レッドãƒãƒƒãƒˆã€€ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ã‚¢ãƒ¼ã‚テクト石倉ã§ã™ã€‚
ã“ã“ã§ã¯ã€ RHEL System Roles ã«ã¤ã„ã¦ç´¹ä»‹ã‚’ã—ã¾ã™ã€‚
システム関連ã®ä½œæ¥ã§ã€ã‚µãƒ¼ãƒã«ãƒã‚°ã‚¤ãƒ³ã—ã¦æ§‹ç¯‰ä½œæ¥ã‚’実施ã—ãŸã‚Šã€ãƒã‚°ã‚¤ãƒ³ã—ã¦ãƒ‘ッãƒé©ç”¨ã‚„è¨å®šãƒ•ã‚¡ã‚¤ãƒ«ã®å¤‰æ›´ä½œæ¥ãªã©ã‚’実施ã™ã‚‹ã“ã¨ã¯æ—¥å¸¸çš„ã«ã‚ã‚‹ã¨æ€ã„ã¾ã™ã€‚
対象システムãŒæ•°å°ç¨‹åº¦ã§ã‚ã‚Œã°ãã‚Œã§ã‚‚å•é¡Œã¯ç„¡ã„ã‹ã‚‚ã—ã‚Œãªã„ã§ã™ãŒã€å¤šæ•°ã®ã‚·ã‚¹ãƒ†ãƒ ã‚’åŒã˜ã‚ˆã†ã«ãã‚Œãžã‚Œãƒã‚°ã‚¤ãƒ³ã—ã¦ãƒ¡ãƒ³ãƒ†ãƒŠãƒ³ã‚¹ã—ã¦ã„ãã“ã¨ã¯éžå¸¸ã«é‡åŠ´åƒã§ã™ã—ã€äººæ‰‹ã§å¯¾å¿œã™ã‚‹ã“ã¨ã§è¨å®šãƒŸã‚¹ã€ä½œæ¥æ¼ã‚Œãªã©ãŒç™ºç”Ÿã—ãŒã¡ã§ã™ã€‚
RHEL System Roles ã¯ã€ãã®ã‚ˆã†ãªã‚¤ãƒ³ãƒ•ãƒ©ä½œæ¥ã‚’効率化ã™ã‚‹ç›®çš„ã§é–‹ç™ºã•ã‚Œã¦ã„ã¾ã™ã€‚
RHEL System Roles ã¨ã¯ã€ Red Hat Enterprise Linux を管ç†ãŠã‚ˆã³è¨å®šã™ã‚‹å®‰å®šã—ãŸè¨å®šã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ã‚¤ã‚¹ã‚’æä¾›ã™ã‚‹ Ansible ãƒãƒ¼ãƒ«ã€ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã€ãŠã‚ˆã³ Playbook ã®ã‚³ãƒ¬ã‚¯ã‚·ãƒ§ãƒ³ã§ã™ã€‚
Red Hat ã«ã¦é–‹ç™ºã•ã‚ŒãŸ RHEL System Roles を活用ã™ã‚‹ã“ã¨ã§ã€ã‚·ã‚¹ãƒ†ãƒ ã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹ã“ã¨ç„¡ãã€å¯¾è±¡ã‚·ã‚¹ãƒ†ãƒ ã®ãƒ¡ãƒ³ãƒ†ãƒŠãƒ³ã‚¹ã‚’実施ã™ã‚‹ã“ã¨ãŒå¯èƒ½ã§ã™ã€‚
2022å¹´10月ç¾åœ¨ã€ RHEL System Roles ã§ã¯ä»¥ä¸‹ã®ãƒ©ã‚¤ãƒ³ãƒŠãƒƒãƒ—ãŒã‚ã‚Šã€ãã®æ•°ã¯æ—¥ã€…増ãˆã¦ã„ã¾ã™ã€‚
å‚考:
Red Hat Enterprise Linux (RHEL) System Roles - Red Hat Customer Portal
- 一部 Tech preview ã®ã‚‚ã®ã‚„〠RHEL ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«ã‚ˆã£ã¦åˆ©ç”¨ã§ããªã„ã‚‚ã®ã‚‚ã‚ã‚‹ã®ã§ã€è©³ç´°ã¯ä¸Šè¨˜ URL ã‚’ã”確èªãã ã•ã„。
| ãƒãƒ¼ãƒ«å | 説明 |
|---|---|
| timesync | 時刻åŒæœŸè¨å®šç”¨ãƒãƒ¼ãƒ« |
| selinux | SELinuxæ“作用ãƒãƒ¼ãƒ« |
| network | Networkæ“作用ãƒãƒ¼ãƒ« |
| kdump | Kernel dumpsæ“作用ãƒãƒ¼ãƒ« |
| storage | Storageæ“作用ãƒãƒ¼ãƒ« |
| postfix | Postfix (mail transfer agent)æ“作用ãƒãƒ¼ãƒ« |
| sap_general_preconfigure | SAP 共通Noteé©ç”¨ãƒãƒ¼ãƒ« |
| sap_netweaver_preconfigure | SAP NetWeaver Noteé©ç”¨ãƒãƒ¼ãƒ« |
| sap_hana_preconfigure | SAP HANA Noteé©ç”¨ãƒãƒ¼ãƒ« |
| sap_hana_install | SAP HANA インストール用ãƒãƒ¼ãƒ« |
| kernel_settings | Kernel settings用ãƒãƒ¼ãƒ« |
| logging | Logging (rsyslog)æ“作用ãƒãƒ¼ãƒ« |
| metrics | Metrics (Performance Co-Pilot)æ“作用ãƒãƒ¼ãƒ« |
| nbde_client | Network bound disk encryption clientæ“作用ãƒãƒ¼ãƒ« |
| nbde_server | Network bound disk encryption serveræ“作用ãƒãƒ¼ãƒ« |
| certificate | Certificate issuance and renewalæ“作用ãƒãƒ¼ãƒ« |
| tlog | Terminal session recordingæ“作用ãƒãƒ¼ãƒ« |
| ssh | Secure Shell (SSH) clientæ“作用ãƒãƒ¼ãƒ« |
| sshd | Secure Shell (SSH) serveræ“作用ãƒãƒ¼ãƒ« |
| crypto_policies | System-wide cryptographic policiesæ“作用ãƒãƒ¼ãƒ« |
| ha_cluster | High availability clusteringæ“作用ãƒãƒ¼ãƒ« |
| vpn | Virtual private networksæ“作用ãƒãƒ¼ãƒ« |
| microsoft.sql.server | Microsoft SQL Serverè¨å®šç”¨ãƒãƒ¼ãƒ« |
| cockpit | Web consoleè¨å®šç”¨ãƒãƒ¼ãƒ« |
| firewall | Firewallè¨å®šç”¨ãƒãƒ¼ãƒ« |
システム管ç†è€…やインフラエンジニアã®æ–¹ãŒå®Ÿæ–½ã™ã‚‹ä½œæ¥ãŒãƒãƒ¼ãƒ«ã¨ã—ã¦æä¾›ã•ã‚Œã¦ã„ã¾ã™ã€‚
ã¾ãŸã€Microsoft 社㮠SQL Server ã‚„ã€SAP 社㮠S/4HANA å‘ã‘ã®ãƒãƒ¼ãƒ«ã‚‚ã„ãã¤ã‹ãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¦ã„ã¾ã™ã€‚
ã§ã¯ã€å®Ÿéš›ã« RHEL System Roles を使ã£ã¦ã¿ãŸã„ã¨æ€ã„ã¾ã™ã€‚
以下㮠3 ステップã§åˆ©ç”¨ãŒã§ãã¾ã™ã€‚
- Ansible Core 〠RHEL System Roles ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
- Role を呼ã³å‡ºã™ Playbook を作æˆ
- Playbook ã®å®Ÿè¡Œ
一ã¤ãšã¤ã€å®Ÿéš›ã®ã‚„り方をã”紹介ã—ã¾ã™ã€‚
* 今回ã¯RHEL9.0 ã§ä½œæ¥ã‚’実施ã—ã¦ã„ã¾ã™ãŒã€RHEL 7, 8, 9 ã§åŒã˜æ‰‹é †ã§æ“作ã§ãã¾ã™ã€‚
 OS ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«ã‚ˆã‚Šã€ Ansible Core ãŒå«ã¾ã‚Œã‚‹ãƒªãƒã‚¸ãƒˆãƒªãŒç•°ãªã‚‹å ´åˆãŒã‚ã‚Šã¾ã™ã®ã§ã€ãã®ç‚¹ã¯ã”注æ„ãã ã•ã„。
1. Ansible Core 〠RHEL System Roles ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
作æ¥å¯¾è±¡ã« Ansible Core 㨠RHEL System Roles をインストールã—ã¾ã™ã€‚
ã”å˜çŸ¥ã®ã‚ˆã†ã«ã€Ansible 㯠IT 自動化ツールã§ã™ã€‚
Ansible ã®æ´»ç”¨ã«ã‚ˆã‚Šã€ã‚·ã‚¹ãƒ†ãƒ ã®æ§‹æˆã€ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ã®å±•é–‹ã€ã‚ˆã‚Šé«˜åº¦ãª IT タスク (継続的ãªãƒ‡ãƒ—ãƒã‚¤ãƒ¡ãƒ³ãƒˆã€ãƒ€ã‚¦ãƒ³ã‚¿ã‚¤ãƒ ãªã—ã®ãƒãƒ¼ãƒªãƒ³ã‚°æ›´æ–°ãªã©) ã®ã‚ªãƒ¼ã‚±ã‚¹ãƒˆãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ãŒå¯èƒ½ã«ãªã‚Šã¾ã™ã€‚
ã‚‚ã—ã€å¯¾è±¡ã®ç’°å¢ƒãŒæ—¢ã« Ansible を利用ã—ãŸè‡ªå‹•åŒ–環境を構æˆã—ã¦ã„ã‚‹ã®ã§ã‚ã‚Œã°ã€æ—¢å˜ã®ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ãƒŽãƒ¼ãƒ‰ã‹ã‚‰ Playbook を実行ã™ã‚Œã°è‰¯ã„ã§ã—ょã†ã€‚
ã“ã“ã§ã¯ Ansible ã«ã‚ˆã‚‹è‡ªå‹•åŒ–環境ãŒæ§‹æˆã•ã‚Œã¦ã„ãªã„想定ã¨ã—ã€è‡ªãƒŽãƒ¼ãƒ‰ã« Ansible Core ã‚’å°Žå…¥ã—ã¦ã„ã¾ã™ã€‚
Ansible Core 㯠Ansible ã®ä¸»è¦ãªãƒ“ルディングブãƒãƒƒã‚¯ãŠã‚ˆã³ã‚¢ãƒ¼ã‚テクãƒãƒ£ãƒ¼ã§ã‚ã‚Šã€CLI ツールや Ansible プラグインãŒå«ã¾ã‚Œã¾ã™ã€‚
ãªãŠã€ RHEL ã®ã‚µãƒ–スクリプションをãŠæŒã¡ã§ã‚ã‚Œã°ã€ Ansible Automation Platform ã®ã‚µãƒ–スクリプションã¯è³¼å…¥ã—ã¦ã„ãªãã¦ã‚‚〠RHEL System Roles ã®ã‚µãƒãƒ¼ãƒˆã‚’å—ã‘ã‚‹ã“ã¨ãŒå¯èƒ½ã§ã™ã€‚
詳細ã¯ä»¥ä¸‹ã‚’ã”確èªãã ã•ã„。
Scope of support for the Ansible Core package included in the RHEL 9 and RHEL 8.6 and later AppStream repositories - Red Hat Customer Portal
RHEL System Roles ã¨ã€å¿…è¦ã¨ãªã‚‹ Ansible Core をインストールã—ã¾ã™ã€‚
# dnf install rhel-system-roles ansible-core
Ansible Core ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ãŒçµ‚ã‚ã‚‹ã¨ã€ansibleコマンドãŒåˆ©ç”¨å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚
# ansible --version ansible [core 2.12.2] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /bin/ansible python version = 3.9.10 (main, Feb 9 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True
ã¾ãŸã€RHEL System Roles ã¯ã€/usr/share/ansible/roles/以下ã«å±•é–‹ã•ã‚Œã¾ã™ã€‚
# ls /usr/share/ansible/roles | grep rhel-system-roles rhel-system-roles.certificate rhel-system-roles.cockpit rhel-system-roles.crypto_policies rhel-system-roles.firewall rhel-system-roles.ha_cluster rhel-system-roles.kdump rhel-system-roles.kernel_settings rhel-system-roles.logging rhel-system-roles.metrics rhel-system-roles.nbde_client rhel-system-roles.nbde_server rhel-system-roles.network rhel-system-roles.postfix rhel-system-roles.selinux rhel-system-roles.ssh rhel-system-roles.sshd rhel-system-roles.storage rhel-system-roles.timesync rhel-system-roles.tlog rhel-system-roles.vpn
- ドã‚ュメントã¨ã€å¹¾ã¤ã‹ã®ã‚µãƒ³ãƒ—ル Playbook ã¯ã€
/usr/share/doc/rhel-system-roles/以下ã«å±•é–‹ã•ã‚Œã¾ã™ã€‚ - SQL Server や〠S/4HANA ã®ã‚ˆã†ãªã‚µãƒ¼ãƒ‰ãƒ‘ーティーアプリケーション㮠Role ã¯ã€ãã‚Œãžã‚Œã€
ansible-collection-microsoft-sqlã€rhel-system-roles-sapã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ãŒå¿…è¦ã§ã™ã€‚
 (S/4HANA用ã®ã‚‚ã®ã¯ã€å°‚用ã®RHEL for SAP SolutionsサブスクリプションãŒå¿…è¦ã¨ãªã‚Šã¾ã™ã€‚)
2. Role を呼ã³å‡ºã™ Playbook を作æˆ
æ•°ã‚ã‚‹ RHEL System Roles ã®ä¸ã§ã€ä»Šå›žã¯ storage Role を利用ã—ã¦ã®ã€ãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ 拡張を実施ã—ã¦ã¿ã¾ã™ã€‚
例ã¨ã—ã¦ã€/dev/sdbã«/app/dataã‚’100GBã§ã€/app/logã‚’20GBã§ä½œæˆã™ã‚‹ã“ã¨ã«ã—ã¾ã™ã€‚
# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 100G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 99G 0 part ├─rhel-root 253:0 0 65.1G 0 lvm / ├─rhel-swap 253:1 0 2G 0 lvm [SWAP] └─rhel-home 253:2 0 31.8G 0 lvm /home sdb 8:16 0 200G 0 disk sr0 11:0 1 1024M 0 rom
実行ã™ã‚‹ Playbook を作æˆã—ã¾ã™ã€‚
ä¸èº«ã¯ä»¥ä¸‹ã§ã™ã€‚
実行対象ã¯localhostã€ã¾ãŸã€ Ansible 変数ã§ã€ä½œæˆå¯¾è±¡ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ サイズや Mount Point ã€ãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ フォーマットを指定ã—〠storage Role を呼ã³å‡ºã™ã‚ˆã†ã«ã—ã¾ã™ã€‚
# cat app-storage-prepare.yml
---
- hosts: localhost
vars:
storage_pools:
- name: app-area
disks:
- sdb
volumes:
- name: appdata
size: "100 GiB"
mount_point: "/app/data"
fs_type: xfs
state: present
- name: applog
size: "50 GiB"
mount_point: "/app/log"
fs_type: ext4
state: present
roles:
- rhel-system-roles.storage
3. Playbook ã®å®Ÿè¡Œ
準備ãŒå‡ºæ¥ãŸã‚‰Playbookを実行ã—ã¾ã™ã€‚
# ansible-playbook app-storage-prepare.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] **************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************
ok: [localhost]
TASK [rhel-system-roles.storage : Set version specific variables] *************************************************************
ok: [localhost]
TASK [rhel-system-roles.storage : define an empty list of pools to be used in testing] ****************************************
ok: [localhost]
TASK [rhel-system-roles.storage : define an empty list of volumes to be used in testing] **************************************
ok: [localhost]
TASK [rhel-system-roles.storage : include the appropriate provider tasks] *****************************************************
included: /usr/share/ansible/roles/rhel-system-roles.storage/tasks/main-blivet.yml for localhost
TASK [rhel-system-roles.storage : get a list of rpm packages installed on host machine] ***************************************
skipping: [localhost]
TASK [rhel-system-roles.storage : make sure blivet is available] **************************************************************
ok: [localhost]
TASK [rhel-system-roles.storage : show storage_pools] *************************************************************************
ok: [localhost] => {
"storage_pools": [
{
"disks": [
"sdb"
],
"name": "app-area",
"volumes": [
{
"fs_type": "xfs",
"mount_point": "/app/data",
"name": "appdata",
"size": "100 GiB",
"state": "present"
},
{
"fs_type": "ext4",
"mount_point": "/app/log",
"name": "applog",
"size": "50 GiB",
"state": "present"
}
]
}
]
}
TASK [rhel-system-roles.storage : show storage_volumes] ***********************************************************************
ok: [localhost] => {
"storage_volumes": "VARIABLE IS NOT DEFINED!"
}
・
・
・
(ä¸ç•¥)
・
・
・
TASK [rhel-system-roles.storage : set up new/current mounts] ******************************************************************
changed: [localhost] => (item={'src': '/dev/mapper/app--area-appdata', 'path': '/app/data', 'fstype': 'xfs', 'opts': 'defaults', 'dump': 0, 'passno': 0, 'state': 'mounted'})
changed: [localhost] => (item={'src': '/dev/mapper/app--area-applog', 'path': '/app/log', 'fstype': 'ext4', 'opts': 'defaults', 'dump': 0, 'passno': 0, 'state': 'mounted'})
TASK [rhel-system-roles.storage : tell systemd to refresh its view of /etc/fstab] *********************************************
ok: [localhost]
TASK [rhel-system-roles.storage : retrieve facts for the /etc/crypttab file] **************************************************
ok: [localhost]
TASK [rhel-system-roles.storage : manage /etc/crypttab to account for changes we just made] ***********************************
TASK [rhel-system-roles.storage : Update facts] *******************************************************************************
ok: [localhost]
PLAY RECAP ********************************************************************************************************************
localhost : ok=22 changed=2 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
程ãªãã—ã¦å‡¦ç†ãŒçµ‚ã‚ã‚Šã¾ã™ã€‚ 実際ã«ç¢ºèªã‚’ã—ã¦ã¿ã‚‹ã¨ã€
# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 100G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 99G 0 part ├─rhel-root 253:0 0 65.1G 0 lvm / ├─rhel-swap 253:1 0 2G 0 lvm [SWAP] └─rhel-home 253:2 0 31.8G 0 lvm /home sdb 8:16 0 200G 0 disk ├─app--area-applog 253:3 0 50G 0 lvm /app/log └─app--area-appdata 253:4 0 100G 0 lvm /app/data sr0 11:0 1 1024M 0 rom
# grep app--area /etc/fstab /dev/mapper/app--area-appdata /app/data xfs defaults 0 0 /dev/mapper/app--area-applog /app/log ext4 defaults 0 0
ボリュームã®ä½œæˆã ã‘ã§ãªã〠Mount Point ディレクトリã®ä½œæˆã‚„〠fstab ã®æ›´æ–°ã¾ã§å‡¦ç†ã•ã‚Œã‚‹ã“ã¨ãŒã‚ã‹ã‚Šã¾ã™ã€‚
作æˆã—㟠Playbook ã¯å†åˆ©ç”¨ãŒå¯èƒ½ã§ã™ã®ã§ã€ä¼¼ãŸã‚ˆã†ãªè¨å®šãŒå¿…è¦ãªã‚·ã‚¹ãƒ†ãƒ ã§ã¯åŒã˜ Playbook を利用ã—ã¦è¨å®šã‚’è¡Œã†ã“ã¨ã§ã€äººæ‰‹ã§è¡Œã†äº‹ã«èµ·å› ã—ã¦ç™ºç”Ÿã™ã‚‹ã€è¨å®šãƒŸã‚¹ã‚„作æ¥æ¼ã‚Œãªã©ãŒæŠ‘制ã§ãã‚‹ã®ãŒã”ç†è§£ã„ãŸã ã‘ãŸã¨æ€ã„ã¾ã™ã€‚
ã¾ãŸã€å¯¾è±¡ã‚·ã‚¹ãƒ†ãƒ ãŒå¤šã‘ã‚Œã°å¤šã„ã»ã©ã€è‡ªå‹•åŒ–ã®åŠ¹æžœã¯çµ¶å¤§ãªåŠ¹æžœã‚’発æ®ã—ã¾ã™ã€‚
RHEL System Roles ã‚’ Ansible ã§æ´»ç”¨ã™ã‚‹ã“ã¨ã«ã‚ˆã‚Šä½œæ¥ã®é‡åŠ´åƒåŒ–を抑æ¢ã—ã€ä½œæ¥å“質ã®å®‰å®šåŒ–ãŒå®Ÿç¾ã§ãã¾ã™ã€‚
