ansible batch deploy apache
-
ansible batch deploy apache
- Install ansible
- Base preparation on ansible
- Configure the local repository on the controlled side
- Install the latest version of Apache (httpd) on the controlled terminal
- Start the controlled web service (httpd)
- Configure the firewall on the controlled side to release httpd service traffic
- The controlled end writes the test page, requiring personal information (name or student number, etc.) and no other content.
- Access to any node's IP test on the master side
It's been a while since I've deployed ansible using a centos image, but last week a chance encounter allowed me to deploy ansible on top of centos 8.5. I realized that the ansible sources had changed a bit from what they used to be, so I thought I'd document it myself. Red Hot Trance !!!!!!
Environment
systems | ip | hostname (of a networked computer) | service |
---|---|---|---|
centos8.5 | 192.168.222.154 | wy-ansible | ansible |
centos8.5 | 192.168.222.155 | wy-node1 | apache |
centos8.5 | 192.168.222.156 | wy-node2 | apache |
Use the following mirrors
CentOS 8.5.2111 download link (Tsinghua source)
Install ansible
wy-ansible side operation
Configuring the sources needed for ansible
[root@wy-ansible ~]# cd /etc//
[root@wy-ansible ]# ls
[root@wy-ansible ]# rm -rf *
[root@wy-ansible ]# ls
[root@wy-ansible ]#
[root@wy-ansible ]# curl -o /etc// /repo/Centos-vault-8.5.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 2495 100 2495 0 0 15030 0 --:--:-- --:--:-- --:--:-- 15030
[root@wy-ansible ]#
[root@wy-ansible ]# dnf -y install epel-release
[root@wy-ansible ]# dnf -y install python36
[root@wy-ansible ]# dnf -y install python2
[root@wy-ansible ]# wget /pub/rocky/8/extras/x86_64/os/Packages/c/centos-release-ansible-29-1-2.
[root@wy-ansible ]# dnf -y localinstall centos-release-ansible-29-1-2.
[root@wy-ansible ]# ls
centos-release-ansible-29-1-2.
[root@wy-ansible ]# sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc//CentOS-*
[root@wy-ansible ]# sed -i -e "s|#baseurl=|baseurl=|g" /etc//CentOS-*
[root@wy-ansible ]# ls
centos-release-ansible-29-1-2.
[root@wy-ansible ]#
View source
[root@wy-ansible ]# cat
#
#
# Please see /SpecialInterestGroup/ConfigManagementSIG/Ansible
# for more information
[centos-ansible-29]
name=CentOS Configmanagement SIG - ansible-29
#mirrorlist=/?release=$releasever&arch=$basearch&repo=configmanagement-ansible-29
baseurl=/$contentdir/$releasever/configmanagement/$basearch/ansible-29/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-ConfigManagement
[centos-ansible-29-testing]
name=CentOS Configmanagement SIG - ansible-29 Testing
baseurl=/centos/8/configmanagement/$basearch/ansible-29/
gpgcheck=0
enabled=0
[centos-ansible-29-debuginfo]
name=CentOS Configmanagement SIG - ansible-29 Debug
baseurl=/$contentdir/8/configmanagement/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-ConfigManagement
[centos-ansible-29-source]
name=CentOS Configmanagement SIG - ansible-29 Source
baseurl=/$contentdir/8/configmanagement/Source/ansible-29/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-ConfigManagement
[root@wy-ansible ]#
Install ansible
[root@wy-ansible ]# cd
[root@wy-ansible ~]# dnf -y install ansible --nobest
ferret outansibleversions
[root@wy-ansible ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Sep 10 2021, 09:13:53) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
[root@wy-ansible ~]#
Base preparation on ansible
Partial operation on the wy-node1 side
[root@localhost ~]# hostnamectl set-hostname wy-node1
[root@localhost ~]# bash
[root@wy-node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b0:cd:5e brd ff:ff:ff:ff:ff:ff
inet 192.168.222.155/24 brd 192.168.222.255 scope global dynamic noprefixroute ens160
valid_lft 1655sec preferred_lft 1655sec
inet6 fe80::20c:29ff:feb0:cd5e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:02:53:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global noprefixroute virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 52:54:00:02:53:44 brd ff:ff:ff:ff:ff:ff
[root@wy-node1 ~]#
Because you need to mount the local disk later you need to do the following
wy-node2 partial operation
[root@localhost ~]# hostnamectl set-hostname wy-node2
[root@localhost ~]# bash
[root@wy-node2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:63:60:5f brd ff:ff:ff:ff:ff:ff
inet 192.168.222.156/24 brd 192.168.222.255 scope global dynamic noprefixroute ens160
valid_lft 1607sec preferred_lft 1607sec
inet6 fe80::20c:29ff:fe63:605f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:d1:d9:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global noprefixroute virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 52:54:00:d1:d9:6b brd ff:ff:ff:ff:ff:ff
[root@wy-node2 ~]#
Because you need to mount the local disk later you need to do the following
wy-ansible side operation
Do the mapping of the master to the controlled side
[root@wy-ansible ~]# vim /etc/hosts
[root@wy-ansible ~]# cat /etc/hosts
127.0.0.1 localhost localhost4 localhost4.localdomain4
::1 localhost localhost6 localhost6.localdomain6
192.168.222.155 wy-node1
192.168.222.156 wy-node2
[root@wy-ansible ~]#
root@wy-ansible ~]# mkdir playdemo
[root@wy-ansible ~]# cd playdemo/
[root@wy-ansible playdemo]# ls
[root@wy-ansible playdemo]# cp /etc/ansible/ .
[root@wy-ansible playdemo]# ls
[root@wy-ansible playdemo]# vim
#inventory = /etc/ansible/hosts
inventory = inventory
[root@wy-ansible playdemo]# vim inventory
View Controlled Host
[root@wy-ansible playdemo]# cat inventory
[apache]
192.168.222.155
192.168.222.156
[root@wy-ansible playdemo]# ls
inventory
[root@wy-ansible playdemo]#
Enables password-free login to controlled hosts
[root@wy-ansible playdemo]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:AkRmdCRTQ3SH7uRey7cqiZZ9ol6tvSBgJmSFgMe9Lc0 root@wy-ansible
The key's randomart image is:
+---[RSA 3072]----+
|oo =X=B ... |
|. +=.+ o.. |
| .o .= . |
| o o |
| . +..+S |
| + . .o.. |
| .=o+.. |
| +o*++ . |
| oo..+++.. |
+----[SHA256]-----+
[root@wy-ansible playdemo]#
[root@wy-ansible playdemo]# ssh-copy-id 192.168.222.155
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.222.155 (192.168.222.155)' can't be established.
ECDSA key fingerprint is SHA256:JQ7UCwc6pwXDVYU92WwkCQLgB6qqiTbNLPDSZF8+us8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.222.155'"
and check to make sure that only the key(s) you wanted were added.
[root@wy-ansible playdemo]# ssh-copy-id 192.168.222.156
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.222.156 (192.168.222.156)' can't be established.
ECDSA key fingerprint is SHA256:BsGn0HnCG5xb7gspwLlfgHIbDS6iX9XRwbJvlSChjYc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.222.156'"
and check to make sure that only the key(s) you wanted were added.
[root@wy-ansible playdemo]#
Check machine node connectivity
[root@wy-ansible playdemo]# ansible all -m ping
192.168.222.155 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.222.156 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@wy-ansible playdemo]# ansible apache -m ping
192.168.222.156 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.222.155 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@wy-ansible playdemo]#
Configure the local repository on the controlled side
wy-ansible side operation
[root@wy-ansible playdemo]# ansible apache -m mount -a 'src=/dev/sr0 path=/media state=mounted fstype=iso9660'
192.168.222.156 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/media",
"opts": "defaults",
"passno": "0",
"src": "/dev/sr0"
}
192.168.222.155 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/media",
"opts": "defaults",
"passno": "0",
"src": "/dev/sr0"
}
[root@wy-ansible playdemo]#
[root@wy-ansible playdemo]# ansible apache -m shell -a 'rm -rf /etc//C*'
[WARNING]: Consider using the file module with state=absent rather than running
'rm'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
to get rid of this message.
192.168.222.155 | CHANGED | rc=0 >>
192.168.222.156 | CHANGED | rc=0 >>
[root@wy-ansible playdemo]# ansible apache -m yum_repository -a 'file=wy name=AppStream description=AppStream baseurl=file:///media/AppStream enabled=yes gpgcheck=no'
192.168.222.155 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "present"
}
192.168.222.156 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "present"
}
[root@wy-ansible playdemo]# ansible apache -m yum_repository -a 'file=wy name=BaseOS description=BaseOS baseurl=file:///media/BaseOS enabled=yes gpgcheck=no'
192.168.222.155 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "BaseOS",
"state": "present"
}
192.168.222.156 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "BaseOS",
"state": "present"
}
[root@wy-ansible playdemo]#
wy-node1 end check
[root@wy-node1 ~]# df -Th
file system typology quantitative (science) utilized usability utilized% mount point
devtmpfs devtmpfs 867M 0 867M 0% /dev
tmpfs tmpfs 896M 0 896M 0% /dev/shm
tmpfs tmpfs 896M 11M 885M 2% /run
tmpfs tmpfs 896M 0 896M 0% /sys/fs/cgroup
/dev/mapper/cl-root xfs 17G 4.6G 13G 27% /
/dev/sda1 xfs 1014M 259M 756M 26% /boot
tmpfs tmpfs 179M 40K 179M 1% /run/user/1000
/dev/sr0 iso9660 11G 11G 0 100% /media
[root@wy-node1 ~]# cd /etc//
[root@wy-node1 ]# ls
[root@wy-node1 ]# cat
[AppStream]
baseurl = file:///media/AppStream
enabled = 1
gpgcheck = 0
name = AppStream
[BaseOS]
baseurl = file:///media/BaseOS
enabled = 1
gpgcheck = 0
name = BaseOS
[root@wy-node1 ]#
wy-node2 end check
[root@wy-node2 ~]# df -Th
file system typology quantitative (science) utilized usability utilized% mount point
devtmpfs devtmpfs 867M 0 867M 0% /dev
tmpfs tmpfs 896M 0 896M 0% /dev/shm
tmpfs tmpfs 896M 11M 885M 2% /run
tmpfs tmpfs 896M 0 896M 0% /sys/fs/cgroup
/dev/mapper/cl-root xfs 17G 4.6G 13G 27% /
/dev/sda1 xfs 1014M 259M 756M 26% /boot
tmpfs tmpfs 179M 44K 179M 1% /run/user/1000
/dev/sr0 iso9660 11G 11G 0 100% /media
[root@wy-node2 ~]# cd /etc//
[root@wy-node2 ]# ls
[root@wy-node2 ]# cat
[AppStream]
baseurl = file:///media/AppStream
enabled = 1
gpgcheck = 0
name = AppStream
[BaseOS]
baseurl = file:///media/BaseOS
enabled = 1
gpgcheck = 0
name = BaseOS
[root@wy-node2 ]#
Install the latest version of Apache (httpd) on the controlled terminal
wy-ansible side operation
[root@wy-ansible playdemo]# ansible apache -m yum -a 'name=httpd state=latest'
192.168.222.156 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: centos-logos-httpd-85.8-2.",
"Installed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
"Installed: httpd-2.4.37-41.module_el8.5.0+977+5653bbea.x86_64",
"Installed: apr-1.6.3-12.el8.x86_64",
"Installed: httpd-filesystem-2.4.37-41.module_el8.5.0+977+",
"Installed: httpd-tools-2.4.37-41.module_el8.5.0+977+5653bbea.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64"
]
}
192.168.222.155 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: centos-logos-httpd-85.8-2.",
"Installed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
"Installed: httpd-2.4.37-41.module_el8.5.0+977+5653bbea.x86_64",
"Installed: apr-1.6.3-12.el8.x86_64",
"Installed: httpd-filesystem-2.4.37-41.module_el8.5.0+977+",
"Installed: httpd-tools-2.4.37-41.module_el8.5.0+977+5653bbea.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64"
]
}
Start the controlled web service (httpd)
wy-ansible side operation
[root@wy-ansible playdemo]# ansible apache -m service -a 'name=httpd state=started enabled=yes'
192.168.222.155 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": " -.mount ",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
......
192.168.222.156 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": " -.mount ",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
.......
"Transient": "no",
"Type": "notify",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"UtmpMode": "init",
"Wants": "",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@wy-ansible playdemo]#
Configure the firewall on the controlled side to release httpd service traffic
wy-ansible side operation
[root@wy-ansible playdemo]# ansible apache -m firewalld -a 'zone=public service=http permanent=yes state=enabled immediate=yes'
192.168.222.155 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
192.168.222.156 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
[root@wy-ansible playdemo]#
The controlled end writes the test page, requiring personal information (name or student number, etc.) and no other content.
wy-ansible side operation
[root@wy-ansible playdemo]# ansible apache -m copy -a 'dest=/var/www/html/ content="wy-12345678of the website"'
192.168.222.155 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "c2d3a833b1925aa171b555b98e3619f62ca531cc",
"dest": "/var/www/html/",
"gid": 0,
"group": "root",
"md5sum": "bc55adb5abb3add29a34f0f7cc0563e0",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:httpd_sys_content_t:s0",
"size": 20,
"src": "/root/.ansible/tmp/ansible-tmp-1729763913.270614-351975-35211884046076/source",
"state": "file",
"uid": 0
}
192.168.222.156 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "c2d3a833b1925aa171b555b98e3619f62ca531cc",
"dest": "/var/www/html/",
"gid": 0,
"group": "root",
"md5sum": "bc55adb5abb3add29a34f0f7cc0563e0",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:httpd_sys_content_t:s0",
"size": 20,
"src": "/root/.ansible/tmp/ansible-tmp-1729763913.2374783-351977-264864621390314/source",
"state": "file",
"uid": 0
}
[root@wy-ansible playdemo]#
Access to any node's IP test on the master side
(can be tested with a browser or curl IP command)
wy-ansible side operation
[root@wy-ansible playdemo]# curl 192.168.222.155
wy-12345678of the website[root@wy-ansible playdemo]# curl 192.168.222.156
wy-12345678of the website[root@wy-ansible playdemo]# curl 192.168.222.155
wy-12345678of the website[root@wy-ansible playdemo]# curl 192.168.222.156
wy-12345678of the website[root@wy-ansible playdemo]#
Browser view on the main console