ansible 기초

(.venv) root@da0fa5dd7aae:~/mycelery# cat hosts

[local]

127.0.0.1

[remote]

220.70.63.15

125.141.117.130

175.198.82.75

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts --connection=local local -m ping

127.0.0.1 | SUCCESS => {

"changed": false,

"ping": "pong"

}

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts --connection=local remote -m ping

125.141.117.130 | SUCCESS => {

"changed": false,

"ping": "pong"

}

220.70.63.15 | SUCCESS => {

"changed": false,

"ping": "pong"

}

175.198.82.75 | SUCCESS => {

"changed": false,

"ping": "pong"

}

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m ping

The authenticity of host '175.198.82.75 (175.198.82.75)' can't be established.

RSA key fingerprint is SHA256:fUROZwPA+x5TkhP1KOr0YXNb93wgKu7SlTLMz1jfcX0.

Are you sure you want to continue connecting (yes/no)? The authenticity of host '220.70.63.15 (220.70.63.15)' can't be established.

RSA key fingerprint is SHA256:0l/6zrLO1tJQDNpDRbUqhjO4sjqHD13WngHI7Xyv2Bo.

Are you sure you want to continue connecting (yes/no)? The authenticity of host '125.141.117.130 (125.141.117.130)' can't be established.

RSA key fingerprint is SHA256:OaLdygTqtdebAkUMUOnE8Y+MCTBIpxsI88n/puhV778.

Are you sure you want to continue connecting (yes/no)? yes

175.198.82.75 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Warning: Permanently added '175.198.82.75' (RSA) to the list of known hosts.\r\nroot@175.198.82.75: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",

"unreachable": true

}

yes

Please type 'yes' or 'no': yes

220.70.63.15 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Warning: Permanently added '220.70.63.15' (RSA) to the list of known hosts.\r\nroot@220.70.63.15: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",

"unreachable": true

}

125.141.117.130 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Host key verification failed.\r\n",

"unreachable": true

}

ssh 키 교환이 안된 경우.

I believe you can use sshpass.

Ubuntu/Debian: apt-get install sshpass

Fedora/CentOS: yum install sshpass

For example:

sshpass -p "PASSWORD" ssh-copy-id -o StrictHostKeyChecking=no USERNAME@IP

각 시스템 마다 등록을 해 주자.

(.venv) root@da0fa5dd7aae:~/mycelery# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:C0KJWX/Z2ljuskW3WHaK3Q6xxjYpgXRSTp6BLmAcD9c root@da0fa5dd7aae

The key's randomart image is:

+---[RSA 2048]----+

| .+... .+ |

| ++* EB o |

| o.o.o.= B |

| . .o.X |

| . ..S = = . |

| . . + X O |

| o * % . |

| + + + |

| . . |

+----[SHA256]-----+

(.venv) root@da0fa5dd7aae:~/mycelery# ssh-copy-id 175.198.82.75

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@175.198.82.75's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '175.198.82.75'"

and check to make sure that only the key(s) you wanted were added.

(.venv) root@da0fa5dd7aae:~/mycelery# cat hosts

[local]

127.0.0.1

[remote]

220.70.63.15

125.141.117.130

175.198.82.75

(.venv) root@da0fa5dd7aae:~/mycelery# ssh-copy-id 125.141.117.130

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

The authenticity of host '125.141.117.130 (125.141.117.130)' can't be established.

RSA key fingerprint is SHA256:OaLdygTqtdebAkUMUOnE8Y+MCTBIpxsI88n/puhV778.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@125.141.117.130's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '125.141.117.130'"

and check to make sure that only the key(s) you wanted were added.

(.venv) root@da0fa5dd7aae:~/mycelery# ssh-copy-id 220.70.63.15

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@220.70.63.15's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '220.70.63.15'"

and check to make sure that only the key(s) you wanted were added.

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m ping

175.198.82.75 | SUCCESS => {

"changed": false,

"ping": "pong"

}

125.141.117.130 | SUCCESS => {

"changed": false,

"ping": "pong"

}

220.70.63.15 | SUCCESS => {

"changed": false,

"ping": "pong"

}

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m shell -a 'ls -al'

175.198.82.75 | CHANGED | rc=0 >>

합계 7688

dr-xr-x---. 5 root root 4096 2018-10-02 00:29 .

dr-xr-xr-x. 22 root root 4096 2018-12-13 20:14 ..

drwx------. 3 root root 4096 2018-09-29 01:48 .ansible

-rw-------. 1 root root 6464 2018-12-14 03:03 .bash_history

-rw-r--r--. 1 root root 18 2010-04-30 07:44 .bash_logout

-rw-r--r--. 1 root root 176 2010-04-30 07:44 .bash_profile

-rw-r--r--. 1 root root 176 2010-04-30 07:44 .bashrc

-rw-r--r--. 1 root root 100 2010-04-30 07:44 .cshrc

drwxr-xr-x. 2 root root 4096 2018-09-29 02:59 .ssh

-rw-r--r--. 1 root root 129 2010-04-30 07:44 .tcshrc

-rw-------. 1 root root 1335 2018-09-28 01:48 anaconda-ks.cfg

-rw-r--r--. 1 root root 10346 2018-09-28 01:48 install.log

-rw-r--r--. 1 root root 3161 2018-09-28 01:46 install.log.syslog

drwxrwxrwx. 4 root root 4096 2018-02-20 14:00 perccli_7.3-007.0318_linux

-rw-r--r--. 1 root root 7801278 2018-10-01 15:30 perccli_7.3-007.0318_linux.tar.gz

220.70.63.15 | CHANGED | rc=0 >>

합계 92

dr-xr-x---. 5 root root 4096 2018-12-14 10:03 .

dr-xr-xr-x. 25 root root 4096 2018-12-13 17:20 ..

drwx------ 3 root root 4096 2018-12-14 10:03 .ansible

-rw-------. 1 root root 2411 2018-12-13 18:04 .bash_history

-rw-r--r--. 1 root root 18 2010-04-30 07:44 .bash_logout

-rw-r--r--. 1 root root 176 2010-04-30 07:44 .bash_profile

-rw-r--r--. 1 root root 176 2010-04-30 07:44 .bashrc

-rw-r--r--. 1 root root 100 2010-04-30 07:44 .cshrc

drwx------ 2 root root 4096 2018-12-14 10:03 .ssh

-rw-r--r--. 1 root root 129 2010-04-30 07:44 .tcshrc

-rw-------. 1 root root 1655 2018-12-13 14:06 anaconda-ks.cfg

-rw-r--r--. 1 root root 28978 2018-12-13 14:06 install.log

-rw-r--r--. 1 root root 7572 2018-12-13 14:04 install.log.syslog

drwxr-xr-x 3 root root 4096 2018-12-13 17:59 test

125.141.117.130 | CHANGED | rc=0 >>

합계 64

dr-xr-x---. 4 root root 4096 2011-05-17 04:52 .

dr-xr-xr-x. 23 root root 4096 2011-08-01 09:24 ..

drwx------. 3 root root 4096 2011-05-16 08:11 .ansible

-rw-------. 1 root root 3859 2011-08-01 09:41 .bash_history

-rw-r--r--. 1 root root 18 2010-04-30 07:44 .bash_logout

-rw-r--r--. 1 root root 176 2010-04-30 07:44 .bash_profile

-rw-r--r--. 1 root root 176 2010-04-30 07:44 .bashrc

-rw-r--r--. 1 root root 100 2010-04-30 07:44 .cshrc

drwx------. 2 root root 4096 2011-06-07 02:15 .ssh

-rw-r--r--. 1 root root 129 2010-04-30 07:44 .tcshrc

-rw-------. 1 root root 1227 2011-05-02 09:25 anaconda-ks.cfg

-rw-r--r--. 1 root root 10880 2011-05-02 09:25 install.log

-rw-r--r--. 1 root root 3161 2011-05-02 09:23 install.log.syslog

-rw-r--r--. 1 root root 451 2011-05-17 04:49 scli.sh

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m shell -a 'rpm -qa | grep ssh'

[WARNING]: Consider using the yum, dnf or zypper module rather than running

rpm. If you need to use command because yum, dnf or zypper is insufficient you

can add warn=False to this command task or set command_warnings=False in

ansible.cfg to get rid of this message.

125.141.117.130 | CHANGED | rc=0 >>

libssh2-1.4.2-1.el6_6.1.x86_64

openssh-5.3p1-123.el6_9.x86_64

openssh-clients-5.3p1-123.el6_9.x86_64

openssh-server-5.3p1-123.el6_9.x86_64

175.198.82.75 | CHANGED | rc=0 >>

openssh-server-5.3p1-123.el6_9.x86_64

openssh-askpass-5.3p1-123.el6_9.x86_64

openssh-clients-5.3p1-123.el6_9.x86_64

libssh2-1.4.2-1.el6_6.1.x86_64

openssh-5.3p1-123.el6_9.x86_64

openssh-ldap-5.3p1-123.el6_9.x86_64

220.70.63.15 | CHANGED | rc=0 >>

libssh2-1.4.2-1.el6_6.1.x86_64

openssh-5.3p1-111.el6.x86_64

openssh-clients-5.3p1-111.el6.x86_64

openssh-server-5.3p1-111.el6.x86_64

본 서버에서 실행해도 안 나오는 메시지가 출력된다.

[root@ibm ~]# rpm -qa | grep ssh

libssh2-1.4.2-1.el6_6.1.x86_64

openssh-5.3p1-111.el6.x86_64

openssh-clients-5.3p1-111.el6.x86_64

openssh-server-5.3p1-111.el6.x86_64

[root@ibm ~]#

[경고] : rpm을 실행하는 대신 yum, dnf 또는 zypper 모듈을 사용하는 것을 고려하십시오. yum, dnf 또는 zypper가 부족하기 때문에 명령을 사용해야 하는 경우, 이 명령 작업에 warn = False를 추가하거나 이 메시지를 없애기 위해 responsible.cfg에서 command_warnings = False를 설정할 수 있습니다.

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m apt -a 'name=openssh-server state=installed update_cache=true'

175.198.82.75 | FAILED! => {

"changed": false,

"cmd": "apt-get update",

"msg": "[Errno 2] 그런 파일이나 디렉터리가 없습니다",

"rc": 2

}

125.141.117.130 | FAILED! => {

"changed": false,

"cmd": "apt-get update",

"msg": "[Errno 2] 그런 파일이나 디렉터리가 없습니다",

"rc": 2

}

220.70.63.15 | FAILED! => {

"changed": false,

"cmd": "apt-get update",

"msg": "[Errno 2] 그런 파일이나 디렉터리가 없습니다",

"rc": 2

}

redhat 계열에 apt를 돌렸더니 나온 메시지들.

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m yum -a 'name=openssh-server state=installed update_cache=true'

220.70.63.15 | SUCCESS => {

"ansible_facts": {

"pkg_mgr": "yum"

"changed": false,

"msg": "",

"rc": 0,

"results": [

"openssh-server-5.3p1-111.el6.x86_64 providing openssh-server is already installed"

]

}

175.198.82.75 | SUCCESS => {

"ansible_facts": {

"pkg_mgr": "yum"

"changed": false,

"msg": "",

"rc": 0,

"results": [

"openssh-server-5.3p1-123.el6_9.x86_64 providing openssh-server is already installed"

]

}

125.141.117.130 | SUCCESS => {

"ansible_facts": {

"pkg_mgr": "yum"

"changed": false,

"msg": "",

"rc": 0,

"results": [

"openssh-server-5.3p1-123.el6_9.x86_64 providing openssh-server is already installed"

]

}

기존에 설치가 되어 있어 변경되지 않았다고 알려줌. "changed": false,

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m shell -a 'rpm -qa | grep ssh'

[WARNING]: Consider using the yum, dnf or zypper module rather than running

rpm. If you need to use command because yum, dnf or zypper is insufficient you

can add warn=False to this command task or set command_warnings=False in

ansible.cfg to get rid of this message.

175.198.82.75 | CHANGED | rc=0 >>

openssh-server-5.3p1-123.el6_9.x86_64

openssh-askpass-5.3p1-123.el6_9.x86_64

openssh-clients-5.3p1-123.el6_9.x86_64

libssh2-1.4.2-1.el6_6.1.x86_64

openssh-5.3p1-123.el6_9.x86_64

openssh-ldap-5.3p1-123.el6_9.x86_64

125.141.117.130 | CHANGED | rc=0 >>

libssh2-1.4.2-1.el6_6.1.x86_64

openssh-5.3p1-123.el6_9.x86_64

openssh-clients-5.3p1-123.el6_9.x86_64

openssh-server-5.3p1-123.el6_9.x86_64

220.70.63.15 | CHANGED | rc=0 >>

libssh2-1.4.2-1.el6_6.1.x86_64

openssh-5.3p1-111.el6.x86_64

openssh-clients-5.3p1-111.el6.x86_64

openssh-server-5.3p1-111.el6.x86_64

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m shell -a '/opt/MegaRAID/storcli/storcli64 /call /eall /sall show | grep HDD'

175.198.82.75 | FAILED | rc=1 >>

/bin/sh: /opt/MegaRAID/storcli/storcli64: 그런 파일이나 디렉터리가 없습니다non-zero return code

125.141.117.130 | FAILED | rc=1 >>

/bin/sh: /opt/MegaRAID/storcli/storcli64: 그런 파일이나 디렉터리가 없습니다non-zero return code

220.70.63.15 | CHANGED | rc=0 >>

252:0 25 Onln 0 135.972 GB SAS HDD N N 512B MBE2147RC U -

252:1 22 Onln 0 135.972 GB SAS HDD N N 512B ST9146852SS U -

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m shell -a 'ssacli controller all show'

175.198.82.75 | FAILED | rc=127 >>

/bin/sh: ssacli: command not foundnon-zero return code

220.70.63.15 | FAILED | rc=127 >>

/bin/sh: ssacli: command not foundnon-zero return code

125.141.117.130 | CHANGED | rc=0 >>

Smart Array P400 in Slot 1 (sn: P61620H9SVY22G)

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m shell -a 'ssacli controller slot=1 physicaldrive all show status'

175.198.82.75 | FAILED | rc=127 >>

/bin/sh: ssacli: command not foundnon-zero return code

220.70.63.15 | FAILED | rc=127 >>

/bin/sh: ssacli: command not foundnon-zero return code

125.141.117.130 | CHANGED | rc=0 >>

physicaldrive 2I:1:1 (port 2I:box 1:bay 1, 146 GB): OK

physicaldrive 2I:1:2 (port 2I:box 1:bay 2, 146 GB): OK

(.venv) root@da0fa5dd7aae:~/mycelery# ansible -i ./hosts remote -m shell -a '/opt/MegaRAID/storcli/storcli64 /c0 show | grep HDD'

175.198.82.75 | FAILED | rc=1 >>

/bin/sh: /opt/MegaRAID/storcli/storcli64: 그런 파일이나 디렉터리가 없습니다non-zero return code

125.141.117.130 | FAILED | rc=1 >>

/bin/sh: /opt/MegaRAID/storcli/storcli64: 그런 파일이나 디렉터리가 없습니다non-zero return code

220.70.63.15 | CHANGED | rc=0 >>

252:0 25 Onln 0 135.972 GB SAS HDD N N 512B MBE2147RC U -

252:1 22 Onln 0 135.972 GB SAS HDD N N 512B ST9146852SS U -

IT로 뭘할까?

ansible 기초

티스토리툴바