Ansible を使用した展開の管理
Ansible は、アプリケーション、構成、および更新プログラムを展開全体にわたって展開するプロセスを自動化するのに役立ちます。この記事では、Ansible を使用して展開を効率的に管理するためのステップバイステップの手順を説明します。
ステップ 1: 展開する内容の決定
開始する前に、アプリケーション、サービス、構成、環境変数など、展開する必要があるものを特定します。
ステップ 2: Ansible プロジェクトのセットアップ
Ansible プロジェクトのディレクトリ構造を作成します。プレイブックのコンテンツを整理する上で重要な方法の 1 つは、Ansible の「ロール」機能です。詳細については、Ansible ドキュメントのロールを参照してください。
以下に、参考として 2 つのディレクトリ構造の例を示します。
ディレクトリ構造の例 #1
production # inventory file for production servers
staging # inventory file for staging environment
group_vars/
group1.yml # here we assign variables to particular groups
group2.yml
host_vars/
hostname1.yml # here we assign variables to particular systems
hostname2.yml
library/ # if any custom modules, put them here (optional)
module_utils/ # if any custom module_utils to support modules, put them here (optional)
filter_plugins/ # if any custom filter plugins, put them here (optional)
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
module_utils/ # roles can also include custom module_utils
lookup_plugins/ # or other types of plugins, like lookup in this case
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
<!--NeedCopy-->
ディレクトリ構造の例 #2
inventories/
production/
hosts # inventory file for production servers
group_vars/
group1.yml # here we assign variables to particular groups
group2.yml
host_vars/
hostname1.yml # here we assign variables to particular systems
hostname2.yml
staging/
hosts # inventory file for staging environment
group_vars/
group1.yml # here we assign variables to particular groups
group2.yml
host_vars/
stagehost1.yml # here we assign variables to particular systems
stagehost2.yml
library/
module_utils/
filter_plugins/
site.yml
webservers.yml
dbservers.yml
roles/
common/
webtier/
monitoring/
fooapp/
<!--NeedCopy-->
ステップ 3: インベントリの構成
インベントリファイル (inventory.ini) を定義します。インベントリファイルには通常、Ansible を使用して管理するホストと、ホスト名、IP アドレス、グループメンバーシップなどの必要な詳細が一覧表示されます。例:
# Hostname and ip address
[UBUNTU2004]
<ip address>
[UBUNTU2204]
<ip address>
[RHEL8]
<ip address>
[RHEL9]
<ip address>
[DEBIAN11]
<ip address>
- [DEBIAN12]
<ip address>
[SUSE15]
<ip address>
[all:children]
UBUNTU2004
UBUNTU2204
- RHEL8
RHEL9
DEBIAN11
DEBIAN12
SUSE15
- [all:vars]
ansible_user=<ansible execute user e.g root>
- ansible_password=<>
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
<!--NeedCopy-->
ステップ 4: Ansible プレイブックの作成
- 展開タスクを自動化するためのプレイブック (.yml ファイル) を作成します。このセクションでは、さまざまな展開タスクを自動化するためのプレイブックの例を示します。
- ### Linux ディストリビューションにパッチを適用するためのプレイブックの例
Ansible を使用してさまざまな Linux ディストリビューションにパッチを適用するには、patch-for-different-distribution.yml という名前の YAML プレイブックファイルを作成し、次のようなタスクでファイルを記述します。hosts ディレクティブは、プレイブックタスクを実行するターゲットとして指定されたインベントリ (このコンテキストでは inventory.ini) からのターゲットホストを定義します。
- name: Upgrade and Reboot RHEL & Debian family Linux distros
- hosts: <host1,host2,host3> # replace with your actual hosts in the inventory file.
vars:
- reboot_connect_timeout: 5
reboot_post_reboot_delay: 15
reboot_timeout: 600
tasks:
- # Upgrade RHEL family OS packages
- name: Upgrade RHEL Family OS packages
- ansible.builtin.yum:
name: '*'
state: latest
when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "7"
# Upgrade RHEL family OS packages
- name: Upgrade RHEL Family OS packages
ansible.builtin.yum:
name: '*'
state: latest
- when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "8"
# Upgrade RHEL family OS packages
- name: Upgrade RHEL Family OS packages
- ansible.builtin.yum:
- name: '*'
state: latest
- when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "9"
# Ubuntu Family upgrade
- name: Update repositories cache
apt:
update_cache: yes
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "20"
- name: Update all packages to their latest version
- apt:
name: "*"
state: latest
- when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "22"
# Debian Family upgrade
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
- upgrade: dist
- when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
- name: Upgrade the OS (apt-get dist-upgrade)
- apt:
upgrade: dist
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "12"
- # Reboot after upgrade
- name: Reboot host
reboot:
connect_timeout: ""
post_reboot_delay: ""
- reboot_timeout: ""
<!--NeedCopy-->
.Net 環境をインストールするためのプレイブックの例
次のプレイブックの例では、特定の Linux ディストリビューションにさまざまなバージョンの .Net 環境をインストールします。
- name: Install dotnet runtime environment on Linux distros
hosts: <host1,host2,host3> # replace with your actual hosts in the inventory file.
- tasks:
# Install dotnet runtime environment on RHEL7
- name: Enable the rhel-7-server-dotnet-rpms repository
command: subscription-manager repos --enable=rhel-7-server-dotnet-rpms
when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "7"
- name: Install dotnet runtime environment on RHEL7
ansible.builtin.yum:
name: rh-dotnet60-aspnetcore-runtime-6.0
state: present
- when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "7"
- name: Remove /usr/bin/dotnet if it exists
file:
path: /usr/bin/dotnet
state: absent
- name: Create a symbolic link
- file:
- src: /opt/rh/rh-dotnet60/root/usr/lib64/dotnet/dotnet
dest: /usr/bin/dotnet
state: link
# RHEL8 linux vda install dotnet runtime environment
- name: Install dotnet-runtime-8.0
- ansible.builtin.dnf:
- name: dotnet-runtime-8.0
- state: present
when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "8"
- name: Install aspnetcore-runtime-8.0
- ansible.builtin.dnf:
- name: aspnetcore-runtime-8.0
state: present
- when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "8"
# RHEL9 linux vda install dotnet runtime environment
- name: Install dotnet-runtime-8.0
- ansible.builtin.dnf:
- name: dotnet-runtime-8.0
- state: present
when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "9"
- name: Install aspnetcore-runtime-8.0
- ansible.builtin.dnf:
- name: aspnetcore-runtime-8.0
state: present
- when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "9"
# Ubuntu20.04 linux vda install dotnet runtime environment
- name: Register Microsoft key and feed
- shell: |
- wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
- dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "20"
- name: Install dotnet-runtime-8.0
- ansible.builtin.apt:
- name: dotnet-runtime-8.0
state: present
update_cache: yes
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "20"
- name: Install aspnetcore-runtime-8.0
ansible.builtin.apt:
- name: aspnetcore-runtime-8.0
state: present
update_cache: yes
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "20"
- # Ubuntu22.04 linux vda install dotnet runtime environment
- name: Install dotnet-runtime-8.0
ansible.builtin.apt:
name: dotnet-runtime-8.0
state: present
update_cache: yes
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "22"
- name: Install aspnetcore-runtime-8.0
ansible.builtin.apt:
name: aspnetcore-runtime-8.0
state: present
update_cache: yes
- when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "22"
# Debian11 linux vda install dotnet runtime environment
- name: Register Microsoft key and feed
shell: |
wget https://packages.microsoft.com/config/debian/11/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
- dpkg -i packages-microsoft-prod.deb
- rm packages-microsoft-prod.deb
- when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
- name: Install dotnet-runtime-8.0
ansible.builtin.apt:
- name: dotnet-runtime-8.0
- state: present
- update_cache: yes
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
- name: Install aspnetcore-runtime-8.0
- ansible.builtin.apt:
- name: aspnetcore-runtime-8.0
state: present
- update_cache: yes
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
- # Debian12 linux vda install dotnet runtime environment
- name: Register Microsoft key and feed
- shell: |
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "12"
- name: Install dotnet-runtime-8.0
ansible.builtin.apt:
name: dotnet-runtime-8.0
state: present
- update_cache: yes
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "12"
- name: Install aspnetcore-runtime-8.0
ansible.builtin.apt:
name: aspnetcore-runtime-8.0
- state: present
update_cache: yes
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "12"
- # Sles15 linux vda install dotnet runtime environment
- name: Register Microsoft key and feed
shell: |
- sudo rpm -Uvh https://packages.microsoft.com/config/sles/15/packages-microsoft-prod.rpm
sudo ln -s /etc/yum.repos.d/microsoft-prod.repo /etc/zypp/repos.d/microsoft-prod.repo
when:
- ansible_facts['distribution'] == "SLES"
- ansible_facts['distribution_major_version'] == "15"
- name: Install dotnet-runtime-8.0
community.general.zypper:
name: dotnet-runtime-8.0
state: present
- update_cache: yes
when:
- ansible_facts['distribution'] == "SLES"
- ansible_facts['distribution_major_version'] == "15"
- name: Install aspnetcore-runtime-8.0
community.general.zypper:
name: aspnetcore-runtime-8.0
state: present
update_cache: yes
when:
- ansible_facts['distribution'] == "SLES"
- ansible_facts['distribution_major_version'] == "15"
# Amazon2 linux vda install dotnet runtime environment
- name: Install dotnet-runtime-8.0
ansible.builtin.yum:
name: dotnet-runtime-8.0
state: present
when:
- ansible_facts['distribution'] == "Amazon"
- ansible_facts['distribution_major_version'] == "2"
- name: Install aspnetcore-runtime-8.0
ansible.builtin.yum:
name: aspnetcore-runtime-8.0
state: present
when:
- ansible_facts['distribution'] == "Amazon"
- ansible_facts['distribution_major_version'] == "2"
<!--NeedCopy-->
Linux VDA をアップグレードするためのプレイブックの例
Ansible を使用して Linux VDA のアップグレードを自動化するには、2 つの個別のプレイブックを作成できます。get_the_build.yml などの 1 つのプレイブックは、Linux VDA パッケージをダウンロードしてターゲットマシン (ホスト) に転送することに特化しています。もう 1 つのプレイブック (例: linux_upgrade.yml) には、以前にダウンロードしたパッケージを使用してターゲットマシン上の Linux VDA をアップグレードするように設計されたタスクが含まれています。
- #### プレイブック get_the_build.yml の例
- hosts: localhost
name: Get the latest release build to local
vars:
build_url: <linux vda download link> # replace with your actual value.
- local_tmp: "/tmp/" # replace with your actual value.
- remote_tmp: "/tmp/" # replace with your actual value.
- linuxvda_file_name : "linux vda rpm/deb file name" # replace with your actual value.
tasks:
- name: Download the file
get_url:
- url: ""
- dest: ""
tags:
- get
- hosts: <host1,host2,host3> # replace with your actual hosts in the inventory file.
name: Copy a file to remote location
- tasks:
- name: Copy vda to the remote machine
- ansible.builtin.copy:
src: ""
dest: ""
remote_src: no
- tags:
- copy
<!--NeedCopy-->
プレイブック linux_upgrade.yml の例
- name: Upgrade Linux VDA and Reboot RHEL & Debian Linux distros
- hosts: <host1,host2,host3> # replace with your actual hosts in the inventory file.
- vars:
remote_tmp: "/path/to/remote/tmp" # replace with your actual path
- rhel7_file_name: "rhel7_file.rpm" # replace with your actual file name
rhel8_file_name: "rhel8_file.rpm" # replace with your actual file name
rhel9_file_name: "rhel9_file.rpm" # replace with your actual file name
ubuntu2004_file_name: "ubuntu2004_file.deb" # replace with your actual file name
- ubuntu2204_file_name: "ubuntu2204_file.deb" # replace with your actual file name
- debian11_file_name: "debian11_file.deb" # replace with your actual file name
debian12_file_name: "debian12_file.deb" # replace with your actual file name
- suse15_file_name: "suse15_file.deb" # replace with your actual file name
amazon2_file_name: "amazon2_file.rpm" # replace with your actual file name
tasks:
# Upgrade RHEL linux vda packages
- name: Upgrade RHEL7 linux vda packages
ansible.builtin.yum:
name: ""
state: present
when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "7"
# Upgrade RHEL linux vda packages
- name: Upgrade RHEL8 linux vda packages
ansible.builtin.yum:
name: ""
state: present
- when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "8"
# Upgrade RHEL linux vda packages
- name: Upgrade RHEL9 linux vda packages
- ansible.builtin.yum:
name: ""
state: present
when:
- ansible_facts['distribution'] == "RedHat"
- ansible_facts['distribution_major_version'] == "9"
# Ubuntu20.04 linux vda upgrade
- name: Ubuntu20.04 linux vda upgrade
ansible.builtin.apt:
deb: ""
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "20"
- name: Ubuntu22.04 linux vda upgrade
ansible.builtin.apt:
deb: ""
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_major_version'] == "22"
# Debian Linux VDA upgrade
- name: Debian11 Linux VDA upgrade
ansible.builtin.apt:
deb: ""
- when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
- name: Debian12 Linux VDA upgrade
ansible.builtin.apt:
deb: ""
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "12"
# Sles15 Linux VDA upgrade
- name: Sles15 Linux VDA upgrade
- community.general.zypper:
name: ""
state: present
when:
- ansible_facts['distribution'] == "SLES"
- ansible_facts['distribution_major_version'] == "15"
# Amazon2 Linux VDA upgrade
- name: Amazon2 Linux VDA upgrade
ansible.builtin.yum:
name: ""
when:
- ansible_facts['distribution'] == "Amazon"
- ansible_facts['distribution_major_version'] == "2"
# Reboot after upgrade
- name: Reboot host
reboot:
connect_timeout: ""
post_reboot_delay: ""
reboot_timeout: ""
<!--NeedCopy-->
ネットワークファイルシステム (NFS) サーバーをホームディレクトリとしてマウントするためのプレイブックの例
次のプレイブックの例では、NFS サーバーをターゲットホストのホームディレクトリとしてマウントします。
- hosts: <host1,host2,host3> # replace with your actual hosts in the inventory file.
vars:
nfs_server = <nfsserver ip address> # replace with your actual values
mount_points = /home/<domain realm>/user1,/home/<domain realm>user2 # replace with your actual values
nfs_shares = user1,user2 # replace with your actual values
owners = user1,user2 # replace with your actual values
groups = group1,group2 # replace with your actual values
tasks:
- name: Enable NFS as home directory
ansible.builtin.command:
cmd: "/opt/Citrix/VDA/bin/ctxreg create -k 'HKLM\\System\\CurrentControlSet\\Control\\Citrix' -t 'REG_DWORD' -v 'CheckUserHomeMountPoint' -d '0x00000001' --force"
register: result
failed_when: result.rc != 0
check_mode: no
- name: Mount NFS shares
ansible.builtin.mount:
path: ""
src: ":"
fstype: nfs
opts: rw,nolock
state: mounted
loop: ""
- name: Set owner, group and mode for NFS client paths
ansible.builtin.file:
path: ""
owner: ""
group: ""
mode: ""
loop: ""
<!--NeedCopy-->
リモートコマンド実行のためのプレイブックの例
レジストリ設定を変更するためのプレイブックの例
- hosts: <host1,host2,host3> # replace with your actual hosts in the inventory file.
vars:
registry_key: "your_registry_key" # E.g. registry_key = HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd
registry_type: "your_registry_type" # E.g. registry_type = REG_DWORD
registry_value: "your_registry_value" # E.g. registry_value = AdaptiveScalingEnabled
registry_data: "your_registry_data" # E.g. registry_data = 0x00000000
tasks:
- name: Execute AdaptiveScaling redirection script
ansible.builtin.command:
cmd: "/opt/Citrix/VDA/bin/ctxreg create -k \"\" -t \"\" -v \"\" -d \"\" --force"
register: result
failed_when: result.rc != 0
check_mode: no
<!--NeedCopy-->
RHEL マイナーバージョンをロックするためのプレイブックの例
- hosts: <host1,host2,host3> # replace with your actual hosts in the inventory file.
vars:
rhel_minor_version: "9.3" # replace with your actual minor version such as 9.3, 8.8
tasks:
- name: Lock system to a specific minor version
ansible.builtin.command:
cmd: "subscription-manager release --set="
register: result
failed_when: "'Error' in result.stderr"
<!--NeedCopy-->
Ansible を使用した展開の管理
コピー完了
コピー失敗