--- tags: Bigdata 投影片 --- Ansible筆記 === ## 如何連結兩台虛擬機 - 透過virtual box的<font color=red>**NAT網路**</font> - 檔案->喜好設定->網路->新增NAT網路->(命名為ANSIBLE)      - 將client跟server虛擬機，其網路介面附加到剛才新增的**ANSIBLE** NAT網路   - 先後啟動兩台機器 - ip ad查看ip - 互相ping看看，也可ping外網，看看是否連線成功     ## 如何ssh進去client linux - 因為許多指令必須要透過**剪下->貼上**，如果直接使用client虛擬機進行操作，會很麻煩 - 因此透過終端機(windows terminal，可以很方便剪貼指令)，連結進入client是較正確的作法 ## Ubuntu 22.04如何設定固定ip #### [參考資料](https://linuxconfig.org/how-to-configure-static-ip-address-on-ubuntu-22-04-jammy-jellyfish-desktop-server) ### 以server為例 - ip ad(先查自己的ip) - 查詢enp03欄位, 發現ip是10.0.2.5 - ip r | grep default (查預設gateway) - enp03 gateway ip是 10.0.2.1 - cd /etc/netplan/ - ls - sudo nano <font color=red>xx</font>-network-manager-all.yaml ```yaml= network: ethernets: enp0s3: dhcp4: false addresses: [10.0.2.4/24] gateway4: 10.0.2.1 nameservers: addresses: [8.8.8.8,1.1.1.1] version: 2 ```  - 按照畫面設定網路相關資訊(記得空白要固定) - ctrl-x存檔離開  - sudo netplan apply - ip ad (ip修改成功) - (client也可以跟著修改ip) ## 安裝ansible - 用apt無法安裝到最新版本的ansible，建議使用python的pip來安裝 - cd ~ (回到家目錄) ```shell= curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py python3 get-pip.py --user python3 -m pip install --user ansible ```   - 在zsh環境下，因為不會幫你加到PATH中，因此要自己手動加 - 另外，Python執行的locale也會出問題，因此要更改 - nano .zshrc ``` export PATH=$PATH:/usr/local/bin:~/.local/bin ```  - 更改ubuntu locale設定 ```shell= sudo locale-gen zh_TW sudo locale-gen zh_TW.UTF-8 sudo dpkg-reconfigure locales # 拉到最下面選 zh_TW.UTF8 sudo update-locale LANG="zh_TW.UTF-8" LANGUAGE="zh_TW" ```     - source ~/.zshrc (套用.zshrc設定) - 輸入ansible測試是否成功   - sudo visudo(設定sudo免輸入密碼，記得client端與server端都要做sudo免輸入密碼) ``` %sudo ALL=(ALL:ALL) NOPASSWD:ALL ```    ## Ansible體驗 - (以下所有的nano、wget操作，可以透過git clone直接把檔案下載至linux目錄。) - (命令：git clone https://github.com/shhuangmust/bigdata.git) - ansible通常需要一個檔案來指定連結的伺服器，通常命名為inventory - 可手動新增或者下載(wget https://github.com/shhuangmust/bigdata/raw/main/inventory) 新增inventory檔案 - cd ~ (回到家目錄) - nano inventory ``` server1 ansible_host=10.0.2.4 ansible_user=ansible ansible_port=22 ansible_ssh_private_key_file=~/.ssh/ansible server2 ansible_host=10.0.2.4 ansible_user=ansible ansible_port=22 ansible_ssh_private_key_file=~/.ssh/ansible [webservers] server1 ```  ## Ad Hoc Commands (命令列直接執行) - 進入server1 ping 5次 ```shell ansible -i inventory server1 -m command -a "ping google.com -c 5" ```  - 進入server1執行apt update - 這個命令沒有指定用管理者權限，會有<font color=red>**紅色**</font>的錯誤產生** - <font color=red>**紅色**</font>代表錯誤，<font color=orange>**黃色**</font>代表改變server，<font color=green>**綠色**</font>代表成功 ```shell ansible -i inventory server1 -m ansible.builtin.apt -a 'update_cache=true' ``` - 把命令加上\-\-become，就可以成功執行apt update ```shell ansible -i inventory server1 -m ansible.builtin.apt -a 'update_cache=true' --become ```  - 同時執行apt update 與apt upgrade (需耗時一陣子) ```shell ansible -i inventory server1 -m ansible.builtin.apt -a 'update_cache=true upgrade=full' --become ```  - package模組，可以自動判斷伺服器類型，採用適當的命令 ```shell ansible -i inventory server1 -m package -a 'upgrade=full' --become ```  - 複製client的inventory檔案，到server端/home/ansible目錄下，並改名為abc ```shell ansible -i inventory server1 -m copy -a 'src=~/inventory dest=/home/ansible/abc' ```  ## Ansible Playbook - Playbook為ansible執行命令的腳本(script) - 通常需要一個cfg設定檔，搭配一個yaml腳本檔來執行 - 可自行新增，或者下載(wget https://github.com/shhuangmust/bigdata/raw/main/ansible.cfg) **編輯ansible.cfg** - cd ~ - nano ansible.cfg ```yaml= [defaults] # 預設值 inventory = ./inventory remote_user = ansible ask_pass = false [privilege_escalation] # 特權升級 become = true become_method = sudo become_user = root become_ask_pass = false ```   **編輯apt.yaml** - nano apt.yaml (或者wget https://github.com/shhuangmust/bigdata/raw/main/apt.yaml) ```yaml= --- - name: Apt update and upgrade hosts: server1 tasks: - name: Upgrade all apt packages apt: update_cache: true upgrade: full become: true ```  **先在client測試apt.yaml是否是可執行** - ansible-playbook是用來執行playbook yaml檔案的指令 - -C參數代表可先在本地端測試yaml檔是否正確 - ansible-playbook apt.yaml -C  - 直接執行 - ansible-playbook apt.yaml  **進階範例：安裝NGINX並啟動** - nano demo3.yaml (或者wget https://raw.githubusercontent.com/shhuangmust/bigdata/main/demo3.yaml) - ansible-playbook demo3.yaml ```yaml= --- - name: Install nginx and start the web server hosts: server1 tasks: - name: Install nginx from apt ansible.builtin.apt: name: nginx update_cache: true state: latest become: true become_method: sudo - name: start and enable nginx service service: name: nginx enabled: true state: started become: true ```  - 測試nginx伺服器是否安裝並啟動 - curl 10.0.2.4  **停止並移除nginx** - nano demo4.yaml (或者wget https://github.com/shhuangmust/bigdata/raw/main/demo4.yaml) ```yaml= --- - name: Stop nginx and uninstall the web server hosts: server1 tasks: - name: stop nginx service: name: nginx state: stopped - name: uninstall the web server apt: name=nginx state=absent ``` - ansible-playbook demo4.yaml - curl 10.0.2.4 (測試伺服器是否關閉)  **利用playbook安裝docker** - nano docker5.yaml(或者)wget https://github.com/shhuangmust/bigdata/raw/main/docker5.yaml ```yaml= --- - name: Install docker hosts: server1 become: true vars_files: - vars.yaml tasks: - name: Test Connection ping: - name: Install required packages apt: name: "{{ item }}" state: latest update_cache: true loop: "{{ requried_packages }}" - name: Add docker's official GPG key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present - name: Add docker repository apt_repository: repo: deb https://download.docker.com/linux/ubuntu jammy stable state: present - name: Update apt cache and install docker engine apt: name: "{{ item }}" state: latest update_cache: true loop: "{{ docker_engines }}" ``` - ansible-playbook docker5.yaml   **把使用者加入docker，並且run一個nginx範例** - nano docker9.yaml(或者wget https://github.com/shhuangmust/bigdata/raw/main/docker9.yaml ```yaml= --- - name: Install docker hosts: server1 become: true vars_files: - vars.yaml tasks: - name: Test Connection ping: - name: Install required packages apt: name: "{{ item }}" state: latest update_cache: true loop: "{{ requried_packages }}" - name: Add docker's official GPG key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present - name: Add docker repository apt_repository: repo: deb https://download.docker.com/linux/ubuntu jammy stable state: present - name: Update apt cache and install docker engine apt: name: "{{ item }}" state: latest update_cache: true loop: "{{ docker_engines }}" - name: Verify docker installed become: true command: docker run --rm hello-world - name: Check docker group is exists group: name: docker state: present - name: Add user to docker group user: name: "{{ user }}" group: docker - name: Create nginx containers community.docker.docker_container: name: "docker_nginx" image: "nginx" state: started ports: - "8888:80" ```   - curl 10.0.2.4:8888(測試是否可透過8888 port連線)  ## Ansible Facts - 執行ansbile playbook時，會去被控制電腦抓取相關環境變數與參數，稱之為Facts  - Facts可作為參數，傳入至playbook當中 - 我們將要應用到的參數，寫入vars.yaml中 - nano vars.yaml(或者wget https://github.com/shhuangmust/bigdata/raw/main/vars.yaml) ```yaml= user: ansible requried_packages: - apt-transport-https - ca-certificates - curl - gnupg-agent - software-properties-common docker_engines: - docker-ce - docker-ce-cli - containerd.io ``` **應用facts** - 可在playbook當中，指定facts檔案：vars_files - nano fact1.yaml (或者wget https://github.com/shhuangmust/bigdata/raw/main/fact1.yaml) ```yaml= --- - name: Install docker hosts: server1 become: true vars_files: - vars.yaml tasks: - name: Test Connection ping: - name: Install required packages apt: name: "{{ item }}" state: latest update_cache: true loop: "{{ requried_packages }}" - name: Add docker's official GPG key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present - name: Add docker repository apt_repository: repo: deb https://download.docker.com/linux/ubuntu "{{ ansible_distribution_release }}" stable state: present ``` - ansible-playbook fact1.yaml  ## Ansible Templates - 在設定系統當中，有時候需要複製一些<font color=red>設定檔、script批次檔</font>、但是這些設定檔隨著機器不同，擁有<font color=red>不同的設定值</font> - 這時候就要使用Template樣板，搭配參數，完成不同的設定檔或者批次檔 - Ansible支援Template檔案，使用python的jinja2(神社)樣板格式，副檔名為j2 ## Ansible Playbooks Roles - Playbooks Roles (簡稱Roles)，可以把重複的Tasks獨立出來 - 透過Roles，可以在撰寫專案的時候，分享封裝好的套件給其他人使用 - 寫系統部屬專案必用技巧 - Roles的使用方式：ansible-galaxy - 命令：ansible-galaxy init test_role - 當新增一個role時，會產生相對應的目錄，用來存放不同的設定檔 - <font color=blue>defaults</font> 資料的預設值，但通常會被其它role的值取代 - <font color=blue>files</font> 靜態不會更動的檔案 - <font color=blue>handlers</font> 由tasks或roles所觸發的機制 - <font color=blue>meta</font> 各種中繼資料，如作者，相依套件 - <font color=blue>tasks</font> 就是playbook中的task - <font color=blue>templates</font> jinja2格式的模板檔案 - <font color=blue>tests</font> 測試role功能的 - <font color=blue>vars</font> 這個role使用的變數，優先序高  - Role檔案可以自行設定，但是實務上不用自己寫，可上網路下載人家寫好的，取代部分參數跟檔案，成為自己的即可 ## Ansible專案實作 - 本範例主要實作一專案"**project01**"，想要在**server1**機器上，把系統更新至**最新狀態**(apt update與apt upgrade)，並且安裝**Z shell環境**，並且把Z shell設定成**屬於自己風格**(myzsh) **專案分析** - 需把專案分成三個步驟完成 <font color=red> 1. apt更新部分 2. zsh安裝部分 3. omz設定部分 </font> **執行步驟如下：** - cd ~ (回到根目錄) - mkdir porject01 (建立專案目錄) - cd porject - wget https://github.com/shhuangmust/bigdata/raw/main/ansible.cfg (ansible環境設定檔) - wget https://github.com/shhuangmust/bigdata/raw/main/inventory (ansible伺服器設定檔)   **(設定專案三個步驟的roles)** - mkdir roles - cd roles - ansible-galaxy init apt (建立apt role) - ansible-galaxy init zsh (建立zsh role) - ansible-galaxy init omz (建立omz role)  **(設定第一個apt role)** - cd apt - cd tasks - nano main.yml (編寫apt的動作，包含apt update與apt upgrade) - (或者 rm main.yml wget https://github.com/shhuangmust/bigdata/raw/main/project01/roles/apt/tasks/main.yml) ```yaml= --- # tasks file for apt - name: apt update and upgrade apt: update_cache: true upgrade: full ```  **(設定第二個zsh role)** - cd ~/project01/roles/zsh/tasks/ (前往第二個zsh role的tasks) - nano main.yml (編寫zsh的動作，利用參數vars目錄下的檔案，設定好要安裝zsh所需要的所有套件) - (或者rm main.yml wget https://github.com/shhuangmust/bigdata/raw/main/project01/roles/zsh/tasks/main.yml) ```yaml= --- - name: install zsh and dependencies package: name: "{{ zsh_dependencies }}" state: present become: true ``` - nano ../vars/main.yml (設定zsh的相關套件，包含git、zsh、autojump) - 或者(cd ../vars rm main.yml wget https://github.com/shhuangmust/bigdata/raw/main/project01/roles/zsh/vars/main.yml) ```yaml= --- # vars file for zsh # dependencies for zsh zsh_dependencies: - git - zsh - autojump ```  **(設定第三個omz role)** - 第三個omz role這邊不自己寫，嘗試下載網路寫好的role劇本 - cd ~ - ansible-galaxy install gantsign.oh-my-zsh (安裝網路寫好的oh-my-zsh) - cd ~/project01/roles/omz/files (on-my-zsh需要.zshrc設定檔與myclean.zsh-theme主題檔) - wget https://github.com/shhuangmust/bigdata/raw/main/.zshrc - wget https://github.com/shhuangmust/bigdata/raw/main/myclean.zsh-theme   - cd ../tasks - nano main.yml (編寫yaml檔，此為套件作者提供之標準寫法) - (或者 rm main.yml wget https://github.com/shhuangmust/bigdata/raw/main/project01/roles/omz/tasks/main.yml ) ```yaml= --- - name: update configuration files ansible.builtin.copy: src: myclean.zsh-theme dest: /home/ansible/.oh-my-zsh/custom/themes/myclean.zsh-theme - name: update .zshrc ansible.builtin.copy: src: .zshrc dest: /home/ansible/.zshrc - name: clone omz plugins ansible.builtin.git: repo: https://github.com/zsh-users/zsh-completions dest: /home/ansible/.oh-my-zsh/custom/plugins/zsh-completions - name: clone synteax highlight ansible.builtin.git: repo: https://github.com/zsh-users/zsh-syntax-highlighting.git dest: /home/ansible/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting ```  **(最後步驟)** - cd ~/project01/ - nano main.yaml (編輯最後的project01 yaml檔案) - (或者wget https://github.com/shhuangmust/bigdata/raw/main/project01/main.yaml ) ```yaml= --- - hosts: server1 roles: - { role: apt } - { role: zsh } - role: gantsign.oh-my-zsh users: - username: ansible - { role: omz } ```  - ansible-playbook main.yaml (執行專案yaml檔)   - ssh server (連線進入server，確認server1已經有zsh的介面，成功!)