![Community Manager Community Manager](/i/rank_icons/admin.gif)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 1,794 Views
Take the Ansible Playbook Challenge
Write an ansible playbook to automate configuration of Apache HTTPD.
Your playbook should make sure that :
- Correct package is installed.
- Make sure the firewall permits HTTP and HTTPS traffic.
- Make sure the web server is started and enabled.
- Use Jinja2 templates for configuration files if required.
- Use CA cert, .key and .crt files wherever applicable accordingly.
- SELinux file context of web content taken care of .
![Mission Specialist Mission Specialist](/html/rank_icons/RH_SERV_005534_01_MECH_Rank_Specialist_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 1,108 Views
---
- name: Configure Apache HTTPD
hosts: web_servers
become: true
vars:
httpd_package: httpd
firewall_services:
- http
- https
ssl_cert_path: /etc/ssl/certs/apache-cert.crt
ssl_key_path: /etc/ssl/private/apache-key.key
ssl_ca_cert_path: /etc/ssl/certs/ca-cert.pem
httpd_config_template: "templates/httpd.conf.j2"
tasks:
- name: Install Apache HTTPD package
package:
name: "{{ httpd_package }}"
state: present
- name: Ensure firewall allows HTTP and HTTPS traffic
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
immediate: yes
loop: "{{ firewall_services }}"
become: true
- name: Start and enable Apache HTTPD service
service:
name: httpd
state: started
enabled: true
- name: Configure SSL certificates
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "files/ca-cert.pem", dest: "{{ ssl_ca_cert_path }}", mode: '0644' }
- { src: "files/apache-cert.crt", dest: "{{ ssl_cert_path }}", mode: '0644' }
- { src: "files/apache-key.key", dest: "{{ ssl_key_path }}", mode: '0600' }
- name: Ensure SELinux file context for SSL certificates
sefcontext:
target: "{{ item }}"
setype: cert_t
loop:
- "{{ ssl_cert_path }}"
- "{{ ssl_key_path }}"
- "{{ ssl_ca_cert_path }}"
- name: Apply SELinux file context changes
command: restorecon -Rv /etc/ssl/certs /etc/ssl/private
- name: Configure Apache HTTPD using Jinja2 template
template:
src: "{{ httpd_config_template }}"
dest: /etc/httpd/conf/httpd.conf
mode: '0644'
- name: Restart Apache HTTPD to apply new configuration
service:
name: httpd
state: restarted
![Cadet Cadet](/html/@4FA5936C845A59DAAAABD9F7250A363E/rank_icons/RH_SERV_005534_01_MECH_Rank_Cadet_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 979 Views
![Cadet Cadet](/html/@4FA5936C845A59DAAAABD9F7250A363E/rank_icons/RH_SERV_005534_01_MECH_Rank_Cadet_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 1,055 Views
what i do?
![Cadet Cadet](/html/@4FA5936C845A59DAAAABD9F7250A363E/rank_icons/RH_SERV_005534_01_MECH_Rank_Cadet_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 1,045 Views
Hi All,
This is my Ansible play book for question number 03:
---
- name: Configure Apache HTTPD
hosts: webservers
become: yes
vars:
httpd_package: "httpd"
firewall_ports:
- 80
- 443
apache_config_template: "httpd.conf.j2"
cert_file: "/etc/pki/tls/certs/your_domain.crt"
key_file: "/etc/pki/tls/private/your_domain.key"
ca_cert_file: "/etc/pki/tls/certs/CA.crt"
httpd_service: "httpd"
apache_config_path: "/etc/httpd/conf/httpd.conf"
tasks:
# 1. Ensure Apache HTTPD package is installed
- name: Install Apache HTTPD
package:
name: "{{ httpd_package }}"
state: present
# 2. Allow HTTP and HTTPS traffic through the firewall
- name: Open firewall for HTTP and HTTPS
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop: "{{ firewall_ports }}"
notify:
- reload firewalld
# 3. Make sure the web server is started and enabled
- name: Ensure Apache HTTPD is running and enabled
service:
name: "{{ httpd_service }}"
state: started
enabled: true
# 4. Configure the Apache HTTPD using Jinja2 template
- name: Configure Apache HTTPD
template:
src: "{{ apache_config_template }}"
dest: "{{ apache_config_path }}"
notify:
- restart apache
# 5. Ensure the SSL certificate a
![Mission Specialist Mission Specialist](/html/rank_icons/RH_SERV_005534_01_MECH_Rank_Specialist_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 996 Views
---
- name: Automate Apache HTTPD Configuration
hosts: webservers
become: yes
vars:
httpd_conf_template: "templates/httpd.conf.j2"
ssl_cert_path: "/etc/pki/tls/certs/server.crt"
ssl_key_path: "/etc/pki/tls/private/server.key"
ca_cert_path: "/etc/pki/tls/certs/ca.crt"
tasks:
- name: Install Apache HTTPD package
yum:
name: httpd
state: present
- name: Open HTTP and HTTPS ports in the firewall
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
with_items:
- http
- https
notify:
- Reload firewalld
- name: Ensure the web server is started and enabled
service:
name: httpd
state: started
enabled: true
- name: Deploy Apache HTTPD configuration from template
template:
src: "{{ httpd_conf_template }}"
dest: "/etc/httpd/conf/httpd.conf"
owner: root
group: root
mode: '0644'
notify:
- Restart Apache HTTPD
- name: Ensure SSL certificate files are in place
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0600'
with_items:
- { src: "files/server.crt", dest: "{{ ssl_cert_path }}" }
- { src: "files/server.key", dest: "{{ ssl_key_path }}" }
- { src: "files/ca.crt", dest: "{{ ca_cert_path }}" }
notify:
- Restart Apache HTTPD
- name: Update SELinux file contexts for SSL files
sefcontext:
target: "{{ item.path }}"
setype: "cert_t"
with_items:
- { path: "{{ ssl_cert_path }}" }
- { path: "{{ ssl_key_path }}" }
- { path: "{{ ca_cert_path }}" }
- name: Apply updated SELinux file contexts
command: restorecon -Rv /etc/pki/tls
handlers:
- name: Reload firewalld
service:
name: firewalld
state: reloaded
- name: Restart Apache HTTPD
service:
name: httpd
state: restarted
![Flight Engineer Flight Engineer](/html/@1B49CC1FB1E6A7C983870AA9BC7B4A4D/rank_icons/RHCPRectangle.png)
![Flight Engineer Flight Engineer](/html/rank_icons/RH_SERV_005534_01_MECH_Rank_Engineer_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 944 Views
The playbooks above will be even better if they use fully-qualified collection names (FQCN), such as ansible.builtin.firewalld.
![Flight Engineer Flight Engineer](/html/rank_icons/RH_SERV_005534_01_MECH_Rank_Engineer_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 920 Views
Thank you.
![Community Manager Community Manager](/i/rank_icons/admin.gif)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 865 Views
@dkcbk as per the condition, it is clear SELinux context of the web content should be taken care of.
![Mission Specialist Mission Specialist](/html/rank_icons/RH_SERV_005534_01_MECH_Rank_Specialist_16x16@2x.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- 845 Views
there you can find the community collections, the Certfied collections are in console.redhat.com under Ansible Automation Platform ---> Automation Hub