๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
DevOps/IaC ์ž๋™ํ™”

[Vagrant] SSH ๊ณต๊ฐœํ‚ค ์ž๋™ ๋“ฑ๋ก ํ™˜๊ฒฝ ์„ค์ •, Ansible ์‚ฌ์šฉ

by ๐ŸŒปโ™š 2020. 12. 20.

์ด๋ฒˆ ๊ธ€์—์„œ๋Š” Vagrant๋ฅผ ์ด์šฉํ•ด์„œ ansible์„ ์‚ฌ์šฉํ•  ๋•Œ ์ธ์ฆ ์ž‘์—…์„ ์ƒ๋žตํ•˜๊ธฐ ์œ„ํ•ด SSH ๊ณต๊ฐœํ‚ค๋ฅผ ์ž๋™์œผ๋กœ ๋“ฑ๋กํ•˜๋Š” ์‹ค์Šต๋‹ˆ๋‹ค. Vagrant๋ฅผ ์ด์šฉํ•ด์„œ provisioningํ•  ๋•Œ Ansible์„ ๋งŽ์ด ์‚ฌ์šฉํ•˜๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ๋ฐ ansible์€ ssh๋ฅผ ํ†ตํ•ด ํ†ต์‹ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ansible hosts์— ์ง์ ‘ ๊ณ„์ •์ •๋ณด๋ฅผ ๋“ฑ๋กํ•ด์ฃผ์ง€ ์•Š๋Š” ์ด์ƒ -k ์˜ต์…˜์„ ์ด์šฉํ•ด์•ผํ•˜์ง€๋งŒ...  vagrant์—์„œ ํ™˜๊ฒฝ ์„ธํŒ…์„ ์œ„ํ•ด -k ์˜ต์…˜์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†๋‹ค. ์ด๋Ÿฐ ๋ถˆํŽธํ•จ์„ ํ•ด์†Œํ•˜๊ธฐ ์œ„ํ•ด ๊ณต๊ฐœํ‚ค๋ฅผ vagrant์—์„œ ์ง์ ‘ ๋“ฑ๋กํ•˜์—ฌ provisioning์„ ํŽธํ•˜๊ฒŒ ์ง„ํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

 

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant_API_Version = "2"
Vagrant.configure(Vagrant_API_Version) do |config|
  #node01
  config.vm.define:"node01" do |cfg|
    config.vm.box = "centos/7"
    cfg.vbguest.auto_update = false
    cfg.vm.provider:virtualbox do |vb|
      vb.name="CentOS-node01"
      vb.customize ["modifyvm", :id, "--cpus",1]
      vb.customize ["modifyvm", :id, "--memory",1024]
    end
    cfg.vm.host_name="node01"
    cfg.vm.synced_folder ".", "/vagrant", disabled:true
    cfg.vm.network "public_network", ip: "222.111.71.101"
    cfg.vm.network "forwarded_port", guest: 22, host:29211, auto_correct: false, id: "ssh"
    cfg.vm.provision "shell", path: "all_settings.sh"
  end

  #node02
  config.vm.define:"node02" do |cfg|
    config.vm.box = "centos/7"
    cfg.vbguest.auto_update = false
    cfg.vm.provider:virtualbox do |vb|
      vb.name="CentOS-node02"
      vb.customize ["modifyvm", :id, "--cpus",1]
      vb.customize ["modifyvm", :id, "--memory",1024]
    end
    cfg.vm.host_name="node02"
    cfg.vm.synced_folder ".", "/vagrant", disabled:true
    cfg.vm.network "public_network", ip: "222.111.71.102"
    cfg.vm.network "forwarded_port", guest: 22, host:29212, auto_correct: false, id: "ssh"
    cfg.vm.provision "shell", path: "all_settings.sh"
  end

  #master
  config.vm.define:"master" do |cfg|
    config.vm.box = "centos/7"
    cfg.vbguest.auto_update = false
    cfg.vm.provider:virtualbox do |vb|
      vb.name="CentOS-master"
      vb.customize ["modifyvm", :id, "--cpus",1]
      vb.customize ["modifyvm", :id, "--memory",2048]
    end
    cfg.vm.host_name="master"
    cfg.vm.synced_folder ".", "/vagrant", disabled:true
    cfg.vm.network "public_network", ip: "222.111.71.100"
    cfg.vm.network "forwarded_port", guest: 22, host:29210, auto_correct: false, id: "ssh"
    cfg.vm.provision "shell", path: "all_settings.sh"
    cfg.vm.provision "shell", path: "master_init.sh"
    cfg.vm.provision "shell", path: "nodes_ssh_key_settings.sh"
    cfg.vm.provision "file", source: "puppet_settings.yml", destination: "puppet_settings.yml"
    cfg.vm.provision "shell", inline: "ansible-playbook puppet_settings.yml"
  end
end

master์—์„œ node๋กœ ํ†ต์‹ ํ•˜๋Š” ์ž‘์—…์ด ์žˆ๊ธฐ ๋•Œ๋ฌธ์— node๋“ค์„ ๋จผ์„œ provisioningํ•ด์ค๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ ๋ชจ๋“  ์„œ๋ฒ„์— all_settings.sh๋ฅผ ์‹คํ–‰ํ•ด์ฃผ๊ณ  master์—๋Š” ๋”ฐ๋กœ ์‹คํ–‰ํ•ด์ฃผ๋Š” ์ž‘์—…์ด ๋” ์ถ”๊ฐ€๋ฉ๋‹ˆ๋‹ค.

 

 

all_settings.sh

#! /usr/bin/env bash

# install useful packages
yum install net-tools vim -y

# edit hosts
cat << EOF > /etc/hosts
127.0.0.1 localhost
::1 localhost
222.111.71.100 master
222.111.71.101 node01
222.111.71.102 node02
EOF

# ssh password Authentication no to yes
sed -i -e 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
systemctl restart sshd

ROOT_HOME=/root
VAGRANT_HOME=/home/vagrant

# create .ssh for root
mkdir -p $ROOT_HOME/.ssh
chmod 700 $ROOT_HOME/.ssh
touch $ROOT_HOME/.ssh/authorized_keys
chmod 644 $ROOT_HOME/.ssh/authorized_keys

hostname์„ ์ด์šฉํ•˜๊ธฐ ์œ„ํ•ด hostsํŒŒ์ผ์„ ๋ชจ๋‘ ์ˆ˜์ •ํ•ด์ฃผ๊ณ  ssh๋ฅผ Password๋กœ ์ ‘๊ทผ๊ฐ€๋Šฅํ•˜๋„๋ก sshd_configํŒŒ์ผ์„ ์ˆ˜์ •ํ•ด์ค๋‹ˆ๋‹ค. ์ดํ›„ ๊ณต๊ฐœํ‚ค๋ฅผ ๋“ฑ๋กํ•˜๊ธฐ ์œ„ํ•ด ๊ฒฝ๋กœ๋ฅผ ์ƒ์„ฑํ•ด์ฃผ๊ณ  ๊ถŒํ•œ์„ ๋ถ€์—ฌํ•ฉ๋‹ˆ๋‹ค.

 

 

master_init.sh

#! /usr/bin/env bash

# install useful packages
yum install epel-release -y
yum install ansible -y
yum install sshpass -y

# edit ansible hosts
cat << EOF > /etc/ansible/hosts
[local]
master
[nodes]
node01
node02
EOF

master host์— ansible์„ ์„ค์น˜ํ•˜๊ณ  password๋ฅผ ํ†ตํ•ด ์ ‘์†ํ•˜๊ธฐ ์œ„ํ•ด sshpass๋ฅผ ์„ค์น˜ํ•˜๊ณ  ansible hostsํŒŒ์ผ์„ ์ˆ˜์ •ํ•ด์ค๋‹ˆ๋‹ค.

 

nodes_ssh_key_settings.sh

#! /usr/bin/env bash

ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa <<< n

declare -a server_hosts=("node01" "node02")
declare -a server_users=("vagrant")
key_val=$(cat /root/.ssh/id_rsa.pub)
for host in "${server_hosts[@]}"; do
	sshpass -p vagrant ssh -o StrictHostKeyChecking=no root@$host "grep '$key_val' /root/.ssh/authorized_keys || echo '$key_val' >> /root/.ssh/authorized_keys"
	for user in "${server_users[@]}"; do
		sshpass -p vagrant ssh -o StrictHostKeyChecking=no $user@$host "grep '$key_val' /home/$user/.ssh/authorized_keys || echo '$key_val' >> /home/$user/.ssh/authorized_keys"
	done
done

master node์˜ root ๊ณ„์ •์—์„œ nodes์˜ root์™€ vagrant ๊ณ„์ •์— ๋น„๋ฐ€๋ฒˆํ˜ธ ์—†์ด ์ ‘์†๊ฐ€๋Šฅํ•˜๋„๋ก ์„ค์ •์ž…๋‹ˆ๋‹ค. ansible playbook์œผ๋กœ ์„ค์ •ํ–ˆ์œผ๋ฉด ์ข‹์•˜๊ฒ ์ง€๋งŒ... ssh ํ†ต์‹ ์ด ๊ฐ€๋Šฅํ•˜์ง€ ์•Š์•„ command๋กœ ์‹คํ–‰ํ•˜๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๊ณผ์ •์—์„œ ๋ฉฑ๋“ฑ์„ฑ์„ ์ง€ํ‚ค์ง€ ๋ชปํ•˜์—ฌ provisioning์„ 1๋ฒˆ ์ด์ƒ ์ง„ํ–‰๋˜๋ฉด ์ด๋ฏธ ์ƒ์„ฑ๋œ ๊ณต๊ฐœํ‚ค๋ฅผ ๋‹ค์‹œ ์ƒ์„ฑํ•˜๊ฑฐ๋‚˜ authorized_keys์— ๋‘๋ฒˆ ๋“ฑ๋ก๋˜๋Š” ๊ฒฝ์šฐ๋ฅผ ๋ฐฉ์ง€ํ•˜๊ธฐ ์œ„ํ•œ ์ฒ˜๋ฆฌ๋ฅผ ํ–ˆ์Šต๋‹ˆ๋‹ค.

 

for๋ฌธ์„ ์ด์šฉํ–ˆ๊ณ  server_hosts์™€ server_users๋ฅผ ์ถ”๊ฐ€ํ•ด์„œ ๊ฐ๊ฐ ์„œ๋ฒ„์™€ ์‚ฌ์šฉ์ž๋ฅผ ๋Š˜๋ฆด ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋น„๋ฐ€๋ฒˆํ˜ธ๋Š” ์ดˆ๊ธฐ์— ๋ชจ๋‘ vagrant๋กœ ์„ค์ •๋œ ๊ฒƒ์ด ์ „์ œ ์กฐ๊ฑด์ž…๋‹ˆ๋‹ค.

 

 

-master node์—์„œ ๊ณต๊ฐœํ‚ค๋ฅผ scp๋กœ ์ „์†กํ•ฉ๋‹ˆ๋‹ค.

-ssh-keygen์€ overwriteํ•˜๋Š” ๊ฒฝ์šฐ๋ฅผ ๋ฐฉ์ง€ํ•˜๊ธฐ ์œ„ํ•ด promt์˜ ๋‹ต์„ n์œผ๋กœ ์„ค์ •ํ•ฉ๋‹ˆ๋‹ค.

-authorized-keys์— ๋“ฑ๋ก ์ค‘๋ณต์„ ๋ฐฉ์ง€ํ•˜๊ธฐ ์œ„ํ•ด grep ๋ช…๋ น์–ด๋กœ ํ•ด๋‹น key๊ฐ€ ์žˆ๋Š”์ง€ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค.

-๋งˆ์ง€๋ง‰์œผ๋กœ ์ „์†กํ•œ ๊ณต๊ฐœํ‚คํŒŒ์ผ์„ ์‚ญ์ œํ•ฉ๋‹ˆ๋‹ค.

๋Œ“๊ธ€