ansible

サーバ関連

ansibleplaybookを使ってphp apache の動作環境を 構築する。

  • almalinux9を想定
  • apache(apr, apr-util)
  • php
  • nginx
  • 他ビルドで必要なモジュール

※メモリ1Gのインスタンスだと、phpのconfigure時に一回落ちた。

deploy-playbook.yml

[koji@alma1 ~]$ cat phpserver.yml
- hosts: g1
  become: yes
  tasks:

    # - name: swapfile Add
    #   command: dd if=/dev/zero of=/swapfile bs=1M count=2048
    #   args:
    #     creates: /swapfile
    #   tags:
    #     - swapfile
    # - name: swapfile chmod 600
    #   command: chmod 600 /swapfile
    #   tags:
    #     - swapfile
    # - name: mkswap mkswap
    #   command: mkswap /swapfile
    #   tags:
    #     - swapfile
    # - name: mkswap swapon
    #   command: swapon /swapfile
    #   tags:
    #     - swapfile
    # - name: swapfile entry to /etc/fstab
    #   lineinfile:
    #     path: /etc/fstab
    #     line: "/swapfile none swap sw 0 0"
    #   tags:
    #     - swapfile

    - name: packages_update
      yum:
        name: "*"
        state: latest
      tags:
        - packages_update

    - name: packages_required
      package:
        name: "{{ item }}"
        state: present
      with_items:
        - git
        - wget
        - vim
        - tar
        - expat-devel
        - pcre-devel
        - openssl-devel
        - zlib-devel
        - perl-core
        - cmake
        - gcc
        - autoconf
        - automake
        - libtool
      tags:
        - packages_required

    - name: packages_additional
      package:
        name: "{{ item }}"
        state: present
      with_items:
        - sqlite-devel
        - libxml2-devel
        - curl-devel
        - gmp-devel
        - libcurl-devel
        - gd-devel
        - epel-release
        - epel-next-release
        - openldap
        - openldap-devel
        - openldap-clients
        #- openldap-servers
      tags:
        - packages_additional

    - name: packages_libzip_CRB_repository
      dnf:
        name: libzip-devel
        state: present
        enablerepo: crb
      tags:
        - packages_libzip_CRB_repository

    - name: apr
      block:
        - name: apr Download
          get_url:
            url: "https://ftp.riken.jp/net/apache/apr/apr-1.7.5.tar.gz"
            dest: /usr/local/src/apr-1.7.5.tar.gz
        - name: apr Extract
          unarchive:
            src: /usr/local/src/apr-1.7.5.tar.gz
            dest: /usr/local/src
            remote_src: true
        - name: apr Configure
          command: ./configure --prefix=/opt/apr/apr-1.7.5
          args:
            chdir: /usr/local/src/apr-1.7.5
        - name: apr Compile
          # command: make -j{{ ansible_processor_cores }} chdir=/usr/local/src/apr-1.7.5
          make:
           chdir: /usr/local/src/apr-1.7.5
           jobs: 4

        - name: apr Make Install
          make:
            chdir: /usr/local/src/apr-1.7.5
            target: install
      tags:
        - apr

    - name: apr-util
      block:
        - name: apr-util Download
          get_url:
            url: "https://ftp.riken.jp/net/apache/apr/apr-util-1.6.3.tar.gz"
            dest: /usr/local/src/apr-util-1.6.3.tar.gz

        - name: apr-util Extract
          unarchive:
            src: /usr/local/src/apr-util-1.6.3.tar.gz
            dest: /usr/local/src
            remote_src: true
        - name: apr-util Configure
          command: ./configure --prefix=/opt/apr-util/apr-util-1.6.3 --with-apr=/opt/apr/apr-1.7.5
          args:
            chdir: /usr/local/src/apr-util-1.6.3

        - name: apr-util Compile
          make:
            chdir: /usr/local/src/apr-util-1.6.3
            jobs: 4

        - name: apr-util Make Install
          make:
            chdir: /usr/local/src/apr-util-1.6.3
            target: install
      tags:
        - apr-util

    - name: openssl
      block:
        - name: openssl Download
          get_url:
            url: "https://www.openssl.org/source/openssl-3.2.1.tar.gz"
            dest: "/tmp/openssl-3.2.1.tar.gz"
        - name: openssl Extract
          unarchive:
            src: "/tmp/openssl-3.2.1.tar.gz"
            dest: "/usr/local/src/"
            remote_src: true
        - name: openssl Configure
          command: ./Configure --prefix=/opt/openssl/openssl3.2.1
          args:
            chdir: /usr/local/src/openssl-3.2.1/
        - name: openssl Compile
          make:
            chdir: /usr/local/src/openssl-3.2.1/
            jobs: 4

        - name: openssl Make Install
          make:
            chdir: /usr/local/src/openssl-3.2.1/
            target: install
      tags:
        - openssl

    - name: httpd
      block:
        - name: httpd Download
          get_url:
            url: "https://archive.apache.org/dist/httpd/httpd-2.4.62.tar.gz"
            dest: /tmp/httpd-2.4.62.tar.gz

        - name: httpd Extract
          unarchive:
            src: /tmp/httpd-2.4.62.tar.gz
            dest: /usr/local/src
            remote_src: true

        - name: httpd Configure
          command: ./configure --prefix=/opt/httpd/httpd-2.4.62 --with-apr=/opt/apr/apr-1.7.5 --with-apr-util=/opt/apr-util/apr-util-1.6.3 --with-pcre --with-ssl --with-mpm=prefork --enable-ssl --enable-pie --enable-proxy --enable-cache --enable-disk-cache --enable-cgid --enable-cgi --enable-authn-anon --enable-authn-alias --enable-rewrite --enable-include --enable-so --enable-mods-shared=all --enable-dav
          args:
            chdir: /usr/local/src/httpd-2.4.62

        - name: httpd Compile
          make:
            chdir: /usr/local/src/httpd-2.4.62
            jobs: 4

        - name: httpd Make Install
          make:
            chdir: /usr/local/src/httpd-2.4.62
            target: install
      tags:
        - httpd

    - name: oniguruma
      block:
        - name: oniguruma Download
          get_url:
            url: "https://github.com/kkos/oniguruma/releases/download/v6.9.8/onig-6.9.8.tar.gz"
            dest: "/usr/local/src/onig-6.9.8.tar.gz"

        - name: oniguruma Extract
          unarchive:
            src: "/usr/local/src/onig-6.9.8.tar.gz"
            dest: "/usr/local/src/"
            remote_src: true

        - name: oniguruma Configure
          command:
            ./configure
          args:
            chdir: "/usr/local/src/onig-6.9.8/"
          register: oniguruma_configure

        - name: oniguruma Compile
          make:
            chdir: "/usr/local/src/onig-6.9.8/"
            jobs: 4

        - name: oniguruma Make Install
          make:
            chdir: "/usr/local/src/onig-6.9.8/"
            target: install
      tags:
        - oniguruma

    - name: openldap
      block:
        - name: openldap Download
          get_url:
            url: "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.6.7.tgz"
            dest: "/usr/local/src/openldap-2.6.7.tgz"

        - name: openldap Extract
          unarchive:
            src: "/usr/local/src/openldap-2.6.7.tgz"
            dest: "/usr/local/src/"
            remote_src: true

        - name: openldap Build and install
          block:
            - name: openldap Configure
              command: >
                ./configure --prefix=/opt/openldap/openldap2.6.7
              args:
                chdir: "/usr/local/src/openldap-2.6.7/"
              register: openldap_configure

            - name: openldap depend
              make:
                chdir: "/usr/local/src/openldap-2.6.7/"
                target: depend

            - name: openldap make
              make:
                chdir: "/usr/local/src/openldap-2.6.7/"
                jobs: 4

            - name: openldap Make Install
              make:
                chdir: "/usr/local/src/openldap-2.6.7/"
                target: install
      tags:
        - openldap


    - name: php
      block:
        - name: libldap.so
          command: "ln -s /usr/lib64/libldap.so /usr/lib/libldap.so"
          args:
            creates: "/usr/lib/libldap.so"

        - name: liblber.so.2.0.200
          command: "ln -s /usr/lib64/liblber.so.2.0.200 /usr/lib/liblber.so.2.0.200"
          args:
            creates: "/usr/lib/liblber.so.2.0.200"

        - name: liblber.so
          command: "ln -s /usr/lib64/liblber.so /usr/lib/liblber.so"
          args:
            creates: "/usr/lib/liblber.so"

        - name: PKG_CONFIG_PATH
          lineinfile:
            dest: /etc/environment
            state: present
            regexp: '^PKG_CONFIG_PATH'
            line: 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/:/usr/lib64/pkgconfig/:/opt/libzip/lib64/pkgconfig:/opt/openldap/openldap2.6.7/lib/pkgconfig:/opt/openssl/openssl3.2.1/lib64/pkgconfig'

        - name: LD_LIBRARY_PATH
          lineinfile:
            dest: /etc/environment
            state: present
            regexp: '^LD_LIBRARY_PATH'
            line: 'LD_LIBRARY_PATH=-L/opt/openldap/openldap2.6.7/lib'

        - name: php Download
          get_url:
            url: "https://www.php.net/distributions/php-8.3.2.tar.gz"
            dest: "/usr/local/src/php-8.3.2.tar.gz"

        - name: php Extract
          unarchive:
            src: "/usr/local/src/php-8.3.2.tar.gz"
            dest: "/usr/local/src/"
            remote_src: true

        - name: php Configure
          command: >
            ./configure --prefix=/opt/php/php8.3.2 --with-apxs2=/opt/httpd/httpd-2.4.62/bin/apxs --with-openssl=/opt/openssl/openssl3.2.1 --enable-opcache --enable-debug --with-pear --with-pic --with-curl --with-gettext --with-gmp --with-iconv --with-layout=GNU --with-zlib --with-mysqli --with-system-ciphers --with-zip --enable-gd --with-external-gd --with-jpeg --with-xpm --with-webp --with-freetype --enable-cgi --enable-mbstring --enable-cli --enable-exif --enable-ftp --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-shmop --enable-calendar --enable-soap --enable-bcmath --with-ldap  OPENSSL_CFLAGS=-I/opt/openssl/openssl3.2.1/include OPENSSL_LIBS=-L/opt/openssl/openssl3.2.1/lib LIBS="-lssl -lcrypto"
          args:
            chdir: "/usr/local/src/php-8.3.2/"

        - name: php make
          make:
            chdir: "/usr/local/src/php-8.3.2/"
            jobs: 4

        - name: php make install
          make:
            chdir: "/usr/local/src/php-8.3.2/"
            target: install
      tags:
        - php

    - name: nginx
      block:

        - name: nginx Download
          get_url:
            url: "https://nginx.org/download/nginx-1.25.4.tar.gz"
            dest: "/usr/local/src/nginx-1.25.4.tar.gz"

        - name: nginx Extract
          unarchive:
            src: "/usr/local/src/nginx-1.25.4.tar.gz"
            dest: "/usr/local/src/"
            remote_src: true

        - name: nginx Configure
          command: ./configure --prefix=/opt/nginx/nginx-1.25.4/
          args:
            chdir: "/usr/local/src/nginx-1.25.4/"

        - name: nginx make
          make:
            chdir: "/usr/local/src/nginx-1.25.4/"
            jobs: 4

        - name: nginx make Install
          make:
            chdir: "/usr/local/src/nginx-1.25.4/"
            target: install
      tags:
        - nginx

    - name: setting
      block:
        - name: cp php.ini-development from remote host
          copy:
            src: "/usr/local/src/php-8.3.2/php.ini-development"
            dest: "/opt/php/php8.3.2/etc/php.ini"
            remote_src: yes

        - name: Create symbolic link for /opt/httpd/httpd-2.4.62 to /opt/httpd/current
          file:
            src: "/opt/httpd/httpd-2.4.62"
            dest: "/opt/httpd/current"
            state: link

        - name: Create symbolic link for /opt/php/php8.3.2 to /opt/php/current
          file:
            src: "/opt/php/php8.3.2"
            dest: "/opt/php/current"
            state: link

        - name: Ensure /etc/profile.d/php.sh exists
          file:
            path: "/etc/profile.d/php.sh"
            state: touch

        - name: Add PHP bin directory to PATH
          lineinfile:
            path: "/etc/profile.d/php.sh"
            line: 'export PATH=$PATH:/opt/php/current/bin'

        - name: Ensure /etc/profile.d/httpd.sh exists
          file:
            path: "/etc/profile.d/httpd.sh"
            state: touch

        - name: Add Apache bin directory to PATH
          lineinfile:
            path: "/etc/profile.d/httpd.sh"
            line: 'export PATH=$PATH:/opt/httpd/current/bin'

        - name: Ensure /etc/systemd/system/httpd.service exists
          file:
            path: "/etc/systemd/system/httpd.service"
            state: touch

        - name: Change Apache HTTP Server port in httpd.conf
          replace:
            path: "/opt/httpd/current/conf/httpd.conf"
            regexp: '^Listen\s+80$'
            replace: 'Listen 8080'

        - name: Create httpd systemd service file
          blockinfile:
            path: "/etc/systemd/system/httpd.service"
            block: |
              [Unit]
              Description=The Apache HTTP Server
              After=network.target

              [Service]
              Type=forking
              ExecStart=/opt/httpd/current/bin/apachectl start
              ExecReload=/opt/httpd/current/bin/apachectl graceful
              ExecStopt=/opt/httpd/current/bin/apachectl stop

              [Install]
              WantedBy=multi-user.target

        - name: Enable httpd service
          systemd:
            name: httpd
            enabled: yes

        - name: Create symbolic link for /opt/nginx/nginx-1.25.4 to /opt/httpd/current
          file:
            src: "/opt/nginx/nginx-1.25.4"
            dest: "/opt/nginx/current"
            state: link

        - name: Ensure /etc/profile.d/nginx.sh exists
          file:
            path: "/etc/profile.d/nginx.sh"
            state: touch

        - name: Add nginx sbin directory to PATH
          lineinfile:
            path: "/etc/profile.d/nginx.sh"
            line: 'export PATH=$PATH:/opt/nginx/current/sbin'

        - name: Ensure /etc/systemd/system/nginx.service exists
          file:
            path: "/etc/systemd/system/nginx.service"
            state: touch

        - name: Create nginx systemd service file
          blockinfile:
            path: "/etc/systemd/system/nginx.service"
            block: |
              [Unit]
              Description=The NGINX HTTP and reverse proxy server
              After=syslog.target network-online.target remote-fs.target nss-lookup.target
              Wants=network-online.target

              [Service]
              Type=forking
              PIDFile=/opt/nginx/current/logs/nginx.pid
              ExecStartPre=/opt/nginx/current/sbin/nginx -t
              ExecStart=/opt/nginx/current/sbin/nginx
              ExecReload=/opt/nginx/current/sbin/nginx -s reload
              ExecStop=/bin/kill -s QUIT $MAINPID
              PrivateTmp=true

              [Install]
              WantedBy=multi-user.target

        - name: Enable nginx service
          systemd:
            name: nginx
            enabled: yes


        - name: Reload systemd daemon
          become: yes
          systemd:
            daemon_reload: yes
      tags:
        - setting

    - name: phpinfo
      block:
        - name: Add PHP MIME types to Apache configuration
          ansible.builtin.lineinfile:
            path: /opt/httpd/current/conf/httpd.conf
            insertafter: '^<IfModule mime_module>'
            line: |
              AddType application/x-httpd-php .php
            state: present
            regexp: '^(AddType application/x-httpd-php .php)$'

        - name: restart httpd service
          command: systemctl restart httpd

        - name: restart nginx service
          command: systemctl restart nginx

        - name: Create info.php file
          copy:
            content: |
              <?php
              // Output PHP information
              phpinfo();
              ?>
            dest: /opt/httpd/current/htdocs/info.php

      tags:
        - phpinfo


    - name: firewalld
      block:
        - name: Install firewalld
          yum:
            name: firewalld
            state: present  # パッケージの状態をインストール済みに設定

        - name: Enable firewalld
          systemd:
            name: firewalld
            enabled: yes  # サービスを有効化

        - name: Start firewalld
          systemd:
            name: firewalld
            state: started  # サービスを開始

        - name: Configure firewall rules
          become: yes
          firewalld:
            zone: public
            service: http
            permanent: yes
            state: enabled

        - name: Add port 8080/tcp to firewall
          become: yes
          firewalld:
            zone: public
            port: 8080/tcp
            permanent: yes
            state: enabled

        - name: Reload firewalld service
          systemd:
            name: firewalld
            state: restarted  # サービスを再起動

      tags:
        - firewalld

以下 vm(almalinux9, cpu2コア, mem2G)に対してplaybookを実行

[koji@alma1 ~]$ ansible-playbook phpserver.yml --limit g1

PLAY [g1] **********************************************************************
TASK [Gathering Facts] *********************************************************ok: [server1]

TASK [packages_update] *********************************************************ok: [server1]

TASK [packages_required] *******************************************************
ok: [server1] => (item=git)
ok: [server1] => (item=wget)
ok: [server1] => (item=vim)
ok: [server1] => (item=tar)
ok: [server1] => (item=expat-devel)
ok: [server1] => (item=pcre-devel)
ok: [server1] => (item=openssl-devel)
ok: [server1] => (item=zlib-devel)
ok: [server1] => (item=perl-core)
ok: [server1] => (item=cmake)
ok: [server1] => (item=gcc)
ok: [server1] => (item=autoconf)
ok: [server1] => (item=automake)
ok: [server1] => (item=libtool)

TASK [packages_additional] *****************************************************
ok: [server1] => (item=sqlite-devel)
ok: [server1] => (item=libxml2-devel)
ok: [server1] => (item=curl-devel)
ok: [server1] => (item=gmp-devel)
ok: [server1] => (item=libcurl-devel)
ok: [server1] => (item=gd-devel)
ok: [server1] => (item=epel-release)
ok: [server1] => (item=epel-next-release)
ok: [server1] => (item=openldap)
ok: [server1] => (item=openldap-devel)
ok: [server1] => (item=openldap-clients)

TASK [packages_libzip_CRB_repository] ******************************************
ok: [server1]

TASK [apr Download] ************************************************************
ok: [server1]

TASK [apr Extract] *************************************************************
ok: [server1]

TASK [apr Configure] ***********************************************************
changed: [server1]

TASK [apr Compile] *************************************************************
changed: [server1]

TASK [apr Make Install] ********************************************************
changed: [server1]

TASK [apr-util Download] *******************************************************
ok: [server1]

TASK [apr-util Extract] ********************************************************
ok: [server1]

TASK [apr-util Configure] ******************************************************
changed: [server1]

TASK [apr-util Compile] ********************************************************
changed: [server1]

TASK [apr-util Make Install] ***************************************************
changed: [server1]

TASK [openssl Download] ********************************************************
ok: [server1]

TASK [openssl Extract] *********************************************************
ok: [server1]

TASK [openssl Configure] *******************************************************
changed: [server1]

TASK [openssl Compile] *********************************************************
changed: [server1]

TASK [openssl Make Install] ****************************************************
changed: [server1]

TASK [httpd Download] **********************************************************
ok: [server1]

TASK [httpd Extract] ***********************************************************
changed: [server1]

TASK [httpd Configure] *********************************************************
changed: [server1]

TASK [httpd Compile] ***********************************************************
changed: [server1]

TASK [httpd Make Install] ******************************************************
changed: [server1]

TASK [oniguruma Download] ******************************************************
ok: [server1]

TASK [oniguruma Extract] *******************************************************
ok: [server1]

TASK [oniguruma Configure] *****************************************************
changed: [server1]

TASK [oniguruma Compile] *******************************************************
changed: [server1]

TASK [oniguruma Make Install] **************************************************
changed: [server1]

TASK [openldap Download] *******************************************************
ok: [server1]

TASK [openldap Extract] ********************************************************
ok: [server1]

TASK [openldap Configure] ******************************************************
changed: [server1]

TASK [openldap depend] *********************************************************
changed: [server1]

TASK [openldap make] ***********************************************************
changed: [server1]

TASK [openldap Make Install] ***************************************************
changed: [server1]

TASK [libldap.so] **************************************************************
ok: [server1]

TASK [liblber.so.2.0.200] ******************************************************
ok: [server1]

TASK [liblber.so] **************************************************************
ok: [server1]

TASK [PKG_CONFIG_PATH] *********************************************************
ok: [server1]

TASK [LD_LIBRARY_PATH] *********************************************************
ok: [server1]

TASK [php Download] ************************************************************
ok: [server1]

TASK [php Extract] *************************************************************
changed: [server1]

TASK [php Configure] ***********************************************************
changed: [server1]

TASK [php make] ****************************************************************
changed: [server1]

TASK [php make install] ********************************************************
changed: [server1]

TASK [nginx Download] **********************************************************
ok: [server1]

TASK [nginx Extract] ***********************************************************
ok: [server1]

TASK [nginx Configure] *********************************************************
changed: [server1]

TASK [nginx make] **************************************************************
changed: [server1]

TASK [nginx make Install] ******************************************************
changed: [server1]

TASK [cp php.ini-development from remote host] *********************************
ok: [server1]

TASK [Create symbolic link for /opt/httpd/httpd-2.4.62 to /opt/httpd/current] ***
ok: [server1]

TASK [Create symbolic link for /opt/php/php8.3.2 to /opt/php/current] **********
ok: [server1]

TASK [Ensure /etc/profile.d/php.sh exists] *************************************
changed: [server1]

TASK [Add PHP bin directory to PATH] *******************************************
ok: [server1]

TASK [Ensure /etc/profile.d/httpd.sh exists] ***********************************
changed: [server1]

TASK [Add Apache bin directory to PATH] ****************************************
ok: [server1]

TASK [Ensure /etc/systemd/system/httpd.service exists] *************************
changed: [server1]

TASK [Change Apache HTTP Server port in httpd.conf] ****************************
ok: [server1]

TASK [Create httpd systemd service file] ***************************************
ok: [server1]

TASK [Enable httpd service] ****************************************************
ok: [server1]

TASK [Create symbolic link for /opt/nginx/nginx-1.25.4 to /opt/httpd/current] ***
ok: [server1]

TASK [Ensure /etc/profile.d/nginx.sh exists] ***********************************
changed: [server1]

TASK [Add nginx sbin directory to PATH] ****************************************
ok: [server1]

TASK [Ensure /etc/systemd/system/nginx.service exists] *************************
changed: [server1]

TASK [Create nginx systemd service file] ***************************************
ok: [server1]

TASK [Enable nginx service] ****************************************************
ok: [server1]

TASK [Reload systemd daemon] ***************************************************
ok: [server1]

TASK [Add PHP MIME types to Apache configuration] ******************************
ok: [server1]

TASK [restart httpd service] ***************************************************
changed: [server1]

TASK [restart nginx service] ***************************************************
changed: [server1]

TASK [Create info.php file] ****************************************************
ok: [server1]

TASK [Install firewalld] *******************************************************
ok: [server1]

TASK [Enable firewalld] ********************************************************
ok: [server1]

TASK [Start firewalld] *********************************************************
ok: [server1]

TASK [Configure firewall rules] ************************************************
ok: [server1]

TASK [Add port 8080/tcp to firewall] *******************************************
ok: [server1]

TASK [Reload firewalld service] ************************************************
changed: [server1]

PLAY RECAP *********************************************************************
server1                    : ok=79   changed=35   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
[PHP Modules]
bcmath
calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
json
ldap
libxml
mbstring
mysqli
mysqlnd
openssl
pcre
PDO
pdo_sqlite
Phar
posix
random
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlwriter
zip
zlib

[Zend Modules]

phpinfo 抜粋