cancel
Showing results for 
Search instead for 
Did you mean: 
Chetan_Tiwary_
Community Manager
Community Manager
  • 1,122 Views

Take the Ansible Playbook Challenge

Write an ansible playbook to automate configuration of Apache HTTPD.

Your playbook should make sure that :

  1. Correct package is installed.
  2. Make sure the firewall permits HTTP and HTTPS traffic.
  3. Make sure the web server is started and enabled.
  4. Use Jinja2 templates for configuration files if required.
  5. Use CA cert, .key and .crt files wherever applicable accordingly.
  6. SELinux file context of web content taken care of .
Labels (4)
0 Kudos
14 Replies
RH-Yamato
Flight Engineer
Flight Engineer
  • 313 Views

I am agree with @ipalagin 

 

For everyone who is beginner of Ansible.

From this page, you can easily search all modules detail.

https://docs.ansible.com/ansible/latest/collections/ansible/index.html

スクリーンショット 2024-12-24 7.08.41.png

 

By the way, I think the firewall related modules are under "Ansible.Posix". (Not under Ansible.builtin)

https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html#plugins-in-ansible-posi...

スクリーンショット 2024-12-24 7.10.40.png

Yamato Sakai
Learning & Development Senior Instructor
Red Hat Global Learning Service
0 Kudos
FelipeHenriquez
Mission Specialist
Mission Specialist
  • 332 Views

---
- name: Configure Apache HTTPD
hosts: all
become: yes

vars:
httpd_conf_path: "/etc/httpd/conf/httpd.conf"
cert_path: "/etc/httpd/ssl"
ca_cert_file: "ca-cert.pem"
server_key_file: "server.key"
server_crt_file: "server.crt"

tasks:
- name: Ensure Apache HTTPD package is installed
ansible.builtin.yum:
name: httpd
state: present

- name: Ensure the SSL directory exists
ansible.builtin.file:
path: "{{ cert_path }}"
state: directory
owner: root
group: root
mode: '0755'

- name: Copy CA certificate
ansible.builtin.copy:
src: "files/{{ ca_cert_file }}"
dest: "{{ cert_path }}/{{ ca_cert_file }}"
owner: root
group: root
mode: '0644'

- name: Copy server key
ansible.builtin.copy:
src: "files/{{ server_key_file }}"
dest: "{{ cert_path }}/{{ server_key_file }}"
owner: root
group: root
mode: '0600'

- name: Copy server certificate
ansible.builtin.copy:
src: "files/{{ server_crt_file }}"
dest: "{{ cert_path }}/{{ server_crt_file }}"
owner: root
group: root
mode: '0644'

- name: Apply SELinux file contexts for SSL files
ansible.builtin.command: |
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ ca_cert_file }}'
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ server_key_file }}'
semanage fcontext -a -t httpd_config_t '{{ cert_path }}/{{ server_crt_file }}'
args:
warn: false

- name: Restore SELinux context for SSL files
ansible.builtin.command: "restorecon -Rv {{ cert_path }}"

- name: Ensure HTTP and HTTPS traffic is allowed in firewall
ansible.builtin.firewalld:
service: "{{ item }}"
permanent: yes
state: enabled
loop:
- http
- https
notify: reload_firewalld

- name: Ensure Apache HTTPD is started and enabled
ansible.builtin.service:
name: httpd
state: started
enabled: yes

handlers:
- name: reload_firewalld
ansible.builtin.service:
name: firewalld
state: reloaded

- name: restart_httpd
ansible.builtin.service:
name: httpd
state: restarted

pamtally
Mission Specialist
Mission Specialist
  • 266 Views

Here is my playbook content
======================

1) Correct package is installed
- name: Install httpd package
ansible.builtin.dnf:
name:
- httpd
- firewalld
state: present
2) Make sure the firewall permits HTTP and HTTPS traffic
- name: Add http service in firewall rule
ansible.posix.firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
3) Make sure the web server is started and enabled
- name: start service httpd
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: start service firewalld
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
4) Use Jinja2 templates for configuration files if required
- name: Configure Apache HTTPD using Jinja2 template
template:
src: "{{ httpd_config_template }}"
dest: /etc/httpd/conf/httpd.conf
mode: '0644'
5) Use CA cert, .key and .crt files wherever applicable accordingly
- name: Configure SSL certificates
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "files/ca-cert.pem", dest: "{{ ssl_ca_cert_path }}", mode: '0644' }
- { src: "files/apache-cert.crt", dest: "{{ ssl_cert_path }}", mode: '0644' }
- { src: "files/apache-key.key", dest: "{{ ssl_key_path }}", mode: '0600' }
6) SELinux file context of web content taken care of
- name: Ensure SELinux file context for SSL certificates
sefcontext:
target: "{{ item }}"
setype: cert_t
loop:
- "{{ ssl_cert_path }}"
- "{{ ssl_key_path }}"
- "{{ ssl_ca_cert_path }}"

- name: Apply SELinux file context changes
command: restorecon -Rv /etc/ssl/certs /etc/ssl/private

0 Kudos
burning_red
Mission Specialist
Mission Specialist
  • 193 Views

---
- name: Configure Apache HTTPD
hosts: webservers
become: yes

vars:
httpd_package: "httpd"
firewall_ports:
- 80
- 443
apache_config_template: "templates/httpd.conf.j2"
ssl_cert_path: "/etc/ssl/certs/apache-cert.crt"
ssl_key_path: "/etc/ssl/private/apache-key.key"
ssl_ca_cert_path: "/etc/ssl/certs/ca-cert.pem"

tasks:
- name: Install Apache HTTPD package
package:
name: "{{ httpd_package }}"
state: present

- name: Ensure firewall allows HTTP and HTTPS traffic
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop: "{{ firewall_ports }}"
notify:
- reload firewalld

- name: Start and enable Apache HTTPD service
service:
name: httpd
state: started
enabled: true

- name: Configure SSL certificates
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "files/apache-cert.crt", dest: "{{ ssl_cert_path }}", mode: '0644' }
- { src: "files/apache-key.key", dest: "{{ ssl_key_path }}", mode: '0600' }
- { src: "files/ca-cert.pem", dest: "{{ ssl_ca_cert_path }}", mode: '0644' }

- name: Ensure SELinux file context for SSL certificates
sefcontext:
target: "{{ item }}"
setype: cert_t
loop:
- "{{ ssl_cert_path }}"
- "{{ ssl_key_path }}"
- "{{ ssl_ca_cert_path }}"

- name: Apply SELinux file context changes
command: restorecon -Rv /etc/ssl/certs /etc/ssl/private
notify: restore SELinux context

- name: Configure Apache HTTPD using Jinja2 template
template:
src: "{{ apache_config_template }}"
dest: "/etc/httpd/conf/httpd.conf"
mode: '0644'
notify:
- restart Apache HTTPD

- name: Restart Apache HTTPD to apply new configuration
service:
name: httpd
state: restarted

handlers:
- name: reload firewalld
service:
name: firewalld
state: reloaded

- name: restore SELinux context
command: /sbin/restorecon -Rv /etc/ssl/certs /etc/ssl/private

- name: restart Apache HTTPD
service:
name: httpd
state: restarted

0 Kudos
Rahulkrishnan
Mission Specialist
Mission Specialist
  • 118 Views

---
- name: Configure Apache HTTPD
hosts: webservers
become: true
vars:
apache_conf_template: "httpd.conf.j2"
ssl_cert: "/etc/ssl/certs/your_cert.crt"
ssl_key: "/etc/ssl/private/your_key.key"
ssl_ca_cert: "/etc/ssl/certs/your_ca_cert.crt"

tasks:
- name: Install Apache HTTPD package
yum:
name: httpd
state: present

- name: Ensure firewall allows HTTP and HTTPS traffic
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop:
- http
- https
notify: Reload firewalld

- name: Start and enable Apache HTTPD service
systemd:
name: httpd
state: started
enabled: true

- name: Copy SSL certificate files
copy:
src: "{{ item }}"
dest: "{{ item | basename }}"
owner: root
group: root
mode: '0600'
loop:
- "{{ ssl_cert }}"
- "{{ ssl_key }}"
- "{{ ssl_ca_cert }}"

- name: Set SELinux file context for web content
sefcontext:
target: "/var/www/html(/.*)?"
setype: httpd_sys_content_t
notify: Restore SELinux context

- name: Configure Apache HTTPD using Jinja2 template
template:
src: "{{ apache_conf_template }}"
dest: "/etc/httpd/conf/httpd.conf"
notify: Restart Apache

handlers:
- name: Reload firewalld
firewalld:
state: reloaded

- name: Restore SELinux context
command: restorecon -Rv /var/www/html

- name: Restart Apache
systemd:
name: httpd
state: restarted

0 Kudos
Join the discussion
You must log in to join this conversation.