티스토리 뷰
A101 - 2주차
스터디 2024. 1. 21. 16:032주차
환경 구성
- EC2 인스턴스 프로필에 AWS SecretsManager RW권한 추가
- 항상 Secret’s’ → s를 빼먹어서 고생함
반복문
- 루프문 안쪽에 사용할 루프 변수를 넣고 동작 혹은
- 플레이북 내에 선언된 변수를 참조해 루프 반복
---
- hosts: all
vars:
services:
- sshd
- rsyslog
tasks:
- name: loop with declared in the task # <https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_loops.html#iterating-over-a-simple-list>
ansible.builtin.service:
name: "{{ item }}"
state: started
loop:
- sshd
- rsyslog
- name: loop with declared variables
ansible.builtin.service:
name: "{{ item }}"
state: started
loop: "{{ services }}"
- 파일 생성을 반복문으로 수행하기
- hosts: all
vars:
log:
- path: /tmp/foo.log
mod: '0644'
- path: /var/log/foo
mod: '0777'
tasks:
- name: create log file
ansible.builtin.file:
path: "{{ item['path'] }}"
mode: "{{ item['mod'] }}"
state: touch
loop: "{{ log }}"
###
ubuntu@server:~/my-ansible$ ansible -m shell -a "ls -al /var/log/foo" all
tnode1 | CHANGED | rc=0 >>
-rwxrwxrwx 1 root root 0 Jan 14 21:40 /var/log/foo
tnode2 | CHANGED | rc=0 >>
-rwxrwxrwx 1 root root 0 Jan 14 21:40 /var/log/foo
tnode3 | CHANGED | rc=0 >>
-rwxrwxrwx 1 root root 0 Jan 14 21:40 /var/log/foo
빌트인 모듈 - 쉘 (builtin module - shell)
- 쉘 관련 작업은 어디서나 빠질 수가 없는 것 같음
- 딱 하나 궁금한 점은, 수행 결과가 이쁘게 저장되나?
- 전체 프로세스 목록을 shell 모듈로 수행 → 이를 register에 저장 → 저장된 내용을 파일로 copy
- hosts: all
tasks:
- name: ps
ansible.builtin.shell: "ps -ef"
register: ps_result
- local_action:
module: copy
content: "{{ ps_result }}"
dest: /home/ubuntu/my-ansible/ps_result
→ 수행 결과 (안 이쁜데요?)
{"changed": true, "stdout": "UID PID PPID C STIME TTY TIME CMD\\nroot 1 0 0 19:54 ? 00:00:05 /sbin/init\\nroot 2 0 0 19:54 ? 00:00:00 [kthreadd]\\nroot 3 2 0 19:54 ? 00:00:00 [rcu_gp]\\nroot 4 2 0 19:54 ? 00:00:00 [rcu_par_gp]\\nroot 5 2 0 19:54 ? 00:00:00 [slub_flushwq]\\nroot 6 2 0 19:54 ? 00:00:00 [netns]\\nroot 8 2 0 19:54 ? 00:00:00 [kworker/0:0H-events_highpri]\\nroot 10 2 0 19:54 ? 00:00:00 [mm_percpu_wq]\\nroot 11 2 0 19:54 ? 00:00:00 [rcu_tasks_rude_kthread]\\nroot 12 2 0 19:54 ? 00:00:00 [rcu_tasks_trace_kthread]\\nroot 13 2 0 19:54 ? 00:00:00 [ksoftirqd/0]\\nroot 14 2 0 19:54 ? 00:00:00 [rcu_sched]\\nroot 15 2 0 19:54 ? 00:00:00 [migration/0]\\nroot 16 2 0 19:54 ? 00:00:00 [idle_inject/0]\\nroot 18 2 0 19:54 ? 00:00:00 [cpuhp/0]\\nroot 19 2 0 19:54 ? 00:00:00 [cpuhp/1]\\nroot 20 2 0 19:54 ? 00:00:00 [idle_inject/1]\\nroot 21 2 0 19:54 ? 00:00:00 [migration/1]\\nroot 22 2 0 19:54 ? 00:00:00 [ksoftirqd/1]\\nroot 24 2 0 19:54 ? 00:00:00 [kworker/1:0H-events_highpri]\\nroot 25 2 0 19:54 ? 00:00:00 [kdevtmpfs]\\nroot 26 2 0 19:54 ? 00:00:00 [inet_frag_wq]\\nroot 27 2 0 19:54 ? 00:00:00 [kauditd]\\nroot 29 2 0 19:54 ? 00:00:00 [khungtaskd]\\nroot 31 2 0 19:54 ? 00:00:00 [oom_reaper]\\nroot 32 2 0 19:54 ? 00:00:00 [writeback]\\nroot 33 2 0 19:54 ? 00:00:00 [kcompactd0]\\nroot 34 2 0 19:54 ? 00:00:00 [ksmd]\\nroot 36 2 0 19:54 ? 00:00:00 [khugepaged]\\nroot 37 2 0 19:54 ? 00:00:00 [kintegrityd]\\nroot 38 2 0 19:54 ? 00:00:00 [kblockd]\\nroot 39 2 0 19:54 ? 00:00:00 [blkcg_punt_bio]\\nroot 40 2 0 19:54 ? 00:00:00 [tpm_dev_wq]\\nroot 41 2 0 19:54 ? 00:00:00 [ata_sff]\\nroot 42 2 0 19:54 ? 00:00:00 [md]\\nroot 43 2 0 19:54 ? 00:00:00 [edac-poller]\\nroot 44 2 0 19:54 ? 00:00:00 [devfreq_wq]\\nroot 45 2 0 19:54 ? 00:00:00 [watchdogd]\\nroot 46 2 0 19:54 ? 00:00:00 [kworker/1:1H-kblockd]\\nroot 47 2 0 19:54 ? 00:00:00 [kswapd0]\\nroot 48 2 0 19:54 ? 00:00:00 [ecryptfs-kthread]\\nroot 49 2 0 19:54 ? 00:00:00 [kthrotld]\\nroot 50 2 0 19:54 ? 00:00:00 [acpi_thermal_pm]\\nroot 51 2 0 19:54 ? 00:00:00 [nvme-wq]\\nroot 52 2 0 19:54 ? 00:00:00 [nvme-reset-wq]\\nroot 53 2 0 19:54 ? 00:00:00 [nvme-delete-wq]\\nroot 54 2 0 19:54 ? 00:00:00 [nvme-auth-wq]\\nroot 55 2 0 19:54 ? 00:00:00 [mld]\\nroot 56 2 0 19:54 ? 00:00:00 [kworker/0:1H-kblockd]\\nroot 57 2 0 19:54 ? 00:00:00 [ipv6_addrconf]\\nroot 64 2 0 19:54 ? 00:00:00 [kstrp]\\nroot 67 2 0 19:54 ? 00:00:00 [zswap-shrink]\\nroot 68 2 0 19:54 ? 00:00:00 [kworker/u5:0]\\nroot 72 2 0 19:54 ? 00:00:00 [charger_manager]\\nroot 73 2 0 19:54 ? 00:00:00 [jbd2/nvme0n1p1-8]\\nroot 74 2 0 19:54 ? 00:00:00 [ext4-rsv-conver]\\nroot 113 1 0 19:54 ? 00:00:00 /lib/systemd/systemd-journald\\nroot 146 2 0 19:54 ? 00:00:00 [kaluad]\\nroot 147 2 0 19:54 ? 00:00:00 [kmpath_rdacd]\\nroot 148 2 0 19:54 ? 00:00:00 [kmpathd]\\nroot 149 2 0 19:54 ? 00:00:00 [kmpath_handlerd]\\nroot 150 1 0 19:54 ? 00:00:00 /sbin/multipathd -d -s\\nroot 154 1 0 19:54 ? 00:00:00 /lib/systemd/systemd-udevd\\nroot 182 2 0 19:54 ? 00:00:00 [ena]\\nroot 183 2 0 19:54 ? 00:00:00 [cryptd]\\nsystemd+ 334 1 0 19:55 ? 00:00:00 /lib/systemd/systemd-networkd\\nsystemd+ 336 1 0 19:55 ? 00:00:00 /lib/systemd/systemd-resolved\\nroot 433 1 0 19:55 ? 00:00:00 /usr/sbin/acpid\\nroot 437 1 0 19:55 ? 00:00:00 /usr/sbin/cron -f -P\\nmessage+ 439 1 0 19:55 ? 00:00:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only\\nroot 445 1 0 19:55 ? 00:00:00 /usr/sbin/irqbalance --foreground\\nroot 448 1 0 19:55 ? 00:00:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers\\n_chrony 457 1 0 19:55 ? 00:00:00 /usr/sbin/chronyd -F 1\\nsyslog 458 1 0 19:55 ? 00:00:00 /usr/sbin/rsyslogd -n -iNONE\\n_chrony 459 457 0 19:55 ? 00:00:00 /usr/sbin/chronyd -F 1\\nroot 466 1 0 19:55 ? 00:00:02 /usr/lib/snapd/snapd\\nroot 474 1 0 19:55 ? 00:00:00 /lib/systemd/systemd-logind\\nroot 535 1 0 19:55 ttyS0 00:00:00 /sbin/agetty -o -p -- \\\\u --keep-baud 115200,57600,38400,9600 ttyS0 vt220\\nroot 554 1 0 19:55 tty1 00:00:00 /sbin/agetty -o -p -- \\\\u --noclear tty1 linux\\nroot 573 1 0 19:55 ? 00:00:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal\\nroot 616 1 0 19:55 ? 00:00:00 /usr/libexec/polkitd --no-debug\\nroot 643 2 0 19:55 ? 00:00:00 [tls-strp]\\nroot 1195 1 0 19:55 ? 00:00:00 /snap/amazon-ssm-agent/7628/amazon-ssm-agent\\nroot 1255 1 0 19:55 ? 00:00:00 sshd: /usr/sbin/sshd -D -o AuthorizedKeysCommand /usr/share/ec2-instance-connect/eic_run_authorized_keys %u %f -o AuthorizedKeysCommandUser ec2-instance-connect [listener] 0 of 10-100 startups\\nroot 1783 1 0 19:55 ? 00:00:00 /usr/libexec/packagekitd\\nroot 2833 2 0 21:17 ? 00:00:00 [kworker/0:3-events]\\nroot 2997 2 0 21:22 ? 00:00:00 [kworker/1:1-cgroup_destroy]\\nroot 3323 2 0 21:37 ? 00:00:00 [kworker/u4:1-events_unbound]\\nroot 3325 2 0 21:37 ? 00:00:00 [kworker/0:0-cgroup_destroy]\\nroot 3764 2 0 21:42 ? 00:00:00 [kworker/u4:3-events_unbound]\\nroot 3765 2 0 21:42 ? 00:00:00 [kworker/1:2-cgroup_destroy]\\nroot 3768 2 0 21:50 ? 00:00:00 [kworker/u4:0-events_power_efficient]\\nroot 3778 2 0 22:00 ? 00:00:00 [kworker/1:0-cgroup_destroy]\\nroot 4001 2 0 22:01 ? 00:00:00 [kworker/1:3-events]\\nroot 4002 1255 0 22:05 ? 00:00:00 sshd: ubuntu [priv]\\nubuntu 4005 1 0 22:05 ? 00:00:00 /lib/systemd/systemd --user\\nubuntu 4006 4005 0 22:05 ? 00:00:00 (sd-pam)\\nroot 4011 2 0 22:05 ? 00:00:00 [kworker/0:1-cgroup_destroy]\\nubuntu 4065 4002 0 22:05 ? 00:00:00 sshd: ubuntu@pts/0\\nubuntu 4391 4065 0 22:05 pts/0 00:00:00 /bin/sh -c sudo -H -S -n -u root /bin/sh -c 'echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py' && sleep 0\\nroot 4392 4391 0 22:05 pts/0 00:00:00 sudo -H -S -n -u root /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py\\nroot 4393 4392 0 22:05 pts/1 00:00:00 sudo -H -S -n -u root /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py\\nroot 4394 4393 0 22:05 pts/1 00:00:00 /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py\\nroot 4395 4394 0 22:05 pts/1 00:00:00 /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py\\nroot 4396 4395 0 22:05 pts/1 00:00:00 /bin/sh -c ps -ef\\nroot 4397 4396 0 22:05 pts/1 00:00:00 ps -ef", "stderr": "", "rc": 0, "cmd": "ps -ef", "start": "2024-01-14 22:05:31.818859", "end": "2024-01-14 22:05:31.827931", "delta": "0:00:00.009072", "msg": "", "stdout_lines": ["UID PID PPID C STIME TTY TIME CMD", "root 1 0 0 19:54 ? 00:00:05 /sbin/init", "root 2 0 0 19:54 ? 00:00:00 [kthreadd]", "root 3 2 0 19:54 ? 00:00:00 [rcu_gp]", "root 4 2 0 19:54 ? 00:00:00 [rcu_par_gp]", "root 5 2 0 19:54 ? 00:00:00 [slub_flushwq]", "root 6 2 0 19:54 ? 00:00:00 [netns]", "root 8 2 0 19:54 ? 00:00:00 [kworker/0:0H-events_highpri]", "root 10 2 0 19:54 ? 00:00:00 [mm_percpu_wq]", "root 11 2 0 19:54 ? 00:00:00 [rcu_tasks_rude_kthread]", "root 12 2 0 19:54 ? 00:00:00 [rcu_tasks_trace_kthread]", "root 13 2 0 19:54 ? 00:00:00 [ksoftirqd/0]", "root 14 2 0 19:54 ? 00:00:00 [rcu_sched]", "root 15 2 0 19:54 ? 00:00:00 [migration/0]", "root 16 2 0 19:54 ? 00:00:00 [idle_inject/0]", "root 18 2 0 19:54 ? 00:00:00 [cpuhp/0]", "root 19 2 0 19:54 ? 00:00:00 [cpuhp/1]", "root 20 2 0 19:54 ? 00:00:00 [idle_inject/1]", "root 21 2 0 19:54 ? 00:00:00 [migration/1]", "root 22 2 0 19:54 ? 00:00:00 [ksoftirqd/1]", "root 24 2 0 19:54 ? 00:00:00 [kworker/1:0H-events_highpri]", "root 25 2 0 19:54 ? 00:00:00 [kdevtmpfs]", "root 26 2 0 19:54 ? 00:00:00 [inet_frag_wq]", "root 27 2 0 19:54 ? 00:00:00 [kauditd]", "root 29 2 0 19:54 ? 00:00:00 [khungtaskd]", "root 31 2 0 19:54 ? 00:00:00 [oom_reaper]", "root 32 2 0 19:54 ? 00:00:00 [writeback]", "root 33 2 0 19:54 ? 00:00:00 [kcompactd0]", "root 34 2 0 19:54 ? 00:00:00 [ksmd]", "root 36 2 0 19:54 ? 00:00:00 [khugepaged]", "root 37 2 0 19:54 ? 00:00:00 [kintegrityd]", "root 38 2 0 19:54 ? 00:00:00 [kblockd]", "root 39 2 0 19:54 ? 00:00:00 [blkcg_punt_bio]", "root 40 2 0 19:54 ? 00:00:00 [tpm_dev_wq]", "root 41 2 0 19:54 ? 00:00:00 [ata_sff]", "root 42 2 0 19:54 ? 00:00:00 [md]", "root 43 2 0 19:54 ? 00:00:00 [edac-poller]", "root 44 2 0 19:54 ? 00:00:00 [devfreq_wq]", "root 45 2 0 19:54 ? 00:00:00 [watchdogd]", "root 46 2 0 19:54 ? 00:00:00 [kworker/1:1H-kblockd]", "root 47 2 0 19:54 ? 00:00:00 [kswapd0]", "root 48 2 0 19:54 ? 00:00:00 [ecryptfs-kthread]", "root 49 2 0 19:54 ? 00:00:00 [kthrotld]", "root 50 2 0 19:54 ? 00:00:00 [acpi_thermal_pm]", "root 51 2 0 19:54 ? 00:00:00 [nvme-wq]", "root 52 2 0 19:54 ? 00:00:00 [nvme-reset-wq]", "root 53 2 0 19:54 ? 00:00:00 [nvme-delete-wq]", "root 54 2 0 19:54 ? 00:00:00 [nvme-auth-wq]", "root 55 2 0 19:54 ? 00:00:00 [mld]", "root 56 2 0 19:54 ? 00:00:00 [kworker/0:1H-kblockd]", "root 57 2 0 19:54 ? 00:00:00 [ipv6_addrconf]", "root 64 2 0 19:54 ? 00:00:00 [kstrp]", "root 67 2 0 19:54 ? 00:00:00 [zswap-shrink]", "root 68 2 0 19:54 ? 00:00:00 [kworker/u5:0]", "root 72 2 0 19:54 ? 00:00:00 [charger_manager]", "root 73 2 0 19:54 ? 00:00:00 [jbd2/nvme0n1p1-8]", "root 74 2 0 19:54 ? 00:00:00 [ext4-rsv-conver]", "root 113 1 0 19:54 ? 00:00:00 /lib/systemd/systemd-journald", "root 146 2 0 19:54 ? 00:00:00 [kaluad]", "root 147 2 0 19:54 ? 00:00:00 [kmpath_rdacd]", "root 148 2 0 19:54 ? 00:00:00 [kmpathd]", "root 149 2 0 19:54 ? 00:00:00 [kmpath_handlerd]", "root 150 1 0 19:54 ? 00:00:00 /sbin/multipathd -d -s", "root 154 1 0 19:54 ? 00:00:00 /lib/systemd/systemd-udevd", "root 182 2 0 19:54 ? 00:00:00 [ena]", "root 183 2 0 19:54 ? 00:00:00 [cryptd]", "systemd+ 334 1 0 19:55 ? 00:00:00 /lib/systemd/systemd-networkd", "systemd+ 336 1 0 19:55 ? 00:00:00 /lib/systemd/systemd-resolved", "root 433 1 0 19:55 ? 00:00:00 /usr/sbin/acpid", "root 437 1 0 19:55 ? 00:00:00 /usr/sbin/cron -f -P", "message+ 439 1 0 19:55 ? 00:00:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only", "root 445 1 0 19:55 ? 00:00:00 /usr/sbin/irqbalance --foreground", "root 448 1 0 19:55 ? 00:00:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers", "_chrony 457 1 0 19:55 ? 00:00:00 /usr/sbin/chronyd -F 1", "syslog 458 1 0 19:55 ? 00:00:00 /usr/sbin/rsyslogd -n -iNONE", "_chrony 459 457 0 19:55 ? 00:00:00 /usr/sbin/chronyd -F 1", "root 466 1 0 19:55 ? 00:00:02 /usr/lib/snapd/snapd", "root 474 1 0 19:55 ? 00:00:00 /lib/systemd/systemd-logind", "root 535 1 0 19:55 ttyS0 00:00:00 /sbin/agetty -o -p -- \\\\u --keep-baud 115200,57600,38400,9600 ttyS0 vt220", "root 554 1 0 19:55 tty1 00:00:00 /sbin/agetty -o -p -- \\\\u --noclear tty1 linux", "root 573 1 0 19:55 ? 00:00:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal", "root 616 1 0 19:55 ? 00:00:00 /usr/libexec/polkitd --no-debug", "root 643 2 0 19:55 ? 00:00:00 [tls-strp]", "root 1195 1 0 19:55 ? 00:00:00 /snap/amazon-ssm-agent/7628/amazon-ssm-agent", "root 1255 1 0 19:55 ? 00:00:00 sshd: /usr/sbin/sshd -D -o AuthorizedKeysCommand /usr/share/ec2-instance-connect/eic_run_authorized_keys %u %f -o AuthorizedKeysCommandUser ec2-instance-connect [listener] 0 of 10-100 startups", "root 1783 1 0 19:55 ? 00:00:00 /usr/libexec/packagekitd", "root 2833 2 0 21:17 ? 00:00:00 [kworker/0:3-events]", "root 2997 2 0 21:22 ? 00:00:00 [kworker/1:1-cgroup_destroy]", "root 3323 2 0 21:37 ? 00:00:00 [kworker/u4:1-events_unbound]", "root 3325 2 0 21:37 ? 00:00:00 [kworker/0:0-cgroup_destroy]", "root 3764 2 0 21:42 ? 00:00:00 [kworker/u4:3-events_unbound]", "root 3765 2 0 21:42 ? 00:00:00 [kworker/1:2-cgroup_destroy]", "root 3768 2 0 21:50 ? 00:00:00 [kworker/u4:0-events_power_efficient]", "root 3778 2 0 22:00 ? 00:00:00 [kworker/1:0-cgroup_destroy]", "root 4001 2 0 22:01 ? 00:00:00 [kworker/1:3-events]", "root 4002 1255 0 22:05 ? 00:00:00 sshd: ubuntu [priv]", "ubuntu 4005 1 0 22:05 ? 00:00:00 /lib/systemd/systemd --user", "ubuntu 4006 4005 0 22:05 ? 00:00:00 (sd-pam)", "root 4011 2 0 22:05 ? 00:00:00 [kworker/0:1-cgroup_destroy]", "ubuntu 4065 4002 0 22:05 ? 00:00:00 sshd: ubuntu@pts/0", "ubuntu 4391 4065 0 22:05 pts/0 00:00:00 /bin/sh -c sudo -H -S -n -u root /bin/sh -c 'echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py' && sleep 0", "root 4392 4391 0 22:05 pts/0 00:00:00 sudo -H -S -n -u root /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py", "root 4393 4392 0 22:05 pts/1 00:00:00 sudo -H -S -n -u root /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py", "root 4394 4393 0 22:05 pts/1 00:00:00 /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py", "root 4395 4394 0 22:05 pts/1 00:00:00 /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py", "root 4396 4395 0 22:05 pts/1 00:00:00 /bin/sh -c ps -ef", "root 4397 4396 0 22:05 pts/1 00:00:00 ps -ef"], "stderr_lines": [], "failed": false}
→ 이쁜데요? (cat ps_result | jq .stdout_lines[])
"UID PID PPID C STIME TTY TIME CMD"
"root 1 0 0 19:54 ? 00:00:05 /sbin/init"
"ubuntu 4065 4002 0 22:05 ? 00:00:00 sshd: ubuntu@pts/0"
"ubuntu 4391 4065 0 22:05 pts/0 00:00:00 /bin/sh -c sudo -H -S -n -u root /bin/sh -c 'echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py' && sleep 0"
"root 4392 4391 0 22:05 pts/0 00:00:00 sudo -H -S -n -u root /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py"
"root 4393 4392 0 22:05 pts/1 00:00:00 sudo -H -S -n -u root /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py"
"root 4394 4393 0 22:05 pts/1 00:00:00 /bin/sh -c echo BECOME-SUCCESS-dtvdbiinmbdvmxmutouadphutzwafzyw ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py"
"root 4395 4394 0 22:05 pts/1 00:00:00 /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1705237531.1404-9146-219306906117475/AnsiballZ_command.py"
"root 4396 4395 0 22:05 pts/1 00:00:00 /bin/sh -c ps -ef"
"root 4397 4396 0 22:05 pts/1 00:00:00 ps -ef"
쉘 모듈에선 단순히 stdout 뿐만 아니라 stderr, 리턴 코드 등도 정리해서 보여준다. 역시 세상은 json과 yaml이 지배해
cat ps_result | jq 'keys'
[
"changed",
"cmd",
"delta",
"end",
"failed",
"msg",
"rc",
"start",
"stderr",
"stderr_lines",
"stdout",
"stdout_lines"
]
조건문
- 여러가지 조건을 확인할 수 있지만 https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html#conditionals-based-on-variables
- is defined 와 같은 조건도 있음. (파이썬에서 exists 와 같음)
- 하나의 when 절에 여러 조건을 넣을 수도 있음: when: a >= 100 and b is defiend
- 혹은 여러 개의 조건을 리스트로 넣어서 표현 가능
when: - a >= 100 - b is defined when: > ( a >= 100 and b is defiend) or (c < 0)
핸들러
- 변경 내용이 있을 때만 핸들러에게 시그널
- a handler will only be notified if the task reports a changed state. On a failed state the handler will not be notified.
- rsyslog 서비스 재시작에 성공하면 → 핸들러에게 노티
- hosts: tnode1
tasks:
- name: restart service
service:
name: "rsyslog"
state: restarted
notify:
- signal
handlers:
- name: signal
debug:
msg: "rsyslog is restarted"- ignore_errors: yes 특정 태스크가 실패해도 플레이가 계속되고 싶다면 이 키워드로 특정 태스크에서 발생한 에러 무시 가능
- force_handlers: yes 플레이가 중단되더라도 일단 알림을 받은 핸들러들은 호출되도록 구성
블록
- block: Blocks create logical groups of tasks
- rescue: 블록에 정의된 작업이 실패 시 실행
- always: 항상 실행되는 구역
도전과제
- 도전과제2 loop 반복문 중 sequence 를 이용하여 /var/log/test1 ~ /var/log/test100 100개 파일(file 모듈)을 생성 확인 후 삭제를 해보자
ansible-playbook loop.yml PLAY [tnode1] ***************************************************************************************************************************** TASK [create log file] ******************************************************************************************************************** changed: [tnode1] => (item=log1) changed: [tnode1] => (item=log2) TASK [find the victim file] *************************************************************************************************************** ok: [tnode1] TASK [debug] ****************************************************************************************************************************** ok: [tnode1] => { "tobe_del": { "changed": false, "examined": 12, "failed": false, "files": [ { "atime": 1705759760.1358187, "ctime": 1705759760.1358187, "dev": 66305, "gid": 0, "gr_name": "root", "inode": 68852, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0777", "mtime": 1705759760.1358187, "nlink": 1, "path": "/tmp/log1", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 0, "uid": 0, "wgrp": true, "woth": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true }, { "atime": 1705759760.503821, "ctime": 1705759760.503821, "dev": 66305, "gid": 0, "gr_name": "root", "inode": 68889, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0777", "mtime": 1705759760.503821, "nlink": 1, "path": "/tmp/log2", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 0, "uid": 0, "wgrp": true, "woth": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true } ], "matched": 2, "msg": "All paths examined", "skipped_paths": {} } } TASK [delete the victims] ***************************************************************************************************************** changed: [tnode1] => (item={'path': '/tmp/log1', 'mode': '0777', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 0, 'inode': 68852, 'dev': 66305, 'nlink': 1, 'atime': 1705759760.1358187, 'mtime': 1705759760.1358187, 'ctime': 1705759760.1358187, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': True, 'wgrp': True, 'rgrp': True, 'xgrp': True, 'woth': True, 'roth': True, 'xoth': True, 'isuid': False, 'isgid': False}) changed: [tnode1] => (item={'path': '/tmp/log2', 'mode': '0777', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 0, 'inode': 68889, 'dev': 66305, 'nlink': 1, 'atime': 1705759760.503821, 'mtime': 1705759760.503821, 'ctime': 1705759760.503821, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': True, 'wgrp': True, 'rgrp': True, 'xgrp': True, 'woth': True, 'roth': True, 'xoth': True, 'isuid': False, 'isgid': False}) PLAY RECAP ******************************************************************************************************************************** tnode1 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 - - hosts: tnode1 tasks: - name: create log file file: path: "/tmp/{{ item }}" mode: '0777' state: touch with_sequence: start=1 end=2 format=log%d - name: find the victim file find: paths: "/tmp/" patterns: "log[0-9]+" age: -10m # 나름의 안전장치 use_regex: yes recurse: no register: tobe_del - debug: var: tobe_del - name: delete the victims # <https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html#parameter-state> file: path: "{{ item.path }}" state: absent with_items: "{{ tobe_del.files }}"
- 도전과제3 Ubuntu OS이면서 fqdn으로 tnode1 인 경우, debug 모듈을 사용하여 OS 정보와 fqdn 정보를 출력해보자
- 같은 조건이 두번 반복되는게 맘에 안드네
- hosts: all tasks: - name: check victims debug: msg: >- dist: {{ ansible_facts['distribution'] }} FQDN: {{ ansible_facts['nodename'] }} when: - ansible_facts['distribution'] == "Ubuntu" - ansible_facts['nodename'] == "tnode1"ansible-playbook assign3.yml PLAY [all] ******************************************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************************************** TASK [check victims] ********************************************************************************************************************** ok: [tnode1] => { "msg": "dist: Ubuntu FQDN: tnode1" } - 도전과제5 apache2 패키지를 apt 모듈을 통해서 설치 시, 핸들러를 호출하여 service 모듈로 apache2를 재시작 해보자
- - hosts: tnode1 vars: pkg: - apache2 tasks: - name: install pkgs package: name: "{{ item }}" state: latest loop: "{{ pkg }}" notify: installation done handlers: - name: installation done service: name: "{{ item }}" state: restarted loop: "{{ pkg }}" notify: restart done
- 도전과제6 block rescure always 키워드를 사용한 플레이북을 작성하여 테스트 해보자
- nginx conf 파일을 망가뜨리고 configtest → 실패 시 복원하는 내용
- hosts: tnode1 tasks: # - name: check escalation # shell: "whoami" # register: shell_result # become: true # become_user: root # become_method: sudo # - debug: # var: shell_result - name: change nginx conf block: - name: add error line lineinfile: path: /etc/nginx/nginx.conf line: "DIE DIE DIE" backup: true - name: configtest command: "nginx -t" register: configtest_result failed_when: "configtest_result.rc != 0" rescue: - name: remove error line lineinfile: path: /etc/nginx/nginx.conf regex: "^DIE DIE DIE$" line: '' - name: do configtest again command: "nginx -t" register: configtest_result_again - debug: var: configtest_result_again always: - name: check service systemd: name: nginx register: systemd_result - debug: var: systemd_result.status.ActiveState - name: check the line eixsts lineinfile: path: /etc/nginx/nginx.conf line: "DIE DIE DIE" state: absent check_mode: yes register: line_exists - debug: var: line_existsPLAY [tnode1] ************************************************************************************************************************************* TASK [add error line] ***************************************************************************************************************************** changed: [tnode1] TASK [configtest] ********************************************************************************************************************************* fatal: [tnode1]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.014208", "end": "2024-01-21 15:58:47.180372", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2024-01-21 15:58:47.166164", "stderr": "nginx: [emerg] unexpected end of file, expecting \\";\\" or \\"}\\" in /etc/nginx/nginx.conf:95\\nnginx: configuration file /etc/nginx/nginx.conf test failed", "stderr_lines": ["nginx: [emerg] unexpected end of file, expecting \\";\\" or \\"}\\" in /etc/nginx/nginx.conf:95", "nginx: configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []} TASK [remove error line] ************************************************************************************************************************** changed: [tnode1] TASK [do configtest again] ************************************************************************************************************************ changed: [tnode1] TASK [debug] ************************************************************************************************************************************** ok: [tnode1] => { "configtest_result_again": { "changed": true, "cmd": [ "nginx", "-t" ], "delta": "0:00:00.015322", "end": "2024-01-21 15:58:47.943249", "failed": false, "msg": "", "rc": 0, "start": "2024-01-21 15:58:47.927927", "stderr": "nginx: the configuration file /etc/nginx/nginx.conf syntax is ok\\nnginx: configuration file /etc/nginx/nginx.conf test is successful", "stderr_lines": [ "nginx: the configuration file /etc/nginx/nginx.conf syntax is ok", "nginx: configuration file /etc/nginx/nginx.conf test is successful" ], "stdout": "", "stdout_lines": [] } } TASK [check service] ****************************************************************************************************************************** ok: [tnode1] TASK [debug] ************************************************************************************************************************************** ok: [tnode1] => { "systemd_result.status.ActiveState": "active" } TASK [check the line eixsts] ********************************************************************************************************************** ok: [tnode1] TASK [debug] ************************************************************************************************************************************** ok: [tnode1] => { "line_exists": { "backup": "", "changed": false, "diff": [ { "after": "", "after_header": "/etc/nginx/nginx.conf (content)", "before": "", "before_header": "/etc/nginx/nginx.conf (content)" }, { "after_header": "/etc/nginx/nginx.conf (file attributes)", "before_header": "/etc/nginx/nginx.conf (file attributes)" } ], "failed": false, "found": 0, "msg": "" } } PLAY RECAP **************************************************************************************************************************************** tnode1 : ok=8 changed=3 unreachable=0 failed=0 skipped=0 rescued=1 ignored=0
'스터디' 카테고리의 다른 글
| A101 - 1주차 (0) | 2024.01.14 |
|---|---|
| PKOS - 쿠버네티스 온라인 스터디 (4) (0) | 2023.04.02 |
| PKOS - 쿠버네티스 온라인 스터디 (3) (0) | 2023.03.25 |
| PKOS - 쿠버네티스 온라인 스터디 (2) (0) | 2023.03.19 |
| PKOS - 쿠버네티스 온라인 스터디 (1) (2) | 2023.03.12 |
댓글