検索
連載

OSSのサーバ構築自動化ツール、4製品徹底検証 2016年版実際に検証済み!OSS徹底比較(3)サーバ構築自動化【前編】(7/9 ページ)

今回は、サーバ構築・運用自動化ソフトの中でも特に利用者の多い、「Chef」「Ansible」「Puppet」「Itamae」の4製品をピックアップ。「各ソフトの実行環境の構築手順」「OSSのブログ/CMS基盤であるWordPressの構築」を通じて、その違いを探る。

PC用表示 関連情報
Share
Tweet
LINE
Hatena

WordPressインストール用のplaybookの作成

1.playbookを格納するフォルダを作成

$ mkdir -p ~/playbook/wordpress_sample/roles/wordpress/{tasks,templates} ~/playbook/wordpress_sample/{group_vars,host_vars}

2.playbookを作成

 作成したplaybookは以下となる。各処理のTIPSは後ほど、機能ごとに説明する。

(1)playbookとして作成するファイルおよびフォルダの構成

# tree playbook
playbook
└── wordpress_sample
    ├── group_vars
    │   └── wordpress-server
    ├── host_vars
    │   └── tissvv096
    ├── hosts
    ├── roles
    │   └── wordpress
    │       ├── tasks
    │       │   └── main.yaml
    │       └── templates
    │           ├── my.cnf
    │           └── wordpress.conf
    └── site.yaml

(2)処理対象のhostsグループ、実行ユーザー、設定に使用するroleを定義するsite.yamlファイル

$ vi ~/playbook/wordpress_sample/site.yaml
---
- name: Install WordPress, MariaDB, Apache, and PHP
  hosts: wordpress-server
  remote_user: maintain
  sudo: yes
  roles:
    - wordpress

(3)Wordpress環境の構築を実際に行うmain.yamlファイル

$ vi ~/playbook/wordpress_sample/roles/wordpress/tasks/main.yaml
#
# Playbook Name::wordpress_sample
---
# update packages
- name: yum update
  yum: name=* state=latest
# install packages
- name: install mariadb-server
  yum: name=mariadb-server state=installed
- name: install
  yum: name=httpd state=installed
- name: install php
  yum: name=php state=installed
- name: install php-mysql
  yum: name=php-mysql state=installed
- name: install MySQL-python
  yum: name=MySQL-python state=installed
# start/enable mariadb
- name: start and enable mariadb
  service: name=mariadb state=running enabled=yes
# set mariadb root password
- name: mariadb root password setting
  mysql_user:
    login_user='root'
    name='root'
    password='{{ mysql_root_pass }}'
    update_password=always
# create /root/.my.cnf
- name: check /root/.my.cnf exists
  stat: path=/root/.my.cnf
  register: flck
- name: copy /root/.my.cnf template
  template:
    src=my.cnf
    dest=/root/.my.cnf
    mode='600'
  when: not flck.stat.exists
- name: modify /root/.my.cnf
  replace:
    dest=/root/.my.cnf
      regexp='@mysql_root_pass@'
      replace='{{ mysql_root_pass }}'
# mariadb logrotate setting
- name: check mariadb logrotate config backup exists
  stat: path=/etc/logrotate.d/mariadb.bak
  register: flck
- name: modify mariadb logrotate config
  shell: 'sed -i.bak -e "23,$ s/^#//" /etc/logrotate.d/mariadb'
  when: not flck.stat.exists
# create wordpres db/user
- name: create wordpress db create
  mysql_db:
    login_user='root'
    login_password='{{ mysql_root_pass }}'
    name='{{ wp_db_name }}'
    state=present
- name: create wordpress db user
  mysql_user:
    login_user='root'
    login_password='{{ mysql_root_pass }}'
    name='{{ wp_db_user }}'
    password='{{ wp_db_pass }}'
    priv='{{ wp_db_name }}.*:ALL,GRANT'
    state=present 
# install wordpress
- name: wordpress download
  get_url:
    url='{{ wordpress_latest }}'
    dest=/var/www/wordpress-latest.tgz
- name: wordpress unarchive check
  stat: path=/var/www/wordpress/wp-config-sample.php
  register: flck
- name: wordpress unarchive
  shell: 'tar zxvf /var/www/wordpress-latest.tgz'
  args:
   chdir: /var/www 
  when: not flck.stat.exists
# create wordpress config
- name: check wp-config.php exists
  stat: path=/var/www/wordpress/wp-config.php
  register: flck
- name: copy wp-config-sample.php to wp-config.php
  shell: 'cp -p /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php'
  when: not flck.stat.exists
- name: modify wp-config.php db name
  replace:
    dest=/var/www/wordpress/wp-config.php
      regexp='(^.*)database_name_here(.*$)'
      replace='\1{{ wp_db_name }}\2'
- name: modify wp-config.php db user name
  replace:
    dest=/var/www/wordpress/wp-config.php
      regexp='(^.*)username_here(.*$)'
      replace='\1{{ wp_db_user }}\2'
- name: modify wp-config.php db password
  replace:
    dest=/var/www/wordpress/wp-config.php
      regexp='(^.*)password_here(.*$)'
      replace='\1{{ wp_db_pass }}\2'
- name: modify wp-config.php unique phrase
  replace:
    dest=/var/www/wordpress/wp-config.php
      regexp='(^.*)put your unique phrase here(.*$)'
      replace='\1{{ wp_unique_phrase }}\2'
# chown wordpress files
- name: check wordpress files owner/group
  shell: 'find /var/www/wordpress -not -user {{ wp_os_user }} -or -not -group {{ wp_os_group }} | wc -l'
  register: lowcnt
- name: chown wordpress files
  shell: 'chown -R {{ wp_os_user }}:{{ wp_os_group }} /var/www/wordpress'
  when: not lowcnt.stdout == "0"
# create wordpress httpd config
- name: check wordpress.conf exists
  stat: path=/etc/httpd/conf.d/wordpress.conf
  register: flck
- name: copy wordpress.conf template
  template:
    src=wordpress.conf
    dest=/etc/httpd/conf.d/wordpress.conf
  when: not flck.stat.exists
- name: modify wordpress.conf
  replace:
    dest=/etc/httpd/conf.d/wordpress.conf
      regexp='@hostname@'
      replace='{{ inventory_hostname }}'
#  modify httpd config
- name: check httpd config backup exists
  stat: path=/etc/httpd/conf/httpd.conf.bak
  register: flck
- name: httpd config copy
  shell: "cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak"
  when: not flck.stat.exists
- name: modify httpd config
  replace:
    dest=/etc/httpd/conf/httpd.conf
      regexp='#ServerName www.example.com:80'
      replace='ServerName {{ inventory_hostname }}'
# start/enable httpd
- name: start and enable httpd
  service: name=httpd state=running enabled=yes
# open httpd port in firewall
- name: open httpd port in firewall
  firewalld: zone=public service=http permanent=true state=enabled immediate=yes

(4)サーバグループのパラメータ値の定義ファイル

$ vi ./playbook/wordpress_sample/group_vars/wordpress-server
# wordpress-server Paramaters
mysql_root_pass:  'password'
wordpress_latest: 'https://wordpress.org/latest.tar.gz'
wp_os_user:       'root'
wp_os_group:      'root'
wp_db_name:       'wordpress'
wp_db_user:       'wordpress'
wp_db_pass:       'password'
wp_unique_phrase:  'bMvc7W2eLuhKFewafVyirWJaXDhbSf'

(5)サーバごとのパラメータ値の定義ファイル

$ vi ./playbook/wordpress_sample/host_vars/tissvv096
# Paramaters
mysql_root_pass : 'FM11AD2+'
wordpress_latest: 'https://ja.wordpress.org/latest-ja.tar.gz'
wp_os_user:       'root'
wp_os_group:      'root'
wp_db_name:       'WordPress'
wp_db_user:       'wp_admin'
wp_db_pass:       'HB-F1XDJ'
wp_unique_phrase:  'FX702PFX801PPB100FX860PPB700PB500PB750PAI1000'

 パラメータ値の定義ファイルは以下の優先順序で使用される。

host_vars/tissvv096 → group_vars/wordpress-server → group_vars/all

 最後のgroup_vars/allは全てのサーバに対して無条件に適用されるデフォルトのパラメータ値となる。

(6)/etc/httpd/conf.d/wordpress.confのtemplateファイル

$vi ./playbook/wordpress_sample/roles/wordpress/templates/wordpress.conf
<VirtualHost *:80>
  ServerName @hostname@;
  DocumentRoot /var/www/wordpress
  <Directory "/var/www/wordpress">
    AllowOverride All
    Options -Indexes
  </Directory>
  <Files wp-config.php>
    order allow,deny
    deny from all
  </Files>
</VirtualHost>

(7)/root/.my.cnfのtemplateファイル

$ vi ./playbook/wordpress_sample/roles/wordpress/templates/my.cnf
[client]
user = root
password = "@mysql_root_pass@"
[mysqladmin]
user = root
password = "@mysql_root_pass@"

(8)対象ホストnodeの登録の確認(必要であれば修正)

$ vi ~/playbook/wordpress_sample/hosts
[wordpress-server]
tissvv096

3.playbook実行前の構文の確認

 ansible-playbookでplaybookを実行することになるが、最後に"--syntax-check"オプションを付けると実行せずに、構文チェックのみが行われる。エラーが表示されなければ構文的には問題がない。

$ ansible-playbook playbook/wordpress_sample/site.yaml -i ~/playbook/wordpress_sample/hosts --key-file=~/.ssh/id_rsa.pem --syntax-check
playbook: playbook/wordpress_sample/site.yaml

4.WordPressサーバ構築のplaybook実行

 以下のコマンドを実行すると、./playbook/wordpress_sample以下のplaybookが実行される。

$ ansible-playbook playbook/wordpress_sample/site.yaml -i ~/playbook/wordpress_sample/hosts --key-file=~/.ssh/id_rsa.pem

 コマンドを実行すると、以下のログが出力され、nodeサーバの設定が行われる。

PLAY [Install WordPress, MariaDB, Apache, and PHP] *****************************
TASK [setup] *******************************************************************
ok: [tissvv096]
TASK [wordpress : yum update] **************************************************
changed: [tissvv096]
TASK [wordpress : install mariadb-server] **************************************
changed: [tissvv096]
TASK [wordpress : install] *****************************************************
changed: [tissvv096]
TASK [wordpress : install php] *************************************************
changed: [tissvv096]
TASK [wordpress : install php-mysql] *******************************************
changed: [tissvv096]
TASK [wordpress : install MySQL-python] ****************************************
changed: [tissvv096]
TASK [wordpress : start and enable mariadb] ************************************
changed: [tissvv096]
TASK [wordpress : mariadb root password setting] *******************************
changed: [tissvv096]
TASK [wordpress : check /root/.my.cnf exists] **********************************
ok: [tissvv096]
TASK [wordpress : copy /root/.my.cnf template] *********************************
changed: [tissvv096]
TASK [wordpress : modify /root/.my.cnf] ****************************************
changed: [tissvv096]
TASK [wordpress : check mariadb logrotate config backup exists] ****************
ok: [tissvv096]
TASK [wordpress : modify mariadb logrotate config] *****************************
changed: [tissvv096]
 [WARNING]: Consider using template or lineinfile module rather than running sed
TASK [wordpress : create wordpress db create] **********************************
changed: [tissvv096]
TASK [wordpress : create wordpress db user] ************************************
changed: [tissvv096]
TASK [wordpress : wordpress download] ******************************************
changed: [tissvv096]
TASK [wordpress : wordpress unarchive check] ***********************************
ok: [tissvv096]
TASK [wordpress : wordpress unarchive] *****************************************
changed: [tissvv096]
 [WARNING]: Consider using unarchive module rather than running tar
TASK [wordpress : check wp-config.php exists] **********************************
ok: [tissvv096]
TASK [wordpress : copy wp-config-sample.php to wp-config.php] ******************
changed: [tissvv096]
TASK [wordpress : modify wp-config.php db name] ********************************
changed: [tissvv096]
TASK [wordpress : modify wp-config.php db user name] ***************************
changed: [tissvv096]
TASK [wordpress : modify wp-config.php db password] ****************************
changed: [tissvv096]
TASK [wordpress : modify wp-config.php unique phrase] **************************
changed: [tissvv096]
TASK [wordpress : check wordpress.conf exists] *********************************
ok: [tissvv096]
TASK [wordpress : copy wordpress.conf template] ********************************
changed: [tissvv096]
TASK [wordpress : modify wordpress.conf] ***************************************
changed: [tissvv096]
TASK [wordpress : check wordpress files owner/group] ***************************
changed: [tissvv096]
TASK [wordpress : chown wordpress files] ***************************************
changed: [tissvv096]
 [WARNING]: Consider using file module with owner rather than running chown
TASK [wordpress : check httpd config backup exists] ****************************
ok: [tissvv096]
TASK [wordpress : httpd config copy] *******************************************
changed: [tissvv096]
TASK [wordpress : modify httpd config] *****************************************
changed: [tissvv096]
TASK [wordpress : start and enable httpd] **************************************
changed: [tissvv096]
TASK [wordpress : open httpd port in firewall] *********************************
changed: [tissvv096]
PLAY RECAP *********************************************************************
tissvv096                  : ok=35   changed=28   unreachable=0    failed=0   

5.ブラウザでWordPressの初期設定画面の起動を確認

ALT
図4 WordPressの初期設定画面の起動を確認《クリックで拡大》

6.コマンドを再実行した場合、設定済の処理がskipされる

 最終行に変更件数が表示されているが、実際には/var/www/wordpressフォルダのowner/groupのチェック処理のみのため、何も変更されていないことが確認できる。

PLAY [Install WordPress, MariaDB, Apache, and PHP] *****************************
TASK [setup] *******************************************************************
ok: [tissvv096]
TASK [wordpress : yum update] **************************************************
ok: [tissvv096]
TASK [wordpress : install mariadb-server] **************************************
ok: [tissvv096]
TASK [wordpress : install] *****************************************************
ok: [tissvv096]
TASK [wordpress : install php] *************************************************
ok: [tissvv096]
TASK [wordpress : install php-mysql] *******************************************
ok: [tissvv096]
TASK [wordpress : install MySQL-python] ****************************************
ok: [tissvv096]
TASK [wordpress : start and enable mariadb] ************************************
ok: [tissvv096]
TASK [wordpress : mariadb root password setting] *******************************
ok: [tissvv096]
TASK [wordpress : check /root/.my.cnf exists] **********************************
ok: [tissvv096]
TASK [wordpress : copy /root/.my.cnf template] *********************************
skipping: [tissvv096]
TASK [wordpress : modify /root/.my.cnf] ****************************************
ok: [tissvv096]
TASK [wordpress : check mariadb logrotate config backup exists] ****************
ok: [tissvv096]
TASK [wordpress : modify mariadb logrotate config] *****************************
skipping: [tissvv096]
TASK [wordpress : create wordpress db create] **********************************
ok: [tissvv096]
TASK [wordpress : create wordpress db user] ************************************
ok: [tissvv096]
TASK [wordpress : wordpress download] ******************************************
ok: [tissvv096]
TASK [wordpress : wordpress unarchive check] ***********************************
ok: [tissvv096]
TASK [wordpress : wordpress unarchive] *****************************************
skipping: [tissvv096]
TASK [wordpress : check wp-config.php exists] **********************************
ok: [tissvv096]
TASK [wordpress : copy wp-config-sample.php to wp-config.php] ******************
skipping: [tissvv096]
TASK [wordpress : modify wp-config.php db name] ********************************
ok: [tissvv096]
TASK [wordpress : modify wp-config.php db user name] ***************************
ok: [tissvv096]
TASK [wordpress : modify wp-config.php db password] ****************************
ok: [tissvv096]
TASK [wordpress : modify wp-config.php unique phrase] **************************
ok: [tissvv096]
TASK [wordpress : check wordpress.conf exists] *********************************
ok: [tissvv096]
TASK [wordpress : copy wordpress.conf template] ********************************
skipping: [tissvv096]
TASK [wordpress : modify wordpress.conf] ***************************************
ok: [tissvv096]
TASK [wordpress : check wordpress files owner/group] ***************************
changed: [tissvv096]
TASK [wordpress : chown wordpress files] ***************************************
skipping: [tissvv096]
TASK [wordpress : check httpd config backup exists] ****************************
ok: [tissvv096]
TASK [wordpress : httpd config copy] *******************************************
skipping: [tissvv096]
TASK [wordpress : modify httpd config] *****************************************
ok: [tissvv096]
TASK [wordpress : start and enable httpd] **************************************
ok: [tissvv096]
TASK [wordpress : open httpd port in firewall] *********************************
ok: [tissvv096]
PLAY RECAP *********************************************************************
tissvv096                  : ok=28   changed=1    unreachable=0    failed=0   

Copyright © ITmedia, Inc. All Rights Reserved.

[an error occurred while processing this directive]
ページトップに戻る