説明
演習問題
Q1. プレイブック「 install_apache.yml 」の RedHat 系用のタスクと Debian 系用のタスクを ansible.builtin.import_role
モジュールを使用して取り込むよう書き直してください。
- インベントリーファイルの内容hosts.yml
--- all: children: web: hosts: marutamachi: # CentOS/8.3 (RedHat) takeyamachi: # CentOS/7.8 (RedHat) oshikoji: # Debian10 (Debian) mail: hosts: nijyo: ebisugawa: database: hosts: oshikoji: oike:
group_vars/all.yml--- ansible_user: vagrant ansible_password: vagrant
host_vas/marutamachi.yml--- ansible_host: 192.168.111.101
host_vas/takeyamachi.yml--- ansible_host: 192.168.111.102
host_vas/ebisugawa.yml--- ansible_host: 192.168.111.103
host_vas/nijyo.yml--- ansible_host: 192.168.111.104
host_vas/oshikoji.yml--- ansible_host: 192.168.111.105 ansible_python_interpreter: /usr/bin/python3
host_vas/oike.yml--- ansible_host: 192.168.111.106 ansible_python_interpreter: /usr/libexec/platform-python
- 変更対象のプレイブックinstall_apache.yml
--- - name: Identify the OS and install Apache. hosts: all become: yes vars_files: - redhhat_parameters.yml - debian_parameters.yml tasks: - name: RedHat system block: - name: Install the httpd package on the RedHat system version 7. ansible.builtin.yum: name: "{{ apache_package_name }}" state: present when: - ansible_facts['distribution_major_version'] == "7" notify: - start httpd service - name: Install the httpd package on the RedHat system version 8. ansible.builtin.dnf: name: "{{ apache_package_name }}" state: present when: - ansible_facts['distribution_major_version'] == "8" notify: - start httpd service - name: Install the firewalld package on the RedHat system. ansible.builtin.yum: name: "{{ redhat_firewwall_package_name }}" state: present - name: Start the firewalld service on the RedHat system. ansible.builtin.systemd: name: "{{ redhat_firewwall_service_name }}" enabled: yes state: started - name: Drill a hole for the httpd port in the RedHat system. ansible.posix.firewalld: port: "{{ apache_listening_port }}/tcp" permanent: yes immediate: yes state: enabled when: - inventory_hostname in groups['web'] - ansible_facts['os_family'] == "RedHat" - name: Debian system block: - name: Install the apache2 package on the Debian system. ansible.builtin.apt: name: "{{ apache2_package_name }}" state: present notify: - start apache2 service - name: Install the firewalld package on the Debian system. ansible.builtin.apt: name: "{{ debian_firewwall_package_name }}" state: present - name: Start the firewalld service on the Debian system. ansible.builtin.systemd: name: "{{ debian_firewwall_service_name }}" enabled: yes state: started - name: Drill a hole for the apache2 port in the Debian system. community.general.ufw: rule: allow to_port: "{{ apache2_listening_port }},{{ ssh_listening_port }}" proto: tcp state: enabled when: - inventory_hostname in groups['web'] - ansible_facts['os_family'] == "Debian" handlers: - name: Set the server name in the RedHat system. ansible.builtin.lineinfile: path: "{{ apache_conf_path }}" regexp: "^#ServerName" line: "ServerName {{ ansible_facts['fqdn'] }}:{{ apache_listening_port }}" state: present listen: - start httpd service - name: Change the listening port number of the http service on RedHat systems. ansible.builtin.lineinfile: path: "{{ apache_conf_path }}" regexp: "^Listen " line: "Listen {{ apache_listening_port }}" validate: httpd -t -f %s state: present listen: - start httpd service - name: Start/Restart the http service on the RedHat system. ansible.builtin.systemd: name: "{{ apache_service_name }}" state: restarted listen: - start httpd service - name: Set the server name in the Debian system. ansible.builtin.lineinfile: path: "{{ apache2_conf_path }}" insertafter: "^#ServerRoot " line: "ServerName {{ ansible_facts['hostname'] }}.exam.local" state: present listen: - start apache2 service - name: Change the listening port number of the apache2 service on Debian systems. ansible.builtin.lineinfile: path: "{{ apache2_port_conf_path }}" regexp: "^Listen 80" line: "Listen {{ apache2_listening_port }}" state: present listen: - start apache2 service - name: Check the Apache2 configuration files on Debian systems. ansible.builtin.command: apache2ctl configtest listen: - start apache2 service - name: Start/Restart the apache2 service on the Debian system. ansible.builtin.systemd: name: "{{ apache2_service_name }}" state: restarted listen: - start apache2 service
redhhat_parameters.yml--- apache_listening_port: 8080 apache_conf_path: /etc/httpd/conf/httpd.conf apache_package_name: httpd apache_service_name: httpd.service redhat_firewwall_package_name: firewalld redhat_firewwall_service_name: firewalld.service
debian_parameters.yml--- ssh_listening_port: 22 apache2_listening_port: 8080 apache2_conf_path: /etc/apache2/apache2.conf apache2_port_conf_path: /etc/apache2/ports.conf apache2_package_name: apache2 apache2_service_name: apache2.service debian_firewwall_package_name: ufw debian_firewwall_service_name: ufw.service
解答
- ファイル「 redhhat_parameters.yml 」と「 debian_parameters.yml 」は使用しません。
- ファイル「 redhhat_parameters.yml 」と「 debian_parameters.yml 」の内容はそれぞれのロールの「 defaults/main.yml 」ファイルに書いています。ただし、デフォルトから変更されてい http ポート番号はデフォルトの値 (80) を記載します。
- 変更後の http ポートの値 (8080) はそれぞれのロールの「 vars/main.yml 」ファイルに記載します。
- ディレクトリー「 host_vars/ 」と「 group_vars/ 」の内容 / 構成は変更しません(そのまま使用します)。
y_mrok@ctrl:~/code/chap21$ tree -A
.
├── group_vars
│ └── all.yml
├── host_vars
│ ├── ebisugawa.yml
│ ├── marutamachi.yml
│ ├── nijyo.yml
│ ├── oike.yml
│ ├── oshikoji.yml
│ └── takeyamachi.yml
├── hosts.yml
├── install_apache.yml
└── roles
├── debian_apache
│ ├── defaults
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── vars
│ └── main.yml
└── redhat_apache
├── defaults
│ └── main.yml
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
└── vars
└── main.yml
13 directories, 17 files
y_mrok@ctrl:~/code/chap21$
install_apache.yml
---
- name: Identify the OS and install Apache.
hosts: all
tasks:
- name: RedHat system
ansible.builtin.import_role:
name: redhat_apache
when:
- inventory_hostname in groups['web']
- ansible_facts['os_family'] == "RedHat"
- name: Debian system
ansible.builtin.import_role:
name: debian_apache
when:
- inventory_hostname in groups['web']
- ansible_facts['os_family'] == "Debian"
roles/redhat_apache/defaults/main.yml
---
apache_listening_port: 80
apache_conf_path: /etc/httpd/conf/httpd.conf
apache_package_name: httpd
apache_service_name: httpd.service
redhat_firewwall_package_name: firewalld
redhat_firewwall_service_name: firewalld.service
roles/redhat_apache/vars/main.yml
---
apache_listening_port: 8080
roles/redhat_apache/tasks/main.yml
---
- name: Install the httpd package on the RedHat system version 7.
ansible.builtin.yum:
name: "{{ apache_package_name }}"
state: present
when:
- ansible_facts['distribution_major_version'] == "7"
become: yes
notify:
- start httpd service
- name: Install the httpd package on the RedHat system version 8.
ansible.builtin.dnf:
name: "{{ apache_package_name }}"
state: present
when:
- ansible_facts['distribution_major_version'] == "8"
become: yes
notify:
- start httpd service
- name: Install the firewalld package on the RedHat system.
ansible.builtin.yum:
name: "{{ redhat_firewwall_package_name }}"
state: present
become: yes
- name: Start the firewalld service on the RedHat system.
ansible.builtin.systemd:
name: "{{ redhat_firewwall_service_name }}"
enabled: yes
state: started
become: yes
- name: Drill a hole for the httpd port in the RedHat system.
ansible.posix.firewalld:
port: "{{ apache_listening_port }}/tcp"
permanent: yes
immediate: yes
state: enabled
become: yes
roles/redhat_apache/handlers/main.yml
---
- name: Set the server name in the RedHat system.
ansible.builtin.lineinfile:
path: "{{ apache_conf_path }}"
regexp: "^#ServerName"
line: "ServerName {{ ansible_facts['fqdn'] }}:{{ apache_listening_port }}"
state: present
become: yes
listen:
- start httpd service
- name: Change the listening port number of the http service on RedHat systems.
ansible.builtin.lineinfile:
path: "{{ apache_conf_path }}"
regexp: "^Listen "
line: "Listen {{ apache_listening_port }}"
validate: httpd -t -f %s
state: present
become: yes
listen:
- start httpd service
- name: Start/Restart the http service on the RedHat system.
ansible.builtin.systemd:
name: "{{ apache_service_name }}"
state: restarted
become: yes
listen:
- start httpd service
roles/debian_apache/defaults/main.yml
---
ssh_listening_port: 22
apache2_listening_port: 80
apache2_conf_path: /etc/apache2/apache2.conf
apache2_port_conf_path: /etc/apache2/ports.conf
apache2_package_name: apache2
apache2_service_name: apache2.service
debian_firewwall_package_name: ufw
debian_firewwall_service_name: ufw.service
roles/debian_apache/vars/main.yml
---
apache2_listening_port: 8080
roles/debian_apache/tasks/main.yml
---
- name: Install the apache2 package on the Debian system.
ansible.builtin.apt:
name: "{{ apache2_package_name }}"
state: present
become: yes
notify:
- start apache2 service
- name: Install the firewalld package on the Debian system.
ansible.builtin.apt:
name: "{{ debian_firewwall_package_name }}"
state: present
become: yes
- name: Start the firewalld service on the Debian system.
ansible.builtin.systemd:
name: "{{ debian_firewwall_service_name }}"
enabled: yes
state: started
become: yes
- name: Drill a hole for the apache2 port in the Debian system.
community.general.ufw:
rule: allow
to_port: "{{ apache2_listening_port }},{{ ssh_listening_port }}"
proto: tcp
state: enabled
become: yes
roles/debian_apache/handlers/main.yml
---
- name: Set the server name in the Debian system.
ansible.builtin.lineinfile:
path: "{{ apache2_conf_path }}"
insertafter: "^#ServerRoot "
line: "ServerName {{ ansible_facts['hostname'] }}.exam.local"
state: present
become: yes
listen:
- start apache2 service
- name: Change the listening port number of the apache2 service on Debian systems.
ansible.builtin.lineinfile:
path: "{{ apache2_port_conf_path }}"
regexp: "^Listen 80"
line: "Listen {{ apache2_listening_port }}"
state: present
become: yes
listen:
- start apache2 service
- name: Check the Apache2 configuration files on Debian systems.
ansible.builtin.command: apache2ctl configtest
become: yes
listen:
- start apache2 service
- name: Start/Restart the apache2 service on the Debian system.
ansible.builtin.systemd:
name: "{{ apache2_service_name }}"
state: restarted
become: yes
listen:
- start apache2 service
y_mrok@ctrl:~/code/chap21$ ansible-playbook -i hosts.yml install_apache.yml
PLAY [Identify the OS and install Apache.] ***********************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [oshikoji]
ok: [takeyamachi]
ok: [nijyo]
ok: [marutamachi]
ok: [ebisugawa]
ok: [oike]
TASK [redhat_apache : Install the httpd package on the RedHat system version 7.] *********************************************************************
skipping: [marutamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [takeyamachi]
TASK [redhat_apache : Install the httpd package on the RedHat system version 8.] *********************************************************************
skipping: [takeyamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [marutamachi]
TASK [redhat_apache : Install the firewalld package on the RedHat system.] ***************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]
ok: [marutamachi]
TASK [redhat_apache : Start the firewalld service on the RedHat system.] *****************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [takeyamachi]
changed: [marutamachi]
TASK [redhat_apache : Drill a hole for the httpd port in the RedHat system.] *************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [marutamachi]
changed: [takeyamachi]
TASK [debian_apache : Install the apache2 package on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]
TASK [debian_apache : Install the firewalld package on the Debian system.] ***************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]
TASK [debian_apache : Start the firewalld service on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]
TASK [debian_apache : Drill a hole for the apache2 port in the Debian system.] ***********************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]
RUNNING HANDLER [redhat_apache : Set the server name in the RedHat system.] **************************************************************************
changed: [takeyamachi]
changed: [marutamachi]
RUNNING HANDLER [redhat_apache : Change the listening port number of the http service on RedHat systems.] ********************************************
changed: [takeyamachi]
changed: [marutamachi]
RUNNING HANDLER [redhat_apache : Start/Restart the http service on the RedHat system.] ***************************************************************
changed: [takeyamachi]
changed: [marutamachi]
RUNNING HANDLER [debian_apache : Set the server name in the Debian system.] **************************************************************************
changed: [oshikoji]
RUNNING HANDLER [debian_apache : Change the listening port number of the apache2 service on Debian systems.] *****************************************
changed: [oshikoji]
RUNNING HANDLER [debian_apache : Check the Apache2 configuration files on Debian systems.] ***********************************************************
changed: [oshikoji]
RUNNING HANDLER [debian_apache : Start/Restart the apache2 service on the Debian system.] ************************************************************
changed: [oshikoji]
PLAY RECAP *******************************************************************************************************************************************
ebisugawa : ok=1 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
marutamachi : ok=8 changed=6 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
nijyo : ok=1 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
oike : ok=1 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
oshikoji : ok=9 changed=8 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
takeyamachi : ok=8 changed=6 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
y_mrok@ctrl:~/code/chap21$
冪等性を確認
y_mrok@ctrl:~/code/chap21$ ansible-playbook -i hosts.yml install_apache.yml
PLAY [Identify the OS and install Apache.] ***********************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [oshikoji]
ok: [takeyamachi]
ok: [marutamachi]
ok: [nijyo]
ok: [ebisugawa]
ok: [oike]
TASK [redhat_apache : Install the httpd package on the RedHat system version 7.] *********************************************************************
skipping: [marutamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]
TASK [redhat_apache : Install the httpd package on the RedHat system version 8.] *********************************************************************
skipping: [takeyamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [marutamachi]
TASK [redhat_apache : Install the firewalld package on the RedHat system.] ***************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]
ok: [marutamachi]
TASK [redhat_apache : Start the firewalld service on the RedHat system.] *****************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]
ok: [marutamachi]
TASK [redhat_apache : Drill a hole for the httpd port in the RedHat system.] *************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [marutamachi]
ok: [takeyamachi]
TASK [debian_apache : Install the apache2 package on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]
TASK [debian_apache : Install the firewalld package on the Debian system.] ***************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]
TASK [debian_apache : Start the firewalld service on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]
TASK [debian_apache : Drill a hole for the apache2 port in the Debian system.] ***********************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]
PLAY RECAP *******************************************************************************************************************************************
ebisugawa : ok=1 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
marutamachi : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
nijyo : ok=1 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
oike : ok=1 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
oshikoji : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
takeyamachi : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
y_mrok@ctrl:~/code/chap21$
Q2. それぞれの管理対象ノード上で Apache が動作していることを確認するため、ブラウザーでテストページを表示してください。
解答
- 管理対象ノード : marutamachi
http://192.168.111.101:8080/
- 管理対象ノード : takeyamachi
http://192.168.111.102:8080/
- 管理対象ノード : oshikoji
http://192.168.111.105:8080/