# vm-03. Ansible ________________________________________ ## 1. Ansible Directory ________________________________________ Ansible directory ```text AnsibleRoot hosts private_keys private_key_xxx templates main.yml ``` ________________________________________ ## 2. Settings ________________________________________ hosts/dev.txt ```ini [dev] 192.168.3.253:22 ``` main.yml ```yaml # Ansible server # sudo yum -y install epel-release # sudo yum -y install ansible # sudo yum -y install openssh-clients ## cd /home/vagrant/vagrant_shared/ansible ## cp private_keys/private_key ../../ ## sudo chmod 0600 ../../private_key ## ansible-playbook -i hosts/dev.txt main.yml -u vagrant --private-key="../../private_key" --- - name: install middlewares hosts: dev tasks: - name: disable selinux become: yes shell: bash setenforce 0 ignore_errors: true - name: set selinux/config become: yes template: src: templates/selinux_config dest: /etc/selinux/config owner: root group: root mode: 644 - name: install epel-release become: yes yum: name=epel-release disable_gpg_check=no state=latest - name: install httpd become: yes yum: name=httpd disable_gpg_check=no state=latest - name: start httpd become: yes service: name=httpd state=started enabled=yes ignore_errors: true - name: get mariadb_repo_setup to /tmp get_url: url=https://downloads.mariadb.com/MariaDB/mariadb_repo_setup dest=/tmp/mariadb_repo_setup - name: setup mariadb repo become: yes shell: chdir=/tmp bash mariadb_repo_setup - name: install mariadb become: yes yum: name=mariadb-server disable_gpg_check=no state=latest - name: start mariadb become: yes service: name=mariadb state=started enabled=yes ignore_errors: true - name: set my.cnf become: yes template: src: templates/my.cnf dest: /etc/my.cnf owner: root group: root mode: 644 - name: create log files (/var/log/mysql) become: yes file: path=/var/log/mysql state=directory owner=mysql group=mysql mode=0755 - name: create log files (/var/log/mysql/slow.log) become: yes file: path=/var/log/mysql/slow.log state=touch owner=mysql group=mysql mode=0755 - name: create log files (/var/log/mysql/error.log) become: yes file: path=/var/log/mysql/error.log state=touch owner=mysql group=mysql mode=0755 - name: install MySQL-python27 become: yes yum: name=MySQL-python disable_gpg_check=no state=latest - name: setup root grant1 become: yes mysql_user: login_user: root name: root host: localhost password: foo priv: '*.*:ALL,GRANT' state: present ignore_errors: true - name: setup root grant2 become: yes mysql_user: login_user: root login_password: foo name: root host: 127.0.0.1 password: foo priv: '*.*:ALL,GRANT' state: present - name: setup root grant3 become: yes mysql_user: login_user: root login_password: foo name: root host: 10.% password: foo priv: '*.*:ALL,GRANT' state: present - name: setup root grant4 become: yes mysql_user: login_user: root login_password: foo name: root host: 172.16.% password: foo priv: '*.*:ALL,GRANT' state: present - name: setup root grant5 become: yes mysql_user: login_user: root login_password: foo name: root host: 192.168.% password: foo priv: '*.*:ALL,GRANT' state: present - name: restart mariadb become: yes service: name=mariadb state=restarted ignore_errors: true - name: install remi7 become: yes yum: name=https://rpms.remirepo.net/enterprise/remi-release-7.rpm disable_gpg_check=no state=latest - name: install php(72) become: yes yum: name=php enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-devel(72) become: yes yum: name=php-devel enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-mbstring(72) become: yes yum: name=php-mbstring enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-pdo(72) become: yes yum: name=php-pdo enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-gd(72) become: yes yum: name=php-gd enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-intl(72) become: yes yum: name=php-intl enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-xml(72) become: yes yum: name=php-xml enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-mysqlnd(72) become: yes yum: name=php-mysqlnd enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-pecl-mcrypt(72) become: yes yum: name=php-pecl-mcrypt enablerepo=remi-php72 disable_gpg_check=no state=latest - name: install php-opcache(72) become: yes yum: name=php-opcache enablerepo=remi-php72 disable_gpg_check=no state=latest - name: restart httpd become: yes service: name=httpd state=restarted enabled=yes ignore_errors: true - name: install unzip become: yes yum: name=unzip disable_gpg_check=no state=latest - name: install git become: yes yum: name=git disable_gpg_check=no state=latest - name: create directory (/tmp/composer) become: yes file: path=/tmp/composer state=directory mode=0777 - name: get composer to /tmp/composer get_url: url=https://getcomposer.org/installer dest=/tmp/composer/installer - name: install composer become: yes shell: chdir=/tmp/composer php installer - name: move composer become: yes shell: mv /tmp/composer/composer.phar /usr/local/bin/composer ``` templates/selinux_config ```ini # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted ``` templates/my.cnf ```ini # # This group is read both both by the client and the server # use it for options that affect everything # [client-server] # # This group is read by the server # [mysqld] # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # # include all files from the config directory # !includedir /etc/my.cnf.d [mysqld] log-output=FILE # Disable general log. general-log=0 general_log_file="" # Enable slow query log. slow_query_log=1 slow_query_log_file="/var/log/mysql/slow.log" long_query_time=0.1 log_queries_not_using_indexes=1 # Enable error log. log_error="/var/log/mysql/error.log" log_warnings=1 # Enable binary(replication) log. (MySQL 5.6.5 or later/MariaDB 10.1.6 or later) # /var/lib/mysql log_bin=mysql-bin binlog_format=MIXED max_binlog_size=134217728 expire_logs_days=7 # server-id=1 # innodb_flush_log_at_trx_commit=1 # sync_binlog=1 # 5.5.3 or later. character-set-server=utf8mb4 innodb_file_per_table # 10.2.1 or earlier # innodb_large_prefix # innodb_file_format=Barracuda # innodb_file_format_max=Barracuda # 10.1.32/10.2.2 or later innodb_default_row_format=dynamic [client] # 5.5.3 or later. default-character-set=utf8mb4 ``` ________________________________________ ## 3. WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! ________________________________________ ssh-keygen -R 192.168.3.253