«   2025/03   »
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
Recent Posts
03-06 10:11
관리 메뉴

변군이글루 블로그(Development)

[리눅스] ansible apt 모듈(apt module) 본문


[리눅스] ansible apt 모듈(apt module)

변군Dev 2022. 10. 19. 13:35

ansible apt 모듈(apt module)

인벤토리(inventory) 확인

ansible-inventory -i inventory/mycluster/inventory.ini --graph
$ ansible-inventory -i inventory/mycluster/inventory.ini --graph 
  |  |--kube-control1
  |  |--@calico_rr:
  |  |--@kube_control_plane:
  |  |  |--kube-control1
  |  |--@kube_node:
  |  |  |--kube-node1
  |  |  |--kube-node2
  |  |  |--kube-node3
  |  |  |--kube-node4
  |  |  |--kube-node5
  |  |  |--kube-node6
ansible -i inventory/mycluster/inventory.ini all --list-hosts
$ ansible -i inventory/mycluster/inventory.ini all --list-hosts        
  hosts (7):

ping check

ansible -i inventory/mycluster/inventory.ini kube_node -m ping
$ ansible -i inventory/mycluster/inventory.ini kube_node -m ping 
[WARNING]: Skipping callback plugin 'ara_default', unable to load
kube-node3 | SUCCESS => {
    "changed": false,
    "ping": "pong"
kube-node2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
kube-node1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
kube-node5 | SUCCESS => {
    "changed": false,
    "ping": "pong"
kube-node4 | SUCCESS => {
    "changed": false,
    "ping": "pong"
kube-node6 | SUCCESS => {
    "changed": false,
    "ping": "pong"

apt 모듈 사용 방법 확인

ansible-doc apt
$ ansible-doc apt

> ANSIBLE.BUILTIN.APT    (/usr/local/lib/python3.10/dist-packages/ansible/modules/apt.py)

        Manages `apt' packages (such as for Debian/Ubuntu).

ADDED IN: version 0.0.2 of ansible-core

OPTIONS (= is mandatory):

- allow_downgrade
        Corresponds to the `--allow-downgrades' option for `apt'.
        This option enables the named package and version to replace an already installed higher version of that package.
        Note that setting `allow_downgrade=true' can make this module behave in a non-idempotent way.
        (The task could end up with a set of packages that does not match the complete list of specified packages to install).
        (Aliases: allow-downgrade, allow_downgrades, allow-downgrades)[Default: no]
        type: bool
        added in: version 2.12 of ansible-core

- allow_unauthenticated
        Ignore if packages cannot be authenticated. This is useful for bootstrapping environments that manage their own apt-key
        `allow_unauthenticated' is only supported with state: `install'/`present'
        (Aliases: allow-unauthenticated)[Default: no]
        type: bool
        added in: version 2.1 of ansible-core

- autoclean
        If `yes', cleans the local repository of retrieved package files that can no longer be downloaded.
        [Default: no]
        type: bool
        added in: version 2.4 of ansible-core

- autoremove
        If `yes', remove unused dependency packages for all module states except `build-dep'. It can also be used as the only
        Previous to version 2.4, autoclean was also an alias for autoremove, now it is its own separate command. See
        documentation for further information.
        [Default: no]
        type: bool
        added in: version 2.1 of ansible-core

- cache_valid_time
        Update the apt cache if it is older than the `cache_valid_time'. This option is set in seconds.
        As of Ansible 2.4, if explicitly set, this sets `update_cache=yes'.
        [Default: 0]
        type: int

- deb
        Path to a .deb package on the remote machine.
        If :// in the path, ansible will attempt to download deb before installing. (Version added 2.1)
        Requires the `xz-utils' package to extract the control file of the deb package to install.
        [Default: (null)]
        type: path
        added in: version 1.6 of ansible-core

- default_release
        Corresponds to the `-t' option for `apt' and sets pin priorities
        (Aliases: default-release)[Default: (null)]
        type: str

- dpkg_options
        Add dpkg options to apt command. Defaults to '-o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold"'
        Options should be supplied as comma separated list
        [Default: force-confdef,force-confold]
        type: str

- fail_on_autoremove
        Corresponds to the `--no-remove' option for `apt'.
        If `yes', it is ensured that no packages will be removed or the task will fail.
        `fail_on_autoremove' is only supported with state except `absent'
        [Default: no]
        type: bool
        added in: version 2.11 of ansible-core

- force
        Corresponds to the `--force-yes' to `apt-get' and implies `allow_unauthenticated: yes' and `allow_downgrade: yes'
        This option will disable checking both the packages' signatures and the certificates of the web servers they are
        downloaded from.
        This option *is not* the equivalent of passing the `-f' flag to `apt-get' on the command line
        **This is a destructive operation with the potential to destroy your system, and it should almost never be used.**
        Please also see `man apt-get' for more information.
        [Default: no]
        type: bool

- force_apt_get
        Force usage of apt-get instead of aptitude
        [Default: no]
        type: bool
        added in: version 2.4 of ansible-core

- install_recommends
        Corresponds to the `--no-install-recommends' option for `apt'. `yes' installs recommended packages.  `no' does not
        install recommended packages. By default, Ansible will use the same defaults as the operating system. Suggested packages
        are never installed.
        (Aliases: install-recommends)[Default: (null)]
        type: bool

- lock_timeout
        How many seconds will this action wait to acquire a lock on the apt db.
        Sometimes there is a transitory lock and this will retry at least until timeout is hit.
        [Default: 60]
        type: int
        added in: version 2.12 of ansible-core

- name
        A list of package names, like `foo', or package specifier with version, like `foo=1.0'. Name wildcards (fnmatch) like
        `apt*' and version wildcards like `foo=1.0*' are also supported.
        (Aliases: package, pkg)[Default: (null)]
        elements: str
        type: list

- only_upgrade
        Only upgrade a package if it is already installed.
        [Default: no]
        type: bool
        added in: version 2.1 of ansible-core

- policy_rc_d
        Force the exit code of /usr/sbin/policy-rc.d.
        For example, if `policy_rc_d=101' the installed package will not trigger a service start.
        If /usr/sbin/policy-rc.d already exists, it is backed up and restored after the package installation.
        If `null', the /usr/sbin/policy-rc.d isn't created/changed.
        [Default: None]
        type: int
        added in: version 2.8 of ansible-core

- purge
        Will force purging of configuration files if the module state is set to `absent'.
        [Default: no]
        type: bool

- state
        Indicates the desired package state. `latest' ensures that the latest version is installed. `build-dep' ensures the
        package build dependencies are installed. `fixed' attempt to correct a system with broken dependencies in place.
        (Choices: absent, build-dep, latest, present, fixed)[Default: present]
        type: str

- update_cache
        Run the equivalent of `apt-get update' before the operation. Can be run as part of the package installation or as a
        separate step.
        Default is not to update the cache.
        (Aliases: update-cache)[Default: (null)]
        type: bool

- update_cache_retries
        Amount of retries if the cache update fails. Also see `update_cache_retry_max_delay'.
        [Default: 5]
        type: int
        added in: version 2.10 of ansible-core

- update_cache_retry_max_delay
        Use an exponential backoff delay for each retry (see `update_cache_retries') up to this max delay in seconds.
        [Default: 12]
        type: int
        added in: version 2.10 of ansible-core

- upgrade
        If yes or safe, performs an aptitude safe-upgrade.
        If full, performs an aptitude full-upgrade.
        If dist, performs an apt-get dist-upgrade.
        Note: This does not upgrade a specific package, use state=latest for that.
        Note: Since 2.4, apt-get is used as a fall-back if aptitude is not present.
        (Choices: dist, full, no, safe, yes)[Default: no]
        type: str
        added in: version 1.1 of ansible-core


          description: Can run in check_mode and return changed status prediction withought
            modifying target
          support: full
          description: Will return details on what has changed (or possibly needs changing
            in check_mode), when in diff mode
          support: full
          description: Target OS/families that can be operated against
          platforms: debian
          support: N/A

      * Three of the upgrade modes (`full', `safe' and its alias `yes') required `aptitude' up to 2.3, since 2.4 `apt-get'
        is used as a fall-back.
      * In most cases, packages installed with apt will start newly installed services by default. Most distributions have
        mechanisms to avoid this. For example when installing Postgresql-9.5 in Debian 9, creating an excutable shell
        script (/usr/sbin/policy-rc.d) that throws a return code of 101 will stop Postgresql 9.5 starting up after
        install. Remove the file or remove its execute permission afterwards.
      * The apt-get commandline supports implicit regex matches here but we do not because it can let typos through easier
        (If you typo `foo' as `fo' apt-get would install packages that have "fo" in their name with a warning and a prompt
        for the user. Since we don't have warnings and prompts before installing we disallow this.Use an explicit fnmatch
        pattern if you want wildcarding)
      * When used with a `loop:' each package will be processed individually, it is much more efficient to pass the list
        directly to the `name' option.

REQUIREMENTS:  python-apt (python 2), python3-apt (python 3), aptitude (before 2.4)

AUTHOR: Matthew Williams (@mgwilliams)


- name: Install apache httpd  (state=present is optional)
    name: apache2
    state: present

- name: Update repositories cache and install "foo" package
    name: foo
    update_cache: yes

- name: Remove "foo" package
    name: foo
    state: absent

- name: Install the package "foo"
    name: foo

- name: Install a list of packages
    - foo
    - foo-tools

- name: Install the version '1.00' of package "foo"
    name: foo=1.00

- name: Update the repository cache and update package "nginx" to latest version using default release squeeze-backport
    name: nginx
    state: latest
    default_release: squeeze-backports
    update_cache: yes

- name: Install the version '1.18.0' of package "nginx" and allow potential downgrades
    name: nginx=1.18.0
    state: present
    allow_downgrade: yes

- name: Install zfsutils-linux with ensuring conflicted packages (e.g. zfs-fuse) will not be removed.
    name: zfsutils-linux
    state: latest
    fail_on_autoremove: yes

- name: Install latest version of "openjdk-6-jdk" ignoring "install-recommends"
    name: openjdk-6-jdk
    state: latest
    install_recommends: no

- name: Update all packages to their latest version
    name: "*"
    state: latest

- name: Upgrade the OS (apt-get dist-upgrade)
    upgrade: dist

- name: Run the equivalent of "apt-get update" as a separate step
    update_cache: yes

- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
    update_cache: yes
    cache_valid_time: 3600

- name: Pass options to dpkg on run
    upgrade: dist
    update_cache: yes
    dpkg_options: 'force-confold,force-confdef'

- name: Install a .deb package
    deb: /tmp/mypackage.deb

- name: Install the build dependencies for package "foo"
    pkg: foo
    state: build-dep

- name: Install a .deb package from the internet
    deb: https://example.com/python-ppq_0.1-1_all.deb

- name: Remove useless packages from the cache
    autoclean: yes

- name: Remove dependencies that are no longer required
    autoremove: yes

- cache_update_time
        time of the last cache update (0 if unknown)

        returned: success, in some cases
        sample: 1425828348000
        type: int

- cache_updated
        if the cache was updated or not

        returned: success, in some cases
        sample: true
        type: bool

- stderr
        error output from apt

        returned: success, when needed
        sample: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the
        'ServerName' directive globally to ...
        type: str

- stdout
        output from apt

        returned: success, when needed
        sample: Reading package lists... Building dependency tree... Reading state information... The following extra packages will be
        installed: apache2-bin ...
        type: str

ansible apt 모듈을 사용하여 nfs-common 패키지 설치

ansible -i inventory/mycluster/inventory.ini kube_node -m apt -a 'name=nfs-common state=present update_cache=yes' --become