1. Amazon Linux에서 Ansible 설치하기
amazon-linux-extras install ansible2 -y
[root@ip-10-0-0-45 ~]# ansible --version
ansible 2.9.5
2. 구성
EC2 Ansible 서버 (10.0.0.45 ) -------------- EC2 관리대상 (52.79.160.237)
3. Ansible 서버에서 hosts에 관리 대상 등록한다.
vi /etc/ansible/hosts
## [webservers]
52.79.160.237
#13.124.40.62
## 13.209.82.157
local ping test
[root@ip-10-0-0-45 .ssh]# ansible localhost -m ping
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
계속하겠냐고 물으면? (yes /no ) ? yes
yes
yes
yes
hosts 파일에 등록한 수만큼 yes 한다.
4. Ansible 서버에서 관리대상 서버로 접속하기 위해 public키를 만든다.
Ansible 서버
[root@ip-10-0-0-45 ansible]# cd
[root@ip-10-0-0-45 ~]# cd ~/.ssh/
[root@ip-10-0-0-45 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:o1----------------------DjLdfD7g root@ip-10-0-0-45.ap-northeast-2.compute.internal
The key's randomart image is:
+---[RSA 2048]----+
| .=. .oo |
| .o.o ...... |
|..oo . o+. |
|o=. . .. . |
|=.o + . S |
|*o * O ... |
|+.o B B. o |
| ..= =o o |
| o++E. . |
+----[SHA256]-----+
[root@ip-10-0-0-45 .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@ip-10-0-0-45 .ssh]# more id_rsa.pub
ssh-rsa AAAAB3Nza-----------------------------------------------------------------
Cy0p8+0mB6B root@ip-10-0-0-45.ap-northeast-2.compute.internal
권한 변경
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_rsa
chmod 644 /root/.ssh/id_rsa.pub
chmod 644 /root/.ssh/authorized_keys
chmod 644 /root/.ssh/known_hosts
id_rsa.pub 내용을 관리대상 서버에 등록해야 한다.
5. 관리 대상 서버 52.79.160.237 접속
[root@ip-10-0-0-237 .ssh]# vi authorized_keys
id_rsa.pub 내용을 추가 등록한다.
반드시 1줄로 등록해야 한다.
notepad로 열어 1줄로 만든 다음 authorized_keys 파일에 추가한다.
6. Ansbile 서버에서 ping test
[root@ip-10-0-0-45 ansible]# ansible all -m ping -u ec2-user
52.79.160.237 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@ip-10-0-0-45 ansible]#
감사합니다.