45/120
anslible bastionとして構成し、プライベートインスタンスにジャンプ
コメント
1.プライベートサブネットの作成
2.sshを許可する
3.コントローラによって生成されたid rsaを鍵で登録する.pubのインポート
4.bastionの共通インスタンスの作成
5.プライベートインスタンスの作成
6.!/.ssh/config
修正とsshジャンプホスト検証
Host bastion
HostName 배스천IP
User ec2-user
Port 22
IdentityFile ~/.ssh/id_rsa
Host node1
Hostname 프라이빗IP
User ec2-user
Port 22
IdentityFile ~/.ssh/id_rsa
$ ssh -J bastion node1
Host node1
ProxyJump bastion
ec2.ini
設置[ec2]
priavte 인스턴스 IP
[ec2:vars]
ansible_user=ec2-user
ansible_ssh_common_args='-o ProxyCommand="ssh -p 22 -W %h:%p -q ec2-user@bastion IP"'
$ ansible ec2 -i ec2.ini -m command -a id
Ad-hocコマンドを使用してword pressを構成する
php 74をインストールするためにremリポジトリをインストール
[vagrant@controller ~]$ ansible wp -m yum -a 'name=https://rpms.remirepo.net/enterprise/remi-release-7.rpm state=present validate_certs=no' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"/home/vagrant/.ansible/tmp/ansible-tmp-1649929435.8-2896-129465800683746/remi-release-7X8yptA.rpm"
]
}
管理ノードでの検証[vagrant@node1 ~]$ yum repolist
repo id repo name status
remi-safe Safe Remi's RPM repository for
php 74をインストールするにはrepoを有効にします
[vagrant@controller ~]$ ansible wp -m yum_repository -a 'name=remi-safe enabled=no baseurl=http://rpms.remirepo.net/enterprise/7/safe/$basearch/ description=remi-safe' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "remi-safe",
"state": "present"
}
[vagrant@controller ~]$ ansible wp -m yum_repository -a 'name=remi-php74 enabled=yes baseurl=http://rpms.remirepo.net/en
terprise/7/php74/$basearch/ description=remi-php74' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "remi-php74",
"state": "present"
}
パッケージのインストール
必要なパッケージ
パッケージ名はhttpdapachephpphphp-mysqlndphpでデータベースに接続するライブラリmariadbクライアントmariadb-serverliadbサーバpython 2-PyMySQLpython 2を示します.xでmysqlを使用するためのパッケージ
パッケージのインストールエラー
"msg":
"warning: /var/cache/yum/x86_64/7/remi-php74/packages/php-7.4.29-1.el7.remi.x86_64.rpm:
Header V4 DSA/SHA1 Signature,
key ID 00f97f56: NOKEY\n\n\nPublic key
for php-7.4.29-1.el7.remi.x86_64.rpm is not installed\n"
鍵ファイルがないため、エラーが発生しました.
rpm_key
remi-key
何度も見たけどansible wp -m rmp_key -a 'key=https://rpms.remirepo.net/RPM-GPG-KEY-remi'
ansible wp -m rpm_key -a 'key=https://rpms.remirepo.net/RPM-GPG-KEY-remi'
ansible wp -m rpm_key -a 'key=00f97f56'
ansible wp -m rpm_key -a 'key=RPM-GPG-KEY-remi'
ansible wp -m rpm_key -a 'key=RPM-GPG-KEY-remi2022'
すべて失敗...いったいキー値は何なのか、
答えはrepoファイルにあります![vagrant@node1 ~]$ vi /etc/yum.repos.d/remi.repo
[remi]
...
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
rpmキーの取得
[vagrant@controller ~]$ ansible wp -m rpm_key -a 'key=/etc/pki/rpm-gpg/RPM-GPG-KEY-remi' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true
}
パッケージのインストールが完了しました。
[vagrant@controller ~]$ ansible wp -m yum -a 'name=httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL state=present' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"httpd",
"php",
"php-mysqlnd",
"mariadb",
"mariadb-server",
"python2-PyMySQL"
]
}
サービスの開始
service module [vagrant@controller ~]$ ansible wp -m service -a 'name=httpd enabled=yes state=started' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=mariadb enabled=yes state=started' -b
Linuxシステムで実行不可能なコマンドはモジュールでも実行不可能->パッケージのインストールのように,
で複数のコマンドを同時に起動することはできず、1つずつ実行しなければならない
テキスト圧縮ファイルのダウンロード
アーカイブの取得
wordpress.org
ダウンロード時に自動的に最新バージョンのurlを指定し、常にバージョン本来のダウンロードを指定します.
get_url module [vagrant@controller ~]$ ansible wp -m get_url -a 'url=https://wordpress.org/wordpress-5.9.3.tar.gz dest=/home/vagrant'
アーカイブをホームにインポート
解凍
unarchive module [vagrant@controller ~]$ ansible wp -m unarchive -a 'src=/home/vagrant/wordpress-5.9.3.tar.gz remote_src=yes dest=/var/ww
w/html owner=apache group=apache' -b
データベース関連の設定
使用するデータベースの作成
mysql_db module [vagrant@controller ~]$ ansible wp -m mysql_db -a 'name=wordpress state=present login_user=root'
データベース管理ユーザーの作成
mysql_user module [vagrant@controller ~]$ ansible wp -m mysql_user -a 'name=wpadm password=P@ssw0rd state=present login_user=root priv="wordpress.*:ALL"'
テキスト印刷設定
設定ファイルのコピー
copy module [vagrant@controller ~]$ ansible wp -m copy -a 'src=/var/www/html/wordpress/wp-config-sample.php remote_src=yes dest=/var/www/html/wordpress/wp-config.php owner=apache group=apache' -b
同時にグループを指定
設定ファイルの変更
replace moudle
データベース設定の変更
[vagrant@controller ~]$ ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=database_name_here replace=wordpress' -b
regexpの値を見つけてreplace値に変更
データベース・ユーザーとパスワードの設定の変更
[vagrant@controller ~]$ ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=username_here replace=wpadm' -b
[vagrant@controller ~]$ ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=password_here replace=P@ssw0rd' -b
サービスの再起動
[vagrant@controller ~]$ ansible wp -m service -a 'name=httpd state=restarted' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=mariadb state=restarted' -b
検査結果
word press結果
実習前の環境に戻る
サービスを閉じる
[vagrant@controller ~]$ ansible wp -m service -a 'name=httpd state=stopped' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=mariadb state=stopped' -b
word pressファイルの削除
[vagrant@controller ~]$ ansible wp -m file -a 'path=/var/www/html/wordpress state=absent' -b
[vagrant@controller ~]$ ansible wp -m file -a 'path=/home/vagrant/wordpress-5.9.3.tar.gz state=absent' -b
パッケージの削除
[vagrant@controller ~]$ ansible wp -m yum -a 'name=httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL autoremove=yes state=absent' -b
Autoremoveを使用して依存性に関連するパッケージを削除する
No削除しない
データベース・ファイルの削除
[vagrant@controller ~]$ ansible wp -m file -a 'name=/var/lib/mysql state=absent' -b
削除しない場合は、次にデータベース・パッケージを再インストールして実行すると、ユーザー情報、データベース情報が保持され、削除する必要があります.
リポジトリの削除
[vagrant@controller ~]$ ansible wp -m yum -a 'name=remi-release autoremove=yes state=absent' -b
playbook
yaml docs
yaml形式のファイルを作成して実行するansible-playbook <YAMLFILE_NAME>
[vagrant@controller ~]$ ansible wp -m yum -a 'name=https://rpms.remirepo.net/enterprise/remi-release-7.rpm state=present validate_certs=no' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"/home/vagrant/.ansible/tmp/ansible-tmp-1649929435.8-2896-129465800683746/remi-release-7X8yptA.rpm"
]
}
[vagrant@node1 ~]$ yum repolist
repo id repo name status
remi-safe Safe Remi's RPM repository for
[vagrant@controller ~]$ ansible wp -m yum_repository -a 'name=remi-safe enabled=no baseurl=http://rpms.remirepo.net/enterprise/7/safe/$basearch/ description=remi-safe' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "remi-safe",
"state": "present"
}
[vagrant@controller ~]$ ansible wp -m yum_repository -a 'name=remi-php74 enabled=yes baseurl=http://rpms.remirepo.net/en
terprise/7/php74/$basearch/ description=remi-php74' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "remi-php74",
"state": "present"
}
"msg":
"warning: /var/cache/yum/x86_64/7/remi-php74/packages/php-7.4.29-1.el7.remi.x86_64.rpm:
Header V4 DSA/SHA1 Signature,
key ID 00f97f56: NOKEY\n\n\nPublic key
for php-7.4.29-1.el7.remi.x86_64.rpm is not installed\n"
ansible wp -m rmp_key -a 'key=https://rpms.remirepo.net/RPM-GPG-KEY-remi'
ansible wp -m rpm_key -a 'key=https://rpms.remirepo.net/RPM-GPG-KEY-remi'
ansible wp -m rpm_key -a 'key=00f97f56'
ansible wp -m rpm_key -a 'key=RPM-GPG-KEY-remi'
ansible wp -m rpm_key -a 'key=RPM-GPG-KEY-remi2022'
[vagrant@node1 ~]$ vi /etc/yum.repos.d/remi.repo
[remi]
...
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
[vagrant@controller ~]$ ansible wp -m rpm_key -a 'key=/etc/pki/rpm-gpg/RPM-GPG-KEY-remi' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true
}
[vagrant@controller ~]$ ansible wp -m yum -a 'name=httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL state=present' -b
192.168.100.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"httpd",
"php",
"php-mysqlnd",
"mariadb",
"mariadb-server",
"python2-PyMySQL"
]
}
[vagrant@controller ~]$ ansible wp -m service -a 'name=httpd enabled=yes state=started' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=mariadb enabled=yes state=started' -b
[vagrant@controller ~]$ ansible wp -m get_url -a 'url=https://wordpress.org/wordpress-5.9.3.tar.gz dest=/home/vagrant'
[vagrant@controller ~]$ ansible wp -m unarchive -a 'src=/home/vagrant/wordpress-5.9.3.tar.gz remote_src=yes dest=/var/ww
w/html owner=apache group=apache' -b
[vagrant@controller ~]$ ansible wp -m mysql_db -a 'name=wordpress state=present login_user=root'
[vagrant@controller ~]$ ansible wp -m mysql_user -a 'name=wpadm password=P@ssw0rd state=present login_user=root priv="wordpress.*:ALL"'
[vagrant@controller ~]$ ansible wp -m copy -a 'src=/var/www/html/wordpress/wp-config-sample.php remote_src=yes dest=/var/www/html/wordpress/wp-config.php owner=apache group=apache' -b
[vagrant@controller ~]$ ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=database_name_here replace=wordpress' -b
[vagrant@controller ~]$ ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=username_here replace=wpadm' -b
[vagrant@controller ~]$ ansible wp -m replace -a 'path=/var/www/html/wordpress/wp-config.php regexp=password_here replace=P@ssw0rd' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=httpd state=restarted' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=mariadb state=restarted' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=httpd state=stopped' -b
[vagrant@controller ~]$ ansible wp -m service -a 'name=mariadb state=stopped' -b
[vagrant@controller ~]$ ansible wp -m file -a 'path=/var/www/html/wordpress state=absent' -b
[vagrant@controller ~]$ ansible wp -m file -a 'path=/home/vagrant/wordpress-5.9.3.tar.gz state=absent' -b
[vagrant@controller ~]$ ansible wp -m yum -a 'name=httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL autoremove=yes state=absent' -b
[vagrant@controller ~]$ ansible wp -m file -a 'name=/var/lib/mysql state=absent' -b
[vagrant@controller ~]$ ansible wp -m yum -a 'name=remi-release autoremove=yes state=absent' -b
yaml docs
yaml形式のファイルを作成して実行する
ansible-playbook <YAMLFILE_NAME>
' '
に値を追加して|
、>
の複数行を用いるad-hoc wordpress playbookの作成と使用
- hosts: wp
tasks:
- yum:
name: https://rpms.remirepo.net/enterprise/remi-release-7.rpm
state: present
validate_certs: no
- yum_repository:
name: remi-safe
enabled: no
baseurl: http://rpms.remirepo.net/enterprise/7/safe/$basearch/
description: remi-safe
- yum_repository:
name: remi-php74
enabled: yes
baseurl: http://rpms.remirepo.net/enterprise/7/php74/$basearch/
description: remi-php74
- rpm_key:
key: /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
- yum:
name: httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL
state: present
- service:
name: httpd
enabled: yes
state: started
- service:
name: mariadb
enabled: yes
state: started
- get_url:
url: https://wordpress.org/wordpress-5.9.3.tar.gz
dest: /home/vagrant
- unarchive:
src: /home/vagrant/wordpress-5.9.3.tar.gz
remote_src: yes
dest: /var/www/html
owner: apache
group: apache
- mysql_db:
name: wordpress
state: present
login_user: root
- mysql_user:
name: wpadm
password: P@ssw0rd
state: present
login_user: root
priv: "wordpress.*:ALL"
- copy:
src: /var/www/html/wordpress/wp-config-sample.php
remote_src: yes
dest: /var/www/html/wordpress/wp-config.php
owner: apache
group: apache
- replace:
path: /var/www/html/wordpress/wp-config.php
regexp: database_name_here
replace: wordpress
- replace:
path: /var/www/html/wordpress/wp-config.php
regexp: username_here
replace: wpadm
- replace:
path: /var/www/html/wordpress/wp-config.php
regexp: password_here
replace: P@ssw0rd
戻る
- hosts: wp
tasks:
- service:
name: httpd
state: stopped
- service:
name: mariadb
state: stopped
- file:
path: /var/www/html/wordpress
state: absent
- file:
path: /home/vagrant/wordpress-5.9.3.tar.gz
state: absent
- yum:
name: httpd,php,php-mysqlnd,mariadb,mariadb-server,python2-PyMySQL
state: absent
autoremove: yes
- file:
name: /var/lib/mysql
state: absent
- yum:
name: remi-release
autoremove: yes
state: absent
Reference
この問題について(45/120), 我々は、より多くの情報をここで見つけました https://velog.io/@numerok/45120テキストは自由に共有またはコピーできます。ただし、このドキュメントのURLは参考URLとして残しておいてください。
Collection and Share based on the CC Protocol