Inicio Explorar Ayuda
Registro Iniciar sesión
pulitux
/
ansible
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: dc46465157
Ramas Etiquetas
ansible
/
T3
/
guided
/
data-review
/
playbook.yml

playbook.yml 2.3 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. ---
    2. 

  2. 

  3. - name: setup webserver
    4. 

  4.   hosts: webserver
    5. 

  5.   vars:
    6. 

  6.     firewall_pkg: firewalld
    7. 

  7.     firewall_svc: firewalld
    8. 

  8.     web_pkg: httpd
    9. 

  9.     web_svc: httpd
    10. 

  10.     ssl_pkg: mod_ssl
    11. 

  11.     httpdconf_src: files/httpd.conf
    12. 

  12.     httpdconf_dest: /etc/httpd/conf/httpd.conf
    13. 

  13.     htaccess_src: files/.htaccess
    14. 

  14.     secrets_dir: /etc/httpd/secrets
    15. 

  15.     secrets_src: files/htpasswd
    16. 

  16.     secrets_dest: "{{ secrets_dir }}/htpasswd"
    17. 

  17.     web_root: /var/www/html
    18. 

  18.   tasks:
    19. 

  19.     - name: install latest pakgs
    20. 

  20.       yum:
    21. 

  21.         name: 
    22. 

  22.           - "{{ firewall_pkg }}"
    23. 

  23.           - "{{ web_pkg }}"
    24. 

  24.           - "{{ ssl_pkg }}"
    25. 

  25.         state: latest
    26. 

  26.     - name: copy config file
    27. 

  27.       copy:
    28. 

  28.         src: "{{ httpdconf_src }}"
    29. 

  29.         dest: "{{ httpdconf_dest }}"
    30. 

  30.         owner: root
    31. 

  31.         group: root
    32. 

  32.         mode: '0644'
    33. 

  33.     - name: Create a directory if it does not exist
    34. 

  34.       file:
    35. 

  35.         path: "{{ secrets_dir }}"
    36. 

  36.         state: directory
    37. 

  37.         owner: apache
    38. 

  38.         group: apache
    39. 

  39.         mode: '0500'
    40. 

  40.     - name: copy password file
    41. 

  41.       copy:
    42. 

  42.         src: "{{ secrets_src }}"
    43. 

  43.         dest: "{{ secrets_dest }}"
    44. 

  44.         owner: apache
    45. 

  45.         group: apache
    46. 

  46.         mode: '0400'
    47. 

  47.     - name: copy htaccess file
    48. 

  48.       copy:
    49. 

  49.         src: "{{ htaccess_src }}"
    50. 

  50.         dest: "{{ web_root }}/.htaccess"
    51. 

  51.         owner: apache
    52. 

  52.         group: apache
    53. 

  53.         mode: '0400'
    54. 

  54.     - name: create custom content
    55. 

  55.       copy:
    56. 

  56.         dest: "{{ web_root }}/index.html"
    57. 

  57.         content: "{{ ansible_facts['fqdn'] }} ({{ ansible_facts['default_ipv4']['address'] }}) has been customized by Ansible.\n"
    58. 

  58.     - name: start and enable firewall
    59. 

  59.       service:
    60. 

  60.         name: "{{ firewall_svc }}"
    61. 

  61.         enabled: true
    62. 

  62.         state: started
    63. 

  63.     - name: rule for web port
    64. 

  64.       firewalld:
    65. 

  65.         state: enabled
    66. 

  66.         service: https
    67. 

  67.         permanent: true
    68. 

  68.         immediate: true
    69. 

  69.     - name: enable and start httpd
    70. 

  70.       service:
    71. 

  71.         name: "{{ web_svc }}"
    72. 

  72.         enabled: true
    73. 

  73.         state: started
    74. 

  74. - name: test
    75. 

  75.   hosts: localhost
    76. 

  76.   become: false
    77. 

  77.   vars:
    78. 

  78.     web_user: guest
    79. 

  79.   vars_files:
    80. 

  80.     - vars/secrets.yml
    81. 

  81.   tasks:
    82. 

  82.     - name: request content
    83. 

  83.       uri:
    84. 

  84.         url: http://serverb.lab.example.com
    85. 

  85.         user: "{{ web_user }}"
    86. 

  86.         password: "{{ web_pass }}"
    87. 

  87.         status_code: 200
    88. 

  88.         validate_certs: no
    89. 

  89.         return_content: yes
    90. 

  90.     - debug: 
    91. 

  91.         var: auth_test.content
    92.