Open in app

Sign in

Write

Sign in

Configuration of Webserver Using Ansible

Chetna Manku
7 min readMar 7, 2021

What is Ansible?

Ansible is an agentless automation tool that by default manages machines over the SSH protocol.

You only need to install Ansible on Controller Node. Controller Node then uses SSH (by default) to communicate with Managed or Target Nodes (those end devices you want to automate).

Refer to this article for more information on Ansible.

What is Webserver?

Apache HTTP Server is a free and open-source web server that delivers web content through the internet. It is commonly referred to as Apache and after development, it quickly became the most popular HTTP client on the web.

Document Root

The document root is a directory (a folder) that is stored on your host’s servers and that is designated for holding web pages. When someone else looks at your web site, this is the location they will be accessing.

The default Document Root for Apache is “/var/www/html”.

The default Port Number for HTTP is 80.

We can change the Document Root and Port Number for Apache web server.

The playbook I have created in the below section, will also change the default Document Root and Port Number.

What is HTTP Authentication?

HTTP authentication is a security mechanism to restrict access to your website/application or some parts of it by setting up simple username/password authentication.

Steps for Configuring HTTP Authentication::

  • A httpd.conf configuration file for the Apache web service for basic authentication.
  • A .htaccess file, used to control access to the web server’s document root directory
  • A htpasswd file containing credentials for permitted users

In this article, we are going to learn how Ansible can be used to Configure Webserver.

🔰Pre-requisites🔰

  • Ansible should be installed on your system.
  • Managed Nodes (systems on which you want to Configure WebServer) should have Internet Connectivity.

To know more about installation of Ansible, refer to this article.

How to Install and Configure ANSIBLE on RHEL8

Ansible is a free and opensource automation tool that allows system administrators to configure and control hundreds of…

chetna-manku.medium.com

🔰Idempotence feature of Ansible🔰

  • By default, Ansible does not restart the service if service is already started. This feature of Ansible is known as Idempotence.
  • However, sometimes there is a need of restarting services if any changes are made in the configuration of the service.

🔰Ansible Playbooks🔰

  • Ansible playbooks are a vital part of Ansible and the core component of every Ansible configuration.
  • An Ansible playbook is a file where users write Ansible code, an organized collection of scripts defining the work of a server configuration. Ansible plays are written in YAML.

🔰Ansible Handlers🔰

  • Ansible Handlers are tasks that respond to a notification triggered by other tasks. Tasks only notify their handlers when the task changes something on a managed host.
  • A handler is called at the end of playbook by default, so even if a handler is notified multiple times, the tasks under handler will only run once.

🔰Ansible Vault🔰

  • Ansible Vault encrypts variables and files so you can protect sensitive content such as passwords or keys rather than leaving it visible as plaintext in playbooks or roles.
  • To use Ansible Vault you need one or more passwords to encrypt and decrypt content.
  • Passwords are needed with the ansible-vault command-line tool to create and view encrypted variables, create encrypted files, encrypt existing files, or edit, re-key, or decrypt files.

To create any playbook it’s important to set a goal, the steps needed to complete the task.

🔰Following are the steps needed for creating playbook for Configuration of Webserver🔰

🔹 Mount the dvd

🔹 Configure yum

🔹 Install httpd software

🔹 Create Document Root Folder

🔹 Change Document Root Folder and Port Number

🔹 Copy webpage to Document Root

🔹 Allow HTTP Authentication in httpd.conf file

🔹 Create .htaccess file to control access to document root directory

🔹 Create htpasswd file containing credentials for permitted users

🔹 Start httpd service

🔹 Set Firewall Rules

🔰Ansible Document🔰

  • Ansible provides documentation of each module.
  • Use “ansible-doc” command to see any module’s description and required options.
ansible-doc <module_name>
  • Ansible has several modules for managing Docker; a few of these are docker_image, docker_container, and docker_service.

🔰Creating Ansible Playbook🔰

👉Step-1 : Create a folder and Mount the dvd

  • First you need to create a folder in the host using “file” module
  • Then, mount the dvd on that folder using “mount” module.
- file:
      state: directory
      path: /<Name_of_dvd>- mount:
      src: "/dev/cdrom"
      path: <Name_of_dvd>
      state: "mounted"
      fstype: "iso9660"

👉Step-2 : Configure yum

  • Configure yum using “yum_repository” module.
- yum_repository:
      name: "dvd1"
      baseurl: <Name_of_dvd>/AppStream
      description: "yum dvd1 for package"
      gpgcheck: no- yum_repository:
      name: "dvd2"
      baseurl: <Name_of_dvd>/BaseOS
      description: "yum dvd2 for package"
      gpgcheck: no

👉Step-3 : Install httpd software

- package:
      name: httpd
      state: present

👉Step-4 : Create Document Root Folder

  • Create Document root folder in the directory “/var/www” (give any name)
- file:
      state: directory
      path: /var/www/http

👉Step-5 : Change Document Root Folder and Port Number

  • Create configuration file in your controller node.
  • Give above created Document Root folder and Port Number for httpd service in Configuration file.
  • Copy this Configuration File in Managed nodes using “template” task.
- template:
      dest: "/etc/httpd/conf.d/demo.conf"
      src: "demo.conf"
  notify: restart_service

👉Step-6 : Copy webpage to Document Root

- copy:
      dest: "/var/www/http/index.html"
      content: "Webserver Configured Using Ansible!!!"

👉Step-7 : Allow HTTP Authentication in httpd.conf file

  • For Basic HTTP authentication, edit http configuration file.
  • Replace “AllowOverride None” with “AllowOverride Authconfig” using “replace” module.
- replace:
     path: "/etc/httpd/conf/httpd.conf"
     regexp: "AllowOverride None"
     replace: "AllowOverride Authconfig"
  notify: restart_service

👉Step-8 : Create .htaccess file to control access to document root directory

  • Create a “.htaccess” file on your controller node.
  • Copy this file to document root directory to restrict access.
- file:
     state: touch
     path: "{{ doc_root }}/.htaccess"- copy:
     dest: "{{ doc_root }}/.htaccess"
     src: "/root/playbook/.htaccess"
  notify: restart_service

👉Step-9: Create User for Authentication using htpasswd file

  • Create a user using “htpasswd” module who can access the webserver.
  • Use Ansible Vault to store and protect user credentials.
  • For using htpasswd, first we need to install passlib library.
  • “passlib” library can be installed using “pip” module if “python” is installed.
- package:
      name: pyhton3
      state: present- pip:
      name: passlib
      state: present- htpasswd:
      path: "/etc/www.passwd"
      name: "{{ username }}"
      password: "{{ password }}"

👉Step-10 : Start httpd service

  • Use “service” module to start the services
- service:
      name: httpd
      state: started

👉Step-11 : Set Firewall Rules

  • Use “firewalld” module to enable the connection for port number selected for httpd server.
- firewalld:
      port: <port>/tcp
      state: enabled
      permanent: yes
      immediate: yes

🔰Handlers🔰

  • Include handler in playbook and provide a unique name so that notify can identify which handler to call.
handlers:
   - name: restart_service
     service:
         name: httpd
         state: restarted
  • If multiple tasks update a configuration file and notify a handler to restart Apache, Ansible only bounces Apache once to avoid unnecessary restarts.

🔰Variable File🔰

  • Define variables of playbook in separate yml file.
  • For storing user credentials, use ansible vault.
ansible-vault create <vault-name>
Cannot Read Vault file Without Password
  • To view Vault contents use command:
ansible-vault view <vault-name>

🔰Complete Playbook🔰

To see the complete playbook, variable files, templates files — check out my GitHub Repository.

chetna14manku/ansible-webserver

Contribute to chetna14manku/ansible-webserver development by creating an account on GitHub.

github.com

🔰Running Ansible Playbook🔰

  • To run ansible playbook, lets first check the connection to the managed nodes.
ansible <IP_of_managed_node> -m ping
  • Before running playbook, you can also run the following command for syntax checking, playbook include vault file so use this option in command:
ansible-playbook <Playbook_name> --syntax-check --ask-vault-pass
  • Run the playbook using the following command
ansible-playbook <Playbook_name>  --ask-vault-pass
  • Let’s see if there are no changes, then Handlers run or not?
Handler doesn’t run as there is No Changes occur!!
  • Now, let’s make some changes in the configuration files then again run playbook!
Handler Runs only Once even if notified twice!!

🔰After Running Ansible Playbook🔰

  • After running playbook, try to connect to the WebServer!
Asking for User Authentication
  • After Successful Login, you will be able to access the contents.
  • Webserver is Working!!

Chetna Manku - Student at ARTH - The School of Technologies | LinkedIn

View Chetna .'s profile on LinkedIn, the world's largest professional community.

www.linkedin.com

Ansible
Ansible Playbook
Web Server
Apache Httpd
Apache Http Server

--

--

Chetna Manku
17 Followers

A Technical Writer

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams