cancel
Showing results for 
Search instead for 
Did you mean: 
Chetan_Tiwary_
Community Manager
Community Manager
  • 441 Views

Take the Ansible Playbook Challenge

Write an ansible playbook to automate configuration of Apache HTTPD.

Your playbook should make sure that :

  1. Correct package is installed.
  2. Make sure the firewall permits HTTP and HTTPS traffic.
  3. Make sure the web server is started and enabled.
  4. Use Jinja2 templates for configuration files if required.
  5. Use CA cert, .key and .crt files wherever applicable accordingly.
  6. SELinux file context of web content taken care of .
Labels (4)
0 Kudos
11 Replies
RH-Yamato
Flight Engineer
Flight Engineer
  • 29 Views

I am agree with @ipalagin 

 

For everyone who is beginner of Ansible.

From this page, you can easily search all modules detail.

https://docs.ansible.com/ansible/latest/collections/ansible/index.html

スクリーンショット 2024-12-24 7.08.41.png

 

By the way, I think the firewall related modules are under "Ansible.Posix". (Not under Ansible.builtin)

https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html#plugins-in-ansible-posi...

スクリーンショット 2024-12-24 7.10.40.png

Yamato Sakai
Learning & Development Senior Instructor
Red Hat Global Learning Service
0 Kudos
FelipeHenriquez
Mission Specialist
Mission Specialist
  • 48 Views

---
- name: Configure Apache HTTPD
hosts: all
become: yes

vars:
httpd_conf_path: "/etc/httpd/conf/httpd.conf"
cert_path: "/etc/httpd/ssl"
ca_cert_file: "ca-cert.pem"
server_key_file: "server.key"
server_crt_file: "server.crt"

tasks:
- name: Ensure Apache HTTPD package is installed
ansible.builtin.yum:
name: httpd
state: present

- name: Ensure the SSL directory exists
ansible.builtin.file:
path: "{{ cert_path }}"
state: directory
owner: root
group: root
mode: '0755'

- name: Copy CA certificate
ansible.builtin.copy:
src: "files/{{ ca_cert_file }}"
dest: "{{ cert_path }}/{{ ca_cert_file }}"
owner: root
group: root
mode: '0644'

- name: Copy server key
ansible.builtin.copy:
src: "files/{{ server_key_file }}"
dest: "{{ cert_path }}/{{ server_key_file }}"
owner: root
group: root
mode: '0600'

- name: Copy server certificate
ansible.builtin.copy:
src: "files/{{ server_crt_file }}"
dest: "{{ cert_path }}/{{ server_crt_file }}"
owner: root
group: root
mode: '0644'

- name: Apply SELinux file contexts for SSL files
ansible.builtin.command: |
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ ca_cert_file }}'
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ server_key_file }}'
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ server_crt_file }}'
args:
warn: false

- name: Restore SELinux context for SSL files
ansible.builtin.command: "restorecon -Rv {{ cert_path }}"

- name: Ensure HTTP and HTTPS traffic is allowed in firewall
ansible.builtin.firewalld:
service: "{{ item }}"
permanent: yes
state: enabled
loop:
- http
- https
notify: reload_firewalld

- name: Ensure Apache HTTPD is started and enabled
ansible.builtin.service:
name: httpd
state: started
enabled: yes

handlers:
- name: reload_firewalld
ansible.builtin.service:
name: firewalld
state: reloaded

- name: restart_httpd
ansible.builtin.service:
name: httpd
state: restarted

Join the discussion
You must log in to join this conversation.