OSSのサーバ構築自動化ツール、4製品徹底検証 2016年版：実際に検証済み！OSS徹底比較（4）サーバ構築自動化【後編】（5/8 ページ）

サーバ構築・運用自動化ソフトの中でも特に利用者の多い、「Chef」「Ansible」「Puppet」「Itamae」の4製品をピックアップ。「各ソフトの実行環境の構築手順」「OSSのBlog/CMS基盤であるWordPressの構築」を通じて、その違いを探り、体感いただく本連載。後編ではPuppet、Itamaeを紹介する。

[森元敏雄,TIS]

Sample manifestを使ってみる

　WordPressのインストールは、Puppetモジュールとして公開されているmanifestを使って行うこともできる。実際にそのmanifestを使用してインストールした手順は以下の通りだ。本作業は2ページで紹介したPuppetのインストールの最後からの続きとなる。

1.hunner-wordpressのPuppetモジュールのインストール

　WordPressのモジュールに加えて、依存関係のあるpuppetlabs-mysqlのモジュールもインストールされる。

$ sudo /opt/puppetlabs/bin/puppet module install hunner-wordpress
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└─┬ hunner-wordpress (v1.0.0)
  ├─┬ puppetlabs-concat (v2.1.0)
  │ └── puppetlabs-stdlib (v4.12.0)
  └─┬ puppetlabs-mysql (v3.7.0)
    └── nanliu-staging (v1.0.3)

　hunner-wordpressのmanifest/init.ppに、このモジュールで使用するパラメータとデフォルト値が記述されている。

  $install_dir          = '/opt/wordpress',
  $install_url          = 'http://wordpress.org',
  $version              = '3.8',
  $create_db            = true,
  $create_db_user       = true,
  $db_name              = 'wordpress',
  $db_host              = 'localhost',
  $db_user              = 'wordpress',
  $db_password          = 'password',
  $wp_owner             = 'root',
  $wp_group             = '0',
  $wp_lang              = '',
  $wp_config_content    = undef,
  $wp_plugin_dir        = 'DEFAULT',
  $wp_additional_config = 'DEFAULT',
  $wp_table_prefix      = 'wp_',
  $wp_proxy_host        = '',
  $wp_proxy_port        = '',
  $wp_multisite         = false,
  $wp_site_domain       = '',
  $wp_debug             = false,
  $wp_debug_log         = false,
  $wp_debug_display     = false,

2.manifestを格納するフォルダを作成

$ sudo mkdir -p /etc/puppetlabs/code/environments/production/modules/wordpress_sample/{manifests,templates}

3.manifestを作成

　作成したmanifestは以下の通り。各処理のTIPSは後ほど、機能ごとに説明する。

（1）manifestとして作成するファイルおよびフォルダの構成

tree /etc/puppetlabs/code/environments/production/modules/wordpress_sample/
/etc/puppetlabs/code/environments/production/modules/wordpress_sample/
├── manifests
│   ├── init.pp
│   ├── install.pp
│   └── params.pp
└── templates
    └── wordpress.conf.erb

（2）manifestのパラメータ変数のdefault値を定義するparams.ppファイルの作成

$ cd /etc/puppetlabs/code/environments/production/modules/wordpress_sample/
$ sudo vi ./manifests/params.pp

# Class: wordpress_sample::params
#
# Actions: WordPress,mariadb,apache and php install manifest paramaters
#
class wordpress_sample::params (
  # default paramaters
  $mysql_root_pass = 'password',
  $wp_db_name      = 'wordpress',
  $wp_db_user      = 'wordpress',
  $wp_db_pass      = 'password',
  $wp_install_url  = 'http://wordpress.org',
  $wp_install_ver  = '3.8',
  $wp_install_dir  = '/var/www/wordpress',
  $wp_os_user      = 'root',
  $wp_os_group     = 'root',
) {
}

（3）manifestとして最初に呼び出され、manifest全体を制御するinit.ppファイルの作成

$ sudo vi ./manifests/init.pp

# Class: wordpress_sample
#
# Actions: WordPress,mariadb,apache and php install manifest
#
class wordpress_sample (
  # default paramaters
  $mysql_root_pass = $wordpress_sample::params::mysql_root_pass,
  $wp_db_name      = $wordpress_sample::params::wp_db_name,
  $wp_db_user      = $wordpress_sample::params::wp_db_user,
  $wp_db_pass      = $wordpress_sample::params::wp_db_pass,
  $wp_install_url  = $wordpress_sample::params::wp_install_url,
  $wp_install_ver  = $wordpress_sample::params::wp_install_ver,
  $wp_install_dir  = $wordpress_sample::params::wp_install_dir,
  $wp_os_user      = $wordpress_sample::params::wp_os_user,
  $wp_os_group     = $wordpress_sample::params::wp_os_group,
) inherits wordpress_sample::params {
  class { 'wordpress_sample::install':
    mysql_root_pass => $mysql_root_pass,
    wp_db_name      => $wp_db_name,
    wp_db_user      => $wp_db_user,
    wp_db_pass      => $wp_db_pass,
    wp_install_url  => $wp_install_url,
    wp_install_ver  => $wp_install_ver,
    wp_install_dir  => $wp_install_dir,
    wp_os_user      => $wp_os_user,
    wp_os_group     => $wp_os_group,
  }
}

（4）WordPress環境構築を実際に行うinstall.ppファイルの作成

$ sudo vi ./manifests/install.pp

# Class: wordpress_sample::install
#
# Actions: WordPress,mariadb,apache and php install manifest
#
class wordpress_sample::install (
  # default paramaters
  $mysql_root_pass = $wordpress_sample::params::mysql_root_pass,
  $wp_db_name      = $wordpress_sample::params::wp_db_name,
  $wp_db_user      = $wordpress_sample::params::wp_db_user,
  $wp_db_pass      = $wordpress_sample::params::wp_db_pass,
  $wp_install_url  = $wordpress_sample::params::wp_install_url,
  $wp_install_dir  = $wordpress_sample::params::wp_install_dir,
  $wp_install_ver  = $wordpress_sample::params::wp_install_ver,
  $wp_os_user      = $wordpress_sample::params::wp_os_user,
  $wp_os_group     = $wordpress_sample::params::wp_os_group
) {
  require wordpress_sample::params
  # defaults file permission
  File {
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
  }
  # defaults execute environment
  Exec {
    path      => ['/usr/bin','/usr/sbin','/opt/puppetlabs/bin'],
    cwd       => '/tmp',
    user      => 'root',
    group     => 'root',
    logoutput => on_failure,
  }
  # update packages
  exec { 'yum update':
    command => 'yum update -y',
  }
  # install packages
  package { [ "wget", "httpd", "php", "php-mysql" ]:
    provider => "yum",
    ensure   => "installed",
  }
  # mariadb install, start, enable,
  # setting root password and create /root/.my.cnf
  class { 'mysql::server':
    root_password => "${mysql_root_pass}",
  }
  # mariadb logrotate setting
  -> exec { 'modify logrotate/mariadb':
    command => 'sed -i.bak -e "23,$ s/^#//" /etc/logrotate.d/mariadb',
    creates => '/etc/logrotate.d/mariadb.bak'
  }
  # install wordpress and create wordpress db
  class { 'wordpress':
    install_url => "${wp_install_url}",
    version     => "${wp_install_ver}",
    install_dir => "${wp_install_dir}",
    db_name     => "${wp_db_name}",
    db_user     => "${wp_db_user}",
    db_password => "${wp_db_pass}",
  }
  # create httpd/wordpress.conf
  file { '/etc/httpd/conf.d/wordpress.conf':
    ensure  => file,
    content => template( 'wordpress_sample/wordpress.conf.erb' ),
    require => Package['httpd'],
  }
  # modify httpd config
  file { '/etc/httpd/conf/httpd.conf.bak':
    ensure  => file,
    source  => '/etc/httpd/conf/httpd.conf',
    replace => 'no',
  }
  file_line { 'modify httpd config':
    path    => '/etc/httpd/conf/httpd.conf',
    line    => "ServerName ${hostname}",
    match   => "^#ServerName.*$"
  }
  # start/enable httpd
  -> service { "httpd":
    provider => systemd,
    ensure   => running,
    enable   => true,
  }
  # httpd firewall setting
  exec { "firewall-cmd httpd open":
    command => "firewall-cmd --add-service=http --zone=public --permanent;\
                firewall-cmd --reload",
    require => Package['httpd'],
    onlyif  => "test `firewall-cmd --zone=public --list-all | grep -c http` == 0",
  }
}

（5）/etc/httpd/conf.d/wordpress.confのtemplateファイルの作成

$ vi ./templates/wordpress.conf

<VirtualHost *:80>
  ServerName <%= @hostname %>
  DocumentRoot /var/www/wordpress
  <Directory "/var/www/wordpress">
    AllowOverride All
    Options -Indexes
  </Directory>
  <Files wp-config.php>
    order allow,deny
    deny from all
  </Files>
</VirtualHost>

（6）nodeからのpuppet agent実行時の処理を制御するsite.ppファイル

　nodeでpuppet agentを実行する際に最初に呼び出される。nodeごとに使用するmanifestやパラメータの設定などを記述する。

$ sudo vi /etc/puppetlabs/code/environments/production/manifests/site.pp

node 'tissvv096' {
  #include wordpress_sample module
  class { 'wordpress_sample':
    mysql_root_pass => "FM11AD2+",
    wp_db_name      => "WordPress",
    wp_db_user      => "wp_admin",
    wp_db_pass      => "HB-F1XDJ",
    wp_install_url  => "https://ja.wordpress.org",
    wp_install_ver  => "4.5.1-ja",
    wp_install_dir  => "/var/www/wordpress",
    wp_os_user      => "root",
    wp_os_group     => "root",
  }
}

　以上でmanifestの作成は終了となる。manifestの実行はnode側で実施する。

7.WordPressサーバ構築のmanifest実行

　以下のコマンドを実行すると、サーバ側からmanifestがダウンロードされ、WordPress環境の構築が行われる。出力されるログは以下の通り。

$ sudo /opt/puppetlabs/bin/puppet agent --test --server tissvv097 -l /var/log/puppetlabs/puppet/tissvv096.log

Puppet (err): Unable to set ownership to puppet:puppet for log file: /var/log/puppetlabs/puppet/tissvv096.log
Puppet (info): Using configured environment 'production'
Puppet (info): Retrieving pluginfacts
Puppet (info): Retrieving plugin
Puppet (info): Loading facts
Puppet (info): Caching catalog for tissvv096
Puppet (info): Applying configuration version '1463142625'
/Stage[main]/Wordpress_sample::Install/Exec[yum update]/returns (notice): executed successfully
/Stage[main]/Wordpress_sample::Install/Package[wget]/ensure (notice): created
/Stage[main]/Wordpress_sample::Install/Package[httpd]/ensure (notice): created
/Stage[main]/Wordpress_sample::Install/Package[php]/ensure (notice): created
/Stage[main]/Wordpress_sample::Install/Package[php-mysql]/ensure (notice): created
/Stage[main]/Mysql::Server::Install/Package[mysql-server]/ensure (notice): created
/Stage[main]/Mysql::Server::Config/File[mysql-config-file]/content (notice): 
--- /etc/my.cnf.d/server.cnf	2015-12-10 02:22:48.000000000 +0900
+++ /tmp/puppet-file20160513-2770-le7sps	2016-05-13 21:31:22.565345933 +0900
@@ -1,28 +1,61 @@
-#
-# These groups are read by MariaDB server.
-# Use it for options that only the server (but not clients) should see
-#
-# See the examples of server my.cnf files in /usr/share/mysql/
-#
+### MANAGED BY PUPPET ###
 
-# this is read by the standalone daemon and embedded servers
-[server]
+[client]
+port = 3306
+socket = /var/lib/mysql/mysql.sock
+
+[isamchk]
+key_buffer_size = 16M
 
-# this is only for the mysqld standalone daemon
 [mysqld]
+basedir = /usr
+bind-address = 127.0.0.1
+datadir = /var/lib/mysql
+expire_logs_days = 10
+key_buffer_size = 16M
+log-error = /var/log/mariadb/mariadb.log
+max_allowed_packet = 16M
+max_binlog_size = 100M
+max_connections = 151
+pid-file = /var/run/mariadb/mariadb.pid
+port = 3306
+query_cache_limit = 1M
+query_cache_size = 16M
+skip-external-locking
+socket = /var/lib/mysql/mysql.sock
+ssl = false
+ssl-ca = /etc/mysql/cacert.pem
+ssl-cert = /etc/mysql/server-cert.pem
+ssl-key = /etc/mysql/server-key.pem
+thread_cache_size = 8
+thread_stack = 256K
+tmpdir = /tmp
+user = mysql
+
+[mysqld-5.0]
+myisam-recover = BACKUP
 
-# this is only for embedded server
-[embedded]
+[mysqld-5.1]
+myisam-recover = BACKUP
 
-# This group is only read by MariaDB-5.5 servers.
-# If you use the same .cnf file for MariaDB of different versions,
-# use this group for options that older servers don't understand
 [mysqld-5.5]
+myisam-recover = BACKUP
+
+[mysqld-5.6]
+myisam-recover-options = BACKUP
+
+[mysqld-5.7]
+myisam-recover-options = BACKUP
+
+[mysqld_safe]
+log-error = /var/log/mariadb/mariadb.log
+nice = 0
+socket = /var/lib/mysql/mysql.sock
+
+[mysqldump]
+max_allowed_packet = 16M
+quick
+quote-names
 
-# These two groups are only read by MariaDB servers, not by MySQL.
-# If you use the same .cnf file for MySQL and MariaDB,
-# you can put MariaDB-only options here
-[mariadb]
 
-[mariadb-5.5]
 
Puppet (info): Computing checksum on file /etc/my.cnf.d/server.cnf
/Stage[main]/Mysql::Server::Config/File[mysql-config-file] (info): Filebucketed /etc/my.cnf.d/server.cnf to puppet with sum 54dc3e561e817f9c0a376a58383eb013
/Stage[main]/Mysql::Server::Config/File[mysql-config-file]/content (notice): content changed '{md5}54dc3e561e817f9c0a376a58383eb013' to '{md5}4b16ed3375eaa96a2bc1b7aa00c5dd46'
/Stage[main]/Mysql::Server::Installdb/Mysql_datadir[/var/lib/mysql]/ensure (notice): created
/Stage[main]/Mysql::Server::Service/File[/var/log/mariadb/mariadb.log]/mode (notice): mode changed '0640' to '0644'
/Stage[main]/Mysql::Server::Service/Service[mysqld]/ensure (notice): ensure changed 'stopped' to 'running'
/Stage[main]/Mysql::Server::Service/Service[mysqld] (info): Unscheduling refresh on Service[mysqld]
/Stage[main]/Mysql::Server::Root_password/Mysql_user[root@localhost]/password_hash (notice): defined 'password_hash' as '*8A32FFC4D3E3A6BDCC0457AFA0B921DD0A6C9185'
/Stage[main]/Mysql::Server::Root_password/File[/root/.my.cnf]/ensure (notice): defined content as '{md5}18900611152d3865f5e8dee0b3a07a1e'
/Stage[main]/Wordpress_sample::Install/Exec[modify logrotate/mariadb]/returns (notice): executed successfully
/Stage[main]/Wordpress_sample::Install/File[/etc/httpd/conf.d/wordpress.conf]/ensure (notice): defined content as '{md5}ae5869c20dddc3da7cb839ddee3091f6'
/Stage[main]/Wordpress_sample::Install/File[/etc/httpd/conf/httpd.conf.bak]/ensure (notice): defined content as '{md5}f5e7449c0f17bc856e86011cb5d152ba'
/Stage[main]/Wordpress_sample::Install/File_line[modify httpd config]/ensure (notice): created
/Stage[main]/Wordpress_sample::Install/Service[httpd]/ensure (notice): ensure changed 'stopped' to 'running'
/Stage[main]/Wordpress_sample::Install/Service[httpd] (info): Unscheduling refresh on Service[httpd]
/Stage[main]/Wordpress_sample::Install/Exec[firewall-cmd httpd open]/returns (notice): executed successfully
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::App[/var/www/wordpress]/File[/var/ww
w/wordpress]/ensure (notice): created
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::App[/var/www/wordpress]/Exec[Download wordpress https://ja.wordpress.org/wordpress-4.5.1-ja.tar.gz to /var/www/wordpress]/returns (notice): executed successfully
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::App[/var/www/wordpress]/Exec[Extract wordpress /var/www/wordpress]/returns (notice): executed successfully
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::App[/var/www/wordpress]/Exec[Extract wordpress /var/www/wordpress] (info): Scheduling refresh of Exec[Change ownership /var/www/wordpress]
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::App[/var/www/wordpress]/Exec[Change ownership /var/www/wordpress] (notice): Triggered 'refresh' from 1 events
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::App[/var/www/wordpress]/File[/var/www/wordpress/wp-keysalts.php]/ensure (notice): defined content as '{md5}543bdd56231c5b6cd518abe0e8075a8a'
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::Db[localhost/WordPress]/Mysql_database[localhost/WordPress]/ensure (notice): created
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::Db[localhost/WordPress]/Mysql_user[wp_admin@localhost]/ensure (notice): created
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::Db[localhost/WordPress]/Mysql_grant[wp_admin@localhost/WordPress.*]/ensure (notice): created
/Stage[main]/Wordpress/Wordpress::Instance[/var/www/wordpress]/Wordpress::Instance::App[/var/www/wordpress]/Concat[/var/www/wordpress/wp-config.php]/File[/var/www/wordpress/wp-config.php]/ensure (notice): defined content as '{md5}25cce836231038bf8bf1fb42379c9a93'
Puppet (notice): Applied catalog in 153.20 seconds

　以上で構築は完了する。あとはブラウザからの初期設定となる。

　Puppetは利用者が多く歴史も長いため、非常に多くのPuppetモジュールが提供されている。WordPress以外にも多数のmanifestが公開されており、以下のコマンドで検索できる。キーワードとして各種プロダクトを指定できるので、各プロダクトのmanifest作成前に、利用可能なモジュールがすでに作成されていないか、探してみるのも一手だろう。

$ sudo /opt/puppetlabs/bin/puppet module search [keyword]