PowerPoint 프레젠테이션

공개 SW 솔루션설치 & 활용가이드 시스템 SW > 자원관리 제대로배워보자 How to Use Open Source Software Open Source Software Installation & Application Guide

CONTENTS 1. 개요 2. 기능요약 3. 실행환경 4. 설치및실행 5. 기능소개 6. 활용예제 7. FAQ 8. 용어정리

- 3-1. 개요 소개 주요기능 서버를시작할때미리설정파일에따라소프트웨어설치및설정을자동으로수행함 대규모컴퓨터클러스터를구축할때시간을단축하고오류감소에도움 구성관리뿐만아니라오케스트레이션및소프트웨어배포기능을가짐 안정적이고신뢰성이높으며, 확장성이좋음 프로비저닝 오케스트레이션 빌드및배포자동화등 대분류 시스템 SW 소분류 자원관리 라이선스형태 GNU General Public License 사전설치솔루션 실행하드웨어 특징 보안취약점 개발회사 / 커뮤니티 공식홈페이지 Red Hat, Debian, CentOS, macos, any of the BSDs Windows isn t supported for the control machine Python2(2.7) or Python3(3.5 and higher) 버전 v2.6.7 (2018 년 10 월기준 ) SIMPLE 알기쉬운자동화스크립트, 텍스트기반플레이북을사용기존형상관리솔루션사용가능 POWERFUL Linux, Windows, UNIX 지원, 어플리케이션자동배포, 환경설정자동관리 AGENTLESS Push-based 방식이며별도에이전트불필요, OpenSSH 와 WinRM 사용 SSH, WinRM 툴사용으로매니지먼트노드들을컨트롤하기에해당툴자체에취약점이발생하지않는이상별도보안취약점은없음 Red Hat / https://www.ansible.com/community https://www.ansible.com

- 4-2. 기능요약 Ansible 의주요기능 주요기능프로비저닝어플리케이션배포 OS 자동설치빌드및배포자동화보안및컴플라이언스오케스트레이션 소프트웨어설치및업데이트구성 / 설정변경파일전송 상세내용 다수의서버에어플리케이션자동배포전체어플리케이션을대상으로손쉬운수명주기관리개발부터상용화까지자동화가능 가상화클라우드기반의 VM 을대상으로 OS 설치지원템플릿기반 VM 생성 Vcenter, Open Stack, AWS, Azure, GCP 등다양한가상환경지원 CI/CD 환경을손쉽게구성서비스개발및상용화를빠르게구현할수있는자동화플랫폼어플리케이션빌드부터테스트까지다른빌드솔루션과연동가능 Ansible 을통해보안정책과컴플라이언스수립시스템생성시부터보안적용표준화를통한강제성부여 가상머신생성부터서비스제공까지또는어플리케이션롤링업그레이드구현

- 5-3. 실행환경 Ansible 요구사항 - Python 2 ( 버전 2.7) 또는 Python 3 ( 버전 3.5 이상 ) 이설치된모든시스템 - Windows는제어시스템에지원안됨 - Red Hat, Debian, CentOS, macos, any of the BSDs 등이포함됨 - Ansible 커뮤니티버전의경우 Python 소프트웨어외별도하드웨어스펙요구사항은없음

- 6-4. 설치및실행 세부목차 4.1 Ansible Install 4.1.1 Git repository 에서 Control Machine 으로 Ansible clone 4.1.2 ansible 환경적용

- 7-4. 설치및실행 4.1 Ansible Install 4.1.1 Git repository 에서 Control Machine 으로 Ansible 다운로드 [root@localhost ~]# git clone git://github.com/ansible/ansible.git Cloning into 'ansible'... remote: Enumerating objects: 245, done. remote: Counting objects: 100% (245/245), done. remote: Compressing objects: 100% (211/211), done. remote: Total 377154 (delta 163), reused 34 (delta 33), pack-reused 376909 Receiving objects: 100% (377154/377154), 125.24 MiB 4.36 MiB/s, done. Resolving deltas: 100% (247620/247620), done. 4.1.2 ansible 환경적용 [root@localhost ansible]# source./hacking/env-setup q [root@localhost ansible]# echo $PATH /root/ansible/bin:/sbin:/bin:/usr/sbin:/usr/bin

- 8-5. 기능소개 세부목차 5.1 Command Line Tools 5.1.1 ansible 5.1.2 ansible-config 5.1.3 ansible-console 5.1.4 ansible-doc 5.1.5 ansible-galaxy 5.1.6 ansible-inventory 5.1.7 ansible-playbook 5.1.8 ansible-vault

- 9-5. 기능소개 5.1 Command Line Tools(1/5) 5.1.1 ansible 용도 - 단일작업실행 사용법 - [root@localhost ansible]# ansible <host-pattern> [options] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible.html 5.1.2 ansible-config 용도 - Ansible 설정파일표시 사용법 - [root@localhost ansible]# ansible-config [view dump list] [--help] [options] [ansible.cfg] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-config.html#

- 10-5. 기능소개 5.1 Command Line Tools(2/5) 5.1.3 ansible-console 용도 - 선택한인벤토리에대해작업실행가능한 REPL 생성 사용법 - [root@localhost ansible]# ansible-console [<host-pattern>] [options] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-console.html 5.1.4 ansible-doc 용도 - 사용가능한모듈에대한정보표시 사용법 - [root@localhost ansible]# ansible-doc [-l -F -s] [options] [-t <plugin type> ] [plugin] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-doc.html

5. 기능소개 5.1 Command Line Tools(3/5) 5.1.4 ansible-galaxy 용도 - Ansible 공유저장소관리 사용법 - [root@localhost ansible]# ansible-galaxy [delete import info init install list login remove search setup] [--help] [options]... 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html 5.1.5 ansible-inventory 용도 - 구성된인벤토리를표시 사용법 - [root@localhost ansible]# ansible-inventory [options] [host group] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-inventory.html - 11 -

- 12-5. 기능소개 5.1 Command Line Tools(4/5) 5.1.6 ansible-playbook 용도 - 다중작업실행 사용법 - [root@localhost ansible]# ansible-playbook [options] playbook.yml [playbook2...] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-playbook.html 5.1.7 ansible-pull 용도 - VCS repo에서 playbook을가져와로컬호스트에서실행 사용법 - [root@localhost ansible]# ansible-pull -U <repository> [options] [<playbook.yml>] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-pull.html

- 13-5. 기능소개 5.1 Command Line Tools(5/5) 5.1.8 ansible-vault 용도 - Ansible 데이터파일암호화 / 복호화 사용법 - [root@localhost ansible]# ansible-vault [create decrypt edit encrypt encrypt_string rekey view] [options] [vaultfile.yml] 사용옵션 - URL : https://docs.ansible.com/ansible/latest/cli/ansible-vault.html

- 14-6. 활용예제 세부목차 6.1 기본설정 6.1.1 패스워드없이 ssh 통신을하기위한 ssh public key copy 6.1.2 프로젝트디렉토리생성 6.1.3 인벤토리생성 6.1.4 설정파일생성 6.2 Ansible 활용예제 6.2.1 ad-hoc을이용한서버 ping 체크 6.2.2 데몬설치여부확인및설치 6.2.3 서비스기동상태확인및기동 6.2.4 환경설정파일배포

- 15-6. 활용예제 6.1 기본설정 (1/2) 6.1.1 패스워드없이 ssh 통신을하기위한 ssh public key copy [root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub user@management-host 6.1.2 프로젝트디렉토리생성 [root@localhost ~]# mkdir test-project [root@localhost ~]# cd test-project 6.1.3 인벤토리생성 [root@localhost test-project]# vi inventory [web] management-host1 [was] management-host2

- 16-6. 활용예제 6.1 기본설정 (2/2) 6.1.4 설정파일생성 [root@localhost test-project]# vi ansible.cfg [defaults] inventory=./inventory remote_user=user private_key_file=~/.ssh/id_rsa [privilege_escalation] become=true become_method=sudo become_user=root become_ask_pass=false

- 17-6. 활용예제 6.2 Ansible 활용예제 (1/10) 6.2.1 ad-hoc 을이용한서버 ping 체크 [root@localhost test-project]# ansible all m ping ## 전체인벤토리지정 all, ping 모듈사용 management-host1 SUCCESS => { "changed": false, "ping": "pong" } management-host2 SUCCESS => { "changed": false, "ping": "pong" }

- 18-6. 활용예제 6.2 Ansible 활용예제 (2/10) 6.2.2 데몬설치여부확인및설치 [ 스크립트작성 ] [root@localhost test-project]# vi install.yml --- ## 앞서생성한인벤토리의호스트그룹명 [web] 지정 - hosts: web tasks: ## service facts 체크 - name: service gather facts service_facts: ## 수집한 facts 정보로 services 내에 httpd가있는지확인후없다면 yum 모듈을이용하여최신 httpd 설치 - name: httpd service install yum: name: httpd state: latest when: "'httpd' not in services"

- 19-6. 활용예제 6.2 Ansible 활용예제 (3/10) [ 플레이북실행 ] [root@localhost test-project]# ansible-playbook install.yml PLAY [web] ****************************************************************************************************************** TASK [service gather facts] ******************************************************************************************************* ok: [management-host1] TASK [httpd service install] ********************************************************************************** changed: [management-host1] PLAY RECAP ******************************************************************************************************************* management-host1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 인벤토리 [web] 호스트그룹에대한 TASK 정상적용확인, changed의경우 managed 호스트서버에변경사항이있을경우출력 (httpd 설치 ) ok : 변경사항없음 changed : 변경사항있음 unreachable : 연결실패 failed : 실패 skipped : 플레이북내 skip 롤이있는경우출력

- 20-6. 활용예제 6.2 Ansible 활용예제 (4/10) [ 실행결과확인 ] [root@managed-host ~]# rpm -qa grep httpd httpd-2.4.6-88.el7.x86_64 httpd-tools-2.4.6-88.el7.x86_64 [root@managed-host ~]# systemctl status httpd httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd(8) man:apachectl(8)

- 21-6. 활용예제 6.2 Ansible 활용예제 (5/10) 6.2.3 서비스기동상태확인및기동 [ 스크립트작성 ] [root@localhost test-project]# vi service_check.yml --- ## 앞서생성한인벤토리의호스트그룹명 [web] 지정 - hosts: web tasks: ## service facts 체크 - name: service not started check command: systemctl status httpd register: result ignore_errors: yes ## 수집한 facts 정보로 httpd 서비스가기동중이지않다면기동 - name: httpd service start systemd: name: httpd state: started when: result.rc!= 0

- 22-6. 활용예제 6.2 Ansible 활용예제 (6/10) [ 플레이북실행 ] [root@localhost test-project]# ansible-playbook service_check.yml PLAY [web] ****************************************************************************************************************** TASK [service not started check] ******************************************************************************************************* ok: [management-host1] TASK [httpd service start] ********************************************************************************** changed: [management-host1] PLAY RECAP ******************************************************************************************************************* management-host1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 ok : 변경사항없음 changed : 변경사항있음 unreachable : 연결실패 failed : 실패 skipped : 플레이북내 skip 롤이있는경우출력

- 23-6. 활용예제 6.2 Ansible 활용예제 (7/10) [ 실행결과확인 ] [root@managed-host ~]# systemctl status httpd httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2018-11-23 17:25:41 KST; 1s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 15482 (httpd) Status: "Processing requests..." CGroup: /system.slice/httpd.service 15482 /usr/sbin/httpd -DFOREGROUND 15483 /usr/sbin/httpd -DFOREGROUND 15484 /usr/sbin/httpd -DFOREGROUND 15485 /usr/sbin/httpd -DFOREGROUND 15486 /usr/sbin/httpd -DFOREGROUND 15487 /usr/sbin/httpd -DFOREGROUND

- 24-6. 활용예제 6.2 Ansible 활용예제 (8/10) 6.2.4 환경설정파일배포 [httpd 설정파일배포 ] [root@localhost test-project]# vi deploy.yml --- ## 앞서생성한인벤토리의호스트그룹명 [web] 지정 - hosts: web tasks: ## 설정파일배포, src: 배포파일, dest: 교체파일 - name: deploy httpd.conf copy: src: /tmp/httpd.conf dest: /etc/httpd/conf/httpd.conf owner: root group: root mode: 0644 ## httpd 재시작 - name: httpd service restart systemd: name: httpd state: restart

- 25-6. 활용예제 6.2 Ansible 활용예제 (9/10) [ 플레이북실행 ] [root@localhost test-project]# ansible-playbook deploy.yml PLAY [web] ****************************************************************************************************************** TASK [deploy httpd.conf] ******************************************************************************************************* changed : [management-host1] TASK [httpd service restart] ********************************************************************************** changed: [management-host1] PLAY RECAP ******************************************************************************************************************* management-host1 : ok=1 changed=2 unreachable=0 failed=0 skipped=0 ok : 변경사항없음 changed : 변경사항있음 unreachable : 연결실패 failed : 실패 skipped : 플레이북내 skip 롤이있는경우출력

- 26-6. 활용예제 6.2 Ansible 활용예제 (10/10) [ 실행결과확인 ] [root@managed-host ~]# systemctl status httpd httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2018-11-23 17:25:41 KST; 1s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 15482 (httpd) Status: "Processing requests..." CGroup: /system.slice/httpd.service 15482 /usr/sbin/httpd -DFOREGROUND 15483 /usr/sbin/httpd -DFOREGROUND 15484 /usr/sbin/httpd -DFOREGROUND 15485 /usr/sbin/httpd -DFOREGROUND 15486 /usr/sbin/httpd -DFOREGROUND 15487 /usr/sbin/httpd -DFOREGROUND

- 27-7. FAQ Q Windows 장비도컨트롤이가능한가요? A 가능합니다. WinRM 을이용하여 Linux 장비의 SSH 와마찬가지로통신하여 컨트롤합니다. Windows 전용모듈을이용하면보안패치, 디스크증설등 많은작업을자동화할수있습니다. Q Ansible 은어떤환경을지원하나요? A 베어메탈, Private Cloud, Public Cloud 등을관리할수있는모듈을별도로제공합니다. 대부분의환경에서사용가능하며인스턴스생성, 컨트롤, Dynamic Inventory를통한호스트노드들을적게는수백, 많게는수천대를컨트롤할수있습니다.

- 28-8. 용어정리 용어 설명 Inventory Modules playbook YAML 관리대상서버리스트 host에특정 action을수행하는패키지화된스크립트변수및 task를관리호스트에수행하기위해정의된파일 playbook 작성에필요한언어 Plug-in 확장기능 (email, logging 등 ) Custom module REPL 사용자가직접작성한모듈 대화형환경 (Read-Eval-Print Loop), CLI

Open Source Software Installation & Application Guide 이저작물은크리에이티브커먼즈 [ 저작자표시 비영리 동일조건변경허락 2. 0 대한민국라이선스 ] 에따라이용하실수있습니다.