Home Esplora Aiuto
Registrati Accedi
pulitux
/
ansible
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): 4d5968a05d
Rami (Branch) Tag
ansible
/
T3
/
guided
/
data-review
/
playbook.yml

playbook.yml 2.3 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. ---
    2. 

  2. 

  3. - name: setup webserver
    4. 

  4.   hosts: webserver
    5. 

  5.   vars:
    6. 

  6.     firewall_pkg: firewalld
    7. 

  7.     firewall_svc: firewalld
    8. 

  8.     web_pkg: httpd
    9. 

  9.     web_svc: httpd
    10. 

  10.     ssl_pkg: mod_ssl
    11. 

  11.     httpdconf_src: files/httpd.conf
    12. 

  12.     httpdconf_dest: /etc/httpd/conf/httpd.conf
    13. 

  13.     htaccess_src: files/.htaccess
    14. 

  14.     secrets_dir: /etc/httpd/secrets
    15. 

  15.     secrets_src: files/htpasswd
    16. 

  16.     secrets_dest: "{{ secrets_dir }}/htpasswd"
    17. 

  17.     web_root: /var/www/html
    18. 

  18.   tasks:
    19. 

  19.     - name: install latest pakgs
    20. 

  20.       yum:
    21. 

  21.         name: 
    22. 

  22.           - "{{ firewall_pkg }}"
    23. 

  23.           - "{{ web_pkg }}"
    24. 

  24.           - "{{ ssl_pkg }}"
    25. 

  25.         state: latest
    26. 

  26.     - name: copy config file
    27. 

  27.       copy:
    28. 

  28.         src: "{{ httpdconf_src }}"
    29. 

  29.         dest: "{{ httpdconf_dest }}"
    30. 

  30.         owner: root
    31. 

  31.         group: root
    32. 

  32.         mode: '0644'
    33. 

  33.     - name: Create a directory if it does not exist
    34. 

  34.       file:
    35. 

  35.         path: "{{ secrets_dir }}"
    36. 

  36.         state: directory
    37. 

  37.         owner: apache
    38. 

  38.         group: apache
    39. 

  39.         mode: '0500'
    40. 

  40.     - name: copy password file
    41. 

  41.       copy:
    42. 

  42.         src: "{{ secrets_src }}"
    43. 

  43.         dest: "{{ secrets_dest }}"
    44. 

  44.         owner: apache
    45. 

  45.         group: apache
    46. 

  46.         mode: '0400'
    47. 

  47.     - name: copy htaccess file
    48. 

  48.       copy:
    49. 

  49.         src: "{{ htaccess_src }}"
    50. 

  50.         dest: "{{ web_root }}/.htaccess"
    51. 

  51.         owner: apache
    52. 

  52.         group: apache
    53. 

  53.         mode: '0400'
    54. 

  54.     - name: create custom content
    55. 

  55.       copy:
    56. 

  56.         dest: "{{ web_root }}/index.html"
    57. 

  57.         content: >
    58. 

  58.           "{{ ansible_facts['hostname'] }} {{ ansible_facts['default_ipv4']['address'] }}
    59. 

  59.           has been customized by Ansible"
    60. 

  60.     - name: start and enable firewall
    61. 

  61.       service:
    62. 

  62.         name: "{{ firewall_svc }}"
    63. 

  63.         enabled: true
    64. 

  64.         state: started
    65. 

  65.     - name: rule for web port
    66. 

  66.       firewalld:
    67. 

  67.         state: enabled
    68. 

  68.         service: https
    69. 

  69.         permanent: true
    70. 

  70.         immediate: true
    71. 

  71.     - name: enable and start httpd
    72. 

  72.       service:
    73. 

  73.         name: "{{ web_svc }}"
    74. 

  74.         enabled: true
    75. 

  75.         state: started
    76. 

  76. - name: test
    77. 

  77.   hosts: localhost
    78. 

  78.   become: false
    79. 

  79.   vars:
    80. 

  80.     web_user: guest
    81. 

  81.   vars_files:
    82. 

  82.     - vars/secrets.yml
    83. 

  83.   tasks:
    84. 

  84.     - name: request content
    85. 

  85.       uri:
    86. 

  86.         url: http://serverb.lab.example.com
    87. 

  87.         user: "{{ web_user }}"
    88. 

  88.         password: "{{ web_pass }}"
    89. 

  89.         status_code: 200
    90. 

  90.         validate_certs: no
    91. 

  91.         return_content: yes
    92. 

  92.     - debug: 
    93. 

  93.         var: auth_test.content
    94.