My Note

自己理解のためのブログ

Ansibleの備忘録(モジュール編 Centos7)

やったこと

Centos7でAnsibleを書いたので備忘録的に書きます。

Ansibleコード

ディストリビューションチェック

- name: Check distribution
  debug:
    var: "{{ item }}"
  with_items:
    - ansible_distribution
    - ansible_distribution_version
  failed_when:
    - ansible_distribution != 'CentOS'
    - ansible_distribution_version = '7'

SELinux

- name: Disabled selinux
  selinux: state=disabled
  become: yes

- name: Disable selinux config
  replace:
    path: /etc/selinux/config
    regexp: 'SELINUX=enforcing'
    replace: 'SELINUX=disabled'
  become: yes

PATH追加 (sudoers) /usr/local/bin

- name: Add path
  replace:
    path: /etc/sudoers
    regexp: 'Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin'
    replace: 'Defaults        secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
  become: yes

yum update

- name: Upgrade all packages
  yum:
    name: '*'
    state: latest
    update_cache: yes
  become: yes

epel-repo追加

- name: Install packages from yum
  yum:
    name:
      - epel-release
    state: latest
    update_cache: yes
    autoremove: yes
  become: yes
  when: not ansible_check_mode

Python3.6のインストール by yum

- name: Install packages from yum
  yum:
    name:
      - python-pip
      - python-devel
      - python36
      - python36-devel
    state: latest
    update_cache: yes
    autoremove: yes
  become: yes
  when: not ansible_check_mode

- name: Rename python
  file:
    src: /bin/python3.6
    dest: /bin/python3
    state: link
  become: yes
  when: not ansible_check_mode

Install pip3

- name: Install pip3
  command: python36 -m ensurepip
  become: yes
  when: not ansible_check_mode

## upgrade pip

- name: Upgrade pip3
  pip:
    name: pip
    extra_args: --upgrade
    executable: pip3
  become: yes
  when: not ansible_check_mode

- name: Upgrade pip2
  pip:
    name: pip
    extra_args: --upgrade
    executable: pip2
  become: yes
  when: not ansible_check_mode

- name: Upgrade pip
  pip:
    name: pip
    extra_args: --upgrade
    executable: pip
  become: yes
  when: not ansible_check_mode

pip3 install pkg

- name: Install packages from pip3
  pip:
    name:
      - boto3
      - awscli
      - ansible==2.7.1
    executable: pip3
  become: yes
  when: not ansible_check_mode

pip install pkg

- name: Install packages from pip2
  pip:
    name:
      - passlib
    executable: pip2
  become: yes
  when: not ansible_check_mode


- name: Install packages from pip
  pip:
    name:
      - psutil
  become: yes
  when: not ansible_check_mode

sudo passwordのNOPASSWD化

- name: Allow command without sudo
  lineinfile:
    path: /etc/sudoers
    line: "{{ item }}"
    validate: 'visudo -cf %s'
  with_items:
    - '%infra_users ALL=NOPASSWD: /bin/su - centos'
  become: yes

- name: Allow command without sudo
  lineinfile:
    path: /etc/sudoers
    line: "{{ item }}"
    validate: 'visudo -cf %s'
  with_items:
    - '{{ user }} ALL=NOPASSWD: /bin/systemctl restart nginx.service'
    - '{{ user }} ALL=NOPASSWD: /bin/systemctl reload nginx.service'
  become: yes

Install Ruby rbenv

- name: Install rbenv
  git:
    repo: https://github.com/sstephenson/rbenv.git
    dest: ~/.rbenv
    version: master
  when: not ansible_check_mode

- name: Install ruby-build
  git:
    repo: https://github.com/rbenv/ruby-build.git
    dest: ~/.rbenv/plugins/ruby-build
    version: master
  when: not ansible_check_mode

- name: Install Ruby {{ ruby_version }}
  shell: |
    ~/.rbenv/bin/rbenv install -s {{ ruby_version }}
    ~/.rbenv/bin/rbenv rehash
    ~/.rbenv/bin/rbenv global {{ ruby_version }}
  register: install_ruby
  changed_when: install_ruby.stdout != ""
  when: not ansible_check_mode

- name: Install bundler
  gem:
    name: bundler
    executable: /home/{{ user }}/.rbenv/shims/gem
    user_install: false
  when: not ansible_check_mode

Install pkg by rbenv gem

- name: Install packages from gem
  gem:
    name: "{{ item }}"
    state: latest
    executable: ~/.rbenv/shims/gem
  with_items:
    - aws-sdk-core
    - nokogiri
    - bundler
    - roadworker
    - piculet
  when: not ansible_check_mode

Codedeploy-Agent Install

- name: Install ruby
  yum:
    name:
      - ruby
    update_cache: yes
    autoremove: yes
    state: latest
  become: yes
  when: not ansible_check_mode

- name: Download CodeDeployAgent
  get_url:
    url: https://aws-codedeploy-{{ aws_region }}.s3.amazonaws.com/latest/install
    dest: /tmp/
    mode: 0755
  become: yes
  when: not ansible_check_mode

- name: Install CodeDeployAgent
  command: /tmp/install auto
  notify: "Restart CodedeployAgent"
  become: yes
  when: not ansible_check_mode

- name: "Install Packages | package manager"
  yum:
    name: codedeploy-agent
    state: present
  notify: "Restart CodedeployAgent"
  become: yes

- name: "Check if CodeDeploy is already installed"
  command: rpm -q 'codedeploy-agent'
  ignore_errors: True
  register: is_codedeploy_installed

- name: Ensure start CodedeployAgent
  systemd:
    state: started
    daemon_reload: yes
    enabled: yes
    name: codedeploy-agent
  become: yes
  when: not ansible_check_mode