[stg_web] test-stg-web01 ansible_host=192.168.33.10 ansible_ssh_common_args='-o ProxyCommand="ssh -i ~/.ssh/test.pem -W %h:%p -q bastion-user@192.168.33.30"' [prod_web] test-prod-web01 ansible_host=192.168.33.20 ansible_ssh_common_args='-o ProxyCommand="ssh -i ~/.ssh/test.pem -W %h:%p -q bastion-user@192.168.33.30"'
カテゴリー: Infrastructure as code
【Ansible】Master/Slave構成の JMeter をデプロイする【IaC】
Ansible で Master/Slave 構成の JMeter をデプロイする Playbook を作ってみました。
https://github.com/keisukesanuki/jmeter-MS.git
※ 詳細は GitHub の README を参照くださいませ。
ディレクトリ構成
. ├── README.md ├── ansible.cfg ├── group_vars │ ├── all.yml │ └── all.yml.example ├── hosts.example ├── roles │ ├── common │ │ ├── README.md │ │ └── tasks │ │ ├── etckeeper_commit.yml │ │ ├── host_change.yml │ │ └── main.yml │ ├── dummy │ │ ├── README.md │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ └── dummy.txt │ ├── jmeter51 │ │ ├── README.md │ │ ├── files │ │ │ ├── jmeter.properties │ │ │ └── start-controller_cui.sh │ │ └── tasks │ │ └── main.yml │ ├── jmeter53 │ │ ├── README.md │ │ ├── files │ │ │ ├── jmeter.properties │ │ │ └── start-controller_cui.sh │ │ └── tasks │ │ └── main.yml │ ├── jmeter54 │ │ ├── README.md │ │ ├── files │ │ │ ├── jmeter.properties │ │ │ └── start-controller_cui.sh │ │ └── tasks │ │ └── main.yml │ ├── jmeter55 │ │ ├── README.md │ │ ├── files │ │ │ ├── jmeter.properties │ │ │ └── start-controller_cui.sh │ │ └── tasks │ │ └── main.yml │ ├── minimum │ │ └── httpd │ │ ├── README.md │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ └── security.yml │ │ └── templates │ │ ├── mpm.conf │ │ └── security.conf │ ├── python-scripts │ │ ├── README.md │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ ├── csv2gspread.py │ │ ├── sacred-drive.json │ │ └── start-controller_cui.sh │ ├── reboot │ │ └── tasks │ │ └── main.yml │ ├── slave-jmeter │ │ ├── README.md │ │ ├── files │ │ │ ├── jmeter-node.service │ │ │ └── jmeter-server.sh │ │ └── tasks │ │ └── main.yml │ └── tigervnc │ ├── README.md │ ├── files │ │ ├── vncpasswd.sh │ │ └── vncserver@.service_root │ └── tasks │ └── main.yml ├── scenario │ └── example │ └── zabbix │ └── zabbix_load_scenario.jmx ├── target.yml └── target.yml.example 38 directories, 51 files
【Ansible】AnsibleでAWSのネットワークを構築する【IaC】
Terraform に埋もれがちですが Ansible でも AWS のリソース構築が出来るんですよね。
作るもの
・VPC
・public subnet x 2
・private subnet x 2
・internet gateway
・route table
ディレクトリ構造
├── README.md ├── ansible.cfg ├── hosts ├── roles │ └── aws_vpc │ ├── tasks │ │ └── main.yml │ └── vars │ └── main.yml └── vpc_create.yml
インベントリファイル
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat hosts [localhost] 127.0.0.1
サーバをプロビジョニングする訳ではないので、ローカルホストを指定
Role
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat roles/aws_vpc/tasks/main.yml
---
# tasks file for aws_vpc
- name: create_vpc
ec2_vpc_net:
name: "{{ vpc_name }}"
cidr_block: "{{ vpc_cidr }}"
region: "{{ region }}"
dns_hostnames: yes
dns_support: yes
register: vpc_info
# PUBLIC_SUBNETの作成
- name: create_public_subnet
ec2_vpc_subnet:
vpc_id: "{{ vpc_info.vpc.id }}"
cidr: "{{ item.pub_subnet_cidr }}"
az: "{{ item.subnet_az }}"
region: "{{ region }}"
resource_tags: { "Name":"{{ item.pub_subnet_name }}" }
register: pubsub_info
with_items:
- "{{ pub_subnet }}"
# PRIVATE_SUBNETの作成
- name: create_private_subnet
ec2_vpc_subnet:
vpc_id: "{{ vpc_info.vpc.id }}"
cidr: "{{ item.pri_subnet_cidr }}"
az: "{{ item.subnet_az }}"
region: "{{ region }}"
resource_tags: { "Name":"{{ item.pri_subnet_name }}" }
register: prisub_info
with_items:
- "{{ pri_subnet }}"
# IGWの作成
- name: create_igw
ec2_vpc_igw:
vpc_id: "{{ vpc_info.vpc.id }}"
region: "{{ region }}"
tags: { "Name":"{{ igw_name }}" }
register: igw_info
# ROUTETABLEの作成(IGW)
- name: create_route_table
ec2_vpc_route_table:
vpc_id: "{{ vpc_info.vpc.id }}"
subnets: "{{ atache_igw_subnet }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ igw_info.gateway_id }}"
region: "{{ region }}"
resource_tags: { "Name":"{{ rttable_pub_name }}" }
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat roles/aws_vpc/vars/main.yml
---
# vars file for aws_vpc
# REGION
region: "ap-northeast-1"
# VPC
vpc_name: "sanuki-wd-vpc"
vpc_cidr: "10.0.0.0/16"
# IGW
igw_name: "sanuki-igw"
# ROUTETABLE(PUBLIC)
rttable_pub_name: "sanuki-pub-rt"
# PUBLIC_SUBNET
pub_subnet:
- { pub_subnet_cidr: "10.0.10.0/24" ,subnet_az: "ap-northeast-1a" ,pub_subnet_name: "sanuki-wd-public-subnet-a" }
- { pub_subnet_cidr: "10.0.20.0/24" ,subnet_az: "ap-northeast-1c" ,pub_subnet_name: "sanuki-wd-public-subnet-c" }
# PRIVATE_SUBNET
pri_subnet:
- { pri_subnet_cidr: "10.0.50.0/24" ,subnet_az: "ap-northeast-1a" ,pri_subnet_name: "sanuki-wd-private-subnet-a" }
- { pri_subnet_cidr: "10.0.60.0/24" ,subnet_az: "ap-northeast-1c" ,pri_subnet_name: "sanuki-wd-private-subnet-c" }
# IGWに紐付けるサブネット
atache_igw_subnet:
- "10.0.10.0/24"
- "10.0.20.0/24"
playbook
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat vpc_create.yml
---
# VPC CREATE Playbook
- name: create vpc subnet igw routetable
hosts: localhost
connection: local
gather_facts: False
become: False
roles:
- aws_vpc
実行
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# ansible-playbook -i hosts vpc_create.yml
PLAY [create vpc subnet igw routetable] ********************************************************************************
TASK [aws_vpc : create_vpc] ********************************************************************************************
[DEPRECATION WARNING]: Distribution Ubuntu 18.04 on host 127.0.0.1 should use /usr/bin/python3, but is using
/usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible release will default to using
the discovered platform python for this host. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature
will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
changed: [127.0.0.1]
TASK [aws_vpc : create_public_subnet] **********************************************************************************
changed: [127.0.0.1] => (item={u'pub_subnet_name': u'sanuki-wd-public-subnet-a', u'subnet_az': u'ap-northeast-1a', u'pub_subnet_cidr': u'10.0.10.0/24'})
changed: [127.0.0.1] => (item={u'pub_subnet_name': u'sanuki-wd-public-subnet-c', u'subnet_az': u'ap-northeast-1c', u'pub_subnet_cidr': u'10.0.20.0/24'})
TASK [aws_vpc : create_private_subnet] *********************************************************************************
changed: [127.0.0.1] => (item={u'pri_subnet_cidr': u'10.0.50.0/24', u'pri_subnet_name': u'sanuki-wd-private-subnet-a', u'subnet_az': u'ap-northeast-1a'})
changed: [127.0.0.1] => (item={u'pri_subnet_cidr': u'10.0.60.0/24', u'pri_subnet_name': u'sanuki-wd-private-subnet-c', u'subnet_az': u'ap-northeast-1c'})
TASK [aws_vpc : create_igw] ********************************************************************************************
changed: [127.0.0.1]
TASK [aws_vpc : create_route_table] ************************************************************************************
changed: [127.0.0.1]
PLAY RECAP *************************************************************************************************************
127.0.0.1 : ok=5 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
補足
boto3 が必要になります。
pip でインストールしておいて下さい。
pip install boto boto3
【Ansible】いい感じにデータを変数にいれる【シェルスクリプト】
スペース区切りだったり、カンマ区切りのデータをいい感じに Ansible の変数に入れたいことってありますよね。
そんな時によく使うスクリプトです。
シェルスクリプト
vi var_create.sh
===============================================
#!/bin/bash
while IFS=' ' read key val
do
echo " - { domain: '$val' ,owner: '$key' }"
done < $1
vi data.txt ============================ user1 aaa user2 bbb user3 ccc
実行
[root@keisuke-main tmp]# ./var_create.sh data.txt
- { domain: 'aaa' ,owner: 'user1' }
- { domain: 'bbb' ,owner: 'user2' }
- { domain: 'ccc' ,owner: 'user3' }
【Ansible】Ansible と expect で MySQL 導入を自動化する【IaC】
こんにちは。
MySQL の導入が面倒だったので Ansible と expect で自動化にチャレンジします。
mysql_secure_installation の自動化
expect と awk でシェルスクリプトを作成します。
#!/bin/bash
# 初期パスワードを取得
IntPasswd=$(grep "A temporary password is generated for root@localhost:" /var/log/mysqld.log | awk '{ print $13}')
# パスワード指定
MysqlRootPasswd="{{ db_passwd }}"
expect -c '
set timeout 10;
spawn mysql_secure_installation;
expect "Enter password for user root:";
send -- "'"${IntPasswd}"'\n";
expect "New password:";
send -- "'"${MysqlRootPasswd}"'\n";
expect "Re-enter new password:";
send -- "'"${MysqlRootPasswd}"'\n";
expect "Change the password for root ?";
send "n\n";
expect "Remove anonymous users?";
send "y\n";
expect "Disallow root login remotely?";
send "y\n";
expect "Remove test database and access to it?";
send "y\n";
expect "Reload privilege tables now?";
send "y\n";
interact;'
awk で初期パスワードを取得し、対話処理は expect で処理します。
Playbook
Ansible の playbook で処理します。
---
# tasks file for mysql-server80
- name: install mysql80 repository
yum:
name: https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
state: present
- name: install mysql
yum:
name:
- mysql-server
- expect
state: present
- name: put my.cnf
template:
src: ../templates/my.cnf.j2
dest: /etc/my.cnf
owner: root
group: root
mode: 0644
backup: yes
- name: mkdir /var/log/mysql/
file:
path: /var/log/mysql
state: directory
owner: mysql
group: mysql
mode: 0755
- name: start mysql
systemd:
name: mysqld
state: started
enabled: yes
- name: confirm check_file
stat: path=/usr/local/etc/mysql_stat.txt
register: result_mysql_exit
- name: put mysql_secure_installation_script
template:
src: ../templates/mysql_secure_installation_script
dest: /tmp/mysql_secure_installation_script
owner: root
group: root
mode: 0755
- name: exec mysql_secure_installation_script
shell: "/tmp/mysql_secure_installation_script"
when: not result_mysql_exit.stat.exists
- name: create check_file
file:
path: /usr/local/etc/mysql_stat.txt
state: touch
mode: "u=rw,g=r,o=r"
- name: change error-log location
lineinfile:
dest: /etc/my.cnf
state: present
backrefs: yes
regexp: '^log-error = /var/log/mysqld.log'
line: 'log-error = /var/log/mysql/mysqld.log'
notify: mysqld_restart
おまけ
こちらに CentOS7用の playbook を纏めていますので宜しければ。
https://github.com/keisukesanuki/default-CentOS7