Write an ansible playbook to automate configuration of Apache HTTPD.
Your playbook should make sure that :
I am agree with @ipalagin
For everyone who is beginner of Ansible.
From this page, you can easily search all modules detail.
https://docs.ansible.com/ansible/latest/collections/ansible/index.html
By the way, I think the firewall related modules are under "Ansible.Posix". (Not under Ansible.builtin)
---
- name: Configure Apache HTTPD
hosts: all
become: yes
vars:
httpd_conf_path: "/etc/httpd/conf/httpd.conf"
cert_path: "/etc/httpd/ssl"
ca_cert_file: "ca-cert.pem"
server_key_file: "server.key"
server_crt_file: "server.crt"
tasks:
- name: Ensure Apache HTTPD package is installed
ansible.builtin.yum:
name: httpd
state: present
- name: Ensure the SSL directory exists
ansible.builtin.file:
path: "{{ cert_path }}"
state: directory
owner: root
group: root
mode: '0755'
- name: Copy CA certificate
ansible.builtin.copy:
src: "files/{{ ca_cert_file }}"
dest: "{{ cert_path }}/{{ ca_cert_file }}"
owner: root
group: root
mode: '0644'
- name: Copy server key
ansible.builtin.copy:
src: "files/{{ server_key_file }}"
dest: "{{ cert_path }}/{{ server_key_file }}"
owner: root
group: root
mode: '0600'
- name: Copy server certificate
ansible.builtin.copy:
src: "files/{{ server_crt_file }}"
dest: "{{ cert_path }}/{{ server_crt_file }}"
owner: root
group: root
mode: '0644'
- name: Apply SELinux file contexts for SSL files
ansible.builtin.command: |
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ ca_cert_file }}'
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ server_key_file }}'
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ server_crt_file }}'
args:
warn: false
- name: Restore SELinux context for SSL files
ansible.builtin.command: "restorecon -Rv {{ cert_path }}"
- name: Ensure HTTP and HTTPS traffic is allowed in firewall
ansible.builtin.firewalld:
service: "{{ item }}"
permanent: yes
state: enabled
loop:
- http
- https
notify: reload_firewalld
- name: Ensure Apache HTTPD is started and enabled
ansible.builtin.service:
name: httpd
state: started
enabled: yes
handlers:
- name: reload_firewalld
ansible.builtin.service:
name: firewalld
state: reloaded
- name: restart_httpd
ansible.builtin.service:
name: httpd
state: restarted
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.