본문 바로가기

리눅스

[리눅스] ansible apt 모듈(apt module)

반응형

ansible apt 모듈(apt module)

인벤토리(inventory) 확인

ansible-inventory -i inventory/mycluster/inventory.ini --graph
$ ansible-inventory -i inventory/mycluster/inventory.ini --graph 
@all:
  |--@etcd:
  |  |--kube-control1
  |--@k8s_cluster:
  |  |--@calico_rr:
  |  |--@kube_control_plane:
  |  |  |--kube-control1
  |  |--@kube_node:
  |  |  |--kube-node1
  |  |  |--kube-node2
  |  |  |--kube-node3
  |  |  |--kube-node4
  |  |  |--kube-node5
  |  |  |--kube-node6
  |--@ungrouped:
ansible -i inventory/mycluster/inventory.ini all --list-hosts
$ ansible -i inventory/mycluster/inventory.ini all --list-hosts        
  hosts (7):
    kube-control1
    kube-node1
    kube-node2
    kube-node3
    kube-node4
    kube-node5
    kube-node6

ping check

ansible -i inventory/mycluster/inventory.ini kube_node -m ping
$ ansible -i inventory/mycluster/inventory.ini kube_node -m ping 
[WARNING]: Skipping callback plugin 'ara_default', unable to load
kube-node3 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
kube-node2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
kube-node1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
kube-node5 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
kube-node4 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
kube-node6 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

apt 모듈 사용 방법 확인

ansible-doc apt
$ ansible-doc apt

> ANSIBLE.BUILTIN.APT    (/usr/local/lib/python3.10/dist-packages/ansible/modules/apt.py)

        Manages `apt' packages (such as for Debian/Ubuntu).

ADDED IN: version 0.0.2 of ansible-core

OPTIONS (= is mandatory):

- allow_downgrade
        Corresponds to the `--allow-downgrades' option for `apt'.
        This option enables the named package and version to replace an already installed higher version of that package.
        Note that setting `allow_downgrade=true' can make this module behave in a non-idempotent way.
        (The task could end up with a set of packages that does not match the complete list of specified packages to install).
        (Aliases: allow-downgrade, allow_downgrades, allow-downgrades)[Default: no]
        type: bool
        added in: version 2.12 of ansible-core


- allow_unauthenticated
        Ignore if packages cannot be authenticated. This is useful for bootstrapping environments that manage their own apt-key
        setup.
        `allow_unauthenticated' is only supported with state: `install'/`present'
        (Aliases: allow-unauthenticated)[Default: no]
        type: bool
        added in: version 2.1 of ansible-core


- autoclean
        If `yes', cleans the local repository of retrieved package files that can no longer be downloaded.
        [Default: no]
        type: bool
        added in: version 2.4 of ansible-core


- autoremove
        If `yes', remove unused dependency packages for all module states except `build-dep'. It can also be used as the only
        option.
        Previous to version 2.4, autoclean was also an alias for autoremove, now it is its own separate command. See
        documentation for further information.
        [Default: no]
        type: bool
        added in: version 2.1 of ansible-core


- cache_valid_time
        Update the apt cache if it is older than the `cache_valid_time'. This option is set in seconds.
        As of Ansible 2.4, if explicitly set, this sets `update_cache=yes'.
        [Default: 0]
        type: int

- deb
        Path to a .deb package on the remote machine.
        If :// in the path, ansible will attempt to download deb before installing. (Version added 2.1)
        Requires the `xz-utils' package to extract the control file of the deb package to install.
        [Default: (null)]
        type: path
        added in: version 1.6 of ansible-core


- default_release
        Corresponds to the `-t' option for `apt' and sets pin priorities
        (Aliases: default-release)[Default: (null)]
        type: str

- dpkg_options
        Add dpkg options to apt command. Defaults to '-o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold"'
        Options should be supplied as comma separated list
        [Default: force-confdef,force-confold]
        type: str

- fail_on_autoremove
        Corresponds to the `--no-remove' option for `apt'.
        If `yes', it is ensured that no packages will be removed or the task will fail.
        `fail_on_autoremove' is only supported with state except `absent'
        [Default: no]
        type: bool
        added in: version 2.11 of ansible-core


- force
        Corresponds to the `--force-yes' to `apt-get' and implies `allow_unauthenticated: yes' and `allow_downgrade: yes'
        This option will disable checking both the packages' signatures and the certificates of the web servers they are
        downloaded from.
        This option *is not* the equivalent of passing the `-f' flag to `apt-get' on the command line
        **This is a destructive operation with the potential to destroy your system, and it should almost never be used.**
        Please also see `man apt-get' for more information.
        [Default: no]
        type: bool

- force_apt_get
        Force usage of apt-get instead of aptitude
        [Default: no]
        type: bool
        added in: version 2.4 of ansible-core


- install_recommends
        Corresponds to the `--no-install-recommends' option for `apt'. `yes' installs recommended packages.  `no' does not
        install recommended packages. By default, Ansible will use the same defaults as the operating system. Suggested packages
        are never installed.
        (Aliases: install-recommends)[Default: (null)]
        type: bool

- lock_timeout
        How many seconds will this action wait to acquire a lock on the apt db.
        Sometimes there is a transitory lock and this will retry at least until timeout is hit.
        [Default: 60]
        type: int
        added in: version 2.12 of ansible-core


- name
        A list of package names, like `foo', or package specifier with version, like `foo=1.0'. Name wildcards (fnmatch) like
        `apt*' and version wildcards like `foo=1.0*' are also supported.
        (Aliases: package, pkg)[Default: (null)]
        elements: str
        type: list

- only_upgrade
        Only upgrade a package if it is already installed.
        [Default: no]
        type: bool
        added in: version 2.1 of ansible-core


- policy_rc_d
        Force the exit code of /usr/sbin/policy-rc.d.
        For example, if `policy_rc_d=101' the installed package will not trigger a service start.
        If /usr/sbin/policy-rc.d already exists, it is backed up and restored after the package installation.
        If `null', the /usr/sbin/policy-rc.d isn't created/changed.
        [Default: None]
        type: int
        added in: version 2.8 of ansible-core


- purge
        Will force purging of configuration files if the module state is set to `absent'.
        [Default: no]
        type: bool

- state
        Indicates the desired package state. `latest' ensures that the latest version is installed. `build-dep' ensures the
        package build dependencies are installed. `fixed' attempt to correct a system with broken dependencies in place.
        (Choices: absent, build-dep, latest, present, fixed)[Default: present]
        type: str

- update_cache
        Run the equivalent of `apt-get update' before the operation. Can be run as part of the package installation or as a
        separate step.
        Default is not to update the cache.
        (Aliases: update-cache)[Default: (null)]
        type: bool

- update_cache_retries
        Amount of retries if the cache update fails. Also see `update_cache_retry_max_delay'.
        [Default: 5]
        type: int
        added in: version 2.10 of ansible-core


- update_cache_retry_max_delay
        Use an exponential backoff delay for each retry (see `update_cache_retries') up to this max delay in seconds.
        [Default: 12]
        type: int
        added in: version 2.10 of ansible-core


- upgrade
        If yes or safe, performs an aptitude safe-upgrade.
        If full, performs an aptitude full-upgrade.
        If dist, performs an apt-get dist-upgrade.
        Note: This does not upgrade a specific package, use state=latest for that.
        Note: Since 2.4, apt-get is used as a fall-back if aptitude is not present.
        (Choices: dist, full, no, safe, yes)[Default: no]
        type: str
        added in: version 1.1 of ansible-core



ATTRIBUTES:

        check_mode:
          description: Can run in check_mode and return changed status prediction withought
            modifying target
          support: full
        diff_mode:
          description: Will return details on what has changed (or possibly needs changing
            in check_mode), when in diff mode
          support: full
        platform:
          description: Target OS/families that can be operated against
          platforms: debian
          support: N/A

NOTES:
      * Three of the upgrade modes (`full', `safe' and its alias `yes') required `aptitude' up to 2.3, since 2.4 `apt-get'
        is used as a fall-back.
      * In most cases, packages installed with apt will start newly installed services by default. Most distributions have
        mechanisms to avoid this. For example when installing Postgresql-9.5 in Debian 9, creating an excutable shell
        script (/usr/sbin/policy-rc.d) that throws a return code of 101 will stop Postgresql 9.5 starting up after
        install. Remove the file or remove its execute permission afterwards.
      * The apt-get commandline supports implicit regex matches here but we do not because it can let typos through easier
        (If you typo `foo' as `fo' apt-get would install packages that have "fo" in their name with a warning and a prompt
        for the user. Since we don't have warnings and prompts before installing we disallow this.Use an explicit fnmatch
        pattern if you want wildcarding)
      * When used with a `loop:' each package will be processed individually, it is much more efficient to pass the list
        directly to the `name' option.


REQUIREMENTS:  python-apt (python 2), python3-apt (python 3), aptitude (before 2.4)

AUTHOR: Matthew Williams (@mgwilliams)

EXAMPLES:

- name: Install apache httpd  (state=present is optional)
  apt:
    name: apache2
    state: present

- name: Update repositories cache and install "foo" package
  apt:
    name: foo
    update_cache: yes

- name: Remove "foo" package
  apt:
    name: foo
    state: absent

- name: Install the package "foo"
  apt:
    name: foo

- name: Install a list of packages
  apt:
    pkg:
    - foo
    - foo-tools

- name: Install the version '1.00' of package "foo"
  apt:
    name: foo=1.00

- name: Update the repository cache and update package "nginx" to latest version using default release squeeze-backport
  apt:
    name: nginx
    state: latest
    default_release: squeeze-backports
    update_cache: yes

- name: Install the version '1.18.0' of package "nginx" and allow potential downgrades
  apt:
    name: nginx=1.18.0
    state: present
    allow_downgrade: yes

- name: Install zfsutils-linux with ensuring conflicted packages (e.g. zfs-fuse) will not be removed.
  apt:
    name: zfsutils-linux
    state: latest
    fail_on_autoremove: yes

- name: Install latest version of "openjdk-6-jdk" ignoring "install-recommends"
  apt:
    name: openjdk-6-jdk
    state: latest
    install_recommends: no

- name: Update all packages to their latest version
  apt:
    name: "*"
    state: latest

- name: Upgrade the OS (apt-get dist-upgrade)
  apt:
    upgrade: dist

- name: Run the equivalent of "apt-get update" as a separate step
  apt:
    update_cache: yes

- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
  apt:
    update_cache: yes
    cache_valid_time: 3600

- name: Pass options to dpkg on run
  apt:
    upgrade: dist
    update_cache: yes
    dpkg_options: 'force-confold,force-confdef'

- name: Install a .deb package
  apt:
    deb: /tmp/mypackage.deb

- name: Install the build dependencies for package "foo"
  apt:
    pkg: foo
    state: build-dep

- name: Install a .deb package from the internet
  apt:
    deb: https://example.com/python-ppq_0.1-1_all.deb

- name: Remove useless packages from the cache
  apt:
    autoclean: yes

- name: Remove dependencies that are no longer required
  apt:
    autoremove: yes


RETURN VALUES:
- cache_update_time
        time of the last cache update (0 if unknown)

        returned: success, in some cases
        sample: 1425828348000
        
        type: int

- cache_updated
        if the cache was updated or not

        returned: success, in some cases
        sample: true
        
        type: bool

- stderr
        error output from apt

        returned: success, when needed
        sample: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the
        'ServerName' directive globally to ...
        type: str

- stdout
        output from apt

        returned: success, when needed
        sample: Reading package lists... Building dependency tree... Reading state information... The following extra packages will be
        installed: apache2-bin ...
        type: str
(END)

ansible apt 모듈을 사용하여 nfs-common 패키지 설치

ansible -i inventory/mycluster/inventory.ini kube_node -m apt -a 'name=nfs-common state=present update_cache=yes' --become

ansible-playbook을 사용하여 nfs-common 패키지 설치

packageInstall.yaml 편집

vim packageInstall.yaml
$ vim packageInstall.yaml
---
- hosts: all
  become: true
  tasks:
  - name: Update repositories cache and install nfs-common package (state=present is optional)
    apt:
      name: nfs-common
      state: present
      update_cache: yes
ansible-playbook -i ~/kubespray/inventory/mycluster/inventory.ini packageInstall.yaml --limit "kube_node"

 

참고URL

- Ansible Docs : https://ansible-tips-and-tricks.readthedocs.io/en/latest/ansible/commands/

 

728x90
반응형