前回の記事「sshログインできるテスト環境を Docker で作る」で作成した Dockerコンテナで、Ansible の Playbook をテストします。
Playbook は、Docker コンテナでテスト後、EC2構築に使用します。
Plaubookでは以下を実施します。
- SELinux を無効にする
- IPv6 を無効にする
- Firewall を無効にする
- ロケールを ja_JP.UTF-8 にする
- タイムゾーンを Asia/Tokyo にする
- ntpd を自動起動する
- awscli をインストールする
- CodeDeploy Agent をインストールする
- Amazon SSM Agent をインストールする
1. プレイブックの作成
プレイブックの内容は以下のとおり。
[root@centos0702 ansible]# cat centos6_basic.yml --- - hosts: all become: yes remote_user: centos vars: locale: ja_JP.UTF-8 zone: Asia/Tokyo repo_upgrade: none zoneinfo_path: /usr/share/zoneinfo/Asia/Tokyo ruby_ver: 2.2.4 codedeploy_s3: aws-codedeploy-us-east-1 ssm_s3: amazon-ssm-us-east-1 tasks: ### OS ### - block: - name: install libselinux-python yum: name=libselinux-python state=latest - name: disable selinux selinux: state=disabled - name: disable ipv6 lineinfile: > dest=/etc/modprobe.d/disable_ipv6.conf line='options ipv6 disable=1' create='yes' - name: set locale to /etc/sysconfig/i18n replace: > dest=/etc/sysconfig/i18n regexp='^LANG=.*$' replace='LANG="{{locale}}"' - name: set zone to /etc/sysconfig/clock replace: > dest=/etc/sysconfig/clock regexp='^ZONE=.*$' replace='ZONE="{{zone}}"' - name: set localtime file: > src={{zoneinfo_path}} dest=/etc/localtime state=link force=yes - name: install ntp yum: name=ntp state=latest - name: enable ntp service service: name=ntpd enabled='yes' - name: disable firewall service: name={{item}} enabled='no' with_items: - iptables - ip6tables tags: - os ### awscli ### - block: - name: awscli - epel yum: name=epel-release state=latest - name: awscli - python-pip yum: name=python-pip state=latest - name: awscli - pip install pip: name=awscli tags: - awscli ### CodeDeploy Agent ### - block: - name: codedeploy agent - yum yum: name={{item}} state=latest with_items: - git - gcc - openssl-devel - readline-devel - zlib-devel - name: codedeploy agent - git clone rbenv git: > repo=git://github.com/sstephenson/rbenv.git dest=/opt/rbenv - name: codedeploy agent - git clone ruby_build git: > repo=git://github.com/sstephenson/ruby-build.git dest=/opt/rbenv/plugins/ruby-build - name: codedeploy agent - /etc/profile.d/rbenv.sh lineinfile: dest=/etc/profile.d/rbenv.sh regexp='{{item.reg}}' line='{{item.lin}}' create='yes' with_items: - { 'reg':'^export RBENV_ROOT=', 'lin':'export RBENV_ROOT=/opt/rbenv' } - { 'reg':'^export PATH=', 'lin':'export PATH="${RBENV_ROOT}/bin:${PATH}"' } - { 'reg':'^eval ', 'lin':'eval "$(rbenv init -)"' } - name: codedeploy agent - rbenv install {{ruby_ver}} become: no shell: sudo -i rbenv install {{ruby_ver}} - name: codedeploy agent - rbenv grobal {{ruby_ver}} become: no shell: sudo -i rbenv global {{ruby_ver}} - name: codedeploy agent - /usr/bin/ruby file: > src=/opt/rbenv/shims/ruby dest=/usr/bin/ruby state=link force=yes - name: codedeploy agent - wget (N.Virginia) get_url: > url=https://{{codedeploy_s3}}.s3.amazonaws.com/latest/install dest=/tmp/install force=True - name: codedeploy agent - script chmod file: path=/tmp/install owner=root group=root mode=0744 - name: codedeploy agent - install auto become: no shell: sudo -i /tmp/install auto tags: - codedeploy ### Amazon SSM Agent ### - block: - name: ssm agent - wget (N.Virginia) get_url: > url=https://{{ssm_s3}}.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm dest=/tmp/amazon-ssm-agent.rpm force=True - name: ssm agent - rpm yum: name=/tmp/amazon-ssm-agent.rpm state=present tags: - ssm
2. プレイブックの実行
DockerコンテナのIPアドレスを調べます。
[root@centos0702 ansible]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 386a0684a9fc centos6_ec2 "/usr/sbin/sshd -D" 57 minutes ago Up 43 minutes jolly_banach [root@centos0702 ansible]# docker inspect 386a0684a9fc | grep IPAddress "SecondaryIPAddresses": null, "IPAddress": "172.17.0.2", "IPAddress": "172.17.0.2",
Playbook を実行します。
下記例では、known_hosts を無視するように ANSIBLE_HOST_KEY_CHECKING を設定しています。
[root@centos0702 ansible]# env ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ,172.17.0.2 ./centos6_basic.yml PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [172.17.0.2] TASK [install libselinux-python] *********************************************** ok: [172.17.0.2] TASK [disable selinux] ********************************************************* ok: [172.17.0.2] TASK [disable ipv6] ************************************************************ changed: [172.17.0.2] TASK [set locale to /etc/sysconfig/i18n] *************************************** changed: [172.17.0.2] TASK [set zone to /etc/sysconfig/clock] **************************************** changed: [172.17.0.2] TASK [set localtime] *********************************************************** changed: [172.17.0.2] TASK [install ntp] ************************************************************* changed: [172.17.0.2] TASK [enable ntp service] ****************************************************** changed: [172.17.0.2] TASK [disable firewall] ******************************************************** changed: [172.17.0.2] => (item=iptables) changed: [172.17.0.2] => (item=ip6tables) TASK [awscli - epel] *********************************************************** changed: [172.17.0.2] TASK [awscli - python-pip] ***************************************************** changed: [172.17.0.2] TASK [awscli - pip install] **************************************************** changed: [172.17.0.2] TASK [codedeploy agent - yum] ************************************************** changed: [172.17.0.2] => (item=[u'git', u'gcc', u'openssl-devel', u'readline-devel', u'zlib-devel']) TASK [codedeploy agent - git clone rbenv] ************************************** changed: [172.17.0.2] TASK [codedeploy agent - git clone ruby_build] ********************************* changed: [172.17.0.2] TASK [codedeploy agent - /etc/profile.d/rbenv.sh] ****************************** changed: [172.17.0.2] => (item={u'lin': u'export RBENV_ROOT=/opt/rbenv', u'reg': u'^export RBENV_ROOT='}) changed: [172.17.0.2] => (item={u'lin': u'export PATH="${RBENV_ROOT}/bin:${PATH}"', u'reg': u'^export PATH='}) changed: [172.17.0.2] => (item={u'lin': u'eval "$(rbenv init -)"', u'reg': u'^eval '}) TASK [codedeploy agent - rbenv install 2.2.4] ********************************** changed: [172.17.0.2] [WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo TASK [codedeploy agent - rbenv grobal 2.2.4] *********************************** changed: [172.17.0.2] TASK [codedeploy agent - /usr/bin/ruby] **************************************** changed: [172.17.0.2] TASK [codedeploy agent - wget (N.Virginia)] ************************************ changed: [172.17.0.2] TASK [codedeploy agent - script chmod] ***************************************** changed: [172.17.0.2] TASK [codedeploy agent - install auto] ***************************************** changed: [172.17.0.2] TASK [ssm agent - wget (N.Virginia)] ******************************************* changed: [172.17.0.2] TASK [ssm agent - rpm] ********************************************************* changed: [172.17.0.2] PLAY RECAP ********************************************************************* 172.17.0.2 : ok=25 changed=22 unreachable=0 failed=0
新しいコンテナを作れば、何度でも、やり直せます。
新しいコンテナは以下のようにして作成します。
[root@centos0702 ansible]# docker run -d centos6_ec2 /usr/sbin/sshd -D f80163393398ee6c9376975445e7bb233ae612091ba9592f16f46b0e6dcd4b11 [root@centos0702 ansible]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f80163393398 centos6_ec2 "/usr/sbin/sshd -D" 4 seconds ago Up 3 seconds furious_albattani 63c8f1c7d3ee centos6_ec2 "/usr/sbin/sshd -D" About a minute ago Up About a minute cocky_liskov b21cccadfee1 centos6_ec2 "/usr/sbin/sshd -D" About a minute ago Up About a minute small_austin [root@centos0702 ansible]# docker inspect b21cccadfee1 | grep IPAddress "SecondaryIPAddresses": null, "IPAddress": "172.17.0.2", "IPAddress": "172.17.0.2", [root@centos0702 ansible]# docker inspect 63c8f1c7d3ee | grep IPAddress "SecondaryIPAddresses": null, "IPAddress": "172.17.0.3", "IPAddress": "172.17.0.3",
不要なコンテナは、以下のようにして削除します。
[root@centos0702 ansible]# docker stop 63c8f1c7d3ee 63c8f1c7d3ee [root@centos0702 ansible]# docker rm 63c8f1c7d3ee 63c8f1c7d3ee [root@centos0702 ansible]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f80163393398 centos6_ec2 "/usr/sbin/sshd -D" About a minute ago Up About a minute furious_albattani b21cccadfee1 centos6_ec2 "/usr/sbin/sshd -D" 3 minutes ago Up 3 minutes small_austin