벽보고 욕이라도 하자: Ansible Tower 설치

설치... 그냥 설치임...별거없음

- TEST Env
ansible tower설치 (version 3.1)
CentOS 7 64bit
Virtual Box 2 CPU, 2Gbyte MEM, 50G Vol,

- Document
http://docs.ansible.com/ansible-tower/

- 요구사항
supported Operating Systems:
Red Hat Enterprise Linux 7 64-bit
CentOS 7 64-bit
Ubuntu 14.04 LTS 64-bit
Ubuntu 16.04 LTS 64-bit
(yml 내부를 보면 RedHat-7*:CentOS-7*:Ubuntu-14.04:Ubuntu-16.04:OracleLinux-7*)

2GRAM (4G이상)
only 64bit
20GHDD (/var/)

- Sizing
저장소 용량산정
관리서버 수 * 스케쥴 수행 * ((평균 모듈사이즈 * 모듈수) / 3) =
For example, assuming a schedule of 1 scan per day for a year:
(hosts = 1,000) * (number of scans = 365) * ((average module fact size = 100 kb) * (number of modules = 4) / 3) = 48 GB

메모리 산성
fork 수를 지준으로 한다.
4G에 100개의 fork를 기준으로 함
원하는 fork수 / 기준 fork 100 * 기준 메모리 4G =
400 fork를 지원하기 위해서는
400fork / 100fork * 4G = 16G

가이드에는 없으나 스켄횟수는 모듈별 1일 1회 정도가 맞겠으나 모듈 수는 가변적이므로 최소 2배수 정도는 잡는게 어떨까 싶다....
내부적으로 pgsql db가 사용됨

- HA 구성 지원
단독설치, DB 분리, Tower HA 구성 제공

1. 리파지토리 구성 (connect & disconnected env)

인터넷이 되더라도 리파지토리 추가는 해줘야 함
#root@localhost:~$ yum install http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

2. ansible 설치 (Tower 자체가 Ansible로 설치되므로 필요, Tower 2.3버젼부터는 설치과정에서 깔림, 그전에 설치필요)

#sudo yum install ansible

설치되는 패키지
Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
ansible noarch 2.2.1.0-1.el7 epel 4.6 M
Installing for dependencies:
PyYAML x86_64 3.10-11.el7 base 153 k
libtomcrypt x86_64 1.17-23.el7 epel 224 k
libtommath x86_64 0.42.0-4.el7 epel 35 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-httplib2 noarch 0.7.7-3.el7 epel 70 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-keyczar noarch 0.71c-2.el7 epel 218 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python2-crypto x86_64 2.6.1-13.el7 epel 476 k
python2-ecdsa noarch 0.13-4.el7 epel 83 k
python2-paramiko noarch 1.16.1-2.el7 epel 258 k
sshpass x86_64 1.06-1.el7 epel 21 k

Transaction Summary
================================================================================
Install 1 Package (+13 Dependent packages)

3. 설치 환경정의 (inventory 파일 수정)

#vi /home/jboss/ansibleTower/ansible-tower-setup-3.1.0/inventory

[tower]
localhost ansible_connection=local

[database]

[all:vars]
admin_password='jboss!'

pg_host=''
pg_port=''

pg_database='awx'
pg_username='jboss'
pg_password='jboss!'

rabbitmq_port=5672
rabbitmq_vhost=tower
rabbitmq_username=tower
rabbitmq_password='jboss!'
rabbitmq_cookie=cookiemonster

# Needs to be true for fqdns and ip addresses
rabbitmq_use_long_name=false

4. 설치 파일 수행 (임의의 위치에 설치본을 풀어놓았다고 가정, 설치는 root로 수행

/home/jboss/ansibleTower/ansible-tower-setup-3.1.0/setup.sh

VM에서 수행시간 : 11:08 ~ 27 : 약 20분 소요 (VM 2CPU, 2Gbyte 할당 ENV)

구동되는 관련 프로세스 (파이선기반의 Ansible본체, Pgsql DB, Rabbit MQ)
awx 15523 14715 0 11:27 ? 00:00:05 python /usr/bin/tower-manage runworker --only-channels websocket.*
awx 15524 14715 0 11:27 ? 00:00:00 /var/lib/awx/venv/tower/bin/uwsgi --socket :8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps
awx 15525 14715 0 11:27 ? 00:00:03 python /usr/bin/tower-manage run_fact_cache_receiver
awx 15526 14715 1 11:27 ? 00:01:14 /var/lib/awx/venv/tower/bin/python /var/lib/awx/venv/tower/bin/daphne -b 127.0.0.1 -p 8051 awx.asgi:channel_layer
awx 15527 14715 0 11:27 ? 00:00:03 python /usr/bin/tower-manage run_callback_receiver
awx 15528 14715 0 11:27 ? 00:00:06 python /usr/bin/tower-manage celery beat -l debug --pidfile= -s /var/lib/awx/beat.db
awx 15529 14715 0 11:27 ? 00:00:10 python /usr/bin/tower-manage celery worker -l debug --autoscale=50,4 -Ofair -Q projects,jobs,default,scheduler,broadcast_all,localhost -n celery@localhost
awx 15550 15524 0 11:27 ? 00:00:05 /var/lib/awx/venv/tower/bin/uwsgi --socket :8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps
awx 15551 15524 0 11:27 ? 00:00:04 /var/lib/awx/venv/tower/bin/uwsgi --socket :8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps
awx 15552 15524 0 11:27 ? 00:00:03 /var/lib/awx/venv/tower/bin/uwsgi --socket :8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps
awx 15553 15524 0 11:27 ? 00:00:03 /var/lib/awx/venv/tower/bin/uwsgi --socket :8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps
awx 15554 15524 0 11:27 ? 00:00:08 /var/lib/awx/venv/tower/bin/uwsgi --socket :8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps
postgres 15812 6959 0 11:27 ? 00:00:00 postgres: jboss awx 127.0.0.1(43308) idle
postgres 15836 6959 0 11:27 ? 00:00:00 postgres: jboss awx 127.0.0.1(43322) idle
awx 15846 15527 0 11:27 ? 00:00:00 python /usr/bin/tower-manage run_callback_receiver
awx 15847 15527 0 11:27 ? 00:00:00 python /usr/bin/tower-manage run_callback_receiver
awx 15848 15527 0 11:27 ? 00:00:00 python /usr/bin/tower-manage run_callback_receiver
awx 15849 15527 0 11:27 ? 00:00:00 python /usr/bin/tower-manage run_callback_receiver
awx 15851 15529 0 11:27 ? 00:00:04 python /usr/bin/tower-manage celery worker -l debug --autoscale=50,4 -Ofair -Q projects,jobs,default,scheduler,broadcast_all,localhost -n celery@localhost
awx 15852 15529 0 11:27 ? 00:00:04 python /usr/bin/tower-manage celery worker -l debug --autoscale=50,4 -Ofair -Q projects,jobs,default,scheduler,broadcast_all,localhost -n celery@localhost
awx 15853 15529 0 11:27 ? 00:00:03 python /usr/bin/tower-manage celery worker -l debug --autoscale=50,4 -Ofair -Q projects,jobs,default,scheduler,broadcast_all,localhost -n celery@localhost
awx 15854 15529 0 11:27 ? 00:00:04 python /usr/bin/tower-manage celery worker -l debug --autoscale=50,4 -Ofair -Q projects,jobs,default,scheduler,broadcast_all,localhost -n celery@localhost

[root@rockplace ansible-tower-setup-3.1.0]# ps -ef | grep post
root 1370 1 0 10:33 ? 00:00:00 /usr/libexec/postfix/master -w
postfix 1372 1370 0 10:33 ? 00:00:00 qmgr -l -t unix -u
postgres 6959 1 0 11:19 ? 00:00:00 /usr/pgsql-9.4/bin/postgres -D /var/lib/pgsql/9.4/data
postgres 6960 6959 0 11:19 ? 00:00:00 postgres: logger process
postgres 6962 6959 0 11:19 ? 00:00:00 postgres: checkpointer process
postgres 6963 6959 0 11:19 ? 00:00:00 postgres: writer process
postgres 6964 6959 0 11:19 ? 00:00:00 postgres: wal writer process
postgres 6965 6959 0 11:19 ? 00:00:00 postgres: autovacuum launcher process
postgres 6966 6959 0 11:19 ? 00:00:00 postgres: stats collector process
postgres 15812 6959 0 11:27 ? 00:00:00 postgres: jboss awx 127.0.0.1(43308) idle
postgres 15836 6959 0 11:27 ? 00:00:00 postgres: jboss awx 127.0.0.1(43322) idle

rabbitmq 7339 1 0 11:19 ? 00:00:00 /usr/lib64/erlang/erts-8.0.3/bin/epmd -daemon
root 7722 1 0 11:19 ? 00:00:00 /bin/sh /etc/rc.d/init.d/rabbitmq-server start
root 7724 7722 0 11:19 ? 00:00:00 /bin/bash -c ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rabbitm-server
root 7727 7724 0 11:19 ? 00:00:00 /bin/sh /usr/sbin/rabbitmq-server
root 7741 7727 0 11:19 ? 00:00:00 su rabbitmq -s /bin/sh -c /usr/lib/rabbitmq/bin/rabbitmq-server
rabbitmq 7755 7741 0 11:19 ? 00:00:00 /bin/sh -e /usr/lib/rabbitmq/bin/rabbitmq-server
rabbitmq 7937 7755 1 11:19 ? 00:01:03 /usr/lib64/erlang/erts-8.0.3/bin/beam.smp -W w -A 64 -P 1048576 -t 5000000 -stbt db -K true -B i -- -root /usr/lib64/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa /usr/lib/rabbitmq/lib/rabbitmq_server-3.6.5/ebin -noshell -noinput -s rabbit boot -sname rabbitmq@localhost -boot start_sasl -kernel inet_default_connect_options [{nodelay,true}] -sasl errlog_type error -sasl sasl_error_logger false -rabbit error_logger {file,"/var/log/rabbitmq/rabbitmq@localhost.log"} -rabbit sasl_error_logger {file,"/var/log/rabbitmq/rabbitmq@localhost-sasl.log"} -rabbit enabled_plugins_file "/etc/rabbitmq/enabled_plugins" -rabbit plugins_dir "/usr/lib/rabbitmq/lib/rabbitmq_server-3.6.5/plugins" -rabbit plugins_expand_dir "/var/lib/rabbitmq/mnesia/rabbitmq@localhost-plugins-expand" -os_mon start_cpu_sup false -os_mon start_disksup false -os_mon start_memsup false -mnesia dir "/var/lib/rabbitmq/mnesia/rabbitmq@localhost" -kernel inet_dist_listen_min 25672 -kernel inet_dist_listen_max 25672
rabbitmq 8031 7937 0 11:19 ? 00:00:00 erl_child_setup 1024
rabbitmq 8065 8031 0 11:19 ? 00:00:00 inet_gethost 4
rabbitmq 8066 8065 0 11:19 ? 00:00:00 inet_gethost 4

5. 접속확인
https://192.168.56.10:80 으로 기본 설치됨
이 정보들은 초기 설치시 inventory 파일에서 정의할 수 있음
기본 계정으로 admin / password
inventory에 지정하지 않고 설치했다면 명령어로 초기화 하여 접속

#tower-manage changepassword admin

[root@rockplace ansible-tower-setup-3.1.0]# tower-manage changepassword admin
Changing password for user 'admin'
Password:
Password (again):
Password changed successfully for user 'admin'
You have new mail in /var/spool/mail/root

.이상

벽보고 욕이라도 하자

2017년 3월 27일 월요일

Ansible Tower 설치

댓글 없음:

댓글 쓰기

FeedBurner FeedCount

통계(whos.amung.us)