: - smart phone - basket ball - pencil - paper tasks: - name: Create template file template: src: example3.j2 dest: /tmp/jinja2_example3.txt owner: ansible_user group: ansible_user mode: "0400" [user@ansible-server 20210805]$ cat example3.j2 The Product List {% for name in products %} - {{ name }} {% endfor %} [user@ansible-server 20210805]$ ansible all -m shell -a "cat /tmp/jinja2_example3.txt" 192.168.56.11 | CHANGED | rc=0 >> The Product List - smart phone - basket ball - pencil - paper |
| ##### playbook 구조(우선순위) ##### ★ 실행순서 : pre_tasks → roles → tasks → handlers(roles) → handlers(playbook) → post_tasks ★ [user@ansible-server 20210805]$ ansible-playbook 0805_priority3.yaml PLAY [playbook priority 1] ********************************************************************************************* TASK [Gathering Facts] ************************************************************************************************* ok: [192.168.56.11] ok: [192.168.56.13] ok: [192.168.56.12] TASK [pre_tasks 1] ***************************************************************************************************** ok: [192.168.56.11] => { "msg": "pre_tasks - 1" } ok: [192.168.56.12] => { "msg": "pre_tasks - 1" } ok: [192.168.56.13] => { "msg": "pre_tasks - 1" } TASK [test_role : first task role] ************************************************************************************* ok: [192.168.56.11] => { "msg": "first task" } ok: [192.168.56.12] => { "msg": "first task" } ok: [192.168.56.13] => { "msg": "first task" } TASK [test_role : second task] ***************************************************************************************** changed: [192.168.56.12] changed: [192.168.56.13] changed: [192.168.56.11] TASK [test_role : print nodes] ***************************************************************************************** ok: [192.168.56.11] => { "msg": "0" } ok: [192.168.56.12] => { "msg": "0" } ok: [192.168.56.13] => { "msg": "0" } TASK [first task in playbook] ****************************************************************************************** ok: [192.168.56.11] => { "msg": "first task" } ok: [192.168.56.12] => { "msg": "first task" } ok: [192.168.56.13] => { "msg": "first task" } TASK [second task in playbook] ***************************************************************************************** changed: [192.168.56.11] changed: [192.168.56.12] changed: [192.168.56.13] RUNNING HANDLER [test_role : hello ansible] **************************************************************************** ok: [192.168.56.12] => { "msg": "hello ansible test_role" } ok: [192.168.56.13] => { "msg": "hello ansible test_role" } ok: [192.168.56.11] => { "msg": "hello ansible test_role" } RUNNING HANDLER [handler 1 playbook] *********************************************************************************** ok: [192.168.56.11] => { "msg": "handler 1 playbook" } ok: [192.168.56.12] => { "msg": "handler 1 playbook" } ok: [192.168.56.13] => { "msg": "handler 1 playbook" } TASK [post_tasks 1] **************************************************************************************************** ok: [192.168.56.11] => { "msg": "post_tasks - 1" } ok: [192.168.56.12] => { "msg": "post_tasks - 1" } ok: [192.168.56.13] => { "msg": "post_tasks - 1" } PLAY RECAP ************************************************************************************************************* 192.168.56.11 : ok=10 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.12 : ok=10 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.13 : ok=10 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
| ##### 반복문 + hostvar를 이용한 과제 2 ##### Jinja2 Template 이용 하여 ansible managed node 를 /etc/hosts 파일에 작성하는 탬플릿파일과 플레이북을 작성 [user@ansible-server 20210805]$ cat 0805_jinjatest2.yaml --- - name: jinja2 template exam2 hosts: all become: true tasks: - name: jinja2 template template: src: exam2.j2 dest: /etc/hosts owner: root group: root mode: "0644" [user@ansible-server 20210805]$ cat exam2.j2 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.56.10 ansible-server {% for host in groups['webservers'] %} {{ hostvars[host]['ansible_facts']['fqdn'] }} {{ hostvars[host]['ansible_facts']['enp0s8']['ipv4']['address'] }} {% endfor %} [user@ansible-server 20210805]$ ansible-playbook 0805_jinjatest2.yaml … 결과 생략 [user@ansible-server 20210805]$ ansible all -m shell -a "cat /etc/hosts" 192.168.56.11 | CHANGED | rc=0 >> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.56.10 ansible-server ansible-node01 192.168.56.11 ansible-node02 192.168.56.12 ansible-node03 192.168.56.13 |
728x90
'ansible' 카테고리의 다른 글
| 20210806 (금) ansible role, dependency, strategy (0) | 2021.08.06 |
|---|---|
| 20210805 (목) ansible 실습3 (0) | 2021.08.05 |
| 20210804 (수) ansible 탬플릿, 역할 (0) | 2021.08.04 |
| 20210804 (수) ansible 작업제어 #3 (0) | 2021.08.04 |
| 20210803 (화) ansible-vault (0) | 2021.08.03 |
Comments