Take the Ansible Playbook Challenge

Chetan_Tiwary_

Write an ansible playbook to automate configuration of Apache HTTPD.

Your playbook should make sure that :

Correct package is installed.
Make sure the firewall permits HTTP and HTTPS traffic.
Make sure the web server is started and enabled.
Use Jinja2 templates for configuration files if required.
Use CA cert, .key and .crt files wherever applicable accordingly.
SELinux file context of web content taken care of .

erich

---
- name: Configure Apache HTTPD
hosts: web_servers
become: true
vars:
httpd_package: httpd
firewall_services:
- http
- https
ssl_cert_path: /etc/ssl/certs/apache-cert.crt
ssl_key_path: /etc/ssl/private/apache-key.key
ssl_ca_cert_path: /etc/ssl/certs/ca-cert.pem
httpd_config_template: "templates/httpd.conf.j2"

tasks:
- name: Install Apache HTTPD package
package:
name: "{{ httpd_package }}"
state: present

- name: Ensure firewall allows HTTP and HTTPS traffic
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
immediate: yes
loop: "{{ firewall_services }}"
become: true

- name: Start and enable Apache HTTPD service
service:
name: httpd
state: started
enabled: true

- name: Configure SSL certificates
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "files/ca-cert.pem", dest: "{{ ssl_ca_cert_path }}", mode: '0644' }
- { src: "files/apache-cert.crt", dest: "{{ ssl_cert_path }}", mode: '0644' }
- { src: "files/apache-key.key", dest: "{{ ssl_key_path }}", mode: '0600' }

- name: Ensure SELinux file context for SSL certificates
sefcontext:
target: "{{ item }}"
setype: cert_t
loop:
- "{{ ssl_cert_path }}"
- "{{ ssl_key_path }}"
- "{{ ssl_ca_cert_path }}"

- name: Apply SELinux file context changes
command: restorecon -Rv /etc/ssl/certs /etc/ssl/private

- name: Configure Apache HTTPD using Jinja2 template
template:
src: "{{ httpd_config_template }}"
dest: /etc/httpd/conf/httpd.conf
mode: '0644'

- name: Restart Apache HTTPD to apply new configuration
service:
name: httpd
state: restarted

redhat-aamir

--- - name: Configure Apache HTTPD hosts: your_target_group # Specify the target group of your hosts become: true # Use sudo to perform actions requiring root privileges vars: apache_conf_template: templates/httpd.conf.j2 # Path to Jinja2 template ssl_cert_file: /etc/ssl/certs/your_cert.crt # Replace with your SSL cert file path ssl_key_file: /etc/ssl/private/your_key.key # Replace with your SSL key file path ssl_ca_cert_file: /etc/ssl/certs/your_ca.crt # Replace with your CA cert file path tasks: - name: Install Apache HTTPD package package: name: httpd state: present - name: Ensure firewall allows HTTP and HTTPS firewalld: service: "{{ item }}" permanent: true state: enabled loop: - http - https - name: Reload firewall firewalld: state: reloaded - name: Start and enable Apache HTTPD service service: name: httpd state: started enabled: true - name: Copy SSL certificate copy: src: "{{ ssl_cert_file }}" dest: /etc/ssl/certs/your_cert.crt owner: root group: root mode: '0644' - name: Copy SSL private key copy: src: "{{ ssl_key_file }}" dest: /etc/ssl/private/your_key.key owner: root group: root mode: '0600' - name: Copy CA certificate copy: src: "{{ ssl_ca_cert_file }}" dest: /etc/ssl/certs/your_ca.crt owner: root group: root mode: '0644' - name: Configure Apache using Jinja2 template template: src: "{{ apache_conf_template }}" dest: /etc/httpd/conf.d/httpd.conf owner: root group: root mode: '0644' - name: Set SELinux context for SSL cert files sefcontext: target: '/etc/ssl/certs/your_cert.crt' setype: httpd_sys_content_t notify: - restore_selinux - name: Set SELinux context for SSL key files sefcontext: target: '/etc/ssl/private/your_key.key' setype: httpd_sys_rw_content_t notify: - restore_selinux - name: Ensure SELinux context is restored after installation command: /sbin/restorecon -Rv /etc/ssl/certs notify: - restore_selinux handlers: - name: restore_selinux command: /sbin/restorecon -Rv /etc/httpd

Ahmed95

what i do?

HariharMishra

Hi All,

This is my Ansible play book for question number 03:

---
- name: Configure Apache HTTPD
hosts: webservers
become: yes
vars:
httpd_package: "httpd"
firewall_ports:
- 80
- 443
apache_config_template: "httpd.conf.j2"
cert_file: "/etc/pki/tls/certs/your_domain.crt"
key_file: "/etc/pki/tls/private/your_domain.key"
ca_cert_file: "/etc/pki/tls/certs/CA.crt"
httpd_service: "httpd"
apache_config_path: "/etc/httpd/conf/httpd.conf"

tasks:

# 1. Ensure Apache HTTPD package is installed
- name: Install Apache HTTPD
package:
name: "{{ httpd_package }}"
state: present

# 2. Allow HTTP and HTTPS traffic through the firewall
- name: Open firewall for HTTP and HTTPS
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop: "{{ firewall_ports }}"
notify:
- reload firewalld

# 3. Make sure the web server is started and enabled
- name: Ensure Apache HTTPD is running and enabled
service:
name: "{{ httpd_service }}"
state: started
enabled: true

# 4. Configure the Apache HTTPD using Jinja2 template
- name: Configure Apache HTTPD
template:
src: "{{ apache_config_template }}"
dest: "{{ apache_config_path }}"
notify:
- restart apache

# 5. Ensure the SSL certificate a

Asma-Alfayyad

---
- name: Automate Apache HTTPD Configuration
hosts: webservers
become: yes

vars:
httpd_conf_template: "templates/httpd.conf.j2"
ssl_cert_path: "/etc/pki/tls/certs/server.crt"
ssl_key_path: "/etc/pki/tls/private/server.key"
ca_cert_path: "/etc/pki/tls/certs/ca.crt"

tasks:
- name: Install Apache HTTPD package
yum:
name: httpd
state: present

- name: Open HTTP and HTTPS ports in the firewall
firewalld:
service: "{{ item }}"
permanent: true
state: enabled
with_items:
- http
- https
notify:
- Reload firewalld

- name: Ensure the web server is started and enabled
service:
name: httpd
state: started
enabled: true

- name: Deploy Apache HTTPD configuration from template
template:
src: "{{ httpd_conf_template }}"
dest: "/etc/httpd/conf/httpd.conf"
owner: root
group: root
mode: '0644'
notify:
- Restart Apache HTTPD

- name: Ensure SSL certificate files are in place
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0600'
with_items:
- { src: "files/server.crt", dest: "{{ ssl_cert_path }}" }
- { src: "files/server.key", dest: "{{ ssl_key_path }}" }
- { src: "files/ca.crt", dest: "{{ ca_cert_path }}" }
notify:
- Restart Apache HTTPD

- name: Update SELinux file contexts for SSL files
sefcontext:
target: "{{ item.path }}"
setype: "cert_t"
with_items:
- { path: "{{ ssl_cert_path }}" }
- { path: "{{ ssl_key_path }}" }
- { path: "{{ ca_cert_path }}" }

- name: Apply updated SELinux file contexts
command: restorecon -Rv /etc/pki/tls

handlers:
- name: Reload firewalld
service:
name: firewalld
state: reloaded

- name: Restart Apache HTTPD
service:
name: httpd
state: restarted

ipalagin

The playbooks above will be even better if they use fully-qualified collection names (FQCN), such as ansible.builtin.firewalld.

dkcbk

Why this it required "SELinux file context taken care of"? Can someone plese explain why selinux file context must be set?
Thank you.

Chetan_Tiwary_

@dkcbk as per the condition, it is clear SELinux context of the web content should be taken care of.

FelipeHenriquez

there you can find the community collections, the Certfied collections are in console.redhat.com under Ansible Automation Platform ---> Automation Hub

Take the Ansible Playbook Challenge

Ansible

apache

automation

challenge