Ansibleの備忘録(モジュール編 Centos7)
やったこと
Centos7でAnsibleを書いたので備忘録的に書きます。
Ansibleコード
ディストリビューションチェック
- name: Check distribution debug: var: "{{ item }}" with_items: - ansible_distribution - ansible_distribution_version failed_when: - ansible_distribution != 'CentOS' - ansible_distribution_version = '7'
SELinux
- name: Disabled selinux selinux: state=disabled become: yes - name: Disable selinux config replace: path: /etc/selinux/config regexp: 'SELINUX=enforcing' replace: 'SELINUX=disabled' become: yes
PATH追加 (sudoers) /usr/local/bin
- name: Add path replace: path: /etc/sudoers regexp: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin' replace: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' become: yes
yum update
- name: Upgrade all packages yum: name: '*' state: latest update_cache: yes become: yes
epel-repo追加
- name: Install packages from yum yum: name: - epel-release state: latest update_cache: yes autoremove: yes become: yes when: not ansible_check_mode
Python3.6のインストール by yum
- name: Install packages from yum yum: name: - python-pip - python-devel - python36 - python36-devel state: latest update_cache: yes autoremove: yes become: yes when: not ansible_check_mode - name: Rename python file: src: /bin/python3.6 dest: /bin/python3 state: link become: yes when: not ansible_check_mode
Install pip3
- name: Install pip3 command: python36 -m ensurepip become: yes when: not ansible_check_mode
## upgrade pip
- name: Upgrade pip3 pip: name: pip extra_args: --upgrade executable: pip3 become: yes when: not ansible_check_mode - name: Upgrade pip2 pip: name: pip extra_args: --upgrade executable: pip2 become: yes when: not ansible_check_mode - name: Upgrade pip pip: name: pip extra_args: --upgrade executable: pip become: yes when: not ansible_check_mode
pip3 install pkg
- name: Install packages from pip3 pip: name: - boto3 - awscli - ansible==2.7.1 executable: pip3 become: yes when: not ansible_check_mode
pip install pkg
- name: Install packages from pip2 pip: name: - passlib executable: pip2 become: yes when: not ansible_check_mode - name: Install packages from pip pip: name: - psutil become: yes when: not ansible_check_mode
sudo passwordのNOPASSWD化
- name: Allow command without sudo lineinfile: path: /etc/sudoers line: "{{ item }}" validate: 'visudo -cf %s' with_items: - '%infra_users ALL=NOPASSWD: /bin/su - centos' become: yes - name: Allow command without sudo lineinfile: path: /etc/sudoers line: "{{ item }}" validate: 'visudo -cf %s' with_items: - '{{ user }} ALL=NOPASSWD: /bin/systemctl restart nginx.service' - '{{ user }} ALL=NOPASSWD: /bin/systemctl reload nginx.service' become: yes
Install Ruby rbenv
- name: Install rbenv git: repo: https://github.com/sstephenson/rbenv.git dest: ~/.rbenv version: master when: not ansible_check_mode - name: Install ruby-build git: repo: https://github.com/rbenv/ruby-build.git dest: ~/.rbenv/plugins/ruby-build version: master when: not ansible_check_mode - name: Install Ruby {{ ruby_version }} shell: | ~/.rbenv/bin/rbenv install -s {{ ruby_version }} ~/.rbenv/bin/rbenv rehash ~/.rbenv/bin/rbenv global {{ ruby_version }} register: install_ruby changed_when: install_ruby.stdout != "" when: not ansible_check_mode - name: Install bundler gem: name: bundler executable: /home/{{ user }}/.rbenv/shims/gem user_install: false when: not ansible_check_mode
Install pkg by rbenv gem
- name: Install packages from gem gem: name: "{{ item }}" state: latest executable: ~/.rbenv/shims/gem with_items: - aws-sdk-core - nokogiri - bundler - roadworker - piculet when: not ansible_check_mode
Codedeploy-Agent Install
- name: Install ruby yum: name: - ruby update_cache: yes autoremove: yes state: latest become: yes when: not ansible_check_mode - name: Download CodeDeployAgent get_url: url: https://aws-codedeploy-{{ aws_region }}.s3.amazonaws.com/latest/install dest: /tmp/ mode: 0755 become: yes when: not ansible_check_mode - name: Install CodeDeployAgent command: /tmp/install auto notify: "Restart CodedeployAgent" become: yes when: not ansible_check_mode - name: "Install Packages | package manager" yum: name: codedeploy-agent state: present notify: "Restart CodedeployAgent" become: yes - name: "Check if CodeDeploy is already installed" command: rpm -q 'codedeploy-agent' ignore_errors: True register: is_codedeploy_installed - name: Ensure start CodedeployAgent systemd: state: started daemon_reload: yes enabled: yes name: codedeploy-agent become: yes when: not ansible_check_mode