Write an ansible playbook to automate configuration of Apache HTTPD.
Your playbook should make sure that :
---
- name: Configure Apache HTTPD
hosts: web_servers
become: true
vars:
httpd_package: httpd
firewall_services:
- http
- https
ssl_cert_path: /etc/ssl/certs/apache-cert.crt
ssl_key_path: /etc/ssl/private/apache-key.key
ssl_ca_cert_path: /etc/ssl/certs/ca-cert.pem
httpd_config_template: "templates/httpd.conf.j2"
tasks:
- name: Install Apache HTTPD package
package:
name: "{{ httpd_package }}"
state: present
- name: Ensure firewall allows HTTP and HTTPS traffic
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
immediate: yes
loop: "{{ firewall_services }}"
become: true
- name: Start and enable Apache HTTPD service
service:
name: httpd
state: started
enabled: true
- name: Configure SSL certificates
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "files/ca-cert.pem", dest: "{{ ssl_ca_cert_path }}", mode: '0644' }
- { src: "files/apache-cert.crt", dest: "{{ ssl_cert_path }}", mode: '0644' }
- { src: "files/apache-key.key", dest: "{{ ssl_key_path }}", mode: '0600' }
- name: Ensure SELinux file context for SSL certificates
sefcontext:
target: "{{ item }}"
setype: cert_t
loop:
- "{{ ssl_cert_path }}"
- "{{ ssl_key_path }}"
- "{{ ssl_ca_cert_path }}"
- name: Apply SELinux file context changes
command: restorecon -Rv /etc/ssl/certs /etc/ssl/private
- name: Configure Apache HTTPD using Jinja2 template
template:
src: "{{ httpd_config_template }}"
dest: /etc/httpd/conf/httpd.conf
mode: '0644'
- name: Restart Apache HTTPD to apply new configuration
service:
name: httpd
state: restarted
what i do?
Hi All,
This is my Ansible play book for question number 03:
---
- name: Configure Apache HTTPD
hosts: webservers
become: yes
vars:
httpd_package: "httpd"
firewall_ports:
- 80
- 443
apache_config_template: "httpd.conf.j2"
cert_file: "/etc/pki/tls/certs/your_domain.crt"
key_file: "/etc/pki/tls/private/your_domain.key"
ca_cert_file: "/etc/pki/tls/certs/CA.crt"
httpd_service: "httpd"
apache_config_path: "/etc/httpd/conf/httpd.conf"
tasks:
# 1. Ensure Apache HTTPD package is installed
- name: Install Apache HTTPD
package:
name: "{{ httpd_package }}"
state: present
# 2. Allow HTTP and HTTPS traffic through the firewall
- name: Open firewall for HTTP and HTTPS
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop: "{{ firewall_ports }}"
notify:
- reload firewalld
# 3. Make sure the web server is started and enabled
- name: Ensure Apache HTTPD is running and enabled
service:
name: "{{ httpd_service }}"
state: started
enabled: true
# 4. Configure the Apache HTTPD using Jinja2 template
- name: Configure Apache HTTPD
template:
src: "{{ apache_config_template }}"
dest: "{{ apache_config_path }}"
notify:
- restart apache
# 5. Ensure the SSL certificate a
---
- name: Automate Apache HTTPD Configuration
hosts: webservers
become: yes
vars:
httpd_conf_template: "templates/httpd.conf.j2"
ssl_cert_path: "/etc/pki/tls/certs/server.crt"
ssl_key_path: "/etc/pki/tls/private/server.key"
ca_cert_path: "/etc/pki/tls/certs/ca.crt"
tasks:
- name: Install Apache HTTPD package
yum:
name: httpd
state: present
- name: Open HTTP and HTTPS ports in the firewall
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
with_items:
- http
- https
notify:
- Reload firewalld
- name: Ensure the web server is started and enabled
service:
name: httpd
state: started
enabled: true
- name: Deploy Apache HTTPD configuration from template
template:
src: "{{ httpd_conf_template }}"
dest: "/etc/httpd/conf/httpd.conf"
owner: root
group: root
mode: '0644'
notify:
- Restart Apache HTTPD
- name: Ensure SSL certificate files are in place
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0600'
with_items:
- { src: "files/server.crt", dest: "{{ ssl_cert_path }}" }
- { src: "files/server.key", dest: "{{ ssl_key_path }}" }
- { src: "files/ca.crt", dest: "{{ ca_cert_path }}" }
notify:
- Restart Apache HTTPD
- name: Update SELinux file contexts for SSL files
sefcontext:
target: "{{ item.path }}"
setype: "cert_t"
with_items:
- { path: "{{ ssl_cert_path }}" }
- { path: "{{ ssl_key_path }}" }
- { path: "{{ ca_cert_path }}" }
- name: Apply updated SELinux file contexts
command: restorecon -Rv /etc/pki/tls
handlers:
- name: Reload firewalld
service:
name: firewalld
state: reloaded
- name: Restart Apache HTTPD
service:
name: httpd
state: restarted
The playbooks above will be even better if they use fully-qualified collection names (FQCN), such as ansible.builtin.firewalld.
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.