Configuration of Webserver Using Ansible

What is Ansible?

Ansible is an agentless automation tool that by default manages machines over the SSH protocol.

You only need to install Ansible on Controller Node. Controller Node then uses SSH (by default) to communicate with Managed or Target Nodes (those end devices you want to automate).

Refer to this article for more information on Ansible.

What is Webserver?

Apache HTTP Server is a free and open-source web server that delivers web content through the internet. It is commonly referred to as Apache and after development, it quickly became the most popular HTTP client on the web.

Document Root

The document root is a directory (a folder) that is stored on your host’s servers and that is designated for holding web pages. When someone else looks at your web site, this is the location they will be accessing.

The default Document Root for Apache is “/var/www/html”.

The default Port Number for HTTP is 80.

We can change the Document Root and Port Number for Apache web server.

The playbook I have created in the below section, will also change the default Document Root and Port Number.

What is HTTP Authentication?

HTTP authentication is a security mechanism to restrict access to your website/application or some parts of it by setting up simple username/password authentication.

Steps for Configuring HTTP Authentication::

  • A httpd.conf configuration file for the Apache web service for basic authentication.
  • A .htaccess file, used to control access to the web server’s document root directory
  • A htpasswd file containing credentials for permitted users

In this article, we are going to learn how Ansible can be used to Configure Webserver.

🔰Pre-requisites🔰

  • Ansible should be installed on your system.
  • Managed Nodes (systems on which you want to Configure WebServer) should have Internet Connectivity.

To know more about installation of Ansible, refer to this article.

🔰Idempotence feature of Ansible🔰

  • By default, Ansible does not restart the service if service is already started. This feature of Ansible is known as Idempotence.
  • However, sometimes there is a need of restarting services if any changes are made in the configuration of the service.

🔰Ansible Playbooks🔰

  • Ansible playbooks are a vital part of Ansible and the core component of every Ansible configuration.
  • An Ansible playbook is a file where users write Ansible code, an organized collection of scripts defining the work of a server configuration. Ansible plays are written in YAML.

🔰Ansible Handlers🔰

  • Ansible Handlers are tasks that respond to a notification triggered by other tasks. Tasks only notify their handlers when the task changes something on a managed host.
  • A handler is called at the end of playbook by default, so even if a handler is notified multiple times, the tasks under handler will only run once.

🔰Ansible Vault🔰

  • Ansible Vault encrypts variables and files so you can protect sensitive content such as passwords or keys rather than leaving it visible as plaintext in playbooks or roles.
  • To use Ansible Vault you need one or more passwords to encrypt and decrypt content.
  • Passwords are needed with the ansible-vault command-line tool to create and view encrypted variables, create encrypted files, encrypt existing files, or edit, re-key, or decrypt files.

To create any playbook it’s important to set a goal, the steps needed to complete the task.

🔰Following are the steps needed for creating playbook for Configuration of Webserver🔰

🔹 Mount the dvd

🔹 Configure yum

🔹 Install httpd software

🔹 Create Document Root Folder

🔹 Change Document Root Folder and Port Number

🔹 Copy webpage to Document Root

🔹 Allow HTTP Authentication in httpd.conf file

🔹 Create .htaccess file to control access to document root directory

🔹 Create htpasswd file containing credentials for permitted users

🔹 Start httpd service

🔹 Set Firewall Rules

🔰Ansible Document🔰

  • Ansible provides documentation of each module.
  • Use “ansible-doc” command to see any module’s description and required options.
ansible-doc <module_name>
  • Ansible has several modules for managing Docker; a few of these are docker_image, docker_container, and docker_service.

🔰Creating Ansible Playbook🔰

👉Step-1 : Create a folder and Mount the dvd

  • First you need to create a folder in the host using “file” module
  • Then, mount the dvd on that folder using “mount” module.
- file:
state: directory
path: /<Name_of_dvd>
- mount:
src: "/dev/cdrom"
path: <Name_of_dvd>
state: "mounted"
fstype: "iso9660"

👉Step-2 : Configure yum

  • Configure yum using “yum_repository” module.
- yum_repository:
name: "dvd1"
baseurl: <Name_of_dvd>/AppStream
description: "yum dvd1 for package"
gpgcheck: no
- yum_repository:
name: "dvd2"
baseurl: <Name_of_dvd>/BaseOS
description: "yum dvd2 for package"
gpgcheck: no

👉Step-3 : Install httpd software

- package:
name: httpd
state: present

👉Step-4 : Create Document Root Folder

  • Create Document root folder in the directory “/var/www” (give any name)
- file:
state: directory
path: /var/www/http

👉Step-5 : Change Document Root Folder and Port Number

  • Create configuration file in your controller node.
  • Give above created Document Root folder and Port Number for httpd service in Configuration file.
  • Copy this Configuration File in Managed nodes using “template” task.
- template:
dest: "/etc/httpd/conf.d/demo.conf"
src: "demo.conf"
notify: restart_service

👉Step-6 : Copy webpage to Document Root

- copy:
dest: "/var/www/http/index.html"
content: "Webserver Configured Using Ansible!!!"

👉Step-7 : Allow HTTP Authentication in httpd.conf file

  • For Basic HTTP authentication, edit http configuration file.
  • Replace “AllowOverride None” with “AllowOverride Authconfig” using “replace” module.
- replace:
path: "/etc/httpd/conf/httpd.conf"
regexp: "AllowOverride None"
replace: "AllowOverride Authconfig"
notify: restart_service

👉Step-8 : Create .htaccess file to control access to document root directory

  • Create a “.htaccess” file on your controller node.
  • Copy this file to document root directory to restrict access.
- file:
state: touch
path: "{{ doc_root }}/.htaccess"
- copy:
dest: "{{ doc_root }}/.htaccess"
src: "/root/playbook/.htaccess"
notify: restart_service

👉Step-9: Create User for Authentication using htpasswd file

  • Create a user using “htpasswd” module who can access the webserver.
  • Use Ansible Vault to store and protect user credentials.
  • For using htpasswd, first we need to install passlib library.
  • “passlib” library can be installed using “pip” module if “python” is installed.
- package:
name: pyhton3
state: present
- pip:
name: passlib
state: present
- htpasswd:
path: "/etc/www.passwd"
name: "{{ username }}"
password: "{{ password }}"

👉Step-10 : Start httpd service

  • Use “service” module to start the services
- service:
name: httpd
state: started

👉Step-11 : Set Firewall Rules

  • Use “firewalld” module to enable the connection for port number selected for httpd server.
- firewalld:
port: <port>/tcp
state: enabled
permanent: yes
immediate: yes

🔰Handlers🔰

  • Include handler in playbook and provide a unique name so that notify can identify which handler to call.
handlers:
- name: restart_service
service:
name: httpd
state: restarted
  • If multiple tasks update a configuration file and notify a handler to restart Apache, Ansible only bounces Apache once to avoid unnecessary restarts.

🔰Variable File🔰

  • Define variables of playbook in separate yml file.
  • For storing user credentials, use ansible vault.
ansible-vault create <vault-name>
Cannot Read Vault file Without Password
  • To view Vault contents use command:
ansible-vault view <vault-name>

🔰Complete Playbook🔰

To see the complete playbook, variable files, templates files — check out my GitHub Repository.

🔰Running Ansible Playbook🔰

  • To run ansible playbook, lets first check the connection to the managed nodes.
ansible <IP_of_managed_node> -m ping
  • Before running playbook, you can also run the following command for syntax checking, playbook include vault file so use this option in command:
ansible-playbook <Playbook_name> --syntax-check --ask-vault-pass
  • Run the playbook using the following command
ansible-playbook <Playbook_name>  --ask-vault-pass
  • Let’s see if there are no changes, then Handlers run or not?
Handler doesn’t run as there is No Changes occur!!
  • Now, let’s make some changes in the configuration files then again run playbook!
Handler Runs only Once even if notified twice!!

🔰After Running Ansible Playbook🔰

  • After running playbook, try to connect to the WebServer!
Asking for User Authentication
  • After Successful Login, you will be able to access the contents.
  • Webserver is Working!!

--

--

--

A Technical Writer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

If an engineering manager had only one strength, it should be this.

Querying Your Database - The Railsy Way

How to Foster Innovation in a Company?

Data’s Inferno: 7 Circles of Data Testing Hell with Airflow

What is a Headless CMS and why is it useful?

GitHub Tips and Tricks

know how your org works (or how to become a more effective engineer)

Angular — Three features that you should consider when starting a new project

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chetna Manku

Chetna Manku

A Technical Writer

More from Medium

Configure a local Jenkins instance

Ansible Basics

Creating, Adding, Authorizing Users And Groups With Ansible