마짱짱의 지식창고
[Ansible] 1. 설치 및 Ad-hoc로만 wordpress 올려보기 (맛보기) 본문
반응형
* CentOS 7 환경입니다.
* Ansible 2.7 사용합니다.
0. VM 3대 준비
0-1. Controller
CPU : 2
RAM : 3072
IP : 192.168.123.41
0-2. Node-1
CPU : 2
RAM : 3072
IP : 192.168.123.51
0-3. Node-2
CPU : 2
RAM : 3072
IP : 192.168.123.52
* image는 centOS 7 최소설치로 진행
* 공통적으로 Prviate 환경으로 진행된다고 생각하고 진행, 외부IP는 있지만 작성은 하지 않았습니다
* 계정은 모두 student로 진행
1. 설치
* 컨트롤 머신에서 진행합니다.
[student@controller ~]$ sudo yum -y install epel-release
ㄴ epel 업데이트
[student@controller ~]$ sudo yum install centos-release-ansible-27.noarch
ㄴ Ansible 2.7 버전 repo 다운
[student@controller ~]$ sudo yum install -y ansible
ㄴ Ansible 설치
2. 간단한 Ping test
vi inventory
192.168.123.41
192.168.123.51
192.168.123.52
ㄴ vi 로 inventory 생성후 controller IP를 포함한 Node IP 작성
[student@controller ~]$ ssh student@192.168.123.41
[student@controller ~]$ ssh student@192.168.123.51
[student@controller ~]$ ssh student@192.168.123.52
ㄴ SSH 기반 이므로 반드시 처음에 1회 접속을 해서 인증서를 만든다
[student@controller ~]$ ansible -i inventory all -m ping -u student -k
SSH password:
ㄴ 비밀번호 입력해서 핑 되는지 확인
그러나 계속 아이디입력하고 비밀번호 입력하기귀찮으면 ssh-keygen을 이용해서 할 수있다.
[student@controller ~]$ ssh-keygen
[student@controller ~]$ ssh-copy-id -i .ssh/id_rsa.pub student@192.168.123.41
[student@controller ~]$ ssh-copy-id -i .ssh/id_rsa.pub student@192.168.123.51
[student@controller ~]$ ssh-copy-id -i .ssh/id_rsa.pub student@192.168.123.52
해서 키복사를 하게되면
[student@controller ~]$ ansible -i inventory all -m ping
ㄴ 이렇게만 해도 암호입력없이 핑 되는지 확인
아래 내용을 하기전에 계속 암호 입력하기 귀찮으니 이 설정을 하자
(안해도 상관없습니다)
1. controller 에서 node로 접속
2. node에서 sudo vi /etc/sudoers
3. Same thing with out a password에
stduent ALL=(ALL) NOPASSWD: ALL
하고 저장
3. 노드에 여러가지 설정 해보기
모듈찾는방법 ansible -l 치면 다나온다.
뒷 명령어를 모를떈 ansible-doc [name] 이용하기
copy/fetch
[student@controller ~]$ ansible node1 -i inventory -m copy -a "src=/etc/hosts dest=/tmp/hosts" -b -K
ㄴ inventory 안에있는 node1 에게 copy 를 하는데 내위치에있는 /etc/hosts를 node1의 /tmp/hosts로 권한상승(-b) 해서 SUDO암호 입력(-K)
ansible [node] [-i inventory] [-m Modul] [-a argument]
4. ansible 명령어로만 이용해서 Wordpress 설치하기
0. inventory 만들기
[student@controller ~]$ vi inventory
[control]
controller ansible_host=192.168.123.41
[manage]
node1 ansible_host=192.168.123.51
node2 ansible_host=192.168.123.52
1. node1 에 apache 설치
[student@controller ~]$ ansible node1 -i inventory -m yum -a "name=httpd state=installed" -b
ㄴ node1에 httpd 설치
[student@controller ~]$ ansible node1 -i inventory -m service -a "name=httpd enabled=yes state=started" -b
ㄴ node1에 httpd 시작 및 부팅시 적용
[student@controller ~]$ ansible node1 -i inventory -m firewalld -a "service=http permanent=yes state=enabled immediate=yes" -b
ㄴ node1 에 http 영구적으로 방화벽 열기 (immediate가 즉각적으로 바로 열어준다)
[student@controller ~]$ ansible node1 -i inventory -m selinux -a "policy=targeted state=permissive" -b
ㄴ node1의 selinux를 permissive로 설정
2. node1 에 php 설치
[student@controller ~]$ ansible node1 -i inventory -m yum -a "name=epel-release state=installed" -b
ㄴ node1 epel-release 업데이트
[student@controller ~]$ ansible node1 -i inventory -m yum -a "name=http://ftp.riken.jp/Linux/remi/enterprise/remi-release-7.rpm state=installed" -b
ㄴ node1 remi-release 다운 및 rpm 설치
[student@controller ~]$ ansible node1 -i inventory -m yum -a "name=php* enablerepo=remi-php74 state=installed" -b
ㄴ node1 php7.4 설치
[student@controller ~]$ ansible node1 -i inventory -m yum -a "name=php-mysqlnd enablerepo=remi-php74 state=installed" -b
ㄴ node1 php mysqlnd 설치
[student@controller ~]$ ansible node1 -i inventory -m service -a "name=httpd state=restarted" -b
ㄴ node 1 httpd 재시작
3. node1에 wordpress 설치
[student@controller ~]$ ansible node1 -i inventory -m get_url -a "url=https://ko.wordpress.org/latest-ko_KR.tar.gz dest=/home/student/wordpress.tar.gz" -b
ㄴ node1 에 wordpress 아카이브 다운
[student@controller ~]$ ansible node1 -i inventory -m unarchive -a "src=/home/student/wordpress.tar.gz dest=/var/www/html remote_src=yes" -b
ㄴ node1 에 wordpress 아카이브를 /var/www/html 밑에 압축해제
4. node2에 Maria DB 10.4 설치
[student@controller ~]$ ansible node1 -i inventory -m yum_repository -a "name=MariaDB description=MariaDB baseurl=http://yum.mariadb.org/10.4/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1" -b
ㄴ node2 에 MariaDB 10.4 Repo 설정
[student@controller ~]$ ansible node1 -i inventory -m yum -a "name=mariadb-server enablerepo=MariaDB state=installed" -b
ㄴ node2 에 MariaDB-server 설치
[student@controller ~]$ ansible node2 -i inventory -m service -a "name=mariadb enabled=yes state=started" -b
ㄴ node2 에 MariaDB 서비스시작 및 부팅시 자동실행 설정
[student@controller ~]$ ansible node2 -i inventory -m firewalld -a "immediate=yes permanent=yes service=mysql state=enabled" -b
ㄴ node2 에 Mysql 방화벽 해제하기
[student@controller ~]$ ansible node2 -i inventory -m yum -a "name=MySQL-python state=installed" -b
ㄴ node2 python 버전 업글
[student@controller ~]$ ansible node2 -i inventory -m mysql_user -a "check_implicit_admin=yes login_user=root login_password='' name=root password='dkagh1.'" -b
ㄴ node2 root 비밀번호 설정
[student@controller ~]$ ansible node2 -i inventory -m mysql_user -a "login_user=root login_password='dkagh1.' name=wordpress password='dkagh1.' host=192.168.123.0/24 priv=wordpress.*:ALL,GRANT state=present" -b
ㄴ node2 wordpress 계정 생성 및 wordpress DB에 대한 모든 권한 부여 (wordpress 관리자계정 생성)
[student@controller ~]$ ansible node2 -i inventory -m mysql_db -a "login_user=root login_password='dkagh1.' name=wordpress" -b
ㄴ node2 wordpress db 생성
이번엔 SElinux를 활성화상태일때 seboolean을 이용해서 원하는것만 열어보자
[student@controller ~]$ ansible node2 -i inventory -m yum -a "name=libsemanage-python state=latest" -b
ㄴ python lib 다운
[student@controller ~]$ ansible node2 -i inventory -m seboolean -a "name=allow_user_mysql_connect state=yes persistent=yes" -b
ㄴ mysql 연결만 오픈
5. wordpress-config 미리 설정하기
[student@controller ~]$ ansible -i inventory node1 -m copy -a "src=/var/www/html/wordpress/wp-config-sample.php dest=/var/www/html/wordpress/wp-config.php remote_src=yes" -b
ㄴ node1 의 sample을 복사하기
[student@controller ~]$ ansible -i inventory node1 -m replace -a "path=/var/www/html/wordpress/wp-config.php regexp=database_name_here replace=wordpress" -b
[student@controller ~]$ ansible -i inventory node1 -m replace -a "dest=/var/www/html/wordpress/wp-config.php regexp=username_here replace=wordpress" -b
[student@controller ~]$ ansible -i inventory node1 -m replace -a "dest=/var/www/html/wordpress/wp-config.php regexp=password_here replace=dkagh1." -b
[student@controller ~]$ ansible -i inventory node1 -m replace -a "dest=/var/www/html/wordpress/wp-config.php regexp=localhost replace=192.168.122.52" -b
ㄴ node1 의 파일의 원하는 위치 다른 글자로 넣기
5. playbook 으로 wordpress 작성
- hosts: node1
tasks:
- name: node1 install http
yum:
name: httpd
state: installed
- name: node1 http enable
service:
name: httpd
enabled: yes
state: started
- name: firewalld http open
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
- name: selinux permissive Mode
selinux:
policy: targeted
state: permissive
- name: update epel-release
yum:
name: epel-release
state: installed
- name: remi-realse 7 download
yum:
name: http://ftp.riken.jp/Linux/remi/enterprise/remi-release-7.rpm
state: installed
- name: php install
yum:
name: php
enablerepo: remi-php74
state: installed
- name: php-mysqlnd install
yum:
name: php-mysqlnd
enablerepo: remi-php74
state: installed
- name: node1 restart httpd
service:
name: httpd
state: restarted
- name: wordpress download
get_url:
url: https://ko.wordpress.org/latest-ko_KR.tar.gz
dest: /home/student/wordpress.tar.gz
- name: unarchive wordpress
unarchive:
src: /home/student/wordpress.tar.gz
dest: /var/www/html
remote_src: yes
- name: wordpress config edit
copy:
src: /var/www/html/wordpress/wp-config-sample.php
dest: /var/www/html/wordpress/wp-config.php
remote_src: yes
- name: replace db name
replace:
path: /var/www/html/wordpress/wp-config.php
regexp: database_name_here
replace: wordpress
- name: replace username
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: username_here
replace: wordpress
- name: replace password
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: password_here
replace: dkagh1.
- name: replace
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: localhost
replace: 192.168.122.52
- hosts: node2
tasks:
- name: maria 10.4 repo registry
yum_repository:
name: MariaDB
description: MariaDB
baseurl: http://yum.mariadb.org/10.4/centos7-amd64
gpgkey: https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck: 1
- name: installed mariadb
yum:
name: mariadb-server
enablerepo: MariaDB
state: installed
- name: start & enalbe mariadb
service:
name: mariadb
enabled: yes
state: started
- name: firewalld open mysql
firewalld:
immediate: yes
permanent: yes
service: mysql
state: enabled
- name: DB python download
yum:
name: MySQL-python
state: installed
- name: wordpress admin user add
mysql_user:
login_user: root
login_password: ''
name: wordpress
password: 'dkagh1.'
host: 192.168.%.%
priv: wordpress.*:ALL,GRANT
state: present
- name: wordpress DB add
mysql_db:
login_user: root
login_password: ''
name: wordpress
6. 다시 원상태로 돌아가는 Playbook
문서화 - > 정리 -> 하나씩 Test
- hosts: node1
become: 1
remote_user: student
tasks:
#- name: return seboolean of HttpdNetwork
#seboolean:
# name: httpd_can_network_connect_db
# state: no
# persistent: yes
- name: stop service of http
service:
name: httpd
state: stopped
enabled: 1
- name: disable firewalld of http
firewalld:
service: http
permanent: yes
state: disabled
immediate: yes
- name: delete wordpress
file:
path: /var/www/html/wordpress
state: absent
- name: delete archive of wordpress
file:
path: /tmp/latest-ko_KR.tar.gz
state: absent
- name: delete package of php
yum:
name: php*
autoremove: 1
state: absent
- name: delete package of wget
yum:
name: wget
autoremove: 1
state: absent
- name: delete package of libsemanage-python
yum:
name: libsemanage-python
autoremove: 1
state: absent
- name: delete epel-release
yum:
name: epel-release
autoremove: 1
state: absent
- hosts: node2
become: 1
remote_user: student
tasks:
- name: turnoff service of mysql
firewalld:
service: mysql
permanent: yes
state: disabled
immediate: yes
- name: delete package of MariaDB
yum:
autoremove: 1
name: MariaDB
state: absent
- name: delete package of MariaDB repository
yum_repository:
name: MariaDB
state: absent
- name: delete directory of mysql
file:
path: /var/lib/mysql
state: absent반응형
'Automation > Ansible' 카테고리의 다른 글
| Wordpress 만드는 과정 3 - (변수 및 Jinja2 template) (0) | 2020.08.14 |
|---|---|
| Wordpress 만드는 과정 - 2 (AD-HOC, Playbook) (0) | 2020.08.14 |
| Wordpress 만드는 과정 - 1 (준비물, inventory, 구성파일) (0) | 2020.08.14 |
| Ansible var 를 이용한 wordpress (0) | 2020.08.11 |
| [Ansible] 0. Ansible 이란? (0) | 2020.08.05 |
'Automation/Ansible' Related Articles
more
