Ansbleサーバー構築のいろいろ

検証用途、Ansibleサーバー用途でEC2を構築してみます。

EC2ユーザーデータでAnsibleサーバーの初期設定は投入する。Ansibleコードのカスタマイズは後からいろいろ試してみようと思います。

1. フォルダ構成

dev-test-apache-ansible-server
└ main.tf
└ vpc.tf
└ sg.tf
└ ec2.tf  #キーペアはマネコン手動作成したものを使用。ユーザーデータで初期設定だけ入れる。
└ outputs.tf
Code language: CSS (css)

Terraformのコードはこちら

2. EC2ユーザーデータ

初期設定投入（ユーザーデータで実施）

#!/bin/bash
# システムアップデートと必要パッケージのインストール
yum update -y
yum install -y git python3-pip

# pip3 で Ansible をインストール
pip3 install ansible

# オプション：Ansible Galaxy から Apache ロール（geerlingguy.apache）を取得
ansible-galaxy install geerlingguy.apache

# サンプルインベントリファイルの作成
cat <<EOL > /home/ec2-user/inventory.ini
[apache_servers]
# ここに対象サーバーのIPアドレスを追加してください
EOL

# サンプルプレイブックの作成
cat <<EOL > /home/ec2-user/playbook.yml
- name: Setup Apache on remote servers using Ansible Galaxy role
  hosts: apache_servers
  become: yes
  roles:
    - geerlingguy.apache
EOL

# ファイルの所有権を ec2-user に変更
chown ec2-user:ec2-user /home/ec2-user/inventory.ini /home/ec2-user/playbook.yml

以下の観点で、ユーザーデータを作成
・Ansible関連のフォルダ構成は以下で作成します
・Ansibleのコミュニティサイトでダウンロード実績に多いもの使用（.ansible以下　tasks、handlersなどなどフォルダ、ファイルが作成されるので楽です）
https://galaxy.ansible.com/ui/standalone/roles/geerlingguy/apache/
・playbook.yml, inventory.iniは、簡単なファイルを用意

# Ansible関連のフォルダ構成
/home/ec2-user/
├── inventory.ini
├── playbook.yml
└── .ansible
    ├── galaxy_cache
    ├── galaxy_token
    ├── roles
    │   └── geerlingguy.apache
    │       ├── LICENSE
    │       ├── README.md
    │       ├── defaults
    │       │   └── main.yml
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       ├── molecule
    │       │   └── default
    │       │       ├── converge.yml
    │       │       └── molecule.yml
    │       ├── tasks
    │       │   ├── configure-Debian.yml
    │       │   ├── configure-RedHat.yml
    │       │   ├── configure-Solaris.yml
    │       │   ├── configure-Suse.yml
    │       │   ├── main.yml
    │       │   ├── setup-Debian.yml
    │       │   ├── setup-RedHat.yml
    │       │   ├── setup-Solaris.yml
    │       │   └── setup-Suse.yml
    │       ├── templates
    │       │   └── vhosts.conf.j2
    │       └── vars
    │           ├── AmazonLinux.yml
    │           ├── Debian.yml
    │           ├── RedHat.yml
    │           ├── Solaris.yml
    │           ├── Suse.yml
    │           ├── apache-22.yml
    │           └── apache-24.yml
    └── tmp
Code language: PHP (php)

3. 動作確認

[ec2-user@ip-10-0-1-213 geerlingguy.apache]$ ansible-playbook /home/ec2-user/playbook.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Setup Apache using Ansible Galaxy role] ****************************************************************************************************************

TASK [Gathering Facts] ***************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Include OS-specific variables.] ***************************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Include variables for Amazon Linux.] **********************************************************************************************
skipping: [localhost]

TASK [geerlingguy.apache : Define apache_packages.] **********************************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : include_tasks] ********************************************************************************************************************
included: /home/ec2-user/.ansible/roles/geerlingguy.apache/tasks/setup-RedHat.yml for localhost

TASK [geerlingguy.apache : Ensure Apache is installed on RHEL.] **********************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Get installed version of Apache.] *************************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Create apache_version variable.] **************************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Include Apache 2.2 variables.] ****************************************************************************************************
skipping: [localhost]

TASK [geerlingguy.apache : Include Apache 2.4 variables.] ****************************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Configure Apache.] ****************************************************************************************************************
included: /home/ec2-user/.ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml for localhost

TASK [geerlingguy.apache : Configure Apache.] ****************************************************************************************************************
ok: [localhost] => (item={'regexp': '^Listen ', 'line': 'Listen 80'})

TASK [geerlingguy.apache : Check whether certificates defined in vhosts exist.] ******************************************************************************
skipping: [localhost]

TASK [geerlingguy.apache : Enable Apache mods.] **************************************************************************************************************
ok: [localhost] => (item=rewrite)
ok: [localhost] => (item=ssl)

TASK [geerlingguy.apache : Disable Apache mods] **************************************************************************************************************
skipping: [localhost]

TASK [geerlingguy.apache : Add apache vhosts configuration.] *************************************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Check if localhost cert exists (RHEL 8 and later).] *******************************************************************************
ok: [localhost]

TASK [geerlingguy.apache : Ensure httpd certs are installed (RHEL 8 and later).] *****************************************************************************
skipping: [localhost]

TASK [geerlingguy.apache : Ensure Apache has selected state and enabled on boot.] ****************************************************************************
ok: [localhost]

PLAY RECAP ***************************************************************************************************************************************************
localhost                  : ok=14   changed=0    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   

[ec2-user@ip-10-0-1-213 geerlingguy.apache]$

エラーなし。

[ec2-user@ip-10-0-1-213 .ansible]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
     Active: active (running) since Mon 2025-02-24 06:27:48 UTC; 1h 33min ago
       Docs: man:httpd.service(8)
   Main PID: 28870 (httpd)
     Status: "Total requests: 11; Idle/Busy workers 100/0;Requests/sec: 0.00197; Bytes served/sec:   1 B/sec"
      Tasks: 177 (limit: 1111)
     Memory: 14.5M
        CPU: 3.341s
     CGroup: /system.slice/httpd.service
             ├─28870 /usr/sbin/httpd -DFOREGROUND
             ├─28871 /usr/sbin/httpd -DFOREGROUND
             ├─28872 /usr/sbin/httpd -DFOREGROUND
             ├─28873 /usr/sbin/httpd -DFOREGROUND
             └─28874 /usr/sbin/httpd -DFOREGROUND

Feb 24 06:27:48 ip-10-0-1-213.ap-northeast-1.compute.internal systemd[1]: Starting httpd.service - The Apache HTTP Server...
Feb 24 06:27:48 ip-10-0-1-213.ap-northeast-1.compute.internal httpd[28870]: [Mon Feb 24 06:27:48.794599 2025] [so:warn] [pid 28870:tid 28870] AH01574: module>
Feb 24 06:27:48 ip-10-0-1-213.ap-northeast-1.compute.internal httpd[28870]: [Mon Feb 24 06:27:48.794855 2025] [so:warn] [pid 28870:tid 28870] AH01574: module>
Feb 24 06:27:48 ip-10-0-1-213.ap-northeast-1.compute.internal systemd[1]: Started httpd.service - The Apache HTTP Server.
Feb 24 06:27:48 ip-10-0-1-213.ap-northeast-1.compute.internal httpd[28870]: Server configured, listening on: port 443, port 80
[ec2-user@ip-10-0-1-213 .ansible]$ 


[ec2-user@ip-10-0-1-213 .ansible]$ curl http://57.180.60.148
<html><body><h1>It works!</h1></body></html>
[ec2-user@ip-10-0-1-213 .ansible]$ 



[ec2-user@ip-10-0-1-213 .ansible]$ ps aux | grep -E 'apache2|httpd'
root       28870  0.0  1.5  19364 14756 ?        Ss   06:27   0:00 /usr/sbin/httpd -DFOREGROUND
apache     28871  0.0  0.5  19020  5004 ?        S    06:27   0:00 /usr/sbin/httpd -DFOREGROUND
apache     28872  0.0  0.8 1250888 8384 ?        Sl   06:27   0:01 /usr/sbin/httpd -DFOREGROUND
apache     28873  0.0  0.8 1086984 8384 ?        Sl   06:27   0:01 /usr/sbin/httpd -DFOREGROUND
apache     28874  0.0  0.9 1086984 9664 ?        Sl   06:27   0:01 /usr/sbin/httpd -DFOREGROUND
ec2-user   34581  0.0  0.2 222320  2064 pts/0    S+   08:03   0:00 grep --color=auto -E apache2|httpd
[ec2-user@ip-10-0-1-213 .ansible]$ 


[ec2-user@ip-10-0-1-213 .ansible]$ sudo netstat -tulpn | grep :80
tcp6       0      0 :::80                   :::*                    LISTEN      28870/httpd         
[ec2-user@ip-10-0-1-213 .ansible]$