ansible devops ã³ãŒãã¹ã¿ã€ã«
ããïŒ ç§ã®ååã¯
ãã®ã¬ã€ãã§ã¯ããããã€ã¡ã³ãæã«å€æ°ãæŽçããæ¹æ³ãæäŸããŸãã ãã®ã¬ã€ãã¯ãPlaybook ã§ããŒã«ããã§ã«äœ¿çšããŠãããæ¢èªã®ãŠãŒã¶ãŒã察象ãšããŠããŸãã
- ã³ãŒãå ã§å€æ°ãèŠã€ããŠãããããäœãæ åœããŠããã®ããããã«ç解ããããšã¯äžå¯èœã§ãã
- ããã€ãã®åœ¹å²ããããå€æ°ã XNUMX ã€ã®å€ã«é¢é£ä»ããå¿ èŠããããŸãããããã¯æ©èœããŸããã
- Playbook å ã®å€æ°ã®ããžãã¯ãã©ã®ããã«æ©èœããããä»ã®äººã«èª¬æããã®ãé£ãã
ç§ãã¡ã¯ç€Ÿå ã®ãããžã§ã¯ãã§ãããã®åé¡ã«ééããŸããããã®çµæããã¬ã€ããã¯å ã®å€æ°ãèšèšããããã®ã«ãŒã«ã«å°éãããããã®åé¡ãããçšåºŠè§£æ±ºããŸããã
圹å²ã®å€æ°
ããŒã«ã¯ãå±éã·ã¹ãã ã®å¥åã®ãªããžã§ã¯ãã§ãã ä»ã®ã·ã¹ãã ãªããžã§ã¯ããšåæ§ã«ãã·ã¹ãã ã®ä»ã®éšåãšå¯Ÿè©±ããããã®ã€ã³ã¿ãŒãã§ã€ã¹ãå¿ èŠã§ãã ãã®ãããªã€ã³ã¿ãŒãã§ã€ã¹ã¯ããŒã«å€æ°ã§ãã
圹å²ãäŸã«èããŠã¿ãŸããã api
ããµãŒããŒã« Java ã¢ããªã±ãŒã·ã§ã³ãã€ã³ã¹ããŒã«ããŸãã ã©ã®ãããªå€æ°ãããã§ãããã?
å¯å€ããŒã«ã¯ã¿ã€ãã«å¿ã㊠2 ã€ã®ã¿ã€ãã«åé¡ã§ããŸãã
1. СвПйÑÑва
a) МезавОÑОЌÑе ÐŸÑ ÑÑеЎÑ
б) завОÑОЌÑе ÐŸÑ ÑÑеЎÑ
2. СвÑзО
a) ÑлÑÑаÑелО
б) запÑПÑÑ Ð²ÐœÑÑÑО ÑОÑÑеЌÑ
в) запÑПÑÑ Ð² ÑÑеЎÑ
å€æ°ã®ãããã㣠ã¯ãããŒã«ã®åäœã決å®ããå€æ°ã§ãã
ã¯ãšãªå€æ° - ãããã¯ãããŒã«ã®å€éšã®ãªãœãŒã¹ãæå®ããããã«å€ã䜿çšãããå€æ°ã§ãã
å€æ°ãªã¹ã㌠- ãããã¯ããªã¯ãšã¹ãå€æ°ã圢æããããã«å€ã䜿çšãããå€æ°ã§ãã
äžæ¹ã1aã2aã2bã¯ç°å¢ïŒããŒããŠã§ã¢ãå€éšãªãœãŒã¹ãªã©ïŒã«äŸåããªãå€æ°ã§ãããdefaultsããŒã«ã§ããã©ã«ãå€ãå ¥ããããšãã§ããŸãã ãã ããã¿ã€ã 1.b ããã³ 2.c ã®å€æ°ã«ã¯ãç°å¢ã«å¿ããŠå€åããããã'example' 以å€ã®å€ãå ¥ããããšã¯ã§ããŸããã
ã³ãŒãã¹ã¿ã€ã«
- å€æ°åã¯ããŒã«åã§å§ãŸãå¿ èŠããããŸãã ããã«ãããå°æ¥ããã®å€æ°ãã©ã®ãããªåœ¹å²ãæãããäœãæ åœããã®ããç°¡åã«ææ¡ã§ããããã«ãªããŸãã
- ããŒã«ã§å€æ°ã䜿çšããå Žåã¯ãå¿ ãã«ãã»ã«åã®ååã«åŸããããŒã«èªäœãŸãã¯çŸåšã®ããŒã«ãäŸåããããŒã«ã§å®çŸ©ãããå€æ°ã䜿çšããå¿ èŠããããŸãã
-
å€æ°ã«èŸæžã䜿çšããããšã¯é¿ããŠãã ããã Ansible ã§ã¯ãèŸæžå ã®åã ã®å€ãç°¡åã«ãªãŒããŒã©ã€ãããããšã¯ã§ããŸããã
æªãå€æ°ã®äŸ:
myrole_user: login: admin password: admin
ããã§ããã°ã€ã³ã¯ç¬ç«å€æ°ããã¹ã¯ãŒãã¯åŸå±å€æ°ã§ãã ããã
ãããã¯èŸæžã«çµåãããŠãããããå®å šã«æå®ããå¿ èŠããããŸãã
ãã€ãã ããã¯ãšãŠãäžäŸ¿ã§ãã ãã®æ¹æ³ã®æ¹ãè¯ãã§ã:myrole_user_login: admin myrole_user_password: admin
ãããã€ã¡ã³ã ãã¬ã€ããã¯ã®å€æ°
ãããã€ã¡ã³ã ãã¬ã€ãã㯠(以äžããã¬ã€ããã¯ãšåŒã³ãŸã) ãã³ã³ãã€ã«ãããšãã¯ãå¥ã®ãªããžããªã«é 眮ãããšããã«ãŒã«ã«åŸããŸãã ããŒã«ãšåãã§ãããããããç¬èªã® Git ãªããžããªå ã«ãããŸãã ããã«ãããããŒã«ãšãã¬ã€ããã¯ã¯ãããã€ã¡ã³ã ã·ã¹ãã ã®ç°ãªãç¬ç«ãããªããžã§ã¯ãã§ãããäžæ¹ã®ãªããžã§ã¯ãã®å€æŽãä»æ¹ã®ãªããžã§ã¯ãã®åäœã«åœ±é¿ãäžããã¹ãã§ã¯ãªãããšãç解ã§ããŸãã ããã¯ãå€æ°ã®ããã©ã«ãå€ãå€æŽããããšã§å®çŸãããŸãã
èŠçŽãããšãPlaybook ãã³ã³ãã€ã«ãããšãã«ãPlaybook å€æ°ãšã€ã³ãã³ããªãŒå€æ°ã® XNUMX ã€ã®å Žæã§ããŒã«å€æ°ã®ããã©ã«ãå€ããªãŒããŒã©ã€ãããããšãã§ããŸãã
mydeploy # ÐаÑалПг ЎеплПÑ
âââ deploy.yml # ÐлейбÑк ЎеплПÑ
âââ group_vars # ÐаÑалПг пеÑеЌеММÑÑ
плейбÑка
â âââ all.yml # Ѐайл ÐŽÐ»Ñ Ð¿ÐµÑеЌеММÑÑ
ÑвÑзО вÑей ÑОÑÑеЌÑ
â âââ myapi.yml # Ѐайл пеÑеЌеММÑÑ
ÑвПйÑÑв гÑÑÐ¿Ð¿Ñ myapi
âââ inventories #
âââ prod # ÐаÑалПг ПкÑÑÐ¶ÐµÐœÐžÑ prod
âââ prod.ini # ÐМвеМÑПÑО Ñайл
âââ group_vars # ÐаÑалПг ÐŽÐ»Ñ Ð¿ÐµÑеЌеММÑÑ
ОМвеМÑПÑО
âââ myapi #
âââ vars.yml # СÑеЎПзавОÑОЌÑе пеÑеЌеММÑе гÑÑÐ¿Ð¿Ñ myapi
âââ vault.yml # СекÑеÑÑ (вÑегЎа ÑÑеЎПзавОÑОЌÑ) *
* â
éãã¯ãåãã¬ãã«ã«ãã Playbook ãåŒã³åºããšãã« Playbook å€æ°ãåžžã«äœ¿çšãããããšã§ãã ããã¯ããããã®å€æ°ãç°å¢ã«äŸåããªãå€æ°ã®ããã©ã«ãå€ãå€æŽããã®ã«æé©ã§ããããšãæå³ããŸãã éã«ãã€ã³ãã³ããªå€æ°ã¯ç¹å®ã®ç°å¢ã§ã®ã¿äœ¿çšããããããç°å¢åºæã®å€æ°ãšããŠã¯çæ³çã§ãã
å€æ°ã®åªå 床ã§ã¯ãæåã«ãã¬ã€ããã¯å€æ°ã§å€æ°ããªãŒããŒã©ã€ããã次㫠XNUMX ã€ã®ã€ã³ãã³ããªãŒã§åå¥ã«å€æ°ããªãŒããŒã©ã€ãããããšã¯ã§ããªãããšã«æ³šæããããšãéèŠã§ãã
ããã¯ããã®æ®µéã§ãå€æ°ãç°å¢ã«äŸåãããã©ãããå€æããé©åãªå Žæã«é 眮ããå¿ èŠãããããšãæå³ããŸãã
ããšãã°ããããããžã§ã¯ãã§ã¯ãSSL ãæå¹ã«ããå€æ°ã¯é·ãéç°å¢ã«äŸåããŠããŸãããããã¯ãã¹ã¿ã³ãã® XNUMX ã€ã§å¶åŸ¡ã§ããªãçç±ã«ãã SSL ãæå¹ã«ããããšãã§ããªãã£ãããã§ãã ãã®åé¡ãä¿®æ£ããåŸãç°å¢ã«äŸåãããPlaybook å€æ°ã«ç§»è¡ããŸããã
ã°ã«ãŒãã®ããããã£å€æ°
ç°ãªã Java ã¢ããªã±ãŒã·ã§ã³ãæã€ããã ãèšå®ãç°ãªã 1 ã€ã®ãµãŒã㌠ã°ã«ãŒããè¿œå ããŠãå³ 2 ã®ã¢ãã«ãæ¡åŒµããŠã¿ãŸãããã
ãã®å Žåããã¬ã€ããã¯ãã©ã®ããã«ãªãããæ³åããŠã¿ãŸãããã
- hosts: myapi
roles:
- api
- hosts: bbauth
roles:
- auth
- hosts: ghauth
roles:
- auth
Playbook ã«ã¯ XNUMX ã€ã®ã°ã«ãŒãããããããgroup_vars ã€ã³ãã³ããªå€æ°ãš Playbook å€æ°ã«åãæ°ã®ã°ã«ãŒã ãã¡ã€ã«ãäœæããããšãããã«ãå§ãããŸãã ãã®å Žåã® XNUMX ã€ã®ã°ã«ãŒã ãã¡ã€ã«ã¯ãPlaybook å ã®äžèšã®ã¢ããªã±ãŒã·ã§ã³ã® XNUMX ã€ã®ã³ã³ããŒãã³ãã®èšè¿°ã§ãã ãã¬ã€ããã¯å€æ°ã§ã°ã«ãŒã ãã¡ã€ã«ãéããšãã°ã«ãŒãã«ã€ã³ã¹ããŒã«ãããŠããããŒã«ã®ããã©ã«ãã®åäœãšã®éãããã¹ãŠããã«ããããŸãã åšåº«å€æ°: ã¹ã¿ã³ãéã®ã°ã«ãŒãè¡åã®éãã
ã³ãŒãã¹ã¿ã€ã«
- host_vars å€æ°ã¯ã·ã¹ãã ã説æãããã®ã§ã¯ãªããå°æ¥çã«ããã®ãã¹ãã¯ä»ã®ãã¹ããšç°ãªãã®ã¯ãªãã§ãã?ããšããçåã«ã€ãªããç¹æ®ãªã±ãŒã¹ã«ãããªãããããŸã£ãã䜿çšããªãããã«ããŠãã ããããã®çãã¯æ確ã§ã¯ãããŸããããã€ã§ãç°¡åã«èŠã€ãããŸãã
éä¿¡å€æ°
ãããããããããããã£å€æ°ã®æ¬è³ªã§ãããéä¿¡å€æ°ã«ã€ããŠã¯ã©ããªã®ã§ãããã?
ãããã®éãã¯ãç°ãªãã°ã«ãŒãã§ãåãæå³ãæã€å¿
èŠããããšããããšã§ãã
æåã¯ããã§ãã
hostvars[groups['bbauth'][0]]['auth_bind_port']
ããããã圌ãã¯ããã«ãããæåŠããŸãã
ãã¡ãªãããããããã§ãã ãŸã嵩é«ãã XNUMX çªç®ã¯ãã°ã«ãŒãå
ã®ç¹å®ã®ãã¹ããžã®äŸåã§ãã 第äžã«ãæªå®çŸ©ã®å€æ°ã®ãšã©ãŒãçºçããããªãå Žåã¯ããããã€ã¡ã³ããéå§ããåã«ãã¹ãŠã®ãã¹ããããã¡ã¯ããåéããå¿
èŠããããŸãã
ãã®çµæãéä¿¡å€æ°ã䜿çšããããšã«ãªããŸããã
éä¿¡å€æ° - ããã㯠Playbook ã«å±ããå€æ°ã§ãããã·ã¹ãã ãªããžã§ã¯ããæ¥ç¶ããããã«å¿ èŠã§ãã
éä¿¡å€æ°ã¯äžè¬çãªã·ã¹ãã å€æ°ã«å
¥åãããŸã group_vars/all/vars
ãããã¯ãåã°ã«ãŒããããã¹ãŠã®ãªã¹ããŒå€æ°ãåé€ãããªã¹ããŒãåé€ãããã°ã«ãŒãã®ååãå€æ°ã®å
é ã«è¿œå ããããšã«ãã£ãŠåœ¢æãããŸãã
ããã«ãããååã®åäžæ§ãšéè€ããªãããšãä¿èšŒãããŸãã
äžèšã®äŸã®å€æ°ããã€ã³ãããŠã¿ãŸãããã
çžäºã«äŸåããå€æ°ããããšæ³åããŠã¿ãŸãããã
# roles/api/defaults:
# ÐеÑÐµÐŒÐµÐœÐœÐ°Ñ Ð·Ð°Ð¿ÑПÑа
api_auth1_address: "http://example.com:80"
api_auth2_address: "http://example2.com:80"
# roles/auth/defaults:
# ÐеÑÐµÐŒÐµÐœÐœÐ°Ñ ÑлÑÑаÑелÑ
auth_bind_port: "20000"
å
±éå€æ°ã«å
¥ããŠã¿ãŸããã group_vars/all/vars
ãã¹ãŠã®ãªã¹ããŒã察象ã«ããã¿ã€ãã«ã«ã°ã«ãŒãåãè¿œå ããŸãã
# group_vars/all/vars
bbauth_auth_bind_port: "20000"
ghauth_auth_bind_port: "30000"
# group_vars/bbauth/vars
auth_bind_port: "{{ bbauth_auth_bind_port }}"
# group_vars/ghauth/vars
auth_bind_port: "{{ ghauth_auth_bind_port }}"
# group_vars/myapi/vars
api_auth1_address: "http://{{ bbauth_auth_service_name }}:{{ bbauth_auth_bind_port }}"
api_auth2_address: "http://{{ ghauth_auth_service_name }}:{{ ghauth_auth_bind_port }}"
ããã§ãã³ãã¯ã¿ã®å€ãå€æŽããããšã§ãããŒããé 眮ãããŠããã®ãšåãå Žæã«ãªã¯ãšã¹ãã確å®ã«éä¿¡ãããããã«ãªããŸãã
ã³ãŒãã¹ã¿ã€ã«
- ããŒã«ãšã°ã«ãŒãã¯ç°ãªãã·ã¹ãã ãªããžã§ã¯ãã§ãããããç°ãªãååãä»ããå¿ èŠããããŸããããããã°ããªã³ã¯å€æ°ã¯ãããããã·ã¹ãã å ã®ããŒã«ã§ã¯ãªãããµãŒããŒã®ç¹å®ã®ã°ã«ãŒãã«å±ããŠããããšãæ£ç¢ºã«ç€ºããŸãã
ç°å¢äŸåãã¡ã€ã«
ããŒã«ã¯ç°å¢ããšã«ç°ãªããã¡ã€ã«ã䜿çšããå ŽåããããŸãã
ãã®ãããªãã¡ã€ã«ã®äŸãšããŠã¯ãSSL 蚌ææžããããŸãã ããã¹ã圢åŒã§ä¿åãã
å€æ°ã«å
¥ããã®ã¯ããŸã䟿å©ã§ã¯ãããŸããã ãã ããããããžã®ãã¹ãå€æ°å
ã«ä¿åãããšäŸ¿å©ã§ãã
ããšãã°ãå€æ°ã䜿çšããŸã api_ssl_key_file: "/path/to/file"
.
ããŒèšŒææžãç°å¢ããšã«ç°ãªãããšã¯æããã§ãããããããã¯ç°å¢äŸåã®å€æ°ã§ããããã¡ã€ã«å
ã«é
眮ããå¿
èŠãããããšãæå³ããŸãã
group_vars/myapi/vars
å€æ°ã®ã€ã³ãã³ããªã§ãããå€ãããšãã°ããå«ãŸããŸãã
ãã®å Žåã®æã䟿å©ãªæ¹æ³ã¯ãã㌠ãã¡ã€ã«ããã¹ã«æ²¿ã£ãŠ Playbook ãªããžããªã«çœ®ãããšã§ãã
files/prod/certs/myapi.key
ã®å Žåãå€æ°ã®å€ã¯æ¬¡ã®ããã«ãªããŸãã
api_ssl_key_file: "prod/certs/myapi.key"
ã ãã®å©äŸ¿æ§ã¯ãç¹å®ã®ã¹ã¿ã³ãã§ã®ã·ã¹ãã ã®å±éãæ
åœããæ
åœè
ããã¡ã€ã«ãä¿åããããã®å°çšã¹ããŒã¹ããªããžããªå
ã«æã£ãŠãããšããäºå®ã«ãããŸãã åæã«ã蚌ææžãå¥ã®ã·ã¹ãã ã«ãã£ãŠæäŸãããå Žåã«åããŠããµãŒããŒäžã®èšŒææžãžã®çµ¶å¯Ÿãã¹ãæå®ããããšãå¯èœã§ãã
XNUMX ã€ã®ç°å¢ã«è€æ°ã®ã¹ã¿ã³ã
å€ãã®å Žåãå·®ç°ãæå°éã«æãããã»ãŒåäžã®è€æ°ã®ã¹ã¿ã³ããåãç°å¢ã«å°å ¥ããå¿ èŠããããŸãã ãã®å Žåãç°å¢äŸåå€æ°ãããã®ç°å¢å ã§å€åããªãå€æ°ãšå€åããå€æ°ã«åããŸãã ãããŠãåŸè ãã€ã³ãã³ã㪠ãã¡ã€ã«èªäœã«çŽæ¥è»¢éããŸãã ãã®æäœã®åŸãç°å¢ãã£ã¬ã¯ããªã«å¥ã®ã€ã³ãã³ããªãçŽæ¥äœæã§ããããã«ãªããŸãã
group_vars ã€ã³ãã³ããªãŒãåå©çšããããã€ãã®å€æ°ãããèªäœã®ããã«çŽæ¥åå®çŸ©ããããšãã§ããŸãã
ãããã€ã¡ã³ã ãããžã§ã¯ãã®æçµçãªãã£ã¬ã¯ããªæ§é ã¯æ¬¡ã®ãšããã§ãã
mydeploy # ÐаÑалПг ЎеплПÑ
âââ deploy.yml # ÐлейбÑк ЎеплПÑ
âââ files # ÐаÑалПг ÐŽÐ»Ñ ÑайлПв ЎеплПÑ
â âââ prod # ÐаÑПлПг ÐŽÐ»Ñ ÑÑеЎПзавОÑОЌÑÑ
ÑайлПв ÑÑеМЎа prod
â â âââ certs #
â â âââ myapi.key #
â âââ test1 # ÐаÑалПг ÐŽÐ»Ñ ÑÑеЎПзавОÑОЌÑÑ
ÑайлПв ÑÑеМЎа test1
âââ group_vars # ÐаÑалПг пеÑеЌеММÑÑ
плейбÑка
â âââ all.yml # Ѐайл ÐŽÐ»Ñ Ð¿ÐµÑеЌеММÑÑ
ÑвÑзО вÑей ÑОÑÑеЌÑ
â âââ myapi.yml # Ѐайл пеÑеЌеММÑÑ
ÑвПйÑÑв гÑÑÐ¿Ð¿Ñ myapi
â âââ bbauth.yml #
â âââ ghauth.yml #
âââ inventories #
âââ prod # ÐаÑалПг ПкÑÑÐ¶ÐµÐœÐžÑ prod
â âââ group_vars # ÐаÑалПг ÐŽÐ»Ñ Ð¿ÐµÑеЌеММÑÑ
ОМвеМÑПÑО
â â âââ myapi #
â â â âââ vars.yml # СÑеЎПзавОÑОЌÑе пеÑеЌеММÑе гÑÑÐ¿Ð¿Ñ myapi
â â â âââ vault.yml # СекÑеÑÑ (вÑегЎа ÑÑеЎПзавОÑОЌÑ)
â â âââ bbauth #
â â â âââ vars.yml #
â â â âââ vault.yml #
â â âââ ghauth #
â â âââ vars.yml #
â â âââ vault.yml #
â âââ prod.ini # ÐМвеМÑПÑО ÑÑеМЎа prod
âââ test # ÐаÑалПг ПкÑÑÐ¶ÐµÐœÐžÑ test
âââ group_vars #
â âââ myapi #
â â âââ vars.yml #
â â âââ vault.yml #
â âââ bbauth #
â â âââ vars.yml #
â â âââ vault.yml #
â âââ ghauth #
â âââ vars.yml #
â âââ vault.yml #
âââ test1.ini # ÐМвеМÑПÑО ÑÑеМЎа test1 в ÑÑеЎе test
âââ test2.ini # ÐМвеМÑПÑО ÑÑеМЎа test2 в ÑÑеЎе test
ãŸãšã
èšäºã«åŸã£ãŠå€æ°ãæŽçããåŸãåå€æ°ãã¡ã€ã«ã¯ç¹å®ã®ã¿ã¹ã¯ãæ åœããŸãã ãŸãããã¡ã€ã«ã«ã¯ç¹å®ã®ã¿ã¹ã¯ããããããåãã¡ã€ã«ã®æ£ç¢ºãã«å¯ŸããŠè²¬ä»»ãè² ã人ãå²ãåœãŠãããšãå¯èœã«ãªããŸããã ããšãã°ãã·ã¹ãã å±éã®éçºè ã¯ããã¬ã€ããã¯å€æ°ãæ£ããå ¥åãã責任ãè² ããŸãããã¹ã¿ã³ããã€ã³ãã³ããªã«èšè¿°ãããŠãã管çè ã¯ãå€æ°ã®ã€ã³ãã³ããªãåããããšã«çŽæ¥è²¬ä»»ãè² ããŸãã
ããŒã«ã¯ç¬èªã®ã€ã³ã¿ãŒãã§ã€ã¹ãåããç¬èªã®éçºåäœãšãªããããŒã«éçºè ã¯ããŒã«ãã·ã¹ãã ã«åãããŠèª¿æŽããã®ã§ã¯ãªããæ©èœãéçºã§ããããã«ãªããŸããã ãã®åé¡ã¯ããã£ã³ããŒã³å ã®ãã¹ãŠã®ã·ã¹ãã ã®å ±éã®åœ¹å²ã«ç¹ã«é¢ä¿ããããŸããã
ã·ã¹ãã 管çè ã¯ãå±éã³ãŒããç解ããå¿ èŠããªããªããŸããã ãããã€ã¡ã³ããæåãããããã«å¿ èŠãªã®ã¯ãç°å¢äŸåå€æ°ã®ãã¡ã€ã«ãåããããšã ãã§ãã
æåŠ
èè
ã«ãªã¥ãžãã»ããã¹ã»ã¢ã¬ã¯ãµã³ãããŽã£ãã
åºæïŒ habr.com