2. 발표자
• KT – uCloud IaaS
• SK Planet - Openstack, AWS, Saltstack..
• ncsoft – Cloud Platform 개발
리니지M 켄라우헬8 서버에 거주
• Cloud Engineer : Cloudstack, Openstack, AWS, VDI
Python을 만나
Cloud Platform 개발자로 : Django 사랑합니다
3. 발표내용
• Infrastructure as Code (IaC) ?
• CM tool – Ansible
• Ansible을 자동화 해보자
• IaC 를 위한 Ansible 활용 방법
• Dynamic inventory
• Variable 관리
• Vault를 활용한 계정 정보 관리
• Result Callback
• Async
5. Infrastructure as code (IaC) is the process of
managing and provisioning computer data
centers through machine-readable definition
files, rather than physical hardware
configuration or interactive configuration
6. Interactive한 구성(ex. CLI ) 이나
물리적인 하드웨어 구성 방식 대신에
Machine-readable 정의 파일을 이용해
데이터 센터를 관리하는 프로세스
7. Infrastructure as code describes the idea of
using a high-level programming language to
control IT systems.
(Amazon Web Service in Action, 2015)
33. # ansible
from ansible.parsing.dataloader import DataLoader
from ansible.vars import VariableManager
from ansible.vars.hostvars import HostVars
from ansible.inventory import Inventory
from ansible.inventory.host import Host
from ansible.inventory.script import InventoryScript
from ansible.playbook.play import Play
from ansible.executor.task_queue_manager import TaskQueueManager
from ansible.executor.playbook_executor import PlaybookExecutor
35. # create play with tasks
play_source = dict(
name = ‘Ansible Play’,
hosts = host_list,
gather_facts = ‘no’,
tasks = [
dict(action=dict(module=‘shell’, args=‘ls’), register=‘shell_out’),
dict(action=dict(module=‘debug’ args=dict(msg=‘{{shell_out.stdout}}’)))
]
)
play = Play().load(play_source, variable_manager=variable_manager, loader=loader)
36. # actually run it
tqm = None
try:
tqm = TaskQueueManager(
inventory=inventory,
variable_manager=variable_manager,
loader=loader,
options=options,
passwords=None
)
result = tqm.run(play)
finally:
if tqm is not None:
tqm.cleanup()
48. Ansible은
host 별로 variable 설정 가능
이것도 inventory와 마찬가지로
/etc/ansible/hosts 에서 관리
[webservers]
webserver01 ansible_ssh_user=ansible ansible_password=XXXXX desc=board1
webserver02 ansible_ssh_user=ansible ansible_password=XXXXX desc=board2
49. from ansible.inventory.host import Host
from ansible.vars import VariableManager
# get host info from CMDB
host_dic = getHostFromCMDB(name=‘webserver-01’)
host = Host(name=host_dic[‘name’])
# set variable to host
var_mgr = VaraibleManager()
attr_tag = dict(host=host, varname=‘desc’, value=‘board1’)
var_mgr.set_host_variable(**attr_tag)
50. Ansible은 target host에 SSH 통신
host 에 접속하는 계정 정보도 Variable 로 관리
각별한 주의 필요
보안팀이 이 글을 싫어합니다
52. Data, File, API키, 토큰 등을 암호화하여 저장하는 tool
API도 잘 되어있고, python client도 있어서
연동하고 매우 쉬워요
53. from ansible.inventory.host import Host
from ansible.vars import VariableManager
from vaultClient import VaultClient
# get host info from CMDB
host_dic = getHostFromCMDB(name=‘webserver-01’)
host = Host(name=host_dic[‘name’])
# set variable to host
var_mgr = VaraibleManager()
# set credential from Vault
vclient = VaultClient(vault_endpoint, token)
credential_data = vclient.getData(host_dic[‘name’])
for key, val in credential_data.iteritems():
attr_tag = dict(host=host, varname=key, value=val)
var_mgr.set_host_variable(**attr_tag)
62. Class CallbackBase:
‘ ‘ ‘
This is a base ansible callback class that does nothing. New callbacks should
use this class as a base and override any callback methods they wish to execute
custom actions.
‘ ’ ’
Ansible의 plugins 에는
callback 을 커스터마이징해서 쓰려면
CallbackBase 를 override 해서 사용하라고 가이드 되어 있음