DockerでAnsible環境を構築しテストする
※更新: 2024/06/02 entrypoin.sh 追加
本サイトは Raspberrypi に Kubernetes 環境を構築し web サイトを稼働させています。物理 OS に問題が発生した場合に備えて、各環境に合わせて汎用的に利用できるゴールデンイメージの OS を作成しています。ただ、汎用的に作成しているため環境に合わせて手直しが発生していました。それを解決するために ansible を利用しています。
ansible を利用するにあたり、検証環境用の RaspberryPi で検証を行うのですが、それでも環境が煩雑になるのを避けたい思いがありました。具体的には何かあったときに物理 OS イメージを焼きなおす時間がもったいなく感じているためです。そのため KVM を利用するか Docker 利用するか検討しました。今回は Docker を採用することにしました。
github にコードを配置しています。
git clone https://github.com/AbeYuki/ansible-docker-compose.gitファイル構成
一覧
.
├── README.md
├── ansible
│ ├── Dockerfile
│ ├── ansible.cfg
│ └── entrypoint.sh
├── compose.yml
├── node
│ └── Dockerfile
└── work
├── hosts
└── install.yamldocker-compose
version: "3.9"
x-node: &node
build: ./node
privileged: true
command: /sbin/init
tty: true
services:
ansible:
container_name: ansible
hostname: ansible
depends_on:
- node01
- node02
- node03
build: ./ansible
tty: true
working_dir: /root/work
volumes:
- ./work:/root/work
node01:
hostname: node01
container_name: node01
<<: *node
ports:
- '8101:80'
node02:
hostname: node02
container_name: node02
<<: *node
ports:
- '8102:80'
node03:
hostname: node03
container_name: node03
<<: *node
ports:
- '8103:80'ansible/Dokcerfile
FROM ubuntu:20.04
RUN apt-get update && apt-get install -y \
software-properties-common \
ca-certificates \
curl \
gnupg \
wget \
sudo \
&& apt-add-repository --yes --update ppa:ansible/ansible \
&& apt-get install -y ansible
RUN mkdir /root/.ssh/
RUN ssh-keygen -f /root/.ssh/id_ecdsa -t ecdsa -b 521 -N '' \
&& cp -p /root/.ssh/id_ecdsa.pub /root/.ssh/authorized_keys
ADD ansible.cfg /etc/ansible
CMD ["/bin/bash"]ansible/ansible.cfg
[defaults]
inventory = /root/work/hosts
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/nullansible/entrypoint.sh
#!/bin/bash
node=(node01 node02 node03)
function setup_pubkey() {
for i in ${node[@]} ;
do
sshpass -p 'node' scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -pr /root/.ssh/authorized_keys root@$i:/root/.ssh/authorized_keys ;
done
}
function setup_sshd_config() {
for i in ${node[@]} ;
do
sshpass -p 'node' ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $i "sed -i -e 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config" ;
done
}
function reload_sshd() {
for i in ${node[@]} ;
do
sshpass -p 'node' ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $i service sshd reload ;
done
}
function setup_hosts() {
for i in ${node[@]} ;
do
bash -c "sshpass -p 'node' ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $i tail -1 /etc/hosts" >> /etc/hosts
done
for i in ${node[@]} ;
do
sshpass -p 'node' scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -pr /etc/hosts root@$i:/etc/hosts ;
done
}
setup_pubkey
setup_sshd_config
reload_sshd
if [ $(grep -E 'node0[1-3]' /etc/hosts | wc -l) -eq 0 ]; then
setup_hosts
fi
exec "$@"node/Dockerfile
FROM ubuntu:20.04
RUN apt-get update && apt-get install -y \
software-properties-common \
ca-certificates \
curl \
gnupg \
openssh-server \
sudo \
wget
RUN echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config \
&& echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config \
&& echo 'AuthorizedKeysFile /root/.ssh/authorized_keys' >> /etc/ssh/sshd_config \
&& echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config \
&& mkdir /root/.ssh/ \
&& touch /root/.ssh/authorized_keys
RUN echo "root:node" | chpasswd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]work/entrypoint.sh
[node]
node01
node02
node03構築
1. build
docker-compose build --no-cache2. docker-compose up
docker-compose up -d3. ansibleコンテナにログイン
docker exec -it ansible bash4. ansible コンテナから node コンテナに対して疎通確認
ansible node -m pingSUCCESS の応答があれば疎通確認が成功
node02 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node03 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node01 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
} 5. ansible コンテナから playbook を実行
ansible-playbook install.yaml---
- name: add repository glusterfs server
hosts: node
become: yes
gather_facts: no
tasks:
- name: Add glusterfs repository from PPA and install its signing key on Ubuntu target
ansible.builtin.apt_repository:
repo: ppa:gluster/glusterfs-9
- name: deploy httpd server
hosts: node
become: yes
gather_facts: no
tasks:
- name: install httpd
apt:
name: apache2
state: latest
update_cache: yes
- name: start & enabled httpd
service:
name: apache2
state: started
enabled: yes
- name: deploy glusterfs server
hosts: node
become: yes
gather_facts: no
tasks:
- name: gluster install
apt:
name: glusterfs-server
state: latest
update_cache: yes
- name: start & enabled glusterfs server
service:
name: glusterd
state: started
enabled: yes
- name: deploy docker
hosts: node
become: yes
gather_facts: no
tasks:
- name: docker install
apt:
name: docker
state: latest
update_cache: yes
####### docker in docker の設定は行っていないため起動させない
# - name: start & enabled docker
# service:
# name: docker
# state: started
# enabled: yes
- name: deploy docker-compose
hosts: node
become: yes
gather_facts: no
tasks:
- name: docker-compose install
apt:
name: docker-compose
state: latest
update_cache: yes
####### docker in docker の設定は行っていないため起動させない
# - name: start & enabled docker-compose
# service:
# name: docker-compose
# state: started
# enabled: yesPLAY RECAP ステータスの OK と changed が全て問題なければ成功
PLAY [add repository glusterfs server] ******************************************************************************************************************************************************************************************************************************
TASK [Add glusterfs repository from PPA and install its signing key on Ubuntu target] *******************************************************************************************************************************************************************************
changed: [node02]
changed: [node01]
changed: [node03]
PLAY [deploy httpd server] ******************************************************************************************************************************************************************************************************************************************
TASK [install httpd] ************************************************************************************************************************************************************************************************************************************************
changed: [node03]
changed: [node01]
changed: [node02]
TASK [start & enabled httpd] ****************************************************************************************************************************************************************************************************************************************
changed: [node03]
changed: [node02]
changed: [node01]
PLAY [deploy glusterfs server] **************************************************************************************************************************************************************************************************************************************
TASK [gluster install] **********************************************************************************************************************************************************************************************************************************************
changed: [node01]
changed: [node03]
changed: [node02]
TASK [start & enabled glusterfs server] *****************************************************************************************************************************************************************************************************************************
changed: [node03]
changed: [node02]
changed: [node01]
PLAY [deploy docker] ************************************************************************************************************************************************************************************************************************************************
TASK [docker install] ***********************************************************************************************************************************************************************************************************************************************
changed: [node02]
changed: [node01]
changed: [node03]
PLAY [deploy docker-compose] ****************************************************************************************************************************************************************************************************************************************
TASK [docker-compose install] ***************************************************************************************************************************************************************************************************************************************
changed: [node03]
changed: [node02]
changed: [node01]
PLAY RECAP **********************************************************************************************************************************************************************************************************************************************************
node01 : ok=7 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node02 : ok=7 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node03 : ok=7 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 クラウドを利用していると Host OS を気にする事はありませんが、 Docker で手軽に確認できるメリットはあると思いますのでお試し頂ければと思います。