前回の記事「sshログインできるテスト環境を Docker で作る」で作成した Dockerコンテナで、Ansible の Playbook をテストします。
Playbook は、Docker コンテナでテスト後、EC2構築に使用します。
Plaubookでは以下を実施します。
- SELinux を無効にする
- IPv6 を無効にする
- Firewall を無効にする
- ロケールを ja_JP.UTF-8 にする
- タイムゾーンを Asia/Tokyo にする
- ntpd を自動起動する
- awscli をインストールする
- CodeDeploy Agent をインストールする
- Amazon SSM Agent をインストールする
1. プレイブックの作成
プレイブックの内容は以下のとおり。
[root@centos0702 ansible]# cat centos6_basic.yml
---
- hosts: all
become: yes
remote_user: centos
vars:
locale: ja_JP.UTF-8
zone: Asia/Tokyo
repo_upgrade: none
zoneinfo_path: /usr/share/zoneinfo/Asia/Tokyo
ruby_ver: 2.2.4
codedeploy_s3: aws-codedeploy-us-east-1
ssm_s3: amazon-ssm-us-east-1
tasks:
### OS ###
- block:
- name: install libselinux-python
yum: name=libselinux-python state=latest
- name: disable selinux
selinux: state=disabled
- name: disable ipv6
lineinfile: >
dest=/etc/modprobe.d/disable_ipv6.conf
line='options ipv6 disable=1'
create='yes'
- name: set locale to /etc/sysconfig/i18n
replace: >
dest=/etc/sysconfig/i18n
regexp='^LANG=.*$'
replace='LANG="{{locale}}"'
- name: set zone to /etc/sysconfig/clock
replace: >
dest=/etc/sysconfig/clock
regexp='^ZONE=.*$'
replace='ZONE="{{zone}}"'
- name: set localtime
file: >
src={{zoneinfo_path}}
dest=/etc/localtime
state=link
force=yes
- name: install ntp
yum: name=ntp state=latest
- name: enable ntp service
service: name=ntpd enabled='yes'
- name: disable firewall
service: name={{item}} enabled='no'
with_items:
- iptables
- ip6tables
tags:
- os
### awscli ###
- block:
- name: awscli - epel
yum: name=epel-release state=latest
- name: awscli - python-pip
yum: name=python-pip state=latest
- name: awscli - pip install
pip: name=awscli
tags:
- awscli
### CodeDeploy Agent ###
- block:
- name: codedeploy agent - yum
yum: name={{item}} state=latest
with_items:
- git
- gcc
- openssl-devel
- readline-devel
- zlib-devel
- name: codedeploy agent - git clone rbenv
git: >
repo=git://github.com/sstephenson/rbenv.git
dest=/opt/rbenv
- name: codedeploy agent - git clone ruby_build
git: >
repo=git://github.com/sstephenson/ruby-build.git
dest=/opt/rbenv/plugins/ruby-build
- name: codedeploy agent - /etc/profile.d/rbenv.sh
lineinfile: dest=/etc/profile.d/rbenv.sh regexp='{{item.reg}}' line='{{item.lin}}' create='yes'
with_items:
- { 'reg':'^export RBENV_ROOT=', 'lin':'export RBENV_ROOT=/opt/rbenv' }
- { 'reg':'^export PATH=', 'lin':'export PATH="${RBENV_ROOT}/bin:${PATH}"' }
- { 'reg':'^eval ', 'lin':'eval "$(rbenv init -)"' }
- name: codedeploy agent - rbenv install {{ruby_ver}}
become: no
shell: sudo -i rbenv install {{ruby_ver}}
- name: codedeploy agent - rbenv grobal {{ruby_ver}}
become: no
shell: sudo -i rbenv global {{ruby_ver}}
- name: codedeploy agent - /usr/bin/ruby
file: >
src=/opt/rbenv/shims/ruby
dest=/usr/bin/ruby
state=link
force=yes
- name: codedeploy agent - wget (N.Virginia)
get_url: >
url=https://{{codedeploy_s3}}.s3.amazonaws.com/latest/install
dest=/tmp/install
force=True
- name: codedeploy agent - script chmod
file: path=/tmp/install owner=root group=root mode=0744
- name: codedeploy agent - install auto
become: no
shell: sudo -i /tmp/install auto
tags:
- codedeploy
### Amazon SSM Agent ###
- block:
- name: ssm agent - wget (N.Virginia)
get_url: >
url=https://{{ssm_s3}}.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm
dest=/tmp/amazon-ssm-agent.rpm
force=True
- name: ssm agent - rpm
yum: name=/tmp/amazon-ssm-agent.rpm state=present
tags:
- ssm
2. プレイブックの実行
DockerコンテナのIPアドレスを調べます。
[root@centos0702 ansible]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
386a0684a9fc centos6_ec2 "/usr/sbin/sshd -D" 57 minutes ago Up 43 minutes jolly_banach
[root@centos0702 ansible]# docker inspect 386a0684a9fc | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
Playbook を実行します。
下記例では、known_hosts を無視するように ANSIBLE_HOST_KEY_CHECKING を設定しています。
[root@centos0702 ansible]# env ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ,172.17.0.2 ./centos6_basic.yml
PLAY [all] *********************************************************************
TASK [setup] *******************************************************************
ok: [172.17.0.2]
TASK [install libselinux-python] ***********************************************
ok: [172.17.0.2]
TASK [disable selinux] *********************************************************
ok: [172.17.0.2]
TASK [disable ipv6] ************************************************************
changed: [172.17.0.2]
TASK [set locale to /etc/sysconfig/i18n] ***************************************
changed: [172.17.0.2]
TASK [set zone to /etc/sysconfig/clock] ****************************************
changed: [172.17.0.2]
TASK [set localtime] ***********************************************************
changed: [172.17.0.2]
TASK [install ntp] *************************************************************
changed: [172.17.0.2]
TASK [enable ntp service] ******************************************************
changed: [172.17.0.2]
TASK [disable firewall] ********************************************************
changed: [172.17.0.2] => (item=iptables)
changed: [172.17.0.2] => (item=ip6tables)
TASK [awscli - epel] ***********************************************************
changed: [172.17.0.2]
TASK [awscli - python-pip] *****************************************************
changed: [172.17.0.2]
TASK [awscli - pip install] ****************************************************
changed: [172.17.0.2]
TASK [codedeploy agent - yum] **************************************************
changed: [172.17.0.2] => (item=[u'git', u'gcc', u'openssl-devel', u'readline-devel', u'zlib-devel'])
TASK [codedeploy agent - git clone rbenv] **************************************
changed: [172.17.0.2]
TASK [codedeploy agent - git clone ruby_build] *********************************
changed: [172.17.0.2]
TASK [codedeploy agent - /etc/profile.d/rbenv.sh] ******************************
changed: [172.17.0.2] => (item={u'lin': u'export RBENV_ROOT=/opt/rbenv', u'reg': u'^export RBENV_ROOT='})
changed: [172.17.0.2] => (item={u'lin': u'export PATH="${RBENV_ROOT}/bin:${PATH}"', u'reg': u'^export PATH='})
changed: [172.17.0.2] => (item={u'lin': u'eval "$(rbenv init -)"', u'reg': u'^eval '})
TASK [codedeploy agent - rbenv install 2.2.4] **********************************
changed: [172.17.0.2]
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo
TASK [codedeploy agent - rbenv grobal 2.2.4] ***********************************
changed: [172.17.0.2]
TASK [codedeploy agent - /usr/bin/ruby] ****************************************
changed: [172.17.0.2]
TASK [codedeploy agent - wget (N.Virginia)] ************************************
changed: [172.17.0.2]
TASK [codedeploy agent - script chmod] *****************************************
changed: [172.17.0.2]
TASK [codedeploy agent - install auto] *****************************************
changed: [172.17.0.2]
TASK [ssm agent - wget (N.Virginia)] *******************************************
changed: [172.17.0.2]
TASK [ssm agent - rpm] *********************************************************
changed: [172.17.0.2]
PLAY RECAP *********************************************************************
172.17.0.2 : ok=25 changed=22 unreachable=0 failed=0
新しいコンテナを作れば、何度でも、やり直せます。
新しいコンテナは以下のようにして作成します。
[root@centos0702 ansible]# docker run -d centos6_ec2 /usr/sbin/sshd -D
f80163393398ee6c9376975445e7bb233ae612091ba9592f16f46b0e6dcd4b11
[root@centos0702 ansible]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f80163393398 centos6_ec2 "/usr/sbin/sshd -D" 4 seconds ago Up 3 seconds furious_albattani
63c8f1c7d3ee centos6_ec2 "/usr/sbin/sshd -D" About a minute ago Up About a minute cocky_liskov
b21cccadfee1 centos6_ec2 "/usr/sbin/sshd -D" About a minute ago Up About a minute small_austin
[root@centos0702 ansible]# docker inspect b21cccadfee1 | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@centos0702 ansible]# docker inspect 63c8f1c7d3ee | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.3",
"IPAddress": "172.17.0.3",
不要なコンテナは、以下のようにして削除します。
[root@centos0702 ansible]# docker stop 63c8f1c7d3ee 63c8f1c7d3ee [root@centos0702 ansible]# docker rm 63c8f1c7d3ee 63c8f1c7d3ee [root@centos0702 ansible]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f80163393398 centos6_ec2 "/usr/sbin/sshd -D" About a minute ago Up About a minute furious_albattani b21cccadfee1 centos6_ec2 "/usr/sbin/sshd -D" 3 minutes ago Up 3 minutes small_austin
