Ansible: apache + nginx + mysql + haproxy + dns
종합 실습적 성격을 띠는 ansible 구성입니다.
1. node1
1.1. webhttp.yml
---
- name: wordpress download, httpd install, config file fix
hosts: web
gather_facts: false
ignore_errors: true
tasks:
- name: wget, tar package install
yum:
name: "{{ item }}"
state: present
loop:
- wget
- tar
- php
- php-cli
- php-common
- php-gd
- php-mysqlnd
- php-curl
- php-opcache
- name: httpd install
dnf:
name: httpd
state: installed
- name: wordpress download
get_url:
url: https://ko.wordpress.org/wordpress-5.7.8-ko_KR.tar.gz
dest: ./
- name: unarchive wordpress
unarchive:
src: ./wordpress-5.7.8-ko_KR.tar.gz
dest: ./
remote_src: yes
- name: wordpress file copy
copy:
src: ./wordpress/
dest: /var/www/html/
remote_src: yes
- name: httpd config fix
replace:
path: /etc/httpd/conf/httpd.conf
regexp: DirectoryIndex index.html
replace: DirectoryIndex index.php
- name: wordpress config file create
copy:
src: /var/www/html/wp-config-sample.php
dest: /var/www/html/wp-config.php
remote_src: yes
- name: wordpress config fix
replace:
path: /var/www/html/wp-config.php
regexp: "{{ item.src }}"
replace: "{{ item.dest }}"
loop:
- {src: 'database_name_here', dest: 'wordpress'}
- {src: 'username_here', dest: 'root'}
- {src: 'password_here', dest: 'It12345!'}
- {src: 'localhost', dest: '10.0.0.14'}
- name: httpd start
systemd:
name: httpd
state: started
enabled: yes
- name: firewall tcp/80 open
firewalld:
port: 80/tcp
state: enabled
immediate: yes
permanent: yes
1.2. delwebhttp.yml
---
- name: wget, tar, http, php package remove, /etc/httpd, /var/www/html delete
hosts: web
gather_facts: true
ignore_errors: true
tasks:
- name: package remove
yum:
name:
- wget
- tar
- httpd
- php
- php-cli
- php-common
- php-gd
- php-curl
- php-opcache
- php-mysqlnd
state: absent
autoremove: yes
- name: directory remove
file:
path: "{{ item }}"
state: absent
loop:
- '/etc/httpd'
- '/var/www/html'
- '/root/wordpress'
- '/root/wordpress-5.7.8-ko_KR.tar.gz'
- name: firewall init
firewalld:
port: 80/tcp
state: disabled
2. node2
2.1. webnginx.yml
---
- name: nginx install, php install, config nginx
hosts: was
tasks:
- name: install nginx
dnf:
name:
- wget
- tar
- epel-release
state: present
ignore_errors: yes
- name: nginx package install
dnf:
name:
- nginx
- nginx-core
state: present
ignore_errors: yes
- name: url download wordpress
get_url:
url: https://ko.wordpress.org/wordpress-5.7.8-ko_KR.tar.gz
dest: ./
- name: unarchive
unarchive:
src: wordpress-5.7.8-ko_KR.tar.gz
dest: ./
remote_src: yes
- name: copy wordpress file
copy:
src: ./wordpress/
dest: /usr/share/nginx/html/
remote_src: yes
- name: wordpress-config file create
copy:
src: /usr/share/nginx/html/wp-config-sample.php
dest: /usr/share/nginx/html/wp-config.php
remote_src: yes
- name: php8.0 install
dnf:
name:
- php
- php-cli
- php-curl
- php-common
- php-gd
- php-mysqlnd
- php-fpm
state: present
ignore_errors: yes
- name: www.conf fixed
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: "{{ item.src }}"
line: "{{ item.dest }}"
loop:
- { src: 'user = apache', dest: 'user = nginx' }
- { src: 'group = apache', dest: 'group = nginx' }
- { src: 'listen.owner = nobody', dest: 'listen.owner = nginx' }
- { src: 'listen.group = nobody', dest: 'listen.group = nginx' }
- name: nginx.conf fixed
blockinfile:
path: /etc/nginx/nginx.conf
insertbefore: '^(\s+error_page+\s)404 /404.html;'
block: |
# babo
index index.php;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
- name: wp-config.php fixed
replace:
path: /usr/share/nginx/html/wp-config.php
regexp: "{{ item.src }}"
replace: "{{ item.dest }}"
loop:
- { src: 'database_name_here', dest: 'wordpress' }
- { src: 'username_here', dest: 'root' }
- { src: 'password_here', dest: 'It12345!' }
- { src: 'localhost', dest: '10.0.0.14' }
- name: nginx start
systemd:
name: "{{ item }}"
state: started
enabled: yes
loop:
- php-fpm
- nginx
- name: firewall tcp/80 open
firewalld:
port: 80/tcp
state: enabled
immediate: yes
permanent: yes
2.2. delwebnginx.yml
---
- name: nginx package remove, config file delete, firewall init
hosts: was
gather_facts: no
tasks:
- name: nginx package remove
dnf:
name:
- nginx
- nginx-core
- php
- php-cli
- php-curl
- php-common
- php-gd
- php-mysqlnd
- php-fpm
state: absent
- name: config file delete
file:
path: "{{ item }}"
state: absent
loop:
- /usr/share/nginx/html
- /etc/nginx
- /etc/php-fpm.d/www.conf.rpmsave
- name: firewall init
firewalld:
port: 80/tcp
state: disabled
3. node3
3.1. mysql80.yml
---
- name: mysql8.0 install to node3
hosts: db
tasks:
- name: dnf install mysql8.0
dnf:
name: mysql-server
state: latest
- name: mysql8.0 start
systemd:
name: mysqld
state: started
- name: mysql firewall open
firewalld:
port: 3306/tcp
state: enabled
immediate: yes
permanent: yes
- name: creater user & database
shell: |
mysql -uroot -e "create user 'root'@'%' identified by 'It12345!'; grant all privileges on *.* to 'root'@'%'; create database wordpress;"
3.2. delmysql80.yml
---
- name: mysql8.0 pacakge remove & msyql directory delete & firewall init
hosts: db
tasks:
- name: mysql8.0 package remove
dnf:
name: mysql-server
state: absent
- name: mysql directory delete
file:
path: /var/lib/mysql
state: absent
- name: mysql firewall init
firewalld:
port: 3306/tcp
state: disabled
4. node1
4.1. haproxy.yml
---
- name: haproxy install, configuration
hosts: localhost
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: haproxy install
dnf:
name: haproxy
state: present
- name: haproxy config
replace:
path: /etc/haproxy/haproxy.cfg
regexp: "{{ item.src }}"
replace: "{{ item.dest }}"
loop:
- { src: ':5000', dest: ':80' }
- { src: '127.0.0.1:5001', dest: '10.0.0.12:80' }
- { src: '127.0.0.1:5002', dest: '10.0.0.13:80' }
ignore_errors: yes
- name: haproxy line del
lineinfile:
path: /etc/haproxy/haproxy.cfg
regexp: "{{ item.src }}"
line: "{{ item.dest }}"
loop:
- { src: '127.0.0.1:5003', dest: '#' }
- { src: '127.0.0.1:5004', dest: '#' }
- name: haproxy start
systemd:
name: haproxy
state: started
- name: haproxy firewall open
firewalld:
port: 80/tcp
state: enabled
immediate: yes
permanent: yes
4.2. delhaproxy.yml
---
- name: haproxy install, configuration
hosts: localhost
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: haproxy remove
dnf:
name: haproxy
state: absent
- name: haproxy config
file:
path: /etc/haproxy/haproxy.cfg.rpmsave
state: absent
- name: haproxy firewall open
firewalld:
port: 80/tcp
state: disabled
4.3. named.yml
---
- name: dns install, configuration, firewall open, service start
hosts: localhost
vars:
ansible_interpreter_python: /usr/bin/python3
tasks:
- name: named install
dnf:
name:
- bind
- bind-utils
- bind-libs
state: present
- name: dns configuration, named.conf
replace:
path: /etc/named.conf
regexp: "{{ item.src }}"
replace: "{{ item.dest }}"
loop:
- { src: 'localhost;', dest: 'any;' }
- { src: '127.0.0.1;', dest: 'any;' }
- name: dns configuration, naemd.rfc1912.zones
blockinfile:
path: /etc/named.rfc1912.zones
marker: ""
marker_begin: ""
marker_end: ""
block: |
zone "sdkim1.monster" IN {
type master;
file "1";
allow-update { none; };
};
- name: dns configuration, /var/named/1
file:
path: /var/named/1
owner: named
group: named
mode: 0644
state: touch
- name: dns configuration, /var/named/1 config
blockinfile:
path: /var/named/1
marker: ""
marker_begin: ""
marker_end: ""
block: |
$TTL 1D
@ IN SOA ns1.sdkim1.monster. www. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.sdkim1.monster.
A 10.0.0.11
www A 10.0.0.11
ns1 A 10.0.0.11
- name: dns service start
systemd:
name: named
state: started
enabled: yes
- name: firewall open
firewalld:
port: "{{ item }}"
state: enabled
immediate: yes
permanent: yes
loop:
- 53/tcp
- 53/udp
4.4. delnamed.yml
---
- name: named package remove, file delete, firewall init
hosts: localhost
tasks:
- name: named package remove
dnf:
name:
- bind
- bind-utils
- bind-libs
state: absent
- name: file delete
file:
path: "{{ item }}"
state: absent
loop:
- /etc/named.conf.rpmsave
- /etc/named.rfc1912.zones.rpmsave
- /var/named/1
- name: firewall init
firewalld:
state: disabled
port: "{{ item }}"
loop:
- 53/tcp
- 53/udp
