$ mkdir -p ~/playbook/wordpress_sample/roles/wordpress/{tasks,templates} ~/playbook/wordpress_sample/{group_vars,host_vars}
作成したplaybookは以下となる。各処理のTIPSは後ほど、機能ごとに説明する。
(1)playbookとして作成するファイルおよびフォルダの構成
# tree playbook playbook └── wordpress_sample ├── group_vars │ └── wordpress-server ├── host_vars │ └── tissvv096 ├── hosts ├── roles │ └── wordpress │ ├── tasks │ │ └── main.yaml │ └── templates │ ├── my.cnf │ └── wordpress.conf └── site.yaml
(2)処理対象のhostsグループ、実行ユーザー、設定に使用するroleを定義するsite.yamlファイル
$ vi ~/playbook/wordpress_sample/site.yaml
--- - name: Install WordPress, MariaDB, Apache, and PHP hosts: wordpress-server remote_user: maintain sudo: yes roles: - wordpress
(3)Wordpress環境の構築を実際に行うmain.yamlファイル
$ vi ~/playbook/wordpress_sample/roles/wordpress/tasks/main.yaml
# # Playbook Name::wordpress_sample --- # update packages - name: yum update yum: name=* state=latest # install packages - name: install mariadb-server yum: name=mariadb-server state=installed - name: install yum: name=httpd state=installed - name: install php yum: name=php state=installed - name: install php-mysql yum: name=php-mysql state=installed - name: install MySQL-python yum: name=MySQL-python state=installed # start/enable mariadb - name: start and enable mariadb service: name=mariadb state=running enabled=yes # set mariadb root password - name: mariadb root password setting mysql_user: login_user='root' name='root' password='{{ mysql_root_pass }}' update_password=always # create /root/.my.cnf - name: check /root/.my.cnf exists stat: path=/root/.my.cnf register: flck - name: copy /root/.my.cnf template template: src=my.cnf dest=/root/.my.cnf mode='600' when: not flck.stat.exists - name: modify /root/.my.cnf replace: dest=/root/.my.cnf regexp='@mysql_root_pass@' replace='{{ mysql_root_pass }}' # mariadb logrotate setting - name: check mariadb logrotate config backup exists stat: path=/etc/logrotate.d/mariadb.bak register: flck - name: modify mariadb logrotate config shell: 'sed -i.bak -e "23,$ s/^#//" /etc/logrotate.d/mariadb' when: not flck.stat.exists # create wordpres db/user - name: create wordpress db create mysql_db: login_user='root' login_password='{{ mysql_root_pass }}' name='{{ wp_db_name }}' state=present - name: create wordpress db user mysql_user: login_user='root' login_password='{{ mysql_root_pass }}' name='{{ wp_db_user }}' password='{{ wp_db_pass }}' priv='{{ wp_db_name }}.*:ALL,GRANT' state=present # install wordpress - name: wordpress download get_url: url='{{ wordpress_latest }}' dest=/var/www/wordpress-latest.tgz - name: wordpress unarchive check stat: path=/var/www/wordpress/wp-config-sample.php register: flck - name: wordpress unarchive shell: 'tar zxvf /var/www/wordpress-latest.tgz' args: chdir: /var/www when: not flck.stat.exists # create wordpress config - name: check wp-config.php exists stat: path=/var/www/wordpress/wp-config.php register: flck - name: copy wp-config-sample.php to wp-config.php shell: 'cp -p /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php' when: not flck.stat.exists - name: modify wp-config.php db name replace: dest=/var/www/wordpress/wp-config.php regexp='(^.*)database_name_here(.*$)' replace='\1{{ wp_db_name }}\2' - name: modify wp-config.php db user name replace: dest=/var/www/wordpress/wp-config.php regexp='(^.*)username_here(.*$)' replace='\1{{ wp_db_user }}\2' - name: modify wp-config.php db password replace: dest=/var/www/wordpress/wp-config.php regexp='(^.*)password_here(.*$)' replace='\1{{ wp_db_pass }}\2' - name: modify wp-config.php unique phrase replace: dest=/var/www/wordpress/wp-config.php regexp='(^.*)put your unique phrase here(.*$)' replace='\1{{ wp_unique_phrase }}\2' # chown wordpress files - name: check wordpress files owner/group shell: 'find /var/www/wordpress -not -user {{ wp_os_user }} -or -not -group {{ wp_os_group }} | wc -l' register: lowcnt - name: chown wordpress files shell: 'chown -R {{ wp_os_user }}:{{ wp_os_group }} /var/www/wordpress' when: not lowcnt.stdout == "0" # create wordpress httpd config - name: check wordpress.conf exists stat: path=/etc/httpd/conf.d/wordpress.conf register: flck - name: copy wordpress.conf template template: src=wordpress.conf dest=/etc/httpd/conf.d/wordpress.conf when: not flck.stat.exists - name: modify wordpress.conf replace: dest=/etc/httpd/conf.d/wordpress.conf regexp='@hostname@' replace='{{ inventory_hostname }}' # modify httpd config - name: check httpd config backup exists stat: path=/etc/httpd/conf/httpd.conf.bak register: flck - name: httpd config copy shell: "cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak" when: not flck.stat.exists - name: modify httpd config replace: dest=/etc/httpd/conf/httpd.conf regexp='#ServerName www.example.com:80' replace='ServerName {{ inventory_hostname }}' # start/enable httpd - name: start and enable httpd service: name=httpd state=running enabled=yes # open httpd port in firewall - name: open httpd port in firewall firewalld: zone=public service=http permanent=true state=enabled immediate=yes
(4)サーバグループのパラメータ値の定義ファイル
$ vi ./playbook/wordpress_sample/group_vars/wordpress-server
# wordpress-server Paramaters mysql_root_pass: 'password' wordpress_latest: 'https://wordpress.org/latest.tar.gz' wp_os_user: 'root' wp_os_group: 'root' wp_db_name: 'wordpress' wp_db_user: 'wordpress' wp_db_pass: 'password' wp_unique_phrase: 'bMvc7W2eLuhKFewafVyirWJaXDhbSf'
(5)サーバごとのパラメータ値の定義ファイル
$ vi ./playbook/wordpress_sample/host_vars/tissvv096
# Paramaters mysql_root_pass : 'FM11AD2+' wordpress_latest: 'https://ja.wordpress.org/latest-ja.tar.gz' wp_os_user: 'root' wp_os_group: 'root' wp_db_name: 'WordPress' wp_db_user: 'wp_admin' wp_db_pass: 'HB-F1XDJ' wp_unique_phrase: 'FX702PFX801PPB100FX860PPB700PB500PB750PAI1000'
パラメータ値の定義ファイルは以下の優先順序で使用される。
host_vars/tissvv096 → group_vars/wordpress-server → group_vars/all
最後のgroup_vars/allは全てのサーバに対して無条件に適用されるデフォルトのパラメータ値となる。
(6)/etc/httpd/conf.d/wordpress.confのtemplateファイル
$vi ./playbook/wordpress_sample/roles/wordpress/templates/wordpress.conf
<VirtualHost *:80> ServerName @hostname@; DocumentRoot /var/www/wordpress <Directory "/var/www/wordpress"> AllowOverride All Options -Indexes </Directory> <Files wp-config.php> order allow,deny deny from all </Files> </VirtualHost>
(7)/root/.my.cnfのtemplateファイル
$ vi ./playbook/wordpress_sample/roles/wordpress/templates/my.cnf
[client] user = root password = "@mysql_root_pass@" [mysqladmin] user = root password = "@mysql_root_pass@"
(8)対象ホストnodeの登録の確認(必要であれば修正)
$ vi ~/playbook/wordpress_sample/hosts
[wordpress-server] tissvv096
ansible-playbookでplaybookを実行することになるが、最後に"--syntax-check"オプションを付けると実行せずに、構文チェックのみが行われる。エラーが表示されなければ構文的には問題がない。
$ ansible-playbook playbook/wordpress_sample/site.yaml -i ~/playbook/wordpress_sample/hosts --key-file=~/.ssh/id_rsa.pem --syntax-check playbook: playbook/wordpress_sample/site.yaml
以下のコマンドを実行すると、./playbook/wordpress_sample以下のplaybookが実行される。
$ ansible-playbook playbook/wordpress_sample/site.yaml -i ~/playbook/wordpress_sample/hosts --key-file=~/.ssh/id_rsa.pem
コマンドを実行すると、以下のログが出力され、nodeサーバの設定が行われる。
PLAY [Install WordPress, MariaDB, Apache, and PHP] ***************************** TASK [setup] ******************************************************************* ok: [tissvv096] TASK [wordpress : yum update] ************************************************** changed: [tissvv096] TASK [wordpress : install mariadb-server] ************************************** changed: [tissvv096] TASK [wordpress : install] ***************************************************** changed: [tissvv096] TASK [wordpress : install php] ************************************************* changed: [tissvv096] TASK [wordpress : install php-mysql] ******************************************* changed: [tissvv096] TASK [wordpress : install MySQL-python] **************************************** changed: [tissvv096] TASK [wordpress : start and enable mariadb] ************************************ changed: [tissvv096] TASK [wordpress : mariadb root password setting] ******************************* changed: [tissvv096] TASK [wordpress : check /root/.my.cnf exists] ********************************** ok: [tissvv096] TASK [wordpress : copy /root/.my.cnf template] ********************************* changed: [tissvv096] TASK [wordpress : modify /root/.my.cnf] **************************************** changed: [tissvv096] TASK [wordpress : check mariadb logrotate config backup exists] **************** ok: [tissvv096] TASK [wordpress : modify mariadb logrotate config] ***************************** changed: [tissvv096] [WARNING]: Consider using template or lineinfile module rather than running sed TASK [wordpress : create wordpress db create] ********************************** changed: [tissvv096] TASK [wordpress : create wordpress db user] ************************************ changed: [tissvv096] TASK [wordpress : wordpress download] ****************************************** changed: [tissvv096] TASK [wordpress : wordpress unarchive check] *********************************** ok: [tissvv096] TASK [wordpress : wordpress unarchive] ***************************************** changed: [tissvv096] [WARNING]: Consider using unarchive module rather than running tar TASK [wordpress : check wp-config.php exists] ********************************** ok: [tissvv096] TASK [wordpress : copy wp-config-sample.php to wp-config.php] ****************** changed: [tissvv096] TASK [wordpress : modify wp-config.php db name] ******************************** changed: [tissvv096] TASK [wordpress : modify wp-config.php db user name] *************************** changed: [tissvv096] TASK [wordpress : modify wp-config.php db password] **************************** changed: [tissvv096] TASK [wordpress : modify wp-config.php unique phrase] ************************** changed: [tissvv096] TASK [wordpress : check wordpress.conf exists] ********************************* ok: [tissvv096] TASK [wordpress : copy wordpress.conf template] ******************************** changed: [tissvv096] TASK [wordpress : modify wordpress.conf] *************************************** changed: [tissvv096] TASK [wordpress : check wordpress files owner/group] *************************** changed: [tissvv096] TASK [wordpress : chown wordpress files] *************************************** changed: [tissvv096] [WARNING]: Consider using file module with owner rather than running chown TASK [wordpress : check httpd config backup exists] **************************** ok: [tissvv096] TASK [wordpress : httpd config copy] ******************************************* changed: [tissvv096] TASK [wordpress : modify httpd config] ***************************************** changed: [tissvv096] TASK [wordpress : start and enable httpd] ************************************** changed: [tissvv096] TASK [wordpress : open httpd port in firewall] ********************************* changed: [tissvv096] PLAY RECAP ********************************************************************* tissvv096 : ok=35 changed=28 unreachable=0 failed=0
最終行に変更件数が表示されているが、実際には/var/www/wordpressフォルダのowner/groupのチェック処理のみのため、何も変更されていないことが確認できる。
PLAY [Install WordPress, MariaDB, Apache, and PHP] ***************************** TASK [setup] ******************************************************************* ok: [tissvv096] TASK [wordpress : yum update] ************************************************** ok: [tissvv096] TASK [wordpress : install mariadb-server] ************************************** ok: [tissvv096] TASK [wordpress : install] ***************************************************** ok: [tissvv096] TASK [wordpress : install php] ************************************************* ok: [tissvv096] TASK [wordpress : install php-mysql] ******************************************* ok: [tissvv096] TASK [wordpress : install MySQL-python] **************************************** ok: [tissvv096] TASK [wordpress : start and enable mariadb] ************************************ ok: [tissvv096] TASK [wordpress : mariadb root password setting] ******************************* ok: [tissvv096] TASK [wordpress : check /root/.my.cnf exists] ********************************** ok: [tissvv096] TASK [wordpress : copy /root/.my.cnf template] ********************************* skipping: [tissvv096] TASK [wordpress : modify /root/.my.cnf] **************************************** ok: [tissvv096] TASK [wordpress : check mariadb logrotate config backup exists] **************** ok: [tissvv096] TASK [wordpress : modify mariadb logrotate config] ***************************** skipping: [tissvv096] TASK [wordpress : create wordpress db create] ********************************** ok: [tissvv096] TASK [wordpress : create wordpress db user] ************************************ ok: [tissvv096] TASK [wordpress : wordpress download] ****************************************** ok: [tissvv096] TASK [wordpress : wordpress unarchive check] *********************************** ok: [tissvv096] TASK [wordpress : wordpress unarchive] ***************************************** skipping: [tissvv096] TASK [wordpress : check wp-config.php exists] ********************************** ok: [tissvv096] TASK [wordpress : copy wp-config-sample.php to wp-config.php] ****************** skipping: [tissvv096] TASK [wordpress : modify wp-config.php db name] ******************************** ok: [tissvv096] TASK [wordpress : modify wp-config.php db user name] *************************** ok: [tissvv096] TASK [wordpress : modify wp-config.php db password] **************************** ok: [tissvv096] TASK [wordpress : modify wp-config.php unique phrase] ************************** ok: [tissvv096] TASK [wordpress : check wordpress.conf exists] ********************************* ok: [tissvv096] TASK [wordpress : copy wordpress.conf template] ******************************** skipping: [tissvv096] TASK [wordpress : modify wordpress.conf] *************************************** ok: [tissvv096] TASK [wordpress : check wordpress files owner/group] *************************** changed: [tissvv096] TASK [wordpress : chown wordpress files] *************************************** skipping: [tissvv096] TASK [wordpress : check httpd config backup exists] **************************** ok: [tissvv096] TASK [wordpress : httpd config copy] ******************************************* skipping: [tissvv096] TASK [wordpress : modify httpd config] ***************************************** ok: [tissvv096] TASK [wordpress : start and enable httpd] ************************************** ok: [tissvv096] TASK [wordpress : open httpd port in firewall] ********************************* ok: [tissvv096] PLAY RECAP ********************************************************************* tissvv096 : ok=28 changed=1 unreachable=0 failed=0
Copyright © ITmedia, Inc. All Rights Reserved.