우분투 24.04 wsl에서 ansible azure 설정 및 etc
wsl -l
wsl 명령어로 ubuntu24.04로 로그인 한다.
azure 디렉토리를 만들어 이 디렉토리에서 작업
oyj@oyj:~$mkdir azure; cd azure
oyj@oyj:~/azure$ curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
.......
oyj@oyj:~/azure$ az login
oyj@oyj:~/azure$ az login
A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
gio: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A36899&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile&state=QESeihBfOoWCXtdv&code_challenge=SoyVM5_joI6lKow9cVI4mXrjYTcqbBUT0R6eT7SQ2xI&code_challenge_method=S256&nonce=026247fc5af74f4e9cac070b3df756ef6fdc04534047a466db3d787dd2dc444e&client_info=1&claims=%7B%22access_token%22%3A+%7B%22xms_cc%22%3A+%7B%22values%22%3A+%5B%22CP1%22%5D%7D%7D%7D&prompt=select_account: Operation not supporte
<브라우저에서 위 url을 복사해열고 로그인 한다. >
oyj@oyj:~/azure$ az login
A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
gio: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A36899&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile&state=QESeihBfOoWCXtdv&code_challenge=SoyVM5_joI6lKow9cVI4mXrjYTcqbBUT0R6eT7SQ2xI&code_challenge_method=S256&nonce=026247fc5af74f4e9cac070b3df756ef6fdc04534047a466db3d787dd2dc444e&client_info=1&claims=%7B%22access_token%22%3A+%7B%22xms_cc%22%3A+%7B%22values%22%3A+%5B%22CP1%22%5D%7D%7D%7D&prompt=select_account: Operation not supported
Retrieving tenants and subscriptions for the selection...
[Tenant and subscription selection]
No Subscription name Subscription ID Tenant
----- -------------------- ------------------------------------ -------------
[1] * Azure subscription 1 aa17af3a-aeb2-4c68-801d-595100662a20 기본 디렉터리
The default is marked with an *; the default tenant is '기본 디렉터리' and subscription is 'Azure subscription 1' (aa17af3a-aeb2-4c68-801d-595100662a20).
Select a subscription and tenant (Type a number or Enter for no changes):1
[Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default.
oyj@oyj:~/azure$ az group list
[
{
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/NetworkWatcherRG",
"location": "koreacentral",
"managedBy": null,
"name": "NetworkWatcherRG",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
},
{
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/ansiazurerg",
"location": "koreacentral",
"managedBy": null,
"name": "ansiazurerg",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}
]
#python3에서 가상환경으로 ansible 및 azure 세팅하기.(기존 ansible과 다른 가상환명)
oyj@oyj:~/azure$ dpkg -l | grep python3 | grep -i venv
ii python3.12-venv 3.12.3-1ubuntu0.1 amd64 Interactive high-level object-oriented language (pyvenv binary, version 3.12)
위 package python3.12-venv 가 없으면 sudo apt install python3.12-venv 로 설치한다.
#이미 설치함.
oyj@oyj:~/azure$ sudo apt install python3.12-venv
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
python3.12-venv is already the newest version (3.12.3-1ubuntu0.1).
0 upgraded, 0 newly installed, 0 to remove and 85 not upgraded.
#가상환경 생성. venv-azure라는 가상환경 생성.
oyj@oyj:~/azure$ python3 -m venv venv-azure
oyj@oyj:~/azure$ ls -l venv-azure/
total 16
drwxr-xr-x 2 oyj oyj 4096 Aug 26 14:50 bin
drwxr-xr-x 3 oyj oyj 4096 Aug 26 14:50 include
drwxr-xr-x 3 oyj oyj 4096 Aug 26 14:50 lib
lrwxrwxrwx 1 oyj oyj 3 Aug 26 14:50 lib64 -> lib
-rw-r--r-- 1 oyj oyj 165 Aug 26 14:50 pyvenv.cfg
가상환경 activate
oyj@oyj:~/azure$ source venv-azure/bin/activate
(venv-azure) oyj@oyj:~/azure$
ansible을 pip python package manager 로 생성한다.
(venv-azure) oyj@oyj:~/azure$ which pip
/home/oyj/azure/venv-azure/bin/pip
(venv-azure) oyj@oyj:~/azure$ pip list
Package Version
------- -------
pip 24.0
(venv-azure) oyj@oyj:~/azure$ pip install ansible
(venv-azure) oyj@oyj:~/azure$ ansible --version
ansible [core 2.17.3]
config file = None
configured module search path = ['/home/oyj/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/oyj/azure/venv-azure/lib/python3.12/site-packages/ansible
ansible collection location = /home/oyj/.ansible/collections:/usr/share/ansible/collections
executable location = /home/oyj/azure/venv-azure/bin/ansible
python version = 3.12.3 (main, Jul 31 2024, 17:43:48) [GCC 13.2.0] (/home/oyj/azure/venv-azure/bin/python3)
jinja version = 3.1.4
libyaml = True
* azure 관련 module 설치.
(venv-azure) oyj@oyj:~/azure$ ansible-galaxy collection install azure.azcollection --force
(venv-azure) oyj@oyj:~/azure$ which ansible-galaxy
/home/oyj/azure/venv-azure/bin/ansible-galaxy
(venv-azure) oyj@oyj:~/azure$ ansible-galaxy collection install azure.azcollection --force
Starting galaxy collection install process
Process install dependency map
(venv-azure) oyj@oyj:~/azure$ ansible-galaxy collection install azure.azcollection --force
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/azure-azcollection-2.6.0.tar.gz to /home/oyj/.ansible/tmp/ansible-local-2068ettik2t3/tmpf40w_5m7/azure-azcollection-2.6.0-n2lj4ti1
Installing 'azure.azcollection:2.6.0' to '/home/oyj/.ansible/collections/ansible_collections/azure/azcollection'
azure.azcollection:2.6.0 was installed successfully
#ansible azure 관련 모듈 모두 설치.
(venv-azure) oyj@oyj:~/azure$ pip install -r ~/.ansible/collections/ansible_collections/azure/azcollection/requirements.txt
#이제 실제 ansible로 infra 구성이 되는지 체크합니다.
#ansible group create ..한국의 az login의 주인 계정에 tst-group을 만듭니다.(koreacentral지역)
(venv-azure) oyj@oyj:~/azure$ cat grp_crt.yaml
(venv-azure) oyj@oyj:~/azure$ cat grp_crt.yaml
---
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: Creating resource group
azure_rm_resourcegroup:
name: "tst-group"
location: "koreacentral"
register: res
- debug:
msg: "{{ res }}"
- name: check resource group
shell: |
az group list | grep -i tst-group
register: res
- debug:
msg: "{{ res }}"
(venv-azure) oyj@oyj:~/azure$ ansible-playbook grp_crt.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'
PLAY [localhost] *******************************************************************************************************
TASK [Creating resource group] *****************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to load CLI profile No module named 'distutils'."}
PLAY RECAP *************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
#위와 같은 경우 에러는 setuptools 가 설치 미비로 인한 경우이다.
(venv-azure) oyj@oyj:~/azure$ pip install setuptools
Collecting setuptools
Using cached setuptools-73.0.1-py3-none-any.whl.metadata (6.6 kB)
Using cached setuptools-73.0.1-py3-none-any.whl (2.3 MB)
Installing collected packages: setuptools
Successfully installed setuptools-73.0.1
#정상적인 실행 장면.
(venv-azure) oyj@oyj:~/azure$ ansible-playbook grp_crt.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'
PLAY [localhost] *******************************************************************************************************
TASK [Creating resource group] *****************************************************************************************
ok: [localhost]
TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
"msg": {
"changed": false,
"contains_resources": false,
"failed": false,
"state": {
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group",
"location": "koreacentral",
"name": "tst-group",
"provisioning_state": "Succeeded",
"tags": {}
}
}
}
TASK [check resource group] ********************************************************************************************
changed: [localhost]
TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
"msg": {
"changed": true,
"cmd": "az group list | grep -i tst-group\n",
"delta": "0:00:00.519344",
"end": "2024-08-26 16:30:48.621502",
"failed": false,
"msg": "",
"rc": 0,
"start": "2024-08-26 16:30:48.102158",
"stderr": "",
"stderr_lines": [],
"stdout": " \"id\": \"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group\",\n \"name\": \"tst-group\",",
"stdout_lines": [
" \"id\": \"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group\",",
" \"name\": \"tst-group\","
]
}
}
PLAY RECAP *************************************************************************************************************
localhost : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(venv-azure) oyj@oyj:~/azure$
#azure포탈에서 보기.
common.yaml
oyj@oyj:~/azure$ cat common.yaml
- name: Create RG
azure_rm_resourcegroup:
name: "{{ RG }}"
location: "{{ LC }}"
state: "{{ ST }}"
register: rg
- debug:
var: rg
#Create virtual network
- name: Create virtual nw
azure_rm_virtualnetwork:
resource_group: "{{ RG }}"
name: "{{ VN }}"
address_prefixes: "{{ AP }}"
state: "{{ ST }}"
register: vn
- debug:
var: vn
#Create subnet to provide vm
- name: Create subnet on vn(virtual network)
azure_rm_subnet:
resource_group: "{{ RG }}"
virtual_network_name: "{{ VN }}"
name: "{{ SBN }}"
address_prefix_cidr: "10.11.0.0/24"
state: "{{ ST }}"
register: sbn_regi
- debug:
var: sbn_regi
#Get public ip of my machine
#- name: Get my public IP
# community.general.ipify_facts:
- name: Crt security group to allow ssh
azure_rm_securitygroup:
name: ansi-tst-sg
resource_group: "{{ RG }}"
purge_rules: yes
rules:
- name: "AllowSSH"
protocol: Tcp
#source_address_prefix:
# - "{{ ipify_public_ip }}/32"
destination_port_range: 22
access: Allow
priority: 100
direction: Inbound
register: sg_crt
- debug:
var: sg_crt
* Two node 퍼블릭 아이피를 가진 2개의 노드 생성:
* 나머지 마스터 2,워커노드 7, 나머지 db 노드 2개 생성.
oyj@oyj:~/azure$ cat rest-crt-vam.yaml
---
- hosts: localhost
connection: local
gather_facts: no
#Create azure resocure group and virtual network
vars:
RG: "tst-group"
LC: "koreacentral"
ST: "present"
VN: "ansitstvn"
AP: "10.11.0.0/16"
SBN: "rke2subnet"
tasks:
- name: include common yaml tasks
include_tasks: common.yaml
- name: Crt vn interface card
azure_rm_networkinterface:
resource_group: "{{ RG }}"
#name: ansi-vn-nic
name: "{{ item.key }}"
virtual_network: "{{ VN }}"
subnet: "{{ SBN }}"
security_group: ansi-tst-sg
ip_configurations:
- name: ipconfig1
private_ip_address: "{{ item.value }}"
with_dict: { "mastere2-nic":"10.11.0.6","master3-nic":"10.11.0.7","worker1-nic":"10.11.0.8","worker2-nic":"10.11.0.9",
"worker3-nic":"10.11.0.10","worker4-nic":"10.11.0.11","worker5-nic":"10.11.0.12", "worker6-nic":"10.11.0.13","worker7-nic":"10.11.0.14","db1-nic":"10.11.0.15","db2-nic":"10.11.0.16" }
tags:
- inter
- name: Crt the virtual machine
azure_rm_virtualmachine:
#name: ansi-tst-vm
name: "{{ item.key }}"
resource_group: "{{ RG }}"
admin_username: rocky
#vm_size: Standard_DS1_v2
vm_size: Standard_B1s
managed_disk_type: Standard_LRS
os_disk_size_gb: 30
ssh_password_enabled: false
ssh_public_keys:
- path: /home/rocky/.ssh/authorized_keys
key_data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLV7IT+CrssLQ/gVB/yG5KmH69SJot6tnoob2AnvDs6jX2SghxoKgBDY+r5b3Sg+IEgvS2Z9+9pYW7wCXsDZzcG3iyXFUJRzoKIP7CzaWv/rApe6komMuU6f+jmX4mKEE3ZIOkzR62b6pJz1MlVXr5WY/24V+2ONa5jYbKFcAp1MO4k+gGUiRGs3XwTGHJgXh7YUv9x9cYlnQGzwJ9sKInE/KuUmr4y40x1q7ZDLqMssloi1z2AUlPSp4mzqTJ1VDylc+ch11Z/n5mEMo7Ft+8vrAh7pgWfUsIrj9FP5i9lgXSAK+s/Pv4sGtYCQdw6z3hUEzhqf/5KhS33pDrrt45 oyj@oyjaero
#network_interfaces: ansi-vn-nic
network_interfaces: "{{ item.value }}"
image:
publisher: erockyenterprisesoftwarefoundationinc1653071250513
offer: rockylinux
sku: free
version: latest
plan:
name: free
product: rockylinux
publisher: erockyenterprisesoftwarefoundationinc1653071250513
with_dict: { "master2":"mastere2-nic","master3":"master3-nic","worker1":"worker1-nic" ,"worker2":"worker2-nic" ,"worker3":"worker3-nic" ,"worker4":"worker4-nic"
,"worker5":"worker5-nic" ,"worker6":"worker6-nic" ,"worker7":"worker7-nic","db1":"db1-nic","db2":"db2-nic" }
tags:
- vm-crt
(venv-azure) oyj@oyj:~/azure$ ansible-playbook rest-crt-vam.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] *************************************************************************************************************************************************************************************************
TASK [include common yaml tasks] *********************************************************************************************************************************************************************************
included: /home/oyj/azure/common.yaml for localhost
TASK [Create RG] *************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [debug] *****************************************************************************************************************************************************************************************************
ok: [localhost] => {
"rg": {
"changed": false,
"contains_resources": true,
"failed": false,
"state": {
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group",
"location": "koreacentral",
"name": "tst-group",
"provisioning_state": "Succeeded",
"tags": {}
}
}
}
TASK [Create virtual nw] *****************************************************************************************************************************************************************************************
ok: [localhost]
TASK [debug] *****************************************************************************************************************************************************************************************************
ok: [localhost] => {
"vn": {
"changed": false,
"check_mode": false,
"failed": false,
"state": {
"address_prefixes": [
"10.11.0.0/16"
],
"etag": "W/\"d02ef33e-7892-4b64-913e-3d82a38f101a\"",
"flow_timeout_in_minutes": null,
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/virtualNetworks/ansitstvn",
"location": "koreacentral",
"name": "ansitstvn",
"provisioning_state": "Succeeded",
"tags": {},
"type": "Microsoft.Network/virtualNetworks"
}
}
}
TASK [Create subnet on vn(virtual network)] **********************************************************************************************************************************************************************
ok: [localhost]
TASK [debug] *****************************************************************************************************************************************************************************************************
ok: [localhost] => {
"sbn_regi": {
"changed": false,
"failed": false,
"state": {
"address_prefix": "10.11.0.0/24",
"address_prefixes": null,
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/virtualNetworks/ansitstvn/subnets/rke2subnet",
"name": "rke2subnet",
"nat_gateway": null,
"network_security_group": {},
"private_endpoint_network_policies": "Enabled",
"private_link_service_network_policies": "Enabled",
"provisioning_state": "Succeeded",
"route_table": {}
}
}
}
TASK [Crt security group to allow ssh] ***************************************************************************************************************************************************************************
ok: [localhost]
TASK [debug] *****************************************************************************************************************************************************************************************************
ok: [localhost] => {
"sg_crt": {
"changed": false,
"failed": false,
"state": {
"default_rules": [
{
"access": "Allow",
"description": "Allow inbound traffic from all VMs in VNET",
"destination_address_prefix": "VirtualNetwork",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"94365b41-0205-432a-9fa1-69fc88e31104\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg/defaultSecurityRules/AllowVnetInBound",
"name": "AllowVnetInBound",
"priority": 65000,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "VirtualNetwork",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Allow",
"description": "Allow inbound traffic from azure load balancer",
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"94365b41-0205-432a-9fa1-69fc88e31104\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg/defaultSecurityRules/AllowAzureLoadBalancerInBound",
"name": "AllowAzureLoadBalancerInBound",
"priority": 65001,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "AzureLoadBalancer",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Deny",
"description": "Deny all inbound traffic",
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"94365b41-0205-432a-9fa1-69fc88e31104\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg/defaultSecurityRules/DenyAllInBound",
"name": "DenyAllInBound",
"priority": 65500,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Allow",
"description": "Allow outbound traffic from all VMs to all VMs in VNET",
"destination_address_prefix": "VirtualNetwork",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Outbound",
"etag": "W/\"94365b41-0205-432a-9fa1-69fc88e31104\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg/defaultSecurityRules/AllowVnetOutBound",
"name": "AllowVnetOutBound",
"priority": 65000,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "VirtualNetwork",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Allow",
"description": "Allow outbound traffic from all VMs to Internet",
"destination_address_prefix": "Internet",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Outbound",
"etag": "W/\"94365b41-0205-432a-9fa1-69fc88e31104\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg/defaultSecurityRules/AllowInternetOutBound",
"name": "AllowInternetOutBound",
"priority": 65001,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Deny",
"description": "Deny all outbound traffic",
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Outbound",
"etag": "W/\"94365b41-0205-432a-9fa1-69fc88e31104\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg/defaultSecurityRules/DenyAllOutBound",
"name": "DenyAllOutBound",
"priority": 65500,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
}
],
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg",
"location": "koreacentral",
"name": "ansi-tst-sg",
"network_interfaces": [
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/cn-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/master1-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/mastere2-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/master3-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/worker1-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/worker2-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/worker3-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/worker4-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/worker5-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/worker6-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/worker7-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/db1-nic",
"/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkInterfaces/db2-nic"
],
"rules": [
{
"access": "Allow",
"description": null,
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "22",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"94365b41-0205-432a-9fa1-69fc88e31104\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/tst-group/providers/Microsoft.Network/networkSecurityGroups/ansi-tst-sg/securityRules/AllowSSH",
"name": "AllowSSH",
"priority": 100,
"protocol": "Tcp",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
}
],
"subnets": [],
"tags": {},
"type": "Microsoft.Network/networkSecurityGroups"
}
}
}
TASK [Crt vn interface card] *************************************************************************************************************************************************************************************
ok: [localhost] => (item={'key': 'mastere2-nic', 'value': '10.11.0.6'})
ok: [localhost] => (item={'key': 'master3-nic', 'value': '10.11.0.7'})
ok: [localhost] => (item={'key': 'worker1-nic', 'value': '10.11.0.8'})
ok: [localhost] => (item={'key': 'worker2-nic', 'value': '10.11.0.9'})
ok: [localhost] => (item={'key': 'worker3-nic', 'value': '10.11.0.10'})
ok: [localhost] => (item={'key': 'worker4-nic', 'value': '10.11.0.11'})
ok: [localhost] => (item={'key': 'worker5-nic', 'value': '10.11.0.12'})
ok: [localhost] => (item={'key': 'worker6-nic', 'value': '10.11.0.13'})
ok: [localhost] => (item={'key': 'worker7-nic', 'value': '10.11.0.14'})
ok: [localhost] => (item={'key': 'db1-nic', 'value': '10.11.0.15'})
ok: [localhost] => (item={'key': 'db2-nic', 'value': '10.11.0.16'})
TASK [Crt the virtual machine] ***********************************************************************************************************************************************************************************
changed: [localhost] => (item={'key': 'master2', 'value': 'mastere2-nic'})
changed: [localhost] => (item={'key': 'master3', 'value': 'master3-nic'})
changed: [localhost] => (item={'key': 'worker1', 'value': 'worker1-nic'})
changed: [localhost] => (item={'key': 'worker2', 'value': 'worker2-nic'})
changed: [localhost] => (item={'key': 'worker3', 'value': 'worker3-nic'})
changed: [localhost] => (item={'key': 'worker4', 'value': 'worker4-nic'})
changed: [localhost] => (item={'key': 'worker5', 'value': 'worker5-nic'})
failed: [localhost] (item={'key': 'worker6', 'value': 'worker6-nic'}) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "worker6", "value": "worker6-nic"}, "msg": "Error creating or updating virtual machine worker6 - (OperationNotAllowed) Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests\nCode: OperationNotAllowed\nMessage: Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests"}
failed: [localhost] (item={'key': 'worker7', 'value': 'worker7-nic'}) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "worker7", "value": "worker7-nic"}, "msg": "Error creating or updating virtual machine worker7 - (OperationNotAllowed) Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests\nCode: OperationNotAllowed\nMessage: Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests"}
failed: [localhost] (item={'key': 'db1', 'value': 'db1-nic'}) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "db1", "value": "db1-nic"}, "msg": "Error creating or updating virtual machine db1 - (OperationNotAllowed) Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests\nCode: OperationNotAllowed\nMessage: Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests"}
failed: [localhost] (item={'key': 'db2', 'value': 'db2-nic'}) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "db2", "value": "db2-nic"}, "msg": "Error creating or updating virtual machine db2 - (OperationNotAllowed) Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests\nCode: OperationNotAllowed\nMessage: Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 10, Additional Required: 1, (Minimum) New Limit Required: 11. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:11,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests"}
PLAY RECAP *******************************************************************************************************************************************************************************************************
localhost : ok=10 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
quota)
인스턴스 작업은
https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/compute-optimized/fsv2-series?tabs=sizebasic
azure quota 에서 vm수등 할당 필요. -
cn=Standard_F4s_v2
Standard_F8s_v2 인스턴스 타입으로 시작한다.
cn,master1,master2,master3= Standard_F8s_v2
worker1-7,db1,db2 =
| Standard_F16s_v2 |
| Standard_F16s_v2 |
cn노드는 수동으로 생성(nexus,gitea파일전송,ansible 파일전송)-공인 ip 할당.
master1.yaml - inbound 80,443 from educatio교육장 ip - 공인 ip 할당.
master23.yaml
worker-db.yaml
master1: playbook
---
- hosts: localhost
connection: local
gather_facts: no
#Create azure resocure group and virtual network
vars:
RG: "ansiazurerg"
LC: "koreacentral"
ST: "present"
VN: "ansitstvn"
AP: "10.11.0.0/16"
SBN: "rke2subnet"
tasks:
- name: Create RG
azure_rm_resourcegroup:
name: "{{ RG }}"
location: "{{ LC }}"
state: "{{ ST }}"
register: rg
- debug:
var: rg
#Create virtual network
- name: Create virtual nw
azure_rm_virtualnetwork:
resource_group: "{{ RG }}"
name: "{{ VN }}"
address_prefixes: "{{ AP }}"
state: "{{ ST }}"
register: vn
- debug:
var: vn
#Create subnet to provide vm
- name: Create subnet on vn(virtual network)
azure_rm_subnet:
resource_group: "{{ RG }}"
virtual_network_name: "{{ VN }}"
name: "{{ SBN }}"
address_prefix_cidr: "10.11.0.0/24"
state: "{{ ST }}"
register: sbn_regi
- debug:
var: sbn_regi
- name: Create public Ip addr
azure_rm_publicipaddress:
name: "{{ item }}"
resource_group: "{{ RG }}"
allocation_method: Static
loop:
- pubip2
register: pubip
tags:
- crt-pub
- debug:
var: pubip
tags:
- crt-pub
#Get public ip of my machine
#- name: Get my public IP
# community.general.ipify_facts:
- name: Crt security group to allow ssh
azure_rm_securitygroup:
name: ansi-tst-sg
resource_group: "{{ RG }}"
purge_rules: yes
rules:
- name: "AllowSSH"
protocol: Tcp
#source_address_prefix:
# - "{{ ipify_public_ip }}/32"
destination_port_range: 22
access: Allow
priority: 100
direction: Inbound
- name: Crt vn interface card
azure_rm_networkinterface:
resource_group: "{{ RG }}"
#name: ansi-vn-nic
name: "{{ item.key }}"
virtual_network: "{{ VN }}"
subnet: "{{ SBN }}"
security_group: ansi-tst-sg
ip_configurations:
- name: ipconfig1
public_ip_address_name: "{{ item.value[1] }}"
private_ip_address: "{{ item.value[0] }}"
with_dict: { "master1-nic":["10.11.0.5",pubip2] }
tags:
- inter
- name: Crt the virtual machine
azure_rm_virtualmachine:
#name: ansi-tst-vm
name: "{{ item.key }}"
resource_group: "{{ RG }}"
admin_username: rocky
#vm_size: Standard_DS1_v2
#vm_size: Standard_B1s
vm_size: Standard_F8s_v2
managed_disk_type: Standard_LRS
#os_disk_size_gb: 300
os_disk_size_gb: 100
ssh_password_enabled: false
ssh_public_keys:
- path: /home/rocky/.ssh/authorized_keys
key_data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLV7IT+CrssLQ/gVB/yG5KmH69SJot6tnoob2AnvDs6jX2SghxoKgBDY+r5b3Sg+IEgvS2Z9+9pYW7wCXsDZzcG3iyXFUJRzoKIP7CzaWv/rApe6komMuU6f+jmX4mKEE3ZIOkzR62b6pJz1MlVXr5WY/24V+2ONa5jYbKFcAp1MO4k+gGUiRGs3XwTGHJgXh7YUv9x9cYlnQGzwJ9sKInE/KuUmr4y40x1q7ZDLqMssloi1z2AUlPSp4mzqTJ1VDylc+ch11Z/n5mEMo7Ft+8vrAh7pgWfUsIrj9FP5i9lgXSAK+s/Pv4sGtYCQdw6z3hUEzhqf/5KhS33pDrrt45 oyj@oyjaero
#network_interfaces: ansi-vn-nic
network_interfaces: "{{ item.value }}"
#Use private image(
image:
publisher: erockyenterprisesoftwarefoundationinc1653071250513
offer: rockylinux
sku: free
version: latest
plan:
name: free
product: rockylinux
publisher: erockyenterprisesoftwarefoundationinc1653071250513
with_dict: {"master1":"master1-nic" }
tags:
- vm-crt
quota error 발생시 - 쿼터 증가 필요.
TASK [Crt vn interface card] ************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item={'key': 'master1-nic', 'value': ['10.11.0.5', 'pubip2']})
TASK [Crt the virtual machine] **********************************************************************************************************************************************************************************************************************
failed: [localhost] (item={'key': 'master1', 'value': 'master1-nic'}) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "master1", "value": "master1-nic"}, "msg": "Error creating or updating virtual machine master1 - (OperationNotAllowed) Operation could not be completed as it results in exceeding approved standardFSv2Family Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 4, Additional Required: 8, (Minimum) New Limit Required: 12. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22standardFSv2Family%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:12,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22standardFSv2Family%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/per-vm-quota-requests\nCode: OperationNotAllowed\nMessage: Operation could not be completed as it results in exceeding approved standardFSv2Family Cores quota. Additional details - Deployment Model: Resource Manager, Location: KoreaCentral, Current Limit: 10, Current Usage: 4, Additional Required: 8, (Minimum) New Limit Required: 12. Setup Alerts when Quota reaches threshold. Learn more at https://aka.ms/quotamonitoringalerting . Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/UsageAndQuota.ReactView/Parameters/%7B%22subscriptionId%22:%22aa17af3a-aeb2-4c68-801d-595100662a20%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22KoreaCentral%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22standardFSv2Family%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:12,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22standardFSv2Family%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/per-vm-quota-requests"}
쿼터 증가 신청하면 1시간내에 해주는 듯 함.
<three node test example>
No comments:
Post a Comment