2021/master

docker-compose/Dockerfile

@@ -1,12 +1,16 @@
 FROM python:3.8-slim
+# ENV HTTP_PROXY=http://proxy.example.jp:8080
+# ENV HTTPS_PROXY=http://proxy.example.jp:8080
+# ENV http_proxy=http://proxy.example.jp:8080
+# ENV https_proxy=http://proxy.example.jp:8080
 
 WORKDIR /ansible-exercise
 
 ENV ANSIBLE_CONFIG=/ansible-exercise/ansible.cfg
 
 RUN set -ex \
     && apt-get update \
-    && apt-get install openssh-client git vim emacs -y \
+    && apt-get install iputils-ping openssh-client git vim emacs -y \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* \
     && pip install --no-cache-dir ansible
@@ -20,4 +24,4 @@ RUN set -ex \
 VOLUME [ "/ansible-exercise" ]
 
 ENTRYPOINT [ "sh", "-c", "while sleep 1000; do :; done" ]
-CMD [ "" ]
+CMD [ "" ]

docker-compose/Dockerfile_vm

@@ -1,19 +1,19 @@
 # base image
 # ---------------------------------------------------------
-FROM centos:7 as base
+FROM  rockylinux:8 as base
 
 WORKDIR /root/.ssh
 
-RUN set -ex \
+RUN set -x \
     && yum install -y openssh-server sudo \
     && rm -rf /var/cache/yum/* \
     && yum clean all \
-    && sed -i -e 's/#UseDNS/UseDNS/g' /etc/ssh/sshd_config \
     && systemctl enable sshd.service
 
 COPY ssh/id_ecdsa.pub ./authorized_keys
 
-RUN chmod 600 authorized_keys
+RUN set -x \
+    && chmod 600 authorized_keys
 
 # main image
 # ---------------------------------------------------------
@@ -27,8 +27,9 @@ CMD [ "/usr/sbin/init" ]
 # ---------------------------------------------------------
 FROM base as dev
 
-RUN yum install -y iproute traceroute telnet tcpdump bind-utils
+RUN set -x \
+    && yum install -y iproute traceroute telnet tcpdump bind-utils
 
 EXPOSE 22
 
-CMD [ "/usr/sbin/init" ]
+CMD [ "/usr/sbin/init" ]

docker-compose/docker-compose.yml

@@ -10,6 +10,33 @@ services:
         ipv4_address: 192.0.2.2
     volumes:
       - ../:/ansible-exercise
+  host000:
+    build:
+      context: .
+      dockerfile: Dockerfile_vm
+      target: main
+    privileged: yes
+    networks:
+      vm_net:
+        ipv4_address: 192.0.2.100
+  host001:
+    build:
+      context: .
+      dockerfile: Dockerfile_vm
+      target: main
+    privileged: yes
+    networks:
+      vm_net:
+        ipv4_address: 192.0.2.101
+  host002:
+    build:
+      context: .
+      dockerfile: Dockerfile_vm
+      target: main
+    privileged: yes
+    networks:
+      vm_net:
+        ipv4_address: 192.0.2.102
   db1:
     build:
       context: .
@@ -44,7 +71,7 @@ services:
       - "80"
       - "8080"
     ports:
-      - "8080:8080"
+      - "18080:8080"
     networks:
       vm_net:
         ipv4_address: 192.0.2.12

inventories/hosts

@@ -1,3 +1,8 @@
+[exercise]
+host000
+host001
+host002
+
 [app]
 app1
 

playbooks.yml

@@ -0,0 +1,5 @@
+---
+- hosts: exercise
+
+  tasks:
+  - ping:

playbooks/db.yml

@@ -6,5 +6,5 @@
   vars_files:
     - ../vars/proxy.yml
   roles:
-    - role: roles/mysql
-      tags: mysql
+    - role: roles/mariadb
+      tags: mysql

roles/mariadb/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+db_name: sample
+db_user: test
+db_password: password

roles/mariadb/files/etc/my.cnf

@@ -0,0 +1,18 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+
+# Recommended in standard MySQL setup
+sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
+
+# Add Slow Query Log
+slow_query_log=ON
+long_query_time=5
+slow_query_log_file=/var/log/mysql-slow.log
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid

roles/mariadb/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart mariadb
+  systemd:
+    name: mariadb
+    state: restarted

roles/mariadb/tasks/init.yml

@@ -0,0 +1,28 @@
+---
+# - name: install MySQL-python
+#   yum:
+#     name: MySQL-python
+#   environment: "{{ proxy_env | default({}) }}"
+
+- block:
+  - name: create database
+    mysql_db:
+      name: "{{ db_name }}"
+
+  # - name: removes anonymous user account
+  #   mysql_user:
+  #     login_user: root
+  #     name: ''
+  #     host_all: yes
+  #     state: absent
+
+  - name: create database user account
+    mysql_user:
+      login_user: root
+      name: "{{ db_user }}"
+      password: "{{ db_password }}"
+      host: "192.0.2.%"
+      priv: "{{ db_name }}.*:ALL"
+      state: present
+
+  ignore_errors: "{{ ansible_check_mode }}"

roles/mariadb/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: install mariadb
+  yum:
+    name:
+      - mariadb-server
+      - python3-PyMySQL
+    state: latest
+  environment: "{{ proxy_env | default({}) }}"
+
+- name: deploy config file
+  copy:
+    src: etc/my.cnf
+    dest: /etc/my.cnf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart mariadb
+
+- name: start mariadb
+  service:
+    name: mariadb
+    enabled: true
+    state: started
+
+- name: mysql_root_password
+  mysql_user:
+    login_user: root
+    login_password: "{{ db_password }}"
+    user: root
+    check_implicit_admin: true
+    password: "{{ db_password }}"
+    host: localhost
+
+- name: remove remote root
+  mysql_user:
+    check_implicit_admin: true
+    login_user: root
+    login_password: "{{ db_password }}"
+    user: root
+    # host: "{{ ansible_fqdn }}"
+    state: absent
+
+- name: import initialize tasks
+  import_tasks: init.yml
+  tags: init

site.yml

@@ -1,3 +1,6 @@
 ---
+# データベースサーバを構築する playbook
 - import_playbook: playbooks/db.yml
-- import_playbook: playbooks/app.yml
+
+# アプリケーションサーバを構築する playbook
+- import_playbook: playbooks/app.yml

vars/proxy.yml

@@ -1,4 +1,4 @@
 ---
-# proxy_env:
-#   http_proxy:
-#   https_proxy:
+#proxy_env:
+#  http_proxy: http://proxy.example.jp:8080
+#  https_proxy: http://proxy.example.jp:8080