Chapter 21

タスクを切り出す#3 : ansible.builtin.import_role

y_mrok
y_mrok
2021.12.05に更新
このチャプターの目次

説明

この章の説明はこのリンクをクリックしてください。

演習問題

Q1. プレイブック「 install_apache.yml 」の RedHat 系用のタスクと Debian 系用のタスクを ansible.builtin.import_role モジュールを使用して取り込むよう書き直してください。

  • インベントリーファイルの内容
    hosts.yml
    ---
    all:
      children:
        web:
          hosts:
            marutamachi: # CentOS/8.3 (RedHat)
            takeyamachi: # CentOS/7.8 (RedHat)
            oshikoji:    # Debian10 (Debian)
        mail:
          hosts:
            nijyo:
            ebisugawa:
        database:
          hosts:
            oshikoji:
            oike:
    
    group_vars/all.yml
    ---
    ansible_user: vagrant
    ansible_password: vagrant
    
    host_vas/marutamachi.yml
    ---
    ansible_host: 192.168.111.101
    
    host_vas/takeyamachi.yml
    ---
    ansible_host: 192.168.111.102
    
    host_vas/ebisugawa.yml
    ---
    ansible_host: 192.168.111.103
    
    host_vas/nijyo.yml
    ---
    ansible_host: 192.168.111.104
    
    host_vas/oshikoji.yml
    ---
    ansible_host: 192.168.111.105
    ansible_python_interpreter: /usr/bin/python3
    
    host_vas/oike.yml
    ---
    ansible_host: 192.168.111.106
    ansible_python_interpreter: /usr/libexec/platform-python
    
  • 変更対象のプレイブック
    install_apache.yml
    ---
    - name: Identify the OS and install Apache.
      hosts: all
      become: yes
    
      vars_files:
        - redhhat_parameters.yml
        - debian_parameters.yml
    
      tasks:
        - name: RedHat system
          block:
            - name: Install the httpd package on the RedHat system version 7.
              ansible.builtin.yum:
                name: "{{ apache_package_name }}"
                state: present
              when:
                - ansible_facts['distribution_major_version'] == "7"
              notify:
                - start httpd service
            - name: Install the httpd package on the RedHat system version 8.
              ansible.builtin.dnf:
                name: "{{ apache_package_name }}"
                state: present
              when:
                - ansible_facts['distribution_major_version'] == "8"
              notify:
                - start httpd service
            - name: Install the firewalld package on the RedHat system.
              ansible.builtin.yum:
                name: "{{ redhat_firewwall_package_name }}"
                state: present
            - name: Start the firewalld service on the RedHat system.
              ansible.builtin.systemd:
                name: "{{ redhat_firewwall_service_name }}"
                enabled: yes
                state: started
            - name: Drill a hole for the httpd port in the RedHat system.
              ansible.posix.firewalld:
                port: "{{ apache_listening_port }}/tcp"
                permanent: yes
                immediate: yes
                state: enabled
          when:
            - inventory_hostname in groups['web']
            - ansible_facts['os_family'] == "RedHat"
        - name: Debian system
          block:
            - name: Install the apache2 package on the Debian system.
              ansible.builtin.apt:
                name: "{{ apache2_package_name }}"
                state: present
              notify:
                - start apache2 service
            - name: Install the firewalld package on the Debian system.
              ansible.builtin.apt:
                name: "{{ debian_firewwall_package_name }}"
                state: present
            - name: Start the firewalld service on the Debian system.
              ansible.builtin.systemd:
                name: "{{ debian_firewwall_service_name }}"
                enabled: yes
                state: started
            - name: Drill a hole for the apache2 port in the Debian system.
              community.general.ufw:
                rule: allow
                to_port: "{{ apache2_listening_port }},{{ ssh_listening_port }}"
                proto: tcp
                state: enabled
          when:
            - inventory_hostname in groups['web']
            - ansible_facts['os_family'] == "Debian"
      
      handlers:
        - name: Set the server name in the RedHat system.
          ansible.builtin.lineinfile:
            path: "{{ apache_conf_path }}"
            regexp: "^#ServerName"
            line: "ServerName {{ ansible_facts['fqdn'] }}:{{ apache_listening_port }}"
            state: present
          listen:
            - start httpd service
        - name: Change the listening port number of the http service on RedHat systems.
          ansible.builtin.lineinfile:
            path: "{{ apache_conf_path }}"
            regexp: "^Listen "
            line: "Listen {{ apache_listening_port }}"
            validate: httpd -t -f %s 
            state: present
          listen:
            - start httpd service
        - name: Start/Restart the http service on the RedHat system.
          ansible.builtin.systemd:
            name: "{{ apache_service_name }}"
            state: restarted
          listen:
            - start httpd service
        - name: Set the server name in the Debian system.
          ansible.builtin.lineinfile:
            path: "{{ apache2_conf_path }}"
            insertafter: "^#ServerRoot "
            line: "ServerName {{ ansible_facts['hostname'] }}.exam.local"
            state: present
          listen:
            - start apache2 service
        - name: Change the listening port number of the apache2 service on Debian systems.
          ansible.builtin.lineinfile:
            path: "{{ apache2_port_conf_path }}"
            regexp: "^Listen 80"
            line: "Listen {{ apache2_listening_port }}"
            state: present
          listen:
            - start apache2 service
        - name: Check the Apache2 configuration files on Debian systems.
          ansible.builtin.command: apache2ctl configtest 
          listen:
            - start apache2 service
        - name: Start/Restart the apache2 service on the Debian system.
          ansible.builtin.systemd:
            name: "{{ apache2_service_name }}"
            state: restarted
          listen:
            - start apache2 service
    
    redhhat_parameters.yml
    ---
    apache_listening_port: 8080
    apache_conf_path: /etc/httpd/conf/httpd.conf
    apache_package_name: httpd
    apache_service_name: httpd.service
    redhat_firewwall_package_name: firewalld
    redhat_firewwall_service_name: firewalld.service
    
    debian_parameters.yml
    ---
    ssh_listening_port: 22
    apache2_listening_port: 8080
    apache2_conf_path: /etc/apache2/apache2.conf
    apache2_port_conf_path: /etc/apache2/ports.conf
    apache2_package_name: apache2
    apache2_service_name: apache2.service
    debian_firewwall_package_name: ufw
    debian_firewwall_service_name: ufw.service
    
解答
  • ファイル「 redhhat_parameters.yml 」と「 debian_parameters.yml 」は使用しません。
  • ファイル「 redhhat_parameters.yml 」と「 debian_parameters.yml 」の内容はそれぞれのロールの「 defaults/main.yml 」ファイルに書いています。ただし、デフォルトから変更されてい http ポート番号はデフォルトの値 (80) を記載します。
  • 変更後の http ポートの値 (8080) はそれぞれのロールの「 vars/main.yml 」ファイルに記載します。
  • ディレクトリー「 host_vars/ 」と「 group_vars/ 」の内容 / 構成は変更しません(そのまま使用します)。
y_mrok@ctrl:~/code/chap21$ tree -A
.
├── group_vars
│   └── all.yml
├── host_vars
│   ├── ebisugawa.yml
│   ├── marutamachi.yml
│   ├── nijyo.yml
│   ├── oike.yml
│   ├── oshikoji.yml
│   └── takeyamachi.yml
├── hosts.yml
├── install_apache.yml
└── roles
    ├── debian_apache
    │   ├── defaults
    │   │   └── main.yml
    │   ├── handlers
    │   │   └── main.yml
    │   ├── tasks
    │   │   └── main.yml
    │   └── vars
    │       └── main.yml
    └── redhat_apache
        ├── defaults
        │   └── main.yml
        ├── handlers
        │   └── main.yml
        ├── tasks
        │   └── main.yml
        └── vars
            └── main.yml

13 directories, 17 files
y_mrok@ctrl:~/code/chap21$ 
install_apache.yml
---
- name: Identify the OS and install Apache.
  hosts: all

  tasks:
    - name: RedHat system
      ansible.builtin.import_role:
        name: redhat_apache
      when:
        - inventory_hostname in groups['web']
        - ansible_facts['os_family'] == "RedHat"
    - name: Debian system
      ansible.builtin.import_role:
        name: debian_apache
      when:
        - inventory_hostname in groups['web']
        - ansible_facts['os_family'] == "Debian"
roles/redhat_apache/defaults/main.yml
---
apache_listening_port: 80
apache_conf_path: /etc/httpd/conf/httpd.conf
apache_package_name: httpd
apache_service_name: httpd.service
redhat_firewwall_package_name: firewalld
redhat_firewwall_service_name: firewalld.service
roles/redhat_apache/vars/main.yml
---
apache_listening_port: 8080
roles/redhat_apache/tasks/main.yml
---
- name: Install the httpd package on the RedHat system version 7.
  ansible.builtin.yum:
    name: "{{ apache_package_name }}"
    state: present
  when:
    - ansible_facts['distribution_major_version'] == "7"
  become: yes
  notify:
    - start httpd service
- name: Install the httpd package on the RedHat system version 8.
  ansible.builtin.dnf:
    name: "{{ apache_package_name }}"
    state: present
  when:
    - ansible_facts['distribution_major_version'] == "8"
  become: yes
  notify:
    - start httpd service
- name: Install the firewalld package on the RedHat system.
  ansible.builtin.yum:
    name: "{{ redhat_firewwall_package_name }}"
    state: present
  become: yes
- name: Start the firewalld service on the RedHat system.
  ansible.builtin.systemd:
    name: "{{ redhat_firewwall_service_name }}"
    enabled: yes
    state: started
  become: yes
- name: Drill a hole for the httpd port in the RedHat system.
  ansible.posix.firewalld:
    port: "{{ apache_listening_port }}/tcp"
    permanent: yes
    immediate: yes
    state: enabled
  become: yes
roles/redhat_apache/handlers/main.yml
---
- name: Set the server name in the RedHat system.
  ansible.builtin.lineinfile:
    path: "{{ apache_conf_path }}"
    regexp: "^#ServerName"
    line: "ServerName {{ ansible_facts['fqdn'] }}:{{ apache_listening_port }}"
    state: present
  become: yes
  listen:
    - start httpd service
- name: Change the listening port number of the http service on RedHat systems.
  ansible.builtin.lineinfile:
    path: "{{ apache_conf_path }}"
    regexp: "^Listen "
    line: "Listen {{ apache_listening_port }}"
    validate: httpd -t -f %s 
    state: present
  become: yes
  listen:
    - start httpd service
- name: Start/Restart the http service on the RedHat system.
  ansible.builtin.systemd:
    name: "{{ apache_service_name }}"
    state: restarted
  become: yes
  listen:
    - start httpd service
roles/debian_apache/defaults/main.yml
---
ssh_listening_port: 22
apache2_listening_port: 80
apache2_conf_path: /etc/apache2/apache2.conf
apache2_port_conf_path: /etc/apache2/ports.conf
apache2_package_name: apache2
apache2_service_name: apache2.service
debian_firewwall_package_name: ufw
debian_firewwall_service_name: ufw.service
roles/debian_apache/vars/main.yml
---
apache2_listening_port: 8080
roles/debian_apache/tasks/main.yml
---
- name: Install the apache2 package on the Debian system.
  ansible.builtin.apt:
    name: "{{ apache2_package_name }}"
    state: present
  become: yes
  notify:
    - start apache2 service
- name: Install the firewalld package on the Debian system.
  ansible.builtin.apt:
    name: "{{ debian_firewwall_package_name }}"
    state: present
  become: yes
- name: Start the firewalld service on the Debian system.
  ansible.builtin.systemd:
    name: "{{ debian_firewwall_service_name }}"
    enabled: yes
    state: started
  become: yes
- name: Drill a hole for the apache2 port in the Debian system.
  community.general.ufw:
    rule: allow
    to_port: "{{ apache2_listening_port }},{{ ssh_listening_port }}"
    proto: tcp
    state: enabled
  become: yes
roles/debian_apache/handlers/main.yml
---
- name: Set the server name in the Debian system.
  ansible.builtin.lineinfile:
    path: "{{ apache2_conf_path }}"
    insertafter: "^#ServerRoot "
    line: "ServerName {{ ansible_facts['hostname'] }}.exam.local"
    state: present
  become: yes
  listen:
    - start apache2 service
- name: Change the listening port number of the apache2 service on Debian systems.
  ansible.builtin.lineinfile:
    path: "{{ apache2_port_conf_path }}"
    regexp: "^Listen 80"
    line: "Listen {{ apache2_listening_port }}"
    state: present
  become: yes
  listen:
    - start apache2 service
- name: Check the Apache2 configuration files on Debian systems.
  ansible.builtin.command: apache2ctl configtest 
  become: yes
  listen:
    - start apache2 service
- name: Start/Restart the apache2 service on the Debian system.
  ansible.builtin.systemd:
    name: "{{ apache2_service_name }}"
    state: restarted
  become: yes
  listen:
    - start apache2 service
y_mrok@ctrl:~/code/chap21$ ansible-playbook -i hosts.yml install_apache.yml 

PLAY [Identify the OS and install Apache.] ***********************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************
ok: [oshikoji]
ok: [takeyamachi]
ok: [nijyo]
ok: [marutamachi]
ok: [ebisugawa]
ok: [oike]

TASK [redhat_apache : Install the httpd package on the RedHat system version 7.] *********************************************************************
skipping: [marutamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [takeyamachi]

TASK [redhat_apache : Install the httpd package on the RedHat system version 8.] *********************************************************************
skipping: [takeyamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [marutamachi]

TASK [redhat_apache : Install the firewalld package on the RedHat system.] ***************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]
ok: [marutamachi]

TASK [redhat_apache : Start the firewalld service on the RedHat system.] *****************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [takeyamachi]
changed: [marutamachi]

TASK [redhat_apache : Drill a hole for the httpd port in the RedHat system.] *************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [marutamachi]
changed: [takeyamachi]

TASK [debian_apache : Install the apache2 package on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]

TASK [debian_apache : Install the firewalld package on the Debian system.] ***************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]

TASK [debian_apache : Start the firewalld service on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]

TASK [debian_apache : Drill a hole for the apache2 port in the Debian system.] ***********************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
changed: [oshikoji]

RUNNING HANDLER [redhat_apache : Set the server name in the RedHat system.] **************************************************************************
changed: [takeyamachi]
changed: [marutamachi]

RUNNING HANDLER [redhat_apache : Change the listening port number of the http service on RedHat systems.] ********************************************
changed: [takeyamachi]
changed: [marutamachi]

RUNNING HANDLER [redhat_apache : Start/Restart the http service on the RedHat system.] ***************************************************************
changed: [takeyamachi]
changed: [marutamachi]

RUNNING HANDLER [debian_apache : Set the server name in the Debian system.] **************************************************************************
changed: [oshikoji]

RUNNING HANDLER [debian_apache : Change the listening port number of the apache2 service on Debian systems.] *****************************************
changed: [oshikoji]

RUNNING HANDLER [debian_apache : Check the Apache2 configuration files on Debian systems.] ***********************************************************
changed: [oshikoji]

RUNNING HANDLER [debian_apache : Start/Restart the apache2 service on the Debian system.] ************************************************************
changed: [oshikoji]

PLAY RECAP *******************************************************************************************************************************************
ebisugawa                  : ok=1    changed=0    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
marutamachi                : ok=8    changed=6    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   
nijyo                      : ok=1    changed=0    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
oike                       : ok=1    changed=0    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
oshikoji                   : ok=9    changed=8    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   
takeyamachi                : ok=8    changed=6    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   

y_mrok@ctrl:~/code/chap21$ 

冪等性を確認

y_mrok@ctrl:~/code/chap21$ ansible-playbook -i hosts.yml install_apache.yml 

PLAY [Identify the OS and install Apache.] ***********************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************
ok: [oshikoji]
ok: [takeyamachi]
ok: [marutamachi]
ok: [nijyo]
ok: [ebisugawa]
ok: [oike]

TASK [redhat_apache : Install the httpd package on the RedHat system version 7.] *********************************************************************
skipping: [marutamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]

TASK [redhat_apache : Install the httpd package on the RedHat system version 8.] *********************************************************************
skipping: [takeyamachi]
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [marutamachi]

TASK [redhat_apache : Install the firewalld package on the RedHat system.] ***************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]
ok: [marutamachi]

TASK [redhat_apache : Start the firewalld service on the RedHat system.] *****************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [takeyamachi]
ok: [marutamachi]

TASK [redhat_apache : Drill a hole for the httpd port in the RedHat system.] *************************************************************************
skipping: [oshikoji]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [marutamachi]
ok: [takeyamachi]

TASK [debian_apache : Install the apache2 package on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]

TASK [debian_apache : Install the firewalld package on the Debian system.] ***************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]

TASK [debian_apache : Start the firewalld service on the Debian system.] *****************************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]

TASK [debian_apache : Drill a hole for the apache2 port in the Debian system.] ***********************************************************************
skipping: [marutamachi]
skipping: [takeyamachi]
skipping: [nijyo]
skipping: [ebisugawa]
skipping: [oike]
ok: [oshikoji]

PLAY RECAP *******************************************************************************************************************************************
ebisugawa                  : ok=1    changed=0    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
marutamachi                : ok=5    changed=0    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   
nijyo                      : ok=1    changed=0    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
oike                       : ok=1    changed=0    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
oshikoji                   : ok=5    changed=0    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   
takeyamachi                : ok=5    changed=0    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   

y_mrok@ctrl:~/code/chap21$ 

Q2. それぞれの管理対象ノード上で Apache が動作していることを確認するため、ブラウザーでテストページを表示してください。

解答
  • 管理対象ノード : marutamachi
http://192.168.111.101:8080/
  • 管理対象ノード : takeyamachi
http://192.168.111.102:8080/
  • 管理対象ノード : oshikoji
http://192.168.111.105:8080/