Jenkins와 Ansible 서버를 분리하여 구성 후 Publish Over SSH 플러그인을 사용하여 연동은 되었으나
ansible 실행 시 권한 이슈가 계속 발생하여 Jenkins와 Ansible 을 하나의 서버로 구성함.
(분리 구성은 나중에 테스트 ..;;;)
Jenkins 컨테이너를 실행하고, 해당 컨테이너에 Ansible 설치 및 추가 설정을 진행.
1. Jenkins 컨테이너 실행
$ docker run -d --name jenkins -e TZ=Asia/Seoul -p 8888:8080 -p 50000:50000 -v jenkins-data:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock --restart unless-stopped jenkins/jenkins
Unable to find image 'jenkins/jenkins:latest' locally
latest: Pulling from jenkins/jenkins
7cd785773db4: Pull complete
4323b613447d: Pull complete
eec1952536a9: Pull complete
b9fcd549558d: Pull complete
743c1c69eb66: Pull complete
2b005e8acf52: Pull complete
e7e22a1da8f6: Pull complete
5daee7ea5eb6: Pull complete
bbb418a8a466: Pull complete
ccfc3f9a95cb: Pull complete
b6a32e0eef53: Pull complete
5faefa2d0cdc: Pull complete
Digest: sha256:89b19a1fcb079d6e4ab13951902d7e84935921a2186b0ff13534983530b1ea48
Status: Downloaded newer image for jenkins/jenkins:latest
dc52bfdd8e9905dddf6828d827c67c9afd135b373f8dfc374a7d06bd4474f2c3
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc52bfdd8e99 jenkins/jenkins "/usr/bin/tini -- /u…" 4 seconds ago Up 3 seconds 0.0.0.0:50000->50000/tcp, 0.0.0.0:8888->8080/tcp jenkins
2. Jenkins 패스워드 확인
$ docker logs jenkins
Running from: /usr/share/jenkins/jenkins.war
webroot: /var/jenkins_home/war
생략...
*************************************************************
*************************************************************
*************************************************************
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
패스워드
This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
*************************************************************
*************************************************************
*************************************************************
생락..
3. Jenkins 설정
- Jenkins 웹페이지 접속(http://도커호스트IP:8888) 후 docker logs 에서 확인한 패스워드 입력
- Install suggested plugins 선택
- 관리자 계정 생성
4. Jenkins 컨테이너 추가 설정
- root 계정으로 접속
$ docker exec -it --user root dc52bfdd8e99 /bin/bash
root@dc52bfdd8e99:/#
- root 패스워드 설정 및 ansible 배포용 계정 생성
root@dc52bfdd8e99:/# passwd root
root@dc52bfdd8e99:/# adduser ansibleuser
- 업데이트 및 추가 패키지 설치
root@dc52bfdd8e99:/# apt update
root@dc52bfdd8e99:/# apt upgrade
root@dc52bfdd8e99:/# apt install -y vim curl htop wget iputils-ping net-tools sshpass sudo
- ansible 배포용 계정 sudo 권한 설정
root@dc52bfdd8e99:/# echo 'ansibleuser ALL=(ALL) NOPASSWD:ALL'|sudo EDITOR='tee -a' visudo
- ansible 설치
root@dc52bfdd8e99:/# apt install -y ansible
root@dc52bfdd8e99:/# ansible --version
ansible [core 2.14.18]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.11.2 (main, Nov 30 2024, 21:22:50) [GCC 12.2.0] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
- ansible 구성 (ansibleuser 계정으로 진행)
root@dc52bfdd8e99:/# su - ansibleuser
ansibleuser@dc52bfdd8e99:~$ pwd
/home/ansibleuser
ansibleuser@dc52bfdd8e99:~$ vi .ansible.cfg
[defaults]
remote_user = ansibleuser
inventory = /home/ansibleuser/servers
ask_pass = true
host_key_checking = False
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = true
ansibleuser@dc52bfdd8e99:~$ vi servers
[docker]
docker1 ansible_host=10.0.0.200
docker2 ansible_host=10.0.0.201
[db]
zdb ansible_host=10.0.0.210
[kubernetes]
k8smaster1 ansible_host=10.0.0.230
k8sworker1 ansible_host=10.0.0.231
k8sworker2 ansible_host=10.0.0.232
k8sworker3 ansible_host=10.0.0.233
ansibleuser@dc52bfdd8e99:~$ ls -al
-rw-r--r-- 1 ansibleuser ansibleuser 218 Mar 27 00:20 .ansible.cfg
-rw-r--r-- 1 ansibleuser ansibleuser 261 Mar 27 00:24 servers
- ansible 실행 테스트
ansibleuser@dc52bfdd8e99:~$ ansible all -m ping
SSH password:
BECOME password[defaults to SSH password]:
k8smaster1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
docker1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
zdb | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
docker2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
k8sworker1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
k8sworker3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
k8sworker2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
- 테스트를 위해 hostname을 확인하는 playbook 생성
ansible.cfg 파일에 설정한 host_key_checking = False 값이 적용이 되지 않아 yaml 파일에 아래 변수를 추가 함.
----------------------------------------------------
vars:
ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/nusll'
----------------------------------------------------
ansibleuser@dc52bfdd8e99:~$ cat get_hostname.yml
- name: Get Hostname
hosts: all
gather_facts: yes
vars:
ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/nusll'
tasks:
- name: Print inventory_hostname
debug:
msg: "Inventory Hostname: {{ inventory_hostname }}"
- name: Print ansible_hostname
debug:
msg: "Ansible Hostname: {{ ansible_hostname }}"
- Jenkins 계정이 ansibleuser 디렉토리에 접근가능하도록 권한 설정(root 계정으로 진행)
/home/ansibleuser 디렉토리 아래에 ansibie 스크립트 파일이 저장 될 예정
root@dc52bfdd8e99:/# groups ansibleuser
ansibleuser : ansibleuser users
root@dc52bfdd8e99:/# usermod -aG ansibleuser jenkins
root@dc52bfdd8e99:/# chmod -R g+rx /home/ansibleuser
5. Jenkins 플러그인 설정(웹페이지)
- Dashboard - Jenkins 관리 - Plugins 접속
- Available plugins 선택 후 ansi 검색 후 AnsiColor과 Ansible 설치
6. Jenkins에서 ansible-playbook 실행 테스트
- Dashboard - + 새로운 Item 생성 (Freestyle project로 생성)
- Build Steps 항목에서 Invoke Ansible Playbook 선택 (경로 지정 및 실행 계정 등록)
Playbook path 및 Inventory 위치 지정
ansible 실행 계정 등록 (Credentials 에서 Add 클릭)
등록 된 계정 선택 후 Save
- 생성한 Item 빌드
지금 빌드 클릭 후 Console Output 확인
Started by user admin
Running as SYSTEM
Building in workspace /var/jenkins_home/workspace/get_hostname
[get_hostname] $ sshpass ******** ansible-playbook /home/ansibleuser/get_hostname.yml -i /home/ansibleuser/servers -f 5 -u ansibleuser -k
PLAY [Get Hostname] ************************************************************
TASK [Gathering Facts] *********************************************************
ok: [k8smaster1]
ok: [zdb]
ok: [k8sworker1]
ok: [docker2]
ok: [docker1]
ok: [k8sworker3]
ok: [k8sworker2]
TASK [Print inventory_hostname] ************************************************
ok: [docker1] => {
"msg": "Inventory Hostname: docker1"
}
ok: [docker2] => {
"msg": "Inventory Hostname: docker2"
}
ok: [zdb] => {
"msg": "Inventory Hostname: zdb"
}
ok: [k8smaster1] => {
"msg": "Inventory Hostname: k8smaster1"
}
ok: [k8sworker1] => {
"msg": "Inventory Hostname: k8sworker1"
}
ok: [k8sworker2] => {
"msg": "Inventory Hostname: k8sworker2"
}
ok: [k8sworker3] => {
"msg": "Inventory Hostname: k8sworker3"
}
TASK [Print ansible_hostname] **************************************************
ok: [docker1] => {
"msg": "Ansible Hostname: docker1"
}
ok: [docker2] => {
"msg": "Ansible Hostname: docker2"
}
ok: [zdb] => {
"msg": "Ansible Hostname: zdb"
}
ok: [k8smaster1] => {
"msg": "Ansible Hostname: k8smaster1"
}
ok: [k8sworker1] => {
"msg": "Ansible Hostname: k8sworker1"
}
ok: [k8sworker2] => {
"msg": "Ansible Hostname: k8sworker2"
}
ok: [k8sworker3] => {
"msg": "Ansible Hostname: k8sworker3"
}
PLAY RECAP *********************************************************************
docker1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
docker2 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
k8smaster1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
k8sworker1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
k8sworker2 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
k8sworker3 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
zdb : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Finished: SUCCESS