mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
commit
597ae80d92
@ -1,238 +0,0 @@
|
||||
[#]: subject: (Using Ansible to configure Podman containers)
|
||||
[#]: via: (https://fedoramagazine.org/using-ansible-to-configure-podman-containers/)
|
||||
[#]: author: (mahesh1b https://fedoramagazine.org/author/mahesh1b/)
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (DCOLIVERSUN)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
|
||||
Using Ansible to configure Podman containers
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
Photo by [Marta Markes][2] on [Unsplash][3]
|
||||
|
||||
In complex IT infrastructure, there are many repetitive tasks. Running those tasks successfully is not easy. Human error always presents a chance of failure. With the help of Ansible, you can perform all of the tasks through a remote host executed with playbooks, and those playbooks can be reused as many times as you need. In this article you will learn how to install and configure Ansible on Fedora Linux, and how to use it to manage and configure Podman containers.
|
||||
|
||||
### Ansible
|
||||
|
||||
[Ansible][4] is an open source infrastructure automation tool sponsored by Red Hat. It can deal with all the problems that come with large infrastructure, like installing & updating packages, taking backups, ensuring specific services are always running, and much more. You do this with a playbook which is written in YAML. Ansible playbooks can be used again and again, making the system administrator’s job less complex. Playbooks also eliminate repetitive tasks and can be easily modified. But we have many automation tools like Ansible, why use it? Unlike some other configuration management tools, Ansible is agentless: you don’t have to install anything on managed nodes. For more information about Ansible, see the [Ansible tag in Fedora Magazine][5].
|
||||
|
||||
### Podman
|
||||
|
||||
[Podman][6] is an open source container engine which is used for developing, managing and running container images. But what is a container? Every time you create any new application and deploy it either on physical servers, cloud servers or virtual machines, the most common problems which you face are portability and compatibility. This is where containers come into the picture. Containers virtualize at the OS level so they only contain required libraries and app services. The benefits of containers include:
|
||||
|
||||
* portabilty
|
||||
* isolation
|
||||
* scaling
|
||||
* light weight
|
||||
* fast boot up
|
||||
* smaller disk and memory requirements
|
||||
|
||||
|
||||
|
||||
In a nutshell: when you build a container image for any application, all of the required dependencies are packed into the container. You can now run that container on any host OS without any portability and compatibility issues.
|
||||
|
||||
The key highlight of Podman is that it is daemon-less, and so does not require root privileges to run containers. You can build the container images with the help of a Dockerfile or pull images from Docker Hub, [fedoraproject.org][7] or [Quay][8]. For more information about Podman, see the [Podman tag in Fedora Magazine][9].
|
||||
|
||||
### Why configure Podman with Ansible?
|
||||
|
||||
Ansible provides a way to easily run repetitive tasks many times. It also has tons of modules for cloud providers like AWS, GCP, and Azure, for container management tools like Docker and Podman, and also for database management. Ansible also has a community ([Ansible Galaxy][10]) where you can find tons of Ansible roles created by contributors from all over the world. All of this makes Ansible a great tool for DevOps engineers and system administrators.
|
||||
|
||||
With DevOps, the development of applications is fast-paced. Developing applications which can run on any operating system is essential. This is where Podman comes into picture.
|
||||
|
||||
### Installing ansible
|
||||
|
||||
First, install Ansible:
|
||||
|
||||
```
|
||||
$ sudo dnf install ansible -y
|
||||
```
|
||||
|
||||
### Configuring ansible
|
||||
|
||||
Ansible needs ssh to work on managed nodes, so first generate a key pair.
|
||||
|
||||
```
|
||||
$ ssh-keygen
|
||||
```
|
||||
|
||||
Once the key is generated, copy the key to the managed node.
|
||||
|
||||
Enter yes and enter the password of the managed node. Now your managed host can be accessed remotely.
|
||||
|
||||
For ansible to access managed nodes, you need to store all hostnames or IP addresses in an inventory file. By default, this is in _~/etc/ansible/hosts_.
|
||||
|
||||
This is what the inventory file looks like. Here square brackets are used to assign groups to some specific nodes.
|
||||
|
||||
```
|
||||
[group1]
|
||||
green.example.com
|
||||
blue.example.com
|
||||
[group2]
|
||||
192.168.100.11
|
||||
192.168.100.10
|
||||
```
|
||||
|
||||
Check that all managed nodes can be reached.
|
||||
|
||||
```
|
||||
$ ansible all -m ping
|
||||
```
|
||||
|
||||
You should see output like this:
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ ansible all -m ping
|
||||
fedora.example.com I SUCCESS {
|
||||
"ansibe_facts": {
|
||||
"discovered_interpreter_python": "/usr/bin/python"
|
||||
},
|
||||
"changed": false,
|
||||
"ping": "pong"
|
||||
}
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
Now create your first playbook which will install Podman on managed nodes. First create a file with any name with .yml extension.
|
||||
|
||||
```
|
||||
$ vim name_of_playbook.yml
|
||||
```
|
||||
|
||||
The playbook should look something like below. The first field is name for the playbook. The hosts field is used to mention hostname or group name mentioned in inventory. _become: yes_ indicates escalating privileges and tasks contain all the tasks that are going to execute, here name specifies task name, yum is module to install packages, below that specify name of package in name field and state is for installing or removing the package.
|
||||
|
||||
—
|
||||
– name: First playbook
|
||||
hosts: fedora.example.com
|
||||
become: yes
|
||||
tasks:
|
||||
– name: Installing podman.
|
||||
yum:
|
||||
name: podman
|
||||
state: present
|
||||
---
|
||||
|
||||
Check for any syntax errors in the file.
|
||||
|
||||
```
|
||||
$ ansible-playbook filename --syntax-check
|
||||
```
|
||||
|
||||
Now run the playbook.
|
||||
|
||||
```
|
||||
$ ansible-playbook filename
|
||||
```
|
||||
|
||||
You should get output like this:
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ ansible-playbook podman_installation.yml
|
||||
PLAY [First playbook] *************************************************************************************************
|
||||
|
||||
TASK [Gathering Facts] *************************************************************************************************
|
||||
0k: [fedora.example.com]
|
||||
|
||||
TASK [Installing podman] ************************************************************************************************
|
||||
changed: [fedora.example.com]
|
||||
|
||||
PLAY RECAP *************************************************************************************************
|
||||
fedora.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
Now create a new playbook which pulls an image from Docker Hub. You’ll use the podman_image module to pull the httpd image of version 2-alpine from Docker Hub.
|
||||
|
||||
```
|
||||
---
|
||||
- name: Playbook for podman.
|
||||
hosts: fedora.example.com
|
||||
tasks:
|
||||
- name: Pull httpd:2-alpine image from dockerhub.
|
||||
podman_image:
|
||||
name: docker.io/httpd
|
||||
tag: 2-alpine
|
||||
```
|
||||
|
||||
Now check the pulled image.
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ podman images
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
docker.io/library/httpd 2-alpine fa848876521a 11 days ago 57 MB
|
||||
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
Create a new playbook to run the httpd image. See the [podman_container][11] module documentation for more information.
|
||||
|
||||
```
|
||||
---
|
||||
- name: Playbook for podman.
|
||||
hosts: fedora.example.com
|
||||
tasks:
|
||||
- name: Running httpd image.
|
||||
containers.podman.podman_container:
|
||||
name: my-first-container
|
||||
image: docker.io/httpd:2-alpine
|
||||
state: started
|
||||
```
|
||||
|
||||
Check that the container is running.
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ podman ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
45d966eOe207 docker.io/library/httpd:2-alpine httpd-foreground 13 seconds ago Up 13 seconds ago my-first-container
|
||||
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
Now to stop the running container, change the state value from _started_ to _absent_.
|
||||
|
||||
```
|
||||
- name: Stopping httpd container.
|
||||
containers.podman.podman_container:
|
||||
name: my-first-container
|
||||
image: docker.io/httpd:2-alpine
|
||||
state: absent
|
||||
```
|
||||
|
||||
When you run the _podman ps_ command, you won’t see any containers running.
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ podman ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
There are so many things that are possible with podman_container like recreating containers, restarting containers, checking whether container is running or not and many more. See the [documentation][11] for information on performing these actions.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/using-ansible-to-configure-podman-containers/
|
||||
|
||||
作者:[mahesh1b][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/mahesh1b/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/ansible-podman-1-816x345.jpg
|
||||
[2]: https://unsplash.com/@vnevremeni?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[3]: https://unsplash.com/s/photos/container?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[4]: https://www.ansible.com/
|
||||
[5]: https://fedoramagazine.org/tag/ansible/
|
||||
[6]: https://podman.io/
|
||||
[7]: https://registry.fedoraproject.org/
|
||||
[8]: https://www.projectquay.io/
|
||||
[9]: https://fedoramagazine.org/tag/podman/
|
||||
[10]: https://galaxy.ansible.com/
|
||||
[11]: https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html
|
@ -0,0 +1,239 @@
|
||||
[#]: subject: (Using Ansible to configure Podman containers)
|
||||
[#]: via: (https://fedoramagazine.org/using-ansible-to-configure-podman-containers/)
|
||||
[#]: author: (mahesh1b https://fedoramagazine.org/author/mahesh1b/)
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (DCOLIVERSUN)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
|
||||
使用 Ansible 配置 Podman 容器
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
来自 [Unsplash][3] 的 [Marta Markes][2] 拍摄的照片
|
||||
|
||||
在复杂的 IT 基础设施中,有许多重复性任务。这些任务运行成功是个不容易的事。运行失败大多数是人为错误引发。在 Ansible 帮助下,你可以通过远程主机来执行所有任务,这些远程主机是按照行动手册执行,行动手册可以根据需要重复使用多次。在本文中,你将学习如何在 Fedora Linux 上安装、配置 Ansible,以及如何使用它来管理、配置 Podman 容器。
|
||||
|
||||
### Ansible
|
||||
|
||||
[Ansible][4] 是由 Red Hat 赞助的开源基础设施自动化工具。它可以处理大型基础设施带来的所有问题,例如安装和更新软件包、备份、确保特定服务持续运行等等。你用 YAML 写的行动手册来做这些事。可移植的行动手册可以反复使用,使系统管理员的工作不那么复杂。行动手册减少了重复任务,并且可以轻松修改。但是我们有很多自动化工具,比如 Ansible,为什么要用它呢?与一些其他配置管理工具不同,Ansible 是无代理的:你不必在托管节点上安装任何东西。有关 Ansible 更多信息,请参考 [Fedora 杂志中的 Ansible][5]。
|
||||
|
||||
### Podman
|
||||
|
||||
[Podman][6] 是一个开源的容器引擎,用于开发、管理和运行容器映像。但什么是容器呢?每当你创建任何新应用程序并将其部署在物理服务器、云服务器或虚拟机上时,你面临的最常见问题是可移植性和兼容性。这就是容器出现的原因。容器在操作系统级别虚拟化,因此它们只包含所需的库和应用程序服务。容器的好处包括:
|
||||
|
||||
* 便携性
|
||||
* 隔离
|
||||
* 弹性
|
||||
* 轻量
|
||||
* 快启动
|
||||
* 更小磁盘和内存需求
|
||||
|
||||
|
||||
|
||||
简而言之:当你为任何应用程序构建容器镜像时,所有必需的依赖项都被打包到容器中。你现在可以在任何主机操作系统上运行该容器,没有任何可移植性和兼容性问题。
|
||||
|
||||
Podman 的关键亮点在于它没有守护程序,因此不需要 root 权限来运行容器。你可以借助 Dockerfile 构建容器镜像,或者从 Docker Hub、[fedoraproject.org][7] 或 [Quay][8] 上拉取镜像。有关 Podman 的更多信息,请参考 [Fedora 杂志中的 Podman][9]。
|
||||
|
||||
### 为什么用 Ansible 配置 Podman?
|
||||
|
||||
Ansible 提供了一种轻松多次运行重复任务的方法。它还为云提供商(如 AWS、GCP 和 Azure)、容器管理工具(如 Docker 和 Podman)与数据库管理提供了大量模块。Ansible 还有一个社区([Ansible Galaxy][10]),在这里你可以找到大量 Ansible <ruby>角色<rt>Roles</rt></ruby>,它们由来自世界各地的贡献者创建。因为这些,Ansible 成为 DevOps 工程师和系统管理员手中很好的工具。
|
||||
|
||||
借助 DevOps,应用程序的开发步伐很快。开发的应用不局限于任意操作系统,这点至关重要。这就是 Podman 出现的地方。
|
||||
|
||||
### 安装 Ansible
|
||||
|
||||
首先,安装 Ansible:
|
||||
|
||||
```
|
||||
$ sudo dnf install ansible -y
|
||||
```
|
||||
|
||||
### 配置 Ansible
|
||||
|
||||
Ansible 需要 ssh 在托管节点上工作,所以首先生成一个<ruby>密钥对<rt>Key Pair</rt></ruby>。
|
||||
|
||||
```
|
||||
$ ssh-keygen
|
||||
```
|
||||
|
||||
生成密钥后,将密钥复制到托管节点。
|
||||
|
||||
输入 yes,然后输入托管节点的密码。现在可以远程访问托管主机。
|
||||
|
||||
为了能够访问托管节点,你需要将所有主机名或 IP 地址存储在清单文件中。默认情况下,这是在 _~/etc/ansible/hosts_。
|
||||
|
||||
这是库存文件的样子。方括号用于将组分配给某些特定的节点。
|
||||
|
||||
```
|
||||
[group1]
|
||||
green.example.com
|
||||
blue.example.com
|
||||
[group2]
|
||||
192.168.100.11
|
||||
192.168.100.10
|
||||
```
|
||||
|
||||
检查所有托管节点是否可以链接。
|
||||
|
||||
```
|
||||
$ ansible all -m ping
|
||||
```
|
||||
|
||||
你可以看到如下输出:
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ ansible all -m ping
|
||||
fedora.example.com I SUCCESS {
|
||||
"ansibe_facts": {
|
||||
"discovered_interpreter_python": "/usr/bin/python"
|
||||
},
|
||||
"changed": false,
|
||||
"ping": "pong"
|
||||
}
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
现在创建你的第一个行动手册,它将在托管节点上安装 Podman。首先用 .yml 拓展名创建一个任意名称的文件。
|
||||
|
||||
```
|
||||
$ vim name_of_playbook.yml
|
||||
```
|
||||
|
||||
行动手册应该如下所示。第一个字段是行动手册的名称。主机字段用于提及清单中提到的主机名或组名。_变成 yes_ 表示升级权限以及任务已包含所有将要执行的任务,这里的 name 指定任务名称,yum 是安装软件包的模块,下面的 name 字段指定软件包名称,state 用于安装或删除软件包。
|
||||
|
||||
—
|
||||
– name: First playbook
|
||||
hosts: fedora.example.com
|
||||
become: yes
|
||||
tasks:
|
||||
– name: Installing podman.
|
||||
yum:
|
||||
name: podman
|
||||
state: present
|
||||
---
|
||||
|
||||
检查文件中是否有语法错误。
|
||||
|
||||
```
|
||||
$ ansible-playbook filename --syntax-check
|
||||
```
|
||||
|
||||
现在运行行动手册。
|
||||
|
||||
```
|
||||
$ ansible-playbook filename
|
||||
```
|
||||
|
||||
你可以看到如下输出:
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ ansible-playbook podman_installation.yml
|
||||
PLAY [First playbook] *************************************************************************************************
|
||||
|
||||
TASK [Gathering Facts] *************************************************************************************************
|
||||
0k: [fedora.example.com]
|
||||
|
||||
TASK [Installing podman] ************************************************************************************************
|
||||
changed: [fedora.example.com]
|
||||
|
||||
PLAY RECAP *************************************************************************************************
|
||||
fedora.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
现在创建一个新的行动手册,从 Docker Hub 中拉取一个镜像。你将使用 podman_image 模块从 Docker Hub 中提取版本号为 2-alpine 的 httpd 镜像。
|
||||
|
||||
```
|
||||
---
|
||||
- name: Playbook for podman.
|
||||
hosts: fedora.example.com
|
||||
tasks:
|
||||
- name: Pull httpd:2-alpine image from dockerhub.
|
||||
podman_image:
|
||||
name: docker.io/httpd
|
||||
tag: 2-alpine
|
||||
```
|
||||
|
||||
现在检查已拉取的镜像。
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ podman images
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
docker.io/library/httpd 2-alpine fa848876521a 11 days ago 57 MB
|
||||
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
创建一个新的行动手册来运行 httpd 镜像。更多信息请查看 [podman_container] 模块文档。
|
||||
|
||||
```
|
||||
---
|
||||
- name: Playbook for podman.
|
||||
hosts: fedora.example.com
|
||||
tasks:
|
||||
- name: Running httpd image.
|
||||
containers.podman.podman_container:
|
||||
name: my-first-container
|
||||
image: docker.io/httpd:2-alpine
|
||||
state: started
|
||||
```
|
||||
|
||||
检查容器运行状态。
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ podman ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
45d966eOe207 docker.io/library/httpd:2-alpine httpd-foreground 13 seconds ago Up 13 seconds ago my-first-container
|
||||
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
Now to stop the running container, change the state value from _started_ to _absent_.
|
||||
现在停止已运行的容器,改变状态,由 _started_ 变为 _absent_。
|
||||
|
||||
```
|
||||
- name: Stopping httpd container.
|
||||
containers.podman.podman_container:
|
||||
name: my-first-container
|
||||
image: docker.io/httpd:2-alpine
|
||||
state: absent
|
||||
```
|
||||
|
||||
当你执行 _podman ps_ 命令时,你看不到任何运行的容器。
|
||||
|
||||
```
|
||||
[mahesh@fedora new] $ podman ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
|
||||
[mahesh@fedora new] $
|
||||
```
|
||||
|
||||
podman_container 可以做很多事情,例如重新创建容器、重新启动容器、检查容器是否正在运行等等。有关执行这些操作的信息,请参考[文档][11]。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/using-ansible-to-configure-podman-containers/
|
||||
|
||||
作者:[mahesh1b][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[DCOLIVERSUN](https://github.com/DCOLIVERSUN)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/mahesh1b/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/ansible-podman-1-816x345.jpg
|
||||
[2]: https://unsplash.com/@vnevremeni?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[3]: https://unsplash.com/s/photos/container?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[4]: https://www.ansible.com/
|
||||
[5]: https://fedoramagazine.org/tag/ansible/
|
||||
[6]: https://podman.io/
|
||||
[7]: https://registry.fedoraproject.org/
|
||||
[8]: https://www.projectquay.io/
|
||||
[9]: https://fedoramagazine.org/tag/podman/
|
||||
[10]: https://galaxy.ansible.com/
|
||||
[11]: https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html
|
Loading…
Reference in New Issue
Block a user