Ansible 2.2.0.0をCnetOS 7.2へインストール
最終更新日:2020/11/01 | 公開日:2016/12/25
目次
概要
CentOS 7.2にAnsible 2.2.0.0をインストールします。 AnsibleはCentOS 7.2の標準パッケージに含まれておらず、 拡張パッケージとしてEPEL(Extra Packages for Enterprise Linux)で提供されています。 先にEPELリポジトリ情報を登録してからAnsibleのインストールを実行します。 依存パッケージが多いので、今回は手軽にyumでインストールを行いました。
構成
想定環境
準備したサーバが1台だけだったので、Ansibleをインストールしたサーバ(IPアドレス:192.168.0.51)上で動作確認しました。
サーバ構成
OSバージョン
CentOS 7.2.1511 x86_64
ソフトウェア・パッケージ一覧
- epel-release-7-6.noarch.rpm
- ansible-2.2.0.0-4.el7.noarch.rpm
環境構築
インストール
EPELリポジトリ情報をインストール
Ansibleをインストールするために、YumのEPELリポジトリを登録します。 リポジトリ情報自体がパッケージとして提供されているので、yumコマンドでインストールします。
# yum install epel-release
Loaded plugins: fastestmirror, langpacks
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/3): base/7/x86_64/group_gz | 155 kB 00:00:00
(2/3): updates/7/x86_64/primary_db | 1.2 MB 00:00:00
(3/3): base/7/x86_64/primary_db | 5.6 MB 00:00:00
Determining fastest mirrors
* base: ftp.iij.ad.jp
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
epel-release noarch 7-6 extras 14 k
Transaction Summary
========================================================================================================================
Install 1 Package
Total download size: 14 k
Installed size: 24 k
Is this ok [y/d/N]: y ←yを入力
Downloading packages:
epel-release-7-6.noarch.rpm | 14 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-6.noarch 1/1
Verifying : epel-release-7-6.noarch 1/1
Installed:
epel-release.noarch 0:7-6
Complete!
Ansibleのインストール
EPELリポジトリのAnsibleをyumコマンドでインストールします。
# yum install ansible Loaded plugins: fastestmirror, langpacks epel/x86_64/metalink | 6.2 kB 00:00:00 epel | 4.3 kB 00:00:00 http://ftp.jaist.ac.jp/pub/Linux/Fedora/epel/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. epel | 4.3 kB 00:00:00 http://ftp.riken.jp/Linux/fedora/epel/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. epel | 4.3 kB 00:00:00 http://mirror.premi.st/epel/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. epel | 4.3 kB 00:00:00 http://epel.excellmedia.net/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. http://mirror2.totbb.net/epel/7/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed connect to mirror2.totbb.net:80; Operation now in progress" Trying other mirror. epel | 4.3 kB 00:00:00 epel/x86_64/updateinfo FAILED http://mirror01.idc.hinet.net/EPEL/7/x86_64/repodata/45175eeb02c40ff7ca3d73c998760b970e468ef337f03895d07795e1e66b7723-updateinfo.xml.bz2: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. To address this issue please refer to the below knowledge base article https://access.redhat.com/articles/1320623 If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/ epel/x86_64/updateinfo FAILED https://free.nchc.org.tw/fedora-epel/7/x86_64/repodata/45175eeb02c40ff7ca3d73c998760b970e468ef337f03895d07795e1e66b7723-updateinfo.xml.bz2: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." Trying other mirror. It was impossible to connect to the CentOS servers. This could mean a connectivity issue in your environment, such as the requirement to configure a proxy, or a transparent proxy that tampers with TLS security, or an incorrect system clock. Please collect information about the specific failure that occurs in your environment, using the instructions in: https://access.redhat.com/solutions/1527033 and create a bug on https://bugs.centos.org/ epel/x86_64/primary_db FAILED https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/repodata/86b0720bdf4bb71e9878af4dd622b022b9d8ac7eb8d6b42be121751eae4e8948-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found Trying other mirror. epel/x86_64/primary_db FAILED http://kodeterbuka.beritagar.id/epel/7/x86_64/repodata/86b0720bdf4bb71e9878af4dd622b022b9d8ac7eb8d6b42be121751eae4e8948-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. epel/x86_64/updateinfo FAILED https://epel.mirror.angkasa.id/pub/epel/7/x86_64/repodata/45175eeb02c40ff7ca3d73c998760b970e468ef337f03895d07795e1e66b7723-updateinfo.xml.bz2: [Errno 14] HTTPS Error 404 - Not Found Trying other mirror. epel/x86_64/primary_db FAILED http://ftp.cuhk.edu.hk/pub/linux/fedora-epel/7/x86_64/repodata/86b0720bdf4bb71e9878af4dd622b022b9d8ac7eb8d6b42be121751eae4e8948-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. epel/x86_64/primary_db FAILED http://mirror.rise.ph/fedora-epel/7/x86_64/repodata/86b0720bdf4bb71e9878af4dd622b022b9d8ac7eb8d6b42be121751eae4e8948-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. epel/x86_64/updateinfo FAILED https://mirror.pregi.net/epel/7/x86_64/repodata/45175eeb02c40ff7ca3d73c998760b970e468ef337f03895d07795e1e66b7723-updateinfo.xml.bz2: [Errno 14] HTTPS Error 404 - Not Found Trying other mirror. (1/3): epel/x86_64/group_gz | 170 kB 00:00:08 (2/3): epel/x86_64/updateinfo | 687 kB 00:00:04 epel/x86_64/primary_db FAILED http://epel.scopesky.iq/7/x86_64/repodata/86b0720bdf4bb71e9878af4dd622b022b9d8ac7eb8d6b42be121751eae4e8948-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. (3/3): epel/x86_64/primary_db | 4.4 MB 00:00:23 Loading mirror speeds from cached hostfile * base: ftp.iij.ad.jp * epel: ftp.riken.jp * extras: ftp.iij.ad.jp * updates: ftp.iij.ad.jp Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.2.0.0-4.el7 will be installed --> Processing Dependency: sshpass for package: ansible-2.2.0.0-4.el7.noarch --> Processing Dependency: python-setuptools for package: ansible-2.2.0.0-4.el7.noarch --> Processing Dependency: python-paramiko for package: ansible-2.2.0.0-4.el7.noarch --> Processing Dependency: python-keyczar for package: ansible-2.2.0.0-4.el7.noarch --> Processing Dependency: python-jinja2 for package: ansible-2.2.0.0-4.el7.noarch --> Processing Dependency: python-httplib2 for package: ansible-2.2.0.0-4.el7.noarch --> Processing Dependency: PyYAML for package: ansible-2.2.0.0-4.el7.noarch --> Running transaction check ---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed --> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64 ---> Package python-httplib2.noarch 0:0.7.7-3.el7 will be installed ---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed --> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch --> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch ---> Package python-keyczar.noarch 0:0.71c-2.el7 will be installed --> Processing Dependency: python-pyasn1 for package: python-keyczar-0.71c-2.el7.noarch --> Processing Dependency: python-crypto for package: python-keyczar-0.71c-2.el7.noarch ---> Package python-setuptools.noarch 0:0.9.8-4.el7 will be installed --> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-4.el7.noarch ---> Package python2-paramiko.noarch 0:1.16.1-1.el7 will be installed --> Processing Dependency: python2-ecdsa for package: python2-paramiko-1.16.1-1.el7.noarch ---> Package sshpass.x86_64 0:1.05-5.el7 will be installed --> Running transaction check ---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed ---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed ---> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7 will be installed --> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch ---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed ---> Package python2-crypto.x86_64 0:2.6.1-10.el7 will be installed --> Processing Dependency: libtomcrypt.so.0()(64bit) for package: python2-crypto-2.6.1-10.el7.x86_64 ---> Package python2-ecdsa.noarch 0:0.13-4.el7 will be installed ---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed --> Running transaction check ---> Package libtomcrypt.x86_64 0:1.17-23.el7 will be installed --> Processing Dependency: libtommath >= 0.42.0 for package: libtomcrypt-1.17-23.el7.x86_64 --> Processing Dependency: libtommath.so.0()(64bit) for package: libtomcrypt-1.17-23.el7.x86_64 ---> Package python-backports.x86_64 0:1.0-8.el7 will be installed --> Running transaction check ---> Package libtommath.x86_64 0:0.42.0-4.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================== Package Arch Version Repository Size ======================================================================================================================== Installing: ansible noarch 2.2.0.0-4.el7 epel 4.6 M Installing for dependencies: PyYAML x86_64 3.10-11.el7 base 153 k libtomcrypt x86_64 1.17-23.el7 epel 224 k libtommath x86_64 0.42.0-4.el7 epel 35 k libyaml x86_64 0.1.4-11.el7_0 base 55 k python-babel noarch 0.9.6-8.el7 base 1.4 M python-backports x86_64 1.0-8.el7 base 5.8 k python-backports-ssl_match_hostname noarch 3.4.0.2-4.el7 base 12 k python-httplib2 noarch 0.7.7-3.el7 epel 70 k python-jinja2 noarch 2.7.2-2.el7 base 515 k python-keyczar noarch 0.71c-2.el7 epel 218 k python-markupsafe x86_64 0.11-10.el7 base 25 k python-setuptools noarch 0.9.8-4.el7 base 396 k python2-crypto x86_64 2.6.1-10.el7 epel 475 k python2-ecdsa noarch 0.13-4.el7 epel 83 k python2-paramiko noarch 1.16.1-1.el7 epel 257 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k sshpass x86_64 1.05-5.el7 epel 21 k Transaction Summary ======================================================================================================================== Install 1 Package (+17 Dependent packages) Total download size: 8.5 M Installed size: 38 M Is this ok [y/d/N]: y ←yを入力 Downloading packages: (1/18): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:00 warning: /var/cache/yum/x86_64/7/epel/packages/ansible-2.2.0.0-4.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY Public key for ansible-2.2.0.0-4.el7.noarch.rpm is not installed (2/18): ansible-2.2.0.0-4.el7.noarch.rpm | 4.6 MB 00:02:01 (3/18): libtomcrypt-1.17-23.el7.x86_64.rpm | 224 kB 00:00:08 (4/18): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00 (5/18): python-backports-1.0-8.el7.x86_64.rpm | 5.8 kB 00:00:00 (6/18): python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch.rpm | 12 kB 00:00:00 (7/18): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00 (8/18): libtommath-0.42.0-4.el7.x86_64.rpm | 35 kB 00:00:00 (9/18): python-jinja2-2.7.2-2.el7.noarch.rpm | 515 kB 00:00:00 (10/18): python-httplib2-0.7.7-3.el7.noarch.rpm | 70 kB 00:00:02 (11/18): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00 (12/18): python-setuptools-0.9.8-4.el7.noarch.rpm | 396 kB 00:00:00 (13/18): python-keyczar-0.71c-2.el7.noarch.rpm | 218 kB 00:00:02 (14/18): python2-crypto-2.6.1-10.el7.x86_64.rpm | 475 kB 00:00:08 (15/18): python2-ecdsa-0.13-4.el7.noarch.rpm | 83 kB 00:00:01 (16/18): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00:00 (17/18): python2-paramiko-1.16.1-1.el7.noarch.rpm | 257 kB 00:00:09 (18/18): sshpass-1.05-5.el7.x86_64.rpm | 21 kB 00:00:00 ------------------------------------------------------------------------------------------------------------------------ Total 56 kB/s | 8.5 MB 00:02:36 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Importing GPG key 0x352C64E5: Userid : "Fedora EPEL (7) <epel@fedoraproject.org>" Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5 Package : epel-release-7-6.noarch (@extras) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Is this ok [y/N]: y ←yを入力 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : sshpass-1.05-5.el7.x86_64 1/18 Installing : python-babel-0.9.6-8.el7.noarch 2/18 Installing : python2-pyasn1-0.1.9-7.el7.noarch 3/18 Installing : libtommath-0.42.0-4.el7.x86_64 4/18 Installing : libtomcrypt-1.17-23.el7.x86_64 5/18 Installing : python2-crypto-2.6.1-10.el7.x86_64 6/18 Installing : python-keyczar-0.71c-2.el7.noarch 7/18 Installing : python-backports-1.0-8.el7.x86_64 8/18 Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 9/18 Installing : python-setuptools-0.9.8-4.el7.noarch 10/18 Installing : python2-ecdsa-0.13-4.el7.noarch 11/18 Installing : python2-paramiko-1.16.1-1.el7.noarch 12/18 Installing : python-httplib2-0.7.7-3.el7.noarch 13/18 Installing : python-markupsafe-0.11-10.el7.x86_64 14/18 Installing : python-jinja2-2.7.2-2.el7.noarch 15/18 Installing : libyaml-0.1.4-11.el7_0.x86_64 16/18 Installing : PyYAML-3.10-11.el7.x86_64 17/18 Installing : ansible-2.2.0.0-4.el7.noarch 18/18 Verifying : python-keyczar-0.71c-2.el7.noarch 1/18 Verifying : libyaml-0.1.4-11.el7_0.x86_64 2/18 Verifying : python-jinja2-2.7.2-2.el7.noarch 3/18 Verifying : python-setuptools-0.9.8-4.el7.noarch 4/18 Verifying : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 5/18 Verifying : python-markupsafe-0.11-10.el7.x86_64 6/18 Verifying : python-httplib2-0.7.7-3.el7.noarch 7/18 Verifying : python2-ecdsa-0.13-4.el7.noarch 8/18 Verifying : libtomcrypt-1.17-23.el7.x86_64 9/18 Verifying : python-backports-1.0-8.el7.x86_64 10/18 Verifying : ansible-2.2.0.0-4.el7.noarch 11/18 Verifying : libtommath-0.42.0-4.el7.x86_64 12/18 Verifying : python2-pyasn1-0.1.9-7.el7.noarch 13/18 Verifying : PyYAML-3.10-11.el7.x86_64 14/18 Verifying : python2-crypto-2.6.1-10.el7.x86_64 15/18 Verifying : python-babel-0.9.6-8.el7.noarch 16/18 Verifying : python2-paramiko-1.16.1-1.el7.noarch 17/18 Verifying : sshpass-1.05-5.el7.x86_64 18/18 Installed: ansible.noarch 0:2.2.0.0-4.el7 Dependency Installed: PyYAML.x86_64 0:3.10-11.el7 libtomcrypt.x86_64 0:1.17-23.el7 libtommath.x86_64 0:0.42.0-4.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-backports.x86_64 0:1.0-8.el7 python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7 python-httplib2.noarch 0:0.7.7-3.el7 python-jinja2.noarch 0:2.7.2-2.el7 python-keyczar.noarch 0:0.71c-2.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-setuptools.noarch 0:0.9.8-4.el7 python2-crypto.x86_64 0:2.6.1-10.el7 python2-ecdsa.noarch 0:0.13-4.el7 python2-paramiko.noarch 0:1.16.1-1.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.05-5.el7 Complete!
動作テスト
Ansibleのバージョン確認
インストールしたAnsibleのバージョンを確認します。
# ansible --version ansible 2.2.0.0 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides
ansibleコマンドでローカルホストへの接続確認
インストールしたansibleコマンドでホストへの接続確認を行います。 接続確認にはpingモジュールを使用しますが、いわゆるICMPによるpingではなく、ログイン可否を検証します。 ここでは接続先を自ホスト(localhost)とします。
# ansible localhost -m ping [WARNING]: provided hosts list is empty, only localhost is available ←警告が表示される localhost | SUCCESS => { "changed": false, "ping": "pong" ←成功するとpongが返ります }
Ansibleでは間違って無関係なサーバに対してコマンドを実行しないようにするために、 hostsリストに記述したサーバに対してのみコマンドの実行が許可されます。 ただ、上記のようにlocalhostは例外としてhostsリストに記述しなくても実行できます。
試しにhostsリストに「localhost」を追加すると、localhostに対するコマンド実行でも認証が求められるようになりました。 hostsリストには localhost は記述せず、実IPアドレスを追加した方が分かりやすくて良さそうです。
※/etc/ansible/hostsファイルの末尾に「localhost」を記述して実行した例※ # ansible localhost -m ping The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is 33:85:a4:c5:48:81:c9:55:4f:e8:06:7a:20:52:03:2c. Are you sure you want to continue connecting (yes/no)? yes ←localhostに対して初めてsshしたので聞かれます、次からは聞かれません localhost | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true ←認証できずにpingモジュールの実行が失敗しました } # ansible localhost -m ping -k ←パスワード認証指定でpingモジュールを実行します SSH password: ←パスワードが求められるので、ここではrootのパスワードを入力します localhost | SUCCESS => { "changed": false, "ping": "pong" ←成功しました }
ansibleコマンドでローカルホスト以外への接続確認
hostsリストに記述していないホストに対してansibleコマンドのpingモジュールを実行すると失敗します。
# ansible 192.168.0.51 -m ping -k
SSH password: ←rootユーザのパスワードを入力
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: No hosts matched, nothing to do
#
hostsリストに接続先のIPアドレスを登録します(ホスト名でも可)。
# cd /etc/ansible/ # vi hosts
ファイル名:/etc/ansible/hosts
※ファイルの末尾に追加※
192.168.0.51
再度ansibleコマンドでpingモジュールを実行しても失敗してしまいました。 SSHのknown hostsリストに対象ホストのフィンガープリントが登録されていないことが原因のようです。
# ansible 192.168.0.51 -m ping -k SSH password: ←rootユーザのパスワードを入力 192.168.0.51 | FAILED! => { ←失敗 "failed": true, "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host." }
一度pingモジュールのパスワード認証指定を行わずに実行すると、SSHのknown hostsリストにフィンガープリントが登録されます。 登録後に ~/.ssh/known_hosts ファイルの中身を見ると、登録されたことが確認できます。 これが正しい手順なわけありませんが、ansibleコマンドだけでできる即席の動作確認なのでご了承ください。
# ansible 192.168.0.51 -m ping ←-kを付けない The authenticity of host '192.168.0.51 (192.168.0.51)' can't be established. ECDSA key fingerprint is 33:85:a4:c5:48:81:c9:55:4f:e8:06:7a:20:52:03:2c. Are you sure you want to continue connecting (yes/no)? yes 192.168.0.51 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.0.51' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true } # tail -n 1 ~/.ssh/known_hosts 192.168.0.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPBa/0BnVDic/+HFKuYbeZLuDMbEXXmPFDz4KtP4kP2tCp5lypZKGqihFoPkLzmwjnslkGRKVvfXUgddxqBvhKU= # ansible 192.168.0.51 -m ping -k SSH password: ←rootユーザのパスワードを入力 192.168.0.51 | SUCCESS => { ←成功 "changed": false, "ping": "pong" ←成功しました }