key를 이용한 ssh 방식으로 대상 서버에 접속하도록 설정 후,
ansible로 일괄 관리할 수 있는 예시입니다.
1. Python 설치 (버전 무관)
# dnf install python 3.12
# wget https://bootstrap.pypa.io/get-pip.py
# python3 get-pip.py
# pip install pipx
# pipx install --include-deps ansible
# pipx ensurepath
2. ssh 키 생성 후, 비밀번호 없이 로그인할 수 있도록 대상 서버에 키 복제
# ssh-keygen -t rsa -b 2048
# ssh-copy-id root@서버1IP
# ssh-copy-id root@서버2IP
3. ansible 설정
# mkdir -p /etc/ansible
# ansible-config init --disabled -t all > /etc/ansible/ansible.cfg
4. ansible 대상 서버 설정
# vi /etc/ansible/hosts
[GROUP1]
SERVER1 ansible_host=서버1IP ansible_user=root
SERVER2 ansible_host= 서버2IP ansible_user=root
5. ansible playbook 스크립트 설정
- kernel을 업데이트하고 리부팅하는 예시 (필요에 맞게 수정 필요)
# vi /etc/ansible/update.yml---
- name: Update kernel and reboot if necessary
hosts: all
become: true
gather_facts: yes
tasks:
- name: Get the current kernel version
command: uname -r
register: current_kernel
- name: Update all packages, including kernel
dnf:
name: "*"
state: latest
notify: Check if kernel updated
- name: Check if the kernel was updated
set_fact:
kernel_updated: "{{ current_kernel.stdout != ansible_facts['kernel'] }}"
- name: Reboot the system if the kernel was updated
shell: |
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)
when: kernel_updated
- name: Reboot the system if the kernel was updated
reboot:
msg: "Rebooting to apply the latest kernel"
reboot_timeout: 600
when: kernel_updated
6. ansible playbook 실행
# ansible-playbook -l GROUP1 update.ymlPLAY [Update kernel and reboot if necessary] ************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
[WARNING]: Platform linux on host SERVER2 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another Python interpreter could change the meaning
of that path. See https://docs.ansible.com/ansible-core/2.18/reference_appendices/interpreter_discovery.html for more information.
ok: [SERVER2]
[WARNING]: Platform linux on host SERVER1 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another Python interpreter could change the meaning
of that path. See https://docs.ansible.com/ansible-core/2.18/reference_appendices/interpreter_discovery.html for more information.
ok: [SERVER1]
TASK [Get the current kernel version] *******************************************************************************************************************************************************
changed: [SERVER2]
changed: [SERVER1]
TASK [Update all packages, including kernel] ************************************************************************************************************************************************
ok: [SERVER2]
ok: [SERVER1]
TASK [Check if the kernel was updated] ******************************************************************************************************************************************************
ok: [SERVER1]
ok: [SERVER2]
TASK [Reboot the system if the kernel was updated] ******************************************************************************************************************************************
skipping: [SERVER1]
skipping: [SERVER2]
TASK [Reboot the system if the kernel was updated] ******************************************************************************************************************************************
skipping: [SERVER1]
skipping: [SERVER2]
PLAY RECAP **********************************************************************************************************************************************************************************
SERVER1 : ok=4 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
SERVER2 : ok=4 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0