ansibleplaybookを使ってphp apache の動作環境を 構築する。
- almalinux9を想定
- apache(apr, apr-util)
- php
- nginx
- 他ビルドで必要なモジュール
※メモリ1Gのインスタンスだと、phpのconfigure時に一回落ちた。
deploy-playbook.yml
[koji@alma1 ~]$ cat phpserver.yml
- hosts: g1
become: yes
tasks:
# - name: swapfile Add
# command: dd if=/dev/zero of=/swapfile bs=1M count=2048
# args:
# creates: /swapfile
# tags:
# - swapfile
# - name: swapfile chmod 600
# command: chmod 600 /swapfile
# tags:
# - swapfile
# - name: mkswap mkswap
# command: mkswap /swapfile
# tags:
# - swapfile
# - name: mkswap swapon
# command: swapon /swapfile
# tags:
# - swapfile
# - name: swapfile entry to /etc/fstab
# lineinfile:
# path: /etc/fstab
# line: "/swapfile none swap sw 0 0"
# tags:
# - swapfile
- name: packages_update
yum:
name: "*"
state: latest
tags:
- packages_update
- name: packages_required
package:
name: "{{ item }}"
state: present
with_items:
- git
- wget
- vim
- tar
- expat-devel
- pcre-devel
- openssl-devel
- zlib-devel
- perl-core
- cmake
- gcc
- autoconf
- automake
- libtool
tags:
- packages_required
- name: packages_additional
package:
name: "{{ item }}"
state: present
with_items:
- sqlite-devel
- libxml2-devel
- curl-devel
- gmp-devel
- libcurl-devel
- gd-devel
- epel-release
- epel-next-release
- openldap
- openldap-devel
- openldap-clients
#- openldap-servers
tags:
- packages_additional
- name: packages_libzip_CRB_repository
dnf:
name: libzip-devel
state: present
enablerepo: crb
tags:
- packages_libzip_CRB_repository
- name: apr
block:
- name: apr Download
get_url:
url: "https://ftp.riken.jp/net/apache/apr/apr-1.7.5.tar.gz"
dest: /usr/local/src/apr-1.7.5.tar.gz
- name: apr Extract
unarchive:
src: /usr/local/src/apr-1.7.5.tar.gz
dest: /usr/local/src
remote_src: true
- name: apr Configure
command: ./configure --prefix=/opt/apr/apr-1.7.5
args:
chdir: /usr/local/src/apr-1.7.5
- name: apr Compile
# command: make -j{{ ansible_processor_cores }} chdir=/usr/local/src/apr-1.7.5
make:
chdir: /usr/local/src/apr-1.7.5
jobs: 4
- name: apr Make Install
make:
chdir: /usr/local/src/apr-1.7.5
target: install
tags:
- apr
- name: apr-util
block:
- name: apr-util Download
get_url:
url: "https://ftp.riken.jp/net/apache/apr/apr-util-1.6.3.tar.gz"
dest: /usr/local/src/apr-util-1.6.3.tar.gz
- name: apr-util Extract
unarchive:
src: /usr/local/src/apr-util-1.6.3.tar.gz
dest: /usr/local/src
remote_src: true
- name: apr-util Configure
command: ./configure --prefix=/opt/apr-util/apr-util-1.6.3 --with-apr=/opt/apr/apr-1.7.5
args:
chdir: /usr/local/src/apr-util-1.6.3
- name: apr-util Compile
make:
chdir: /usr/local/src/apr-util-1.6.3
jobs: 4
- name: apr-util Make Install
make:
chdir: /usr/local/src/apr-util-1.6.3
target: install
tags:
- apr-util
- name: openssl
block:
- name: openssl Download
get_url:
url: "https://www.openssl.org/source/openssl-3.2.1.tar.gz"
dest: "/tmp/openssl-3.2.1.tar.gz"
- name: openssl Extract
unarchive:
src: "/tmp/openssl-3.2.1.tar.gz"
dest: "/usr/local/src/"
remote_src: true
- name: openssl Configure
command: ./Configure --prefix=/opt/openssl/openssl3.2.1
args:
chdir: /usr/local/src/openssl-3.2.1/
- name: openssl Compile
make:
chdir: /usr/local/src/openssl-3.2.1/
jobs: 4
- name: openssl Make Install
make:
chdir: /usr/local/src/openssl-3.2.1/
target: install
tags:
- openssl
- name: httpd
block:
- name: httpd Download
get_url:
url: "https://archive.apache.org/dist/httpd/httpd-2.4.62.tar.gz"
dest: /tmp/httpd-2.4.62.tar.gz
- name: httpd Extract
unarchive:
src: /tmp/httpd-2.4.62.tar.gz
dest: /usr/local/src
remote_src: true
- name: httpd Configure
command: ./configure --prefix=/opt/httpd/httpd-2.4.62 --with-apr=/opt/apr/apr-1.7.5 --with-apr-util=/opt/apr-util/apr-util-1.6.3 --with-pcre --with-ssl --with-mpm=prefork --enable-ssl --enable-pie --enable-proxy --enable-cache --enable-disk-cache --enable-cgid --enable-cgi --enable-authn-anon --enable-authn-alias --enable-rewrite --enable-include --enable-so --enable-mods-shared=all --enable-dav
args:
chdir: /usr/local/src/httpd-2.4.62
- name: httpd Compile
make:
chdir: /usr/local/src/httpd-2.4.62
jobs: 4
- name: httpd Make Install
make:
chdir: /usr/local/src/httpd-2.4.62
target: install
tags:
- httpd
- name: oniguruma
block:
- name: oniguruma Download
get_url:
url: "https://github.com/kkos/oniguruma/releases/download/v6.9.8/onig-6.9.8.tar.gz"
dest: "/usr/local/src/onig-6.9.8.tar.gz"
- name: oniguruma Extract
unarchive:
src: "/usr/local/src/onig-6.9.8.tar.gz"
dest: "/usr/local/src/"
remote_src: true
- name: oniguruma Configure
command:
./configure
args:
chdir: "/usr/local/src/onig-6.9.8/"
register: oniguruma_configure
- name: oniguruma Compile
make:
chdir: "/usr/local/src/onig-6.9.8/"
jobs: 4
- name: oniguruma Make Install
make:
chdir: "/usr/local/src/onig-6.9.8/"
target: install
tags:
- oniguruma
- name: openldap
block:
- name: openldap Download
get_url:
url: "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.6.7.tgz"
dest: "/usr/local/src/openldap-2.6.7.tgz"
- name: openldap Extract
unarchive:
src: "/usr/local/src/openldap-2.6.7.tgz"
dest: "/usr/local/src/"
remote_src: true
- name: openldap Build and install
block:
- name: openldap Configure
command: >
./configure --prefix=/opt/openldap/openldap2.6.7
args:
chdir: "/usr/local/src/openldap-2.6.7/"
register: openldap_configure
- name: openldap depend
make:
chdir: "/usr/local/src/openldap-2.6.7/"
target: depend
- name: openldap make
make:
chdir: "/usr/local/src/openldap-2.6.7/"
jobs: 4
- name: openldap Make Install
make:
chdir: "/usr/local/src/openldap-2.6.7/"
target: install
tags:
- openldap
- name: php
block:
- name: libldap.so
command: "ln -s /usr/lib64/libldap.so /usr/lib/libldap.so"
args:
creates: "/usr/lib/libldap.so"
- name: liblber.so.2.0.200
command: "ln -s /usr/lib64/liblber.so.2.0.200 /usr/lib/liblber.so.2.0.200"
args:
creates: "/usr/lib/liblber.so.2.0.200"
- name: liblber.so
command: "ln -s /usr/lib64/liblber.so /usr/lib/liblber.so"
args:
creates: "/usr/lib/liblber.so"
- name: PKG_CONFIG_PATH
lineinfile:
dest: /etc/environment
state: present
regexp: '^PKG_CONFIG_PATH'
line: 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/:/usr/lib64/pkgconfig/:/opt/libzip/lib64/pkgconfig:/opt/openldap/openldap2.6.7/lib/pkgconfig:/opt/openssl/openssl3.2.1/lib64/pkgconfig'
- name: LD_LIBRARY_PATH
lineinfile:
dest: /etc/environment
state: present
regexp: '^LD_LIBRARY_PATH'
line: 'LD_LIBRARY_PATH=-L/opt/openldap/openldap2.6.7/lib'
- name: php Download
get_url:
url: "https://www.php.net/distributions/php-8.3.2.tar.gz"
dest: "/usr/local/src/php-8.3.2.tar.gz"
- name: php Extract
unarchive:
src: "/usr/local/src/php-8.3.2.tar.gz"
dest: "/usr/local/src/"
remote_src: true
- name: php Configure
command: >
./configure --prefix=/opt/php/php8.3.2 --with-apxs2=/opt/httpd/httpd-2.4.62/bin/apxs --with-openssl=/opt/openssl/openssl3.2.1 --enable-opcache --enable-debug --with-pear --with-pic --with-curl --with-gettext --with-gmp --with-iconv --with-layout=GNU --with-zlib --with-mysqli --with-system-ciphers --with-zip --enable-gd --with-external-gd --with-jpeg --with-xpm --with-webp --with-freetype --enable-cgi --enable-mbstring --enable-cli --enable-exif --enable-ftp --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-shmop --enable-calendar --enable-soap --enable-bcmath --with-ldap OPENSSL_CFLAGS=-I/opt/openssl/openssl3.2.1/include OPENSSL_LIBS=-L/opt/openssl/openssl3.2.1/lib LIBS="-lssl -lcrypto"
args:
chdir: "/usr/local/src/php-8.3.2/"
- name: php make
make:
chdir: "/usr/local/src/php-8.3.2/"
jobs: 4
- name: php make install
make:
chdir: "/usr/local/src/php-8.3.2/"
target: install
tags:
- php
- name: nginx
block:
- name: nginx Download
get_url:
url: "https://nginx.org/download/nginx-1.25.4.tar.gz"
dest: "/usr/local/src/nginx-1.25.4.tar.gz"
- name: nginx Extract
unarchive:
src: "/usr/local/src/nginx-1.25.4.tar.gz"
dest: "/usr/local/src/"
remote_src: true
- name: nginx Configure
command: ./configure --prefix=/opt/nginx/nginx-1.25.4/
args:
chdir: "/usr/local/src/nginx-1.25.4/"
- name: nginx make
make:
chdir: "/usr/local/src/nginx-1.25.4/"
jobs: 4
- name: nginx make Install
make:
chdir: "/usr/local/src/nginx-1.25.4/"
target: install
tags:
- nginx
- name: setting
block:
- name: cp php.ini-development from remote host
copy:
src: "/usr/local/src/php-8.3.2/php.ini-development"
dest: "/opt/php/php8.3.2/etc/php.ini"
remote_src: yes
- name: Create symbolic link for /opt/httpd/httpd-2.4.62 to /opt/httpd/current
file:
src: "/opt/httpd/httpd-2.4.62"
dest: "/opt/httpd/current"
state: link
- name: Create symbolic link for /opt/php/php8.3.2 to /opt/php/current
file:
src: "/opt/php/php8.3.2"
dest: "/opt/php/current"
state: link
- name: Ensure /etc/profile.d/php.sh exists
file:
path: "/etc/profile.d/php.sh"
state: touch
- name: Add PHP bin directory to PATH
lineinfile:
path: "/etc/profile.d/php.sh"
line: 'export PATH=$PATH:/opt/php/current/bin'
- name: Ensure /etc/profile.d/httpd.sh exists
file:
path: "/etc/profile.d/httpd.sh"
state: touch
- name: Add Apache bin directory to PATH
lineinfile:
path: "/etc/profile.d/httpd.sh"
line: 'export PATH=$PATH:/opt/httpd/current/bin'
- name: Ensure /etc/systemd/system/httpd.service exists
file:
path: "/etc/systemd/system/httpd.service"
state: touch
- name: Change Apache HTTP Server port in httpd.conf
replace:
path: "/opt/httpd/current/conf/httpd.conf"
regexp: '^Listen\s+80$'
replace: 'Listen 8080'
- name: Create httpd systemd service file
blockinfile:
path: "/etc/systemd/system/httpd.service"
block: |
[Unit]
Description=The Apache HTTP Server
After=network.target
[Service]
Type=forking
ExecStart=/opt/httpd/current/bin/apachectl start
ExecReload=/opt/httpd/current/bin/apachectl graceful
ExecStopt=/opt/httpd/current/bin/apachectl stop
[Install]
WantedBy=multi-user.target
- name: Enable httpd service
systemd:
name: httpd
enabled: yes
- name: Create symbolic link for /opt/nginx/nginx-1.25.4 to /opt/httpd/current
file:
src: "/opt/nginx/nginx-1.25.4"
dest: "/opt/nginx/current"
state: link
- name: Ensure /etc/profile.d/nginx.sh exists
file:
path: "/etc/profile.d/nginx.sh"
state: touch
- name: Add nginx sbin directory to PATH
lineinfile:
path: "/etc/profile.d/nginx.sh"
line: 'export PATH=$PATH:/opt/nginx/current/sbin'
- name: Ensure /etc/systemd/system/nginx.service exists
file:
path: "/etc/systemd/system/nginx.service"
state: touch
- name: Create nginx systemd service file
blockinfile:
path: "/etc/systemd/system/nginx.service"
block: |
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/opt/nginx/current/logs/nginx.pid
ExecStartPre=/opt/nginx/current/sbin/nginx -t
ExecStart=/opt/nginx/current/sbin/nginx
ExecReload=/opt/nginx/current/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
- name: Enable nginx service
systemd:
name: nginx
enabled: yes
- name: Reload systemd daemon
become: yes
systemd:
daemon_reload: yes
tags:
- setting
- name: phpinfo
block:
- name: Add PHP MIME types to Apache configuration
ansible.builtin.lineinfile:
path: /opt/httpd/current/conf/httpd.conf
insertafter: '^<IfModule mime_module>'
line: |
AddType application/x-httpd-php .php
state: present
regexp: '^(AddType application/x-httpd-php .php)$'
- name: restart httpd service
command: systemctl restart httpd
- name: restart nginx service
command: systemctl restart nginx
- name: Create info.php file
copy:
content: |
<?php
// Output PHP information
phpinfo();
?>
dest: /opt/httpd/current/htdocs/info.php
tags:
- phpinfo
- name: firewalld
block:
- name: Install firewalld
yum:
name: firewalld
state: present # パッケージの状態をインストール済みに設定
- name: Enable firewalld
systemd:
name: firewalld
enabled: yes # サービスを有効化
- name: Start firewalld
systemd:
name: firewalld
state: started # サービスを開始
- name: Configure firewall rules
become: yes
firewalld:
zone: public
service: http
permanent: yes
state: enabled
- name: Add port 8080/tcp to firewall
become: yes
firewalld:
zone: public
port: 8080/tcp
permanent: yes
state: enabled
- name: Reload firewalld service
systemd:
name: firewalld
state: restarted # サービスを再起動
tags:
- firewalld
以下 vm(almalinux9, cpu2コア, mem2G)に対してplaybookを実行
[koji@alma1 ~]$ ansible-playbook phpserver.yml --limit g1
PLAY [g1] **********************************************************************
TASK [Gathering Facts] *********************************************************ok: [server1]
TASK [packages_update] *********************************************************ok: [server1]
TASK [packages_required] *******************************************************
ok: [server1] => (item=git)
ok: [server1] => (item=wget)
ok: [server1] => (item=vim)
ok: [server1] => (item=tar)
ok: [server1] => (item=expat-devel)
ok: [server1] => (item=pcre-devel)
ok: [server1] => (item=openssl-devel)
ok: [server1] => (item=zlib-devel)
ok: [server1] => (item=perl-core)
ok: [server1] => (item=cmake)
ok: [server1] => (item=gcc)
ok: [server1] => (item=autoconf)
ok: [server1] => (item=automake)
ok: [server1] => (item=libtool)
TASK [packages_additional] *****************************************************
ok: [server1] => (item=sqlite-devel)
ok: [server1] => (item=libxml2-devel)
ok: [server1] => (item=curl-devel)
ok: [server1] => (item=gmp-devel)
ok: [server1] => (item=libcurl-devel)
ok: [server1] => (item=gd-devel)
ok: [server1] => (item=epel-release)
ok: [server1] => (item=epel-next-release)
ok: [server1] => (item=openldap)
ok: [server1] => (item=openldap-devel)
ok: [server1] => (item=openldap-clients)
TASK [packages_libzip_CRB_repository] ******************************************
ok: [server1]
TASK [apr Download] ************************************************************
ok: [server1]
TASK [apr Extract] *************************************************************
ok: [server1]
TASK [apr Configure] ***********************************************************
changed: [server1]
TASK [apr Compile] *************************************************************
changed: [server1]
TASK [apr Make Install] ********************************************************
changed: [server1]
TASK [apr-util Download] *******************************************************
ok: [server1]
TASK [apr-util Extract] ********************************************************
ok: [server1]
TASK [apr-util Configure] ******************************************************
changed: [server1]
TASK [apr-util Compile] ********************************************************
changed: [server1]
TASK [apr-util Make Install] ***************************************************
changed: [server1]
TASK [openssl Download] ********************************************************
ok: [server1]
TASK [openssl Extract] *********************************************************
ok: [server1]
TASK [openssl Configure] *******************************************************
changed: [server1]
TASK [openssl Compile] *********************************************************
changed: [server1]
TASK [openssl Make Install] ****************************************************
changed: [server1]
TASK [httpd Download] **********************************************************
ok: [server1]
TASK [httpd Extract] ***********************************************************
changed: [server1]
TASK [httpd Configure] *********************************************************
changed: [server1]
TASK [httpd Compile] ***********************************************************
changed: [server1]
TASK [httpd Make Install] ******************************************************
changed: [server1]
TASK [oniguruma Download] ******************************************************
ok: [server1]
TASK [oniguruma Extract] *******************************************************
ok: [server1]
TASK [oniguruma Configure] *****************************************************
changed: [server1]
TASK [oniguruma Compile] *******************************************************
changed: [server1]
TASK [oniguruma Make Install] **************************************************
changed: [server1]
TASK [openldap Download] *******************************************************
ok: [server1]
TASK [openldap Extract] ********************************************************
ok: [server1]
TASK [openldap Configure] ******************************************************
changed: [server1]
TASK [openldap depend] *********************************************************
changed: [server1]
TASK [openldap make] ***********************************************************
changed: [server1]
TASK [openldap Make Install] ***************************************************
changed: [server1]
TASK [libldap.so] **************************************************************
ok: [server1]
TASK [liblber.so.2.0.200] ******************************************************
ok: [server1]
TASK [liblber.so] **************************************************************
ok: [server1]
TASK [PKG_CONFIG_PATH] *********************************************************
ok: [server1]
TASK [LD_LIBRARY_PATH] *********************************************************
ok: [server1]
TASK [php Download] ************************************************************
ok: [server1]
TASK [php Extract] *************************************************************
changed: [server1]
TASK [php Configure] ***********************************************************
changed: [server1]
TASK [php make] ****************************************************************
changed: [server1]
TASK [php make install] ********************************************************
changed: [server1]
TASK [nginx Download] **********************************************************
ok: [server1]
TASK [nginx Extract] ***********************************************************
ok: [server1]
TASK [nginx Configure] *********************************************************
changed: [server1]
TASK [nginx make] **************************************************************
changed: [server1]
TASK [nginx make Install] ******************************************************
changed: [server1]
TASK [cp php.ini-development from remote host] *********************************
ok: [server1]
TASK [Create symbolic link for /opt/httpd/httpd-2.4.62 to /opt/httpd/current] ***
ok: [server1]
TASK [Create symbolic link for /opt/php/php8.3.2 to /opt/php/current] **********
ok: [server1]
TASK [Ensure /etc/profile.d/php.sh exists] *************************************
changed: [server1]
TASK [Add PHP bin directory to PATH] *******************************************
ok: [server1]
TASK [Ensure /etc/profile.d/httpd.sh exists] ***********************************
changed: [server1]
TASK [Add Apache bin directory to PATH] ****************************************
ok: [server1]
TASK [Ensure /etc/systemd/system/httpd.service exists] *************************
changed: [server1]
TASK [Change Apache HTTP Server port in httpd.conf] ****************************
ok: [server1]
TASK [Create httpd systemd service file] ***************************************
ok: [server1]
TASK [Enable httpd service] ****************************************************
ok: [server1]
TASK [Create symbolic link for /opt/nginx/nginx-1.25.4 to /opt/httpd/current] ***
ok: [server1]
TASK [Ensure /etc/profile.d/nginx.sh exists] ***********************************
changed: [server1]
TASK [Add nginx sbin directory to PATH] ****************************************
ok: [server1]
TASK [Ensure /etc/systemd/system/nginx.service exists] *************************
changed: [server1]
TASK [Create nginx systemd service file] ***************************************
ok: [server1]
TASK [Enable nginx service] ****************************************************
ok: [server1]
TASK [Reload systemd daemon] ***************************************************
ok: [server1]
TASK [Add PHP MIME types to Apache configuration] ******************************
ok: [server1]
TASK [restart httpd service] ***************************************************
changed: [server1]
TASK [restart nginx service] ***************************************************
changed: [server1]
TASK [Create info.php file] ****************************************************
ok: [server1]
TASK [Install firewalld] *******************************************************
ok: [server1]
TASK [Enable firewalld] ********************************************************
ok: [server1]
TASK [Start firewalld] *********************************************************
ok: [server1]
TASK [Configure firewall rules] ************************************************
ok: [server1]
TASK [Add port 8080/tcp to firewall] *******************************************
ok: [server1]
TASK [Reload firewalld service] ************************************************
changed: [server1]
PLAY RECAP *********************************************************************
server1 : ok=79 changed=35 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[PHP Modules]
bcmath
calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
json
ldap
libxml
mbstring
mysqli
mysqlnd
openssl
pcre
PDO
pdo_sqlite
Phar
posix
random
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlwriter
zip
zlib
[Zend Modules]