{"id":21174961,"url":"https://github.com/yuji-k64613/ansible_tutorial_ja","last_synced_at":"2025-09-09T04:37:18.665Z","repository":{"id":248659407,"uuid":"829297365","full_name":"yuji-k64613/ansible_tutorial_ja","owner":"yuji-k64613","description":null,"archived":false,"fork":false,"pushed_at":"2024-07-28T07:46:41.000Z","size":37,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-14T18:23:25.544Z","etag":null,"topics":["ansible","best-practices","tutorial"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yuji-k64613.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-16T06:43:04.000Z","updated_at":"2024-08-16T06:37:45.000Z","dependencies_parsed_at":"2024-07-28T08:51:57.157Z","dependency_job_id":"a28e315b-7e3e-4d00-919c-f03fa9f0fc06","html_url":"https://github.com/yuji-k64613/ansible_tutorial_ja","commit_stats":null,"previous_names":["yuji-k64613/ansible_tutorial"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/yuji-k64613/ansible_tutorial_ja","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuji-k64613%2Fansible_tutorial_ja","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuji-k64613%2Fansible_tutorial_ja/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuji-k64613%2Fansible_tutorial_ja/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuji-k64613%2Fansible_tutorial_ja/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yuji-k64613","download_url":"https://codeload.github.com/yuji-k64613/ansible_tutorial_ja/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuji-k64613%2Fansible_tutorial_ja/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274244093,"owners_count":25248156,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","best-practices","tutorial"],"created_at":"2024-11-20T16:56:45.426Z","updated_at":"2025-09-09T04:37:18.633Z","avatar_url":"https://github.com/yuji-k64613.png","language":"Shell","readme":"# Ansible Tutorial\n\n## ■はじめに\n\nAnsibleのBest Practicesを元にAnsibleを習得するためのチュートリアルです。\n\nBest Practices: https://docs.ansible.com/ansible/2.8/user_guide/playbooks_best_practices.html#directory-layout\n\n## ■Ansibleのセットアップ(参考)\n```\ncd /vagrant\ngit clone https://github.com/ansible/ansible.git\ncd /vagrant/ansible\nsudo yum upgrade -y\nsudo yum install -y python3.12\nsudo yum install -y python3.12-pip\nsudo yum install -y sshpass\npython3.12 -m pip install --user -r ./requirements.txt\nsource ./hacking/env-setup\nsudo ln -s /usr/bin/python3 /usr/bin/python\nansible --version\n```\n- 「env-setup」を使用したセットアップは、本来のAnsibleセットアップ方法とは異なる(Ansible自体の開発用)。\n- sshpassは、今回説明するsshの認証方式を使用する場合に必要となる。\n\n## ■最小構成でのPlaybookの実行\n\n### Playbook作成\n```\ncat \u003c\u003c \"EOF\" \u003e playbook.yml\n---\n- name: hello, world\n hosts:\n - 127.0.0.1\n vars:\n ansible_user: root\n ansible_password: vagrant\n\n tasks:\n - name: test\n debug:\n msg: \"hello, world\"\nEOF\n```\n\n### 実行\n```\nansible-playbook playbook.yml\n```\n\n### 実行結果\n```\nPLAY [hello, world] ************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [127.0.0.1]\n\nTASK [test] ********************************************************************\nok: [127.0.0.1] =\u003e {\n \"msg\": \"hello, world\"\n}\n\nPLAY RECAP *********************************************************************\n127.0.0.1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n```\n- 以降では、Best Practicesを元にAnsibleの使い方を説明してく。\n\n## ■初期ディレクトリ作成\n```\nmkdir group_vars\nmkdir host_vars\nmkdir roles\nmkdir roles/common\nmkdir roles/common/tasks\nmkdir roles/web\nmkdir roles/web/tasks\nmkdir roles/web/handlers\nmkdir roles/web/templates\nmkdir roles/web/files\nmkdir roles/web/vars\nmkdir roles/web/meta\n```\n\n## ■hello, world\n\n### commonロールのPlaybook作成\n```\ncat \u003c\u003c EOF \u003e roles/common/tasks/main.yml\n---\n- name: test\n debug:\n msg: \"hello, common\"\nEOF\n```\n- debugモジュールを使用した例。\n- 「name:」には任意の文字列を指定可能(一意である必要も無い)。\n- main.yml内に複数のモジュールを記述することが可能。\n- 「---」は、ymlファイルであることを明示的に表している。\n\n### webロールのPlaybook作成\n```\ncat \u003c\u003c EOF \u003e roles/web/tasks/main.yml\n---\n- name: test\n debug:\n msg: \"hello, world\"\nEOF\n```\n\n### webservers.yml作成\n```\ncat \u003c\u003c EOF \u003e webservers.yml\n---\n- hosts: webservers\n roles:\n - common\n - web\nEOF\n```\n- webserversに属しているホストに対してrolesを実行する(webserversに属しているホストはinventory.ymlに定義する(後述))。\n- common、webロールを実行するように定義する。\n\n### site.yml作成\n```\ncat \u003c\u003c EOF \u003e site.yml\n---\n- import_playbook: webservers.yml\nEOF\n```\n- site.ymlが最上位のPlaybookとなる\n\n### inventory作成\n```\ncat \u003c\u003c EOF \u003e inventory.yml\n---\nall:\n vars:\n ansible_user: root\n children:\n webservers:\n hosts:\n host1:\n ansible_host: 127.0.0.1\n ansible_password: vagrant\nEOF\n```\n- ホスト、ユーザ、パスワードを定義する。\n- webserversに属しているホストを定義する。\n- hosts:配下に複数のホストを定義可能。\n- ユーザは、ホストにかかわらずrootを使用する。\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test] **************************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, world\"\n}\n\nPLAY RECAP *********************************************************************\nhost1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n```\n\n## ■パスワードの暗号化\n\n### パスワードを変数に定義\n```\ncat \u003c\u003c EOF \u003e host_vars/host1.yml\n---\npassword: vagrant\nEOF\n```\n- host_varsディレクト配下の変数は、対応するホスト(host1)のみで有効となる。\n\n### inventoryの修正(パスワードを外部定義)\n```\ncat \u003c\u003c EOF \u003e inventory.yml\n---\nall:\n vars:\n ansible_user: root\n children:\n webservers:\n hosts:\n host1:\n ansible_host: 127.0.0.1\n ansible_password: \"{{password}}\"\nEOF\n```\n\n### パスワードの暗号化\n```\nansible-vault encrypt host_vars/host1.yml\n```\nパスワードを聞かれるので、「password」と入力する。\n\n### 暗号化後の変数確認\n```\ncat host_vars/host1.yml\n```\n```\n$ANSIBLE_VAULT;1.1;AES256\n35353963666439303563653630313238326262373961626663613731613836616133366332663735\n3738626237656539393661343239386631336432353636340a323039393330323162663631323635\n63386536303336373339353234353062643532653263333834333431323065303864636262646361\n3562306430663235350a373762376564626137343164663139306337326338363765346430313337\n34386264363235343132633932643465626564306163396434343561323234333035\n```\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\nERROR! Attempting to decrypt but no vault secrets found\n```\n暗号化を復号するための情報(password)が無いためエラーとなる\n\n### 実行\n```\necho password \u003e password.txt\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n- password.txtファイルは、リポジトリに登録しないこと(復号化できてしまうため)。\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] ok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test] **************************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, world\"\n}\n\nPLAY RECAP *********************************************************************\nhost1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n```\n\n## ■変数の利用(グローバル)\n\n### 変数を定義\n```\ncat \u003c\u003c EOF \u003e group_vars/all.yml\n---\nvar1: TEST1\nEOF\n```\n- group_vars/all.ymlの変数は、全てのファイルから参照可能。\n\n### Playbookの修正\n```\ncat \u003c\u003c EOF \u003e roles/web/tasks/main.yml\n---\n- name: test\n debug:\n msg: \"hello, world, {{ var1 }}\"\nEOF\n```\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test] **************************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, world, TEST1\"\n}\n\nPLAY RECAP *********************************************************************\nhost1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \n```\n\n## ■繰り返し\n\n### 変数を定義\n```\ncat \u003c\u003c EOF \u003e roles/web/vars/main.yml\n---\nvar2: TEST2\nlist:\n - FOO\n - BAR\nEOF\n```\n- roles/web/vars/main.ymlの変数は、ロールwebのみから参照可能。\n\n### Playbookの修正\n```\ncat \u003c\u003c EOF \u003e roles/web/tasks/main.yml\n---\n- name: test\n debug:\n msg: \"hello, world, {{ var1 }}, {{ var2 }}, {{ item }}\"\n loop: \"{{ list }}\"\nEOF\n```\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test] **************************************************************\nok: [host1] =\u003e (item=FOO) =\u003e {\n \"msg\": \"hello, world, TEST1, TEST2, FOO\"\n}\nok: [host1] =\u003e (item=BAR) =\u003e {\n \"msg\": \"hello, world, TEST1, TEST2, BAR\"\n}\n\nPLAY RECAP *********************************************************************\nhost1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n```\n\n## ■handler\n\n### handlerを作成\n```\ncat \u003c\u003c EOF \u003e roles/web/handlers/main.yml\n---\n- name: condition_handler\n debug:\n msg: \"listned condition_handler\"\n listen:\n - condition_handler\nEOF\n```\n\n### Playbookの修正\n```\ncat \u003c\u003c EOF \u003e roles/web/tasks/main.yml\n---\n- name: test handlers1\n command: /bin/true\n notify:\n - condition_handler\n- name: test handlers2\n command: /bin/true\n notify:\n - condition_handler\nEOF\n```\n- condition_handlerが一度でもnotifyされると、対応するhandlerが一度実行される。\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test handlers1] ****************************************************\nchanged: [host1]\n\nTASK [web : test handlers2] ****************************************************\nchanged: [host1]\n\nRUNNING HANDLER [web : condition_handler] **************************************\nok: [host1] =\u003e {\n \"msg\": \"listned condition_handler\"\n}\n\nPLAY RECAP *********************************************************************\nhost1 : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \n```\n\n## ■template\n\n### templateファイル作成\n```\ncat \u003c\u003c EOF \u003e roles/web/templates/sample.conf.j2\nfoo={{ var1 }}\nEOF\n```\n\n### Playbookの修正\n```\ncat \u003c\u003c EOF \u003e roles/web/tasks/main.yml\n---\n- name: test template\n template:\n src: sample.conf.j2\n dest: /tmp/sample.conf\nEOF\n```\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test template] *****************************************************\nok: [host1]\n\nPLAY RECAP *********************************************************************\nhost1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \n```\n\n### 出力ファイル確認\n```\ncat /tmp/sample.conf\n```\n```\nfoo=TEST1\n```\n\n## ■scriptモジュール\n\n### シェルスクリプト作成\n```\ncat \u003c\u003c \"EOF\" \u003e roles/web/files/sample.sh\n#!/bin/bash\ncp -p \"$1\" \"$1.bak\"\nEOF\n```\n\n### Playbookの修正\n```\ncat \u003c\u003c EOF \u003e roles/web/tasks/main.yml\n---\n- name: test template\n template:\n src: sample.conf.j2\n dest: /tmp/sample.conf\n- name: test script\n script: sample.sh sample.conf\n args:\n chdir: /tmp\nEOF\n```\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test template] *****************************************************\nok: [host1]\n\nTASK [web : test script] *******************************************************\nchanged: [host1]\n\nPLAY RECAP *********************************************************************\nhost1 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n```\n\n### スクリプト実行結果確認\n```\nls -ltr /tmp\n```\n```\n-rw-r--r-- 1 root root 10 Jul 16 06:28 sample.conf.bak\n-rw-r--r-- 1 root root 10 Jul 16 06:28 sample.conf\n```\n\n## ■meta\n\n### 依存関係を定義\n```\ncat \u003c\u003c EOF \u003e roles/web/meta/main.yml\n---\ndependencies:\n - common\nEOF\n```\n- webロールは、commonに依存するように定義する。\n\n### webservers.ymlの修正\n```\ncat \u003c\u003c EOF \u003e webservers.yml\n---\n- hosts: webservers\n roles:\n - web\nEOF\n```\n- commonの設定を削除する(依存関係があるため不要)。\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\"\n}\n\nTASK [web : test template] *****************************************************\nok: [host1]\n\nTASK [web : test script] *******************************************************\nchanged: [host1]\n\nPLAY RECAP *********************************************************************\nhost1 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \n```\n\n## ■完成\n\n### Playbookの修正\n```\ncat \u003c\u003c EOF \u003e roles/web/tasks/main.yml\n---\n- name: test\n debug:\n msg: \"hello, world: {{ var1 }}, {{ var2 }}, {{ item }}\"\n loop: \"{{ list }}\"\n- name: test register\n command: /bin/false\n register: result\n ignore_errors: True\n- name: test condition\n debug:\n msg: \"condition is false: {{ result.failed }}\"\n when: result.failed == True\n- name: test handlers1\n command: /bin/true\n notify:\n - condition_handler\n- name: test handlers2\n command: /bin/true\n notify:\n - condition_handler\n- name: test template\n template:\n src: sample.conf.j2\n dest: /tmp/sample.conf\n- name: test script\n script: sample.sh sample.conf\n args:\n chdir: /tmp\nEOF\n```\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nPLAY [webservers] **************************************************************\n\nTASK [Gathering Facts] *********************************************************\n[WARNING]: Platform linux on host host1 is using the discovered Python \ninterpreter at /usr/bin/python3.12, but future installation of another Python \ninterpreter could change the meaning of that path. See \nhttps://docs.ansible.com/ansible-\ncore/devel/reference_appendices/interpreter_discovery.html for more\ninformation.\nok: [host1]\n\nTASK [common : test] ***********************************************************\nok: [host1] =\u003e {\n \"msg\": \"hello, common\" \n} \n\nTASK [web : test] **************************************************************\nok: [host1] =\u003e (item=FOO) =\u003e {\n \"msg\": \"hello, world: TEST1, TEST2, FOO\"\n} \nok: [host1] =\u003e (item=BAR) =\u003e {\n \"msg\": \"hello, world: TEST1, TEST2, BAR\"\n} \nTASK [web : test register] *****************************************************\nfatal: [host1]: FAILED! =\u003e {\"changed\": true, \"cmd\": [\"/bin/false\"], \"delta\": \"0:\n00:00.009958\", \"end\": \"2024-07-16 03:27:28.242141\", \"msg\": \"non-zero return code\n\", \"rc\": 1, \"start\": \"2024-07-16 03:27:28.232183\", \"stderr\": \"\", \"stderr_lines\":\n [], \"stdout\": \"\", \"stdout_lines\": []}\n...ignoring\n\nTASK [web : test condition] ****************************************************\nok: [host1] =\u003e {\n \"msg\": \"condition is false: True\"\n}\n\nTASK [web : test handlers1] ****************************************************\nchanged: [host1]\n\nTASK [web : test handlers2] ****************************************************\nchanged: [host1]\n\nTASK [web : test template] *****************************************************\nok: [host1]\n\nTASK [web : test script] *******************************************************\nchanged: [host1]\n\nRUNNING HANDLER [web : condition_handler] **************************************\nok: [host1] =\u003e {\n \"msg\": \"listned condition_handler\"\n}\n\nPLAY RECAP *********************************************************************\nhost1 : ok=10 changed=4 unreachable=0 failed=0 s\nkipped=0 rescued=0 ignored=1\n```\n\n## ■ログ取得\n\n### ログ作成\n```\ntouch /tmp/sample1_$(date +'%Y%m%d').log\ntouch /tmp/sample2_$(date +'%Y%m%d').log\n```\n\n### Playbookの修正\n```\ncat \u003c\u003c \"EOF\" \u003e roles/web/tasks/main.yml\n---\n- name: test ls\n shell: ls -1 /tmp/sample*.log\n register: result\n- name: test fetch\n fetch:\n src: \"{{ item }}\"\n dest: evidence/{{ role_name }}/{{ inventory_hostname }}/\n flat: yes\n with_items: \"{{ result.stdout_lines }}\"\nEOF\n```\n\n### 実行\n```\nansible-playbook -i inventory.yml site.yml --vault-password-file password.txt\n```\n\n### 実行結果\n```\nfind evidence -type f\n```\n\n```\nevidence/web/host1/sample1_20240728.log\nevidence/web/host1/sample2_20240728.log\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyuji-k64613%2Fansible_tutorial_ja","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyuji-k64613%2Fansible_tutorial_ja","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyuji-k64613%2Fansible_tutorial_ja/lists"}