[ANSIBLE] 패키지 리포지터리 작업
Posted by Albert 387Day 15Hour 16Min 24Sec ago [2024-07-15]
진행할 작업
1. repo서버에 httpd 서비스 설치
2. repo.conf 설정(복사)
3. httpd 서비스 재시작 및 selfcontext 설정
4. httpd tjqltm 방화벽 추가 및 방화벽 reload
5. repo 서버에 baseos 저장소 id기준 패키지 다운로드 및 확인
1. inventory 생성(repo 서버는 tnode1 centos서버로 한다)
[root@controller chapter_09.4]' vi inventory
[repo_node]
tnode1
2. ansible.cfg 만들기
[root@controller chapter_09.4]' vi ansible.cfg
[defaults]
inventory = ./inventory
remote_user = root
ask_pass = false
roles_path = ./roles
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
3. repo생성하는 role 생성
[root@controller roles]' ansible-galaxy role init --init-path ./roles reporole
- Role reporole was created successfully
변수 추가
[root@controller myrole.httpd]' vi ./vars/main.yml
---
' vars file for myrole.httpd
httpd_service:
- httpd
- yum-utils
repo_dir: /repo
repo.conf 파일 생성
[root@controller myrole.httpd]' vi files/repo.conf
<VirtualHost *:80>
DocumentRoot /repo
CustomLog "logs/http_repo.log" combined
<Directory "/repo">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Alias /repo "/repo"
task 생성(repo폴더생성 -> httpd설치 -> repo.conf 파일 복사 -> 및 httpd서비스 방화벽 추가 )
[root@controller myrole.httpd]' vi tasks/main.yml
---
' tasks file for myrole.httpd
- name: Make repo directory
ansible.builtin.file:
path: "{{ repo_dir }}"
state: directory
- name: Install httpd
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
loop: "{{ httpd_service }}"
- name: Copy repo.conf file
ansible.builtin.copy:
src: ../files/repo.conf
dest: /etc/httpd/conf.d/
notify:
- Restart httpd
- Reconfigure sefcontext
- name: Add http to firewalld
ansible.posix.firewalld:
service: http
permanent: true
state: enabled
notify: Reload firewalld
handler 생성(httpd 설치후 재시작처리 및 방화벽 리로드 및 설정 적용)
[root@controller myrole.httpd]' vi handlers/main.yml
---
' handlers file for myrole.httpd
- name: Restart httpd
ansible.builtin.service:
name: httpd
state: restarted
- name: Reload firewalld
ansible.builtin.systemd:
name: firewalld
state: reloaded
- name: Reconfigure sefcontext
ansible.builtin.command: chcon -R -h -t httpd_sys_content_t /repo
마지막으로 repo 서버 설치하는 playbook 생성
[root@controller chapter_09.4]' vi repo_setting.yml
---
- hosts: repo_node
vars:
repo_url: http://192.168.64.8/repo
roles:
- role: reporole
post_tasks:
- name: Check http service
ansible.builtin.uri:
url: "{{ repo_url }}"
return_content: true
register: check_result
failed_when: check_result.status != 200
- name: Print result
ansible.builtin.debug:
var: check_result.status
playbook 실행
[root@controller chapter_09.4]' ansible-playbook repo_setting.yml
PLAY [repo_node] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [tnode1]
TASK [reporole : Make repo directory] **************************************
changed: [tnode1]
TASK [reporole : Install httpd] ********************************************
changed: [tnode1] => (item=httpd)
changed: [tnode1] => (item=yum-utils)
TASK [reporole : Copy repo.conf file] **************************************
changed: [tnode1]
TASK [reporole : Add http to firewalld] ************************************
changed: [tnode1]
RUNNING HANDLER [mreporole : Restart httpd] *********************************
changed: [tnode1]
RUNNING HANDLER [reporole : Reload firewalld] ******************************
changed: [tnode1]
RUNNING HANDLER [reporole : Reconfigure sefcontext] ************************
changed: [tnode1]
TASK [Check http service] ******************************************************
ok: [tnode1]
TASK [Print result] ************************************************************
ok: [tnode1] => {
"check_result.status": "200"
}
PLAY RECAP *********************************************************************
tnode1 : ok=10 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
tnode1 서버에 접속하여
브라우저창에서 localhost/repo로 접속하면 정상적으로 repo서비스가 작동하고 있는걸 볼수 있다.
최초 repo에는 관련패키지가 없는데 추가로 설치해 주어야한다.
우선 사용가능한 저장소id 항목 확인
[root@node1 ~]' yum repolist
저장소 ID 저장소 이름
appstream CentOS Stream 9 - AppStream
baseos CentOS Stream 9 - BaseOS
extras-common CentOS Stream 9 - Extras packages
쌤플로 baseos 저장소 항목을 다운로드하겠다.
[root@node1 ~]' reposync -m --repoid=baseos --newest-only --download-metadata -p /repo
CentOS Stream 9 - BaseOS 3.7 kB/s | 6.1 kB 00:01
CentOS Stream 9 - BaseOS 1.9 MB/s | 27 MB 00:14
저장소에 대한 comps.xml baseos 저장된
(1/926): ModemManager-glib-1.20.2-1.el9.aarch64 646 kB/s | 325 kB 00:00
(2/926): NetworkManager-adsl-1.48.2-2.el9.aarch 413 kB/s | 34 kB 00:00
(3/926): NetworkManager-bluetooth-1.48.2-2.el9. 468 kB/s | 58 kB 00:00
(4/926): ModemManager-1.20.2-1.el9.aarch64.rpm 1.5 MB/s | 1.2 MB 00:00
(5/926): NetworkManager-config-server-1.48.2-2. 304 kB/s | 21 kB 00:00
(6/926): NetworkManager-1.48.2-2.el9.aarch64.rp 2.7 MB/s | 2.2 MB 00:00
(7/926): NetworkManager-initscripts-updown-1.48 416 kB/s | 22 kB 00:00
(8/926): NetworkManager-team-1.48.2-2.el9.aarch 791 kB/s | 39 kB 00:00
(9/926): NetworkManager-tui-1.48.2-2.el9.aarch6 2.4 MB/s | 239 kB 00:00
(10/926): NetworkManager-wifi-1.48.2-2.el9.aarc 882 kB/s | 81 kB 00:00
......
......
관련 baseos패키지 모두 다운로드후 다시
브라우저 http://localhost/repo에서 설치된 패키지정보를 확인할 수 있다.
끝