Linux

Ansibleで構成管理

構成管理ツールのAnsibleです。

 

 

CentOS7でシンプルなLAMP環境を作ってみました。

 

 

環境

 

 

 

 

bento/centos-7.2をダウンロード、vagrantfileの作成

C:\Users\root\Desktop\Vagrant\Ansible_test>vagrant init bento/centos-7.2

A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.

 

Vagrantfileを下記に書き換えた。

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure(2) do |config|

  config.vm.define "host" do |node|
    node.vm.box = "bento/centos-7.2"
    node.vm.hostname = "host"
    node.vm.network "public_network", ip: "192.168.10.50"
  end

  config.vm.define "web" do |node|
  node.vm.box = "bento/centos-7.2"
    node.vm.hostname = "web"
    node.vm.network "public_network", ip: "192.168.10.51"
  end

  config.vm.define "db" do |node|
  node.vm.box = "bento/centos-7.2"
    node.vm.hostname = "db"
    node.vm.network "public_network", ip: "192.168.10.52"
  end
  
end

 

 

Vagrant up

C:\Users\root\Desktop\Vagrant\Ansible_test>vagrant up

Bringing machine 'host' up with 'virtualbox' provider...
Bringing machine 'web' up with 'virtualbox' provider...
Bringing machine 'db' up with 'virtualbox' provider...
==> host: Importing base box 'bento/centos-7.2'...
==> host: Matching MAC address for NAT networking...
==> host: Checking if box 'bento/centos-7.2' is up to date...
==> host: Setting the name of the VM: Ansible_test_host_1507558583327_45816
==> host: Clearing any previously set network interfaces...
==> host: Preparing network interfaces based on configuration...
    host: Adapter 1: nat
    host: Adapter 2: bridged
==> host: Forwarding ports...
    host: 22 (guest) => 2222 (host) (adapter 1)
==> host: Booting VM...
==> host: Waiting for machine to boot. This may take a few minutes...
    host: SSH address: 127.0.0.1:2222
    host: SSH username: vagrant
    host: SSH auth method: private key
    host: Warning: Connection reset. Retrying...
    host: Warning: Remote connection disconnect. Retrying...
    host: Warning: Connection aborted. Retrying...
    host: Warning: Remote connection disconnect. Retrying...
    host: Warning: Connection aborted. Retrying...
    host: Warning: Remote connection disconnect. Retrying...
    host: Warning: Connection aborted. Retrying...
    host: Warning: Remote connection disconnect. Retrying...
    host: Warning: Connection aborted. Retrying...
    host: Warning: Remote connection disconnect. Retrying...
    host: Warning: Connection aborted. Retrying...
    host: Warning: Connection reset. Retrying...
    host: Warning: Connection aborted. Retrying...
    host:
    host: Vagrant insecure key detected. Vagrant will automatically replace
    host: this with a newly generated keypair for better security.
    host:
    host: Inserting generated public key within guest...
    host: Removing insecure key from the guest if it's present...
    host: Key inserted! Disconnecting and reconnecting using new SSH key...
==> host: Machine booted and ready!
==> host: Checking for guest additions in VM...
==> host: Setting hostname...
==> host: Configuring and enabling network interfaces...
    host: SSH address: 127.0.0.1:2222
    host: SSH username: vagrant
    host: SSH auth method: private key
==> host: Mounting shared folders...
    host: /vagrant => C:/Users/root/Desktop/Vagrant/Ansible_test
==> web: Importing base box 'bento/centos-7.2'...
==> web: Matching MAC address for NAT networking...
==> web: Checking if box 'bento/centos-7.2' is up to date...
==> web: Setting the name of the VM: Ansible_test_web_1507558660591_30182
==> web: Fixed port collision for 22 => 2222. Now on port 2200.
==> web: Clearing any previously set network interfaces...
==> web: Preparing network interfaces based on configuration...
    web: Adapter 1: nat
    web: Adapter 2: bridged
==> web: Forwarding ports...
    web: 22 (guest) => 2200 (host) (adapter 1)
==> web: Booting VM...
==> web: Waiting for machine to boot. This may take a few minutes...
    web: SSH address: 127.0.0.1:2200
    web: SSH username: vagrant
    web: SSH auth method: private key
    web: Warning: Connection reset. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Remote connection disconnect. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Remote connection disconnect. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Remote connection disconnect. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Remote connection disconnect. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Remote connection disconnect. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Remote connection disconnect. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Remote connection disconnect. Retrying...
    web: Warning: Connection aborted. Retrying...
    web: Warning: Connection reset. Retrying...
    web: Warning: Connection aborted. Retrying...
    web:
    web: Vagrant insecure key detected. Vagrant will automatically replace
    web: this with a newly generated keypair for better security.
    web:
    web: Inserting generated public key within guest...
    web: Removing insecure key from the guest if it's present...
    web: Key inserted! Disconnecting and reconnecting using new SSH key...
==> web: Machine booted and ready!
==> web: Checking for guest additions in VM...
==> web: Setting hostname...
==> web: Configuring and enabling network interfaces...
    web: SSH address: 127.0.0.1:2200
    web: SSH username: vagrant
    web: SSH auth method: private key
==> web: Mounting shared folders...
    web: /vagrant => C:/Users/root/Desktop/Vagrant/Ansible_test
==> db: Importing base box 'bento/centos-7.2'...
==> db: Matching MAC address for NAT networking...
==> db: Checking if box 'bento/centos-7.2' is up to date...
==> db: Setting the name of the VM: Ansible_test_db_1507558737449_12722
==> db: Fixed port collision for 22 => 2222. Now on port 2201.
==> db: Clearing any previously set network interfaces...
==> db: Preparing network interfaces based on configuration...
    db: Adapter 1: nat
    db: Adapter 2: bridged
==> db: Forwarding ports...
    db: 22 (guest) => 2201 (host) (adapter 1)
==> db: Booting VM...
==> db: Waiting for machine to boot. This may take a few minutes...
    db: SSH address: 127.0.0.1:2201
    db: SSH username: vagrant
    db: SSH auth method: private key
    db: Warning: Connection reset. Retrying...
    db: Warning: Connection aborted. Retrying...
    db: Warning: Remote connection disconnect. Retrying...
    db: Warning: Connection aborted. Retrying...
    db: Warning: Remote connection disconnect. Retrying...
    db: Warning: Connection aborted. Retrying...
    db: Warning: Connection reset. Retrying...
    db: Warning: Remote connection disconnect. Retrying...
    db: Warning: Connection aborted. Retrying...
    db: Warning: Remote connection disconnect. Retrying...
    db: Warning: Connection aborted. Retrying...
    db: Warning: Remote connection disconnect. Retrying...
    db: Warning: Connection aborted. Retrying...
    db: Warning: Connection reset. Retrying...
    db: Warning: Connection aborted. Retrying...
    db: Warning: Remote connection disconnect. Retrying...
    db: Warning: Connection aborted. Retrying...
    db:
    db: Vagrant insecure key detected. Vagrant will automatically replace
    db: this with a newly generated keypair for better security.
    db:
    db: Inserting generated public key within guest...
    db: Removing insecure key from the guest if it's present...
    db: Key inserted! Disconnecting and reconnecting using new SSH key...
==> db: Machine booted and ready!
==> db: Checking for guest additions in VM...
==> db: Setting hostname...
==> db: Configuring and enabling network interfaces...
    db: SSH address: 127.0.0.1:2201
    db: SSH username: vagrant
    db: SSH auth method: private key
==> db: Mounting shared folders...
    db: /vagrant => C:/Users/root/Desktop/Vagrant/Ansible_test

 

 

C:\Users\root\Desktop\Vagrant\Ansible_test>vagrant ssh host

[vagrant@host ~]$

[vagrant@host ~]$ sudo yum install epel-release

[vagrant@host ~]$ sudo yum install ansible

 

“the python mysqldb module is required”対策

[vagrant@host ~]$ sudo yum install MySQL-python

 

 

 

ここからは、Teratermでhostサーバにログインし、web, dbホストを操作します。

  • 192.168.10.50:22
  • ユーザ:vagrant
  • パスワード:vagrant

 

 

接続先ホストの設定

[vagrant@host ~]$ vi .ssh/config


Host web
    HostName 192.168.10.51
Host db
    HostName 192.168.10.52

 

[vagrant@host ~]$ chmod 600 .ssh/config

 

 

 

[vagrant@host ~]$ ssh-keygen -t rsa -b 4096

Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
d7:64:6e:b5:a4:1a:9d:7a:6d:5b:6e:38:53:26:65:01 vagrant@host
The key's randomart image is:
+--[ RSA 4096]----+
|             E.  |
|               . |
|            o o .|
|           * = .o|
|        S o B .o |
|         . = .. o|
|          o . o=.|
|           . .++.|
|              .+.|
+-----------------+

 

 

公開鍵を渡します。

[vagrant@host ~]$ ssh-copy-id web

The authenticity of host '192.168.10.51 (192.168.10.51)' can't be established.
ECDSA key fingerprint is fa:c7:04:e6:3a:97:9d:f2:23:b9:ed:53:09:1b:b8:72.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vagrant@192.168.10.51's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'web'"
and check to make sure that only the key(s) you wanted were added.





[vagrant@host ~]$ ssh-copy-id db

The authenticity of host '192.168.10.52 (192.168.10.52)' can't be established.
ECDSA key fingerprint is fa:c7:04:e6:3a:97:9d:f2:23:b9:ed:53:09:1b:b8:72.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vagrant@192.168.10.52's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'db'"
and check to make sure that only the key(s) you wanted were added.

 

sshでログインできるか確認

[vagrant@host ~]$ ssh web
[vagrant@web ~]$ exit
logout
Connection to 192.168.10.51 closed.


[vagrant@host ~]$ ssh db
[vagrant@db ~]$ exit
logout
Connection to 192.168.10.52 closed.

 

[vagrant@host ~]$ ansible all -i hosts -m ping

192.168.10.52 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.10.51 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

 

コンフィグの作成

[vagrant@host ~]$ vi ansible.cfg

[defaults]
hostfile = ./hosts

 

疎通確認

$ ansible all -m ping

192.168.10.51 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.10.52 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

 

playbook.ymlの作成

[vagrant@host ~]$ vi playbook.yml


---
- hosts: all
  sudo: yes
  tasks:
    - name: Yum update
      yum: name=* state=latest




- hosts: web
  sudo: yes
  tasks:
    - name: Firewalldの状態チェック
      command: systemctl is-active firewalld
      register: firewalld_result
      changed_when: False
      ignore_errors: True

    - name: Firewalldの起動, 自動起動設定
      service: name=firewalld state=started enabled=yes

    - name: Firewalld設定 80許可
      firewalld: permanent=True port=80/tcp  state=enabled immediate=true
    - name: Firewalld設定 443許可
      firewalld: permanent=True port=443/tcp state=enabled immediate=true


    - name: PHPをインストール
      yum: name="{{item}}" state=latest
      with_items:
        - php
        - php-mysql
        - php-mbstring
        - php-gd
        - php-devel
        - php-xml

    - name: PHPのタイムゾーン設定
      ini_file: >
        dest=/etc/php.ini
        section=Date
        option=date.timezone
        value='"Asia/Tokyo"'

    - name: Apacheのインストール
      yum: name=httpd state=latest

    - name: start Apacheの起動, 自動起動設定
      service: name=httpd state=started enabled=yes

  handlers:
    - name: Firewalldの設定反映 読み込み
      service: name=firewalld state=restarted




- hosts: db
  sudo: yes
  vars:
    - mysql_root_password: rootpassword
  tasks:
    - name: MariaDB インストール
      yum: name={{item}} state=latest
      with_items:
        - MySQL-python
        - mariadb
        - mariadb-libs
        - mariadb-server
        - mariadb-devel


    - name: MySQL起動, 自動起動
      service: name=mariadb state=started enabled=yes

    - name: DBの作成
      mysql_db: name=wpdb state=present
    - name: DBユーザの作成 localhost, 192.168.10.0/24のみ
      mysql_user: name=wpdbuser password=wpdbpassword host={{ item }} priv=wpdb.*:ALL state=present
      with_items:
        - localhost
        - 192.168.11.%


    - name: ローカル接続制限無効化
      replace: >
        dest=/etc/my.cnf
        regexp='^bind-address'
        replace='#bind-address'


    - name: MySQL再起動, 自動起動
      service: name=mariadb state=restarted enabled=yes

    - name: Firewalldの起動, 自動起動設定
      service: name=firewalld state=started enabled=yes

    - name: Firewalld設定 3306許可 192.168.10.0/24のみDBへの接続許可
      firewalld: permanent=True port=3306/tcp source=192.168.11.0/24 state=enabled immediate=true

    - name: Firewalldの再起動, 自動起動設定
      service: name=firewalld state=restarted enabled=yes

 

 

構文確認

[vagrant@host ~]$ ansible-playbook playbook.yml --syntax-check

 

ドライラン

[vagrant@host ~]$ ansible-playbook playbook.yml --check

 

実行

[vagrant@host ~]$ ansible-playbook playbook.yml

 

 

 

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

日本語が含まれない投稿は無視されますのでご注意ください。(スパム対策)